mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
This is a cherry-pick of 534e2876ac from
STABLE-BRANCH-1-4 against master
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
This commit is contained in:
Daniel Kahn Gillmor
Werner Koch
parent
2ca90f78ce
commit
6cabb7a2a1
5 changed files with 49 additions and 3 deletions
22
g10/gpg.c
22
g10/gpg.c
|
|
@ -376,6 +376,8 @@ enum cmd_and_opt_values
|
|||
oAutoKeyLocate,
|
||||
oNoAutoKeyLocate,
|
||||
oAllowMultisigVerification,
|
||||
oEnableLargeRSA,
|
||||
oDisableLargeRSA,
|
||||
oEnableDSA2,
|
||||
oDisableDSA2,
|
||||
oAllowMultipleMessages,
|
||||
|
|
@ -770,6 +772,8 @@ static ARGPARSE_OPTS opts[] = {
|
|||
|
||||
ARGPARSE_s_n (oAllowMultisigVerification,
|
||||
"allow-multisig-verification", "@"),
|
||||
ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
|
||||
ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
|
||||
ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
|
||||
ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
|
||||
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
|
||||
|
|
@ -2181,7 +2185,7 @@ main (int argc, char **argv)
|
|||
#endif
|
||||
|
||||
/* Initialize the secure memory. */
|
||||
if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
|
||||
if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
|
||||
got_secmem = 1;
|
||||
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
|
||||
/* There should be no way to get to this spot while still carrying
|
||||
|
|
@ -3099,6 +3103,22 @@ main (int argc, char **argv)
|
|||
release_akl();
|
||||
break;
|
||||
|
||||
case oEnableLargeRSA:
|
||||
#if SECMEM_BUFFER_SIZE >= 65536
|
||||
opt.flags.large_rsa=1;
|
||||
#else
|
||||
if (configname)
|
||||
log_info("%s:%d: WARNING: gpg not built with large secure "
|
||||
"memory buffer. Ignoring enable-large-rsa\n",
|
||||
configname,configlineno);
|
||||
else
|
||||
log_info("WARNING: gpg not built with large secure "
|
||||
"memory buffer. Ignoring --enable-large-rsa\n");
|
||||
#endif /* SECMEM_BUFFER_SIZE >= 65536 */
|
||||
break;
|
||||
case oDisableLargeRSA: opt.flags.large_rsa=0;
|
||||
break;
|
||||
|
||||
case oEnableDSA2: opt.flags.dsa2=1; break;
|
||||
case oDisableDSA2: opt.flags.dsa2=0; break;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue