gpg2/gnupg-large_keys.patch

From: Lorenz Hüdepohl <dev@stellardeath.org>
Date: 2014-11-27 17:01:07 +0000
Subject: Continue to support existing large RSA keys
References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424
Upstream: no

For RSA keys up to probably 8192 bits it seems to be enough to call
configure with the additional options

  --enable-large-secmem
  --enable-large-rsa

However, there are existing keys out there that are even larger.

Werner Koch thinks that it is silly to use keys that are this large. He
is probably even right with this, which is why this patch still does not
allow to create new keys larger than the set maximum (4096/8192
depending on whether enable-large-rsa is set in gpg.conf).

I still want to continue to use my existing 10k bits key, though.

---
diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c
--- gnupg-2.1.0.org/agent/command.c	2014-11-04 17:10:44.000000000 +0200
+++ gnupg-2.1.0/agent/command.c	2014-11-26 18:04:11.548271074 +0200
@@ -47,7 +47,7 @@
 /* Maximum allowed size of the key parameters.  */
 #define MAXLEN_KEYPARAM 1024
 /* Maximum allowed size of key data as used in inquiries (bytes). */
-#define MAXLEN_KEYDATA 4096
+#define MAXLEN_KEYDATA 8192
 /* The size of the import/export KEK key (in bytes).  */
 #define KEYWRAP_KEYSIZE (128/8)
 
diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac
--- gnupg-2.1.0.org/configure.ac	2014-11-04 17:09:28.000000000 +0200
+++ gnupg-2.1.0/configure.ac	2014-11-17 19:40:28.632527090 +0200
@@ -230,7 +230,7 @@
               large_secmem=$enableval, large_secmem=no)
 AC_MSG_RESULT($large_secmem)
 if test "$large_secmem" = yes ; then
-   SECMEM_BUFFER_SIZE=65536
+   SECMEM_BUFFER_SIZE=262144
 else
    SECMEM_BUFFER_SIZE=32768
 fi
Accepting request 264264 from home:lorenz:branches:Base:System Attempt to incorporate the requested changes from the comments on the declined request 263170 OBS-URL: https://build.opensuse.org/request/show/264264 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=88 2014-12-25 18:08:58 +01:00			`From: Lorenz Hüdepohl <dev@stellardeath.org>`
			`Date: 2014-11-27 17:01:07 +0000`
			`Subject: Continue to support existing large RSA keys`
			`References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424`
			`Upstream: no`

			`For RSA keys up to probably 8192 bits it seems to be enough to call`
			`configure with the additional options`

			`--enable-large-secmem`
			`--enable-large-rsa`

			`However, there are existing keys out there that are even larger.`

			`Werner Koch thinks that it is silly to use keys that are this large. He`
			`is probably even right with this, which is why this patch still does not`
			`allow to create new keys larger than the set maximum (4096/8192`
			`depending on whether enable-large-rsa is set in gpg.conf).`

			`I still want to continue to use my existing 10k bits key, though.`

			`---`
			`diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c`
			`--- gnupg-2.1.0.org/agent/command.c 2014-11-04 17:10:44.000000000 +0200`
			`+++ gnupg-2.1.0/agent/command.c 2014-11-26 18:04:11.548271074 +0200`
			`@@ -47,7 +47,7 @@`
			`/* Maximum allowed size of the key parameters. */`
			`#define MAXLEN_KEYPARAM 1024`
			`/* Maximum allowed size of key data as used in inquiries (bytes). */`
			`-#define MAXLEN_KEYDATA 4096`
			`+#define MAXLEN_KEYDATA 8192`
			`/* The size of the import/export KEK key (in bytes). */`
			`#define KEYWRAP_KEYSIZE (128/8)`

			`diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac`
			`--- gnupg-2.1.0.org/configure.ac 2014-11-04 17:09:28.000000000 +0200`
			`+++ gnupg-2.1.0/configure.ac 2014-11-17 19:40:28.632527090 +0200`
			`@@ -230,7 +230,7 @@`
			`large_secmem=$enableval, large_secmem=no)`
			`AC_MSG_RESULT($large_secmem)`
			`if test "$large_secmem" = yes ; then`
			`- SECMEM_BUFFER_SIZE=65536`
			`+ SECMEM_BUFFER_SIZE=262144`
			`else`
			`SECMEM_BUFFER_SIZE=32768`
			`fi`