From 072a03eda8999c64b898cc16898c0e3b41ffdb7f869d78ea35116a08346c887b Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 28 Dec 2014 23:31:59 +0000 Subject: [PATCH] Accepting request 266408 from Base:System Support for large RSA keys (changelog fixed) OBS-URL: https://build.opensuse.org/request/show/266408 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=83 --- gnupg-large_keys.patch | 46 ++++++++++++++++++++++++++++++++++++++++++ gpg2.changes | 10 +++++++++ gpg2.spec | 4 ++++ 3 files changed, 60 insertions(+) create mode 100644 gnupg-large_keys.patch diff --git a/gnupg-large_keys.patch b/gnupg-large_keys.patch new file mode 100644 index 0000000..097b4c2 --- /dev/null +++ b/gnupg-large_keys.patch @@ -0,0 +1,46 @@ +From: Lorenz Hüdepohl +Date: 2014-11-27 17:01:07 +0000 +Subject: Continue to support existing large RSA keys +References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 +Upstream: no + +For RSA keys up to probably 8192 bits it seems to be enough to call +configure with the additional options + + --enable-large-secmem + --enable-large-rsa + +However, there are existing keys out there that are even larger. + +Werner Koch thinks that it is silly to use keys that are this large. He +is probably even right with this, which is why this patch still does not +allow to create new keys larger than the set maximum (4096/8192 +depending on whether enable-large-rsa is set in gpg.conf). + +I still want to continue to use my existing 10k bits key, though. + +--- +diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c +--- gnupg-2.1.0.org/agent/command.c 2014-11-04 17:10:44.000000000 +0200 ++++ gnupg-2.1.0/agent/command.c 2014-11-26 18:04:11.548271074 +0200 +@@ -47,7 +47,7 @@ + /* Maximum allowed size of the key parameters. */ + #define MAXLEN_KEYPARAM 1024 + /* Maximum allowed size of key data as used in inquiries (bytes). */ +-#define MAXLEN_KEYDATA 4096 ++#define MAXLEN_KEYDATA 8192 + /* The size of the import/export KEK key (in bytes). */ + #define KEYWRAP_KEYSIZE (128/8) + +diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac +--- gnupg-2.1.0.org/configure.ac 2014-11-04 17:09:28.000000000 +0200 ++++ gnupg-2.1.0/configure.ac 2014-11-17 19:40:28.632527090 +0200 +@@ -230,7 +230,7 @@ + large_secmem=$enableval, large_secmem=no) + AC_MSG_RESULT($large_secmem) + if test "$large_secmem" = yes ; then +- SECMEM_BUFFER_SIZE=65536 ++ SECMEM_BUFFER_SIZE=262144 + else + SECMEM_BUFFER_SIZE=32768 + fi diff --git a/gpg2.changes b/gpg2.changes index 373a40b..a988a0f 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Dec 25 18:09:11 UTC 2014 - dev@stellardeath.org + +- Support for large RSA keys + This involves compiling with --enable-large-rsa and + --enable-large-secmem, as well as patching the number + of secmem bytes and IPC bytes to slightly larger values. + See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 + * added gnupg-large_keys.patch + ------------------------------------------------------------------- Wed Dec 3 22:37:59 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index 1d5bd3b..fe8863f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -36,6 +36,7 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch +Patch14: gnupg-large_keys.patch BuildRequires: automake >= 1.10 BuildRequires: expect BuildRequires: fdupes @@ -87,6 +88,7 @@ gpg-agent, and a keybox library. %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build autoreconf -fi @@ -110,6 +112,8 @@ export LDFLAGS=-pie --enable-gpgsm=yes \ --enable-gpg \ --enable-gpgtar \ + --enable-large-rsa \ + --enable-large-secmem \ --with-gnu-ld make %{?_smp_mflags}