From 9aa1b368efd4edf51b6d056339bffb726de5162b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 24 Jul 2018 09:50:02 +0200 Subject: [PATCH] gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch --- doc/gpg.texi | 14 ++++++++++---- g10/gpg.c | 13 ++++++++++--- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 4cfd00079..7c27fba32 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2258,9 +2258,8 @@ The AEAD encryption mode encrypts the data in chunks so that a receiving side can check for transmission errors or tampering at the end of each chunk and does not need to delay this until all data has been received. The used chunk size is 2^@var{n} byte. The lowest -allowed value for @var{n} is 6 (64 byte) and the largest is 62 (4 -EiB). The default value for @var{n} is 30 which creates chunks not -larger than 1 GiB. +allowed value for @var{n} is 6 (64 byte) and the largest is the +default of 27 which creates chunks not larger than 128 MiB. @item --input-size-hint @var{n} @opindex input-size-hint @@ -2621,7 +2620,7 @@ to declare that a not yet standardized feature is used. @opindex disable-mdc These options are obsolete and have no effect since GnuPG 2.2.8. The MDC is always used unless the keys indicate that an AEAD algorithm can -be used in which case AEAD is used. But note: If the creation or of a +be used in which case AEAD is used. But note: If the creation of a legacy non-MDC message is exceptionally required, the option @option{--rfc2440} allows for this. @@ -2862,6 +2861,13 @@ Change the buffer size of the IOBUFs to @var{n} kilobyte. Using 0 prints the current size. Note well: This is a maintainer only option and may thus be changed or removed at any time without notice. +@item --debug-allow-large-chunks +@opindex debug-allow-large-chunks +To facilitate in-memory decryption on the receiving site, the largest +recommended chunk size is 128 MiB (@code{--chunk-size 27}). This +option allows to specify a limit of up to 4 EiB (@code{--chunk-size +62}) for experiments. + @item --faked-system-time @var{epoch} @opindex faked-system-time This option is only useful for testing; it sets the system time back or diff --git a/g10/gpg.c b/g10/gpg.c index 600f8440d..36af9186c 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -225,6 +225,7 @@ enum cmd_and_opt_values oDebugAll, oDebugIOLBF, oDebugSetIobufSize, + oDebugAllowLargeChunks, oStatusFD, oStatusFile, oAttributeFD, @@ -634,6 +635,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDebugAll, "debug-all", "@"), ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"), ARGPARSE_s_u (oDebugSetIobufSize, "debug-set-iobuf-size", "@"), + ARGPARSE_s_u (oDebugAllowLargeChunks, "debug-allow-large-chunks", "@"), ARGPARSE_s_i (oStatusFD, "status-fd", "@"), ARGPARSE_s_s (oStatusFile, "status-file", "@"), ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"), @@ -2347,6 +2349,7 @@ main (int argc, char **argv) static int print_dane_records; static int print_pka_records; + static int allow_large_chunks; #ifdef __riscos__ @@ -2761,6 +2764,10 @@ main (int argc, char **argv) opt_set_iobuf_size_used = 1; break; + case oDebugAllowLargeChunks: + allow_large_chunks = 1; + break; + case oStatusFD: set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) ); break; @@ -3884,15 +3891,15 @@ main (int argc, char **argv) /* Check chunk size. Please fix also the man page if you chnage * the default. The limits are given by the specs. */ if (!opt.chunk_size) - opt.chunk_size = 30; /* Default to 1 GiB chunks. */ + opt.chunk_size = 27; /* Default to the suggested max of 128 MiB. */ else if (opt.chunk_size < 6) { opt.chunk_size = 6; log_info (_("chunk size invalid - using %d\n"), opt.chunk_size); } - else if (opt.chunk_size > 62) + else if (opt.chunk_size > (allow_large_chunks? 62 : 27)) { - opt.chunk_size = 62; + opt.chunk_size = (allow_large_chunks? 62 : 27); log_info (_("chunk size invalid - using %d\n"), opt.chunk_size); }