Accepting request 266408 from Base:System

Support for large RSA keys (changelog fixed) OBS-URL: https://build.opensuse.org/request/show/266408 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=83
2014-12-28 23:31:59 +00:00 · 2014-12-28 23:31:59 +00:00 · 072a03eda8
commit 072a03eda8
parent 65b54e4967
3 changed files with 60 additions and 0 deletions
--- a/gnupg-large_keys.patch
+++ b/gnupg-large_keys.patch
@ -0,0 +1,46 @@
+From: Lorenz Hüdepohl <dev@stellardeath.org>
+Date: 2014-11-27 17:01:07 +0000
+Subject: Continue to support existing large RSA keys
+References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424
+Upstream: no
+
+For RSA keys up to probably 8192 bits it seems to be enough to call
+configure with the additional options
+
+  --enable-large-secmem
+  --enable-large-rsa
+
+However, there are existing keys out there that are even larger.
+
+Werner Koch thinks that it is silly to use keys that are this large. He
+is probably even right with this, which is why this patch still does not
+allow to create new keys larger than the set maximum (4096/8192
+depending on whether enable-large-rsa is set in gpg.conf).
+
+I still want to continue to use my existing 10k bits key, though.
+
+---
+diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c
+--- gnupg-2.1.0.org/agent/command.c	2014-11-04 17:10:44.000000000 +0200
+++ gnupg-2.1.0/agent/command.c	2014-11-26 18:04:11.548271074 +0200
+@@ -47,7 +47,7 @@
+ /* Maximum allowed size of the key parameters.  */
+ #define MAXLEN_KEYPARAM 1024
+ /* Maximum allowed size of key data as used in inquiries (bytes). */
+-#define MAXLEN_KEYDATA 4096
+#define MAXLEN_KEYDATA 8192
+ /* The size of the import/export KEK key (in bytes).  */
+ #define KEYWRAP_KEYSIZE (128/8)
+ 
+diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac
+--- gnupg-2.1.0.org/configure.ac	2014-11-04 17:09:28.000000000 +0200
+++ gnupg-2.1.0/configure.ac	2014-11-17 19:40:28.632527090 +0200
+@@ -230,7 +230,7 @@
+               large_secmem=$enableval, large_secmem=no)
+ AC_MSG_RESULT($large_secmem)
+ if test "$large_secmem" = yes ; then
+-   SECMEM_BUFFER_SIZE=65536
+   SECMEM_BUFFER_SIZE=262144
+ else
+    SECMEM_BUFFER_SIZE=32768
+ fi
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Dec 25 18:09:11 UTC 2014 - dev@stellardeath.org
+
+- Support for large RSA keys
+  This involves compiling with --enable-large-rsa and
+  --enable-large-secmem, as well as patching the number
+  of secmem bytes and IPC bytes to slightly larger values.
+  See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424
+  * added gnupg-large_keys.patch
+  
 -------------------------------------------------------------------
 Wed Dec  3 22:37:59 UTC 2014 - andreas.stieger@gmx.de

--- a/gpg2.spec
+++ b/gpg2.spec
@ -36,6 +36,7 @@ Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:        gnupg-remove_development_version_warning.patch
 Patch13:        gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
+Patch14:        gnupg-large_keys.patch
 BuildRequires:  automake >= 1.10
 BuildRequires:  expect
 BuildRequires:  fdupes
@ -87,6 +88,7 @@ gpg-agent, and a keybox library.
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1

 %build
 autoreconf -fi
@ -110,6 +112,8 @@ export LDFLAGS=-pie
    --enable-gpgsm=yes \
    --enable-gpg \
    --enable-gpgtar \
+    --enable-large-rsa \
+    --enable-large-secmem \
    --with-gnu-ld

 make %{?_smp_mflags}