Page Menu
Home
GnuPG
Search
Configure Global Search
Log In
Files
F34140331
D183.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Size
2 KB
Subscribers
None
D183.diff
View Options
Index: b/configure.ac
===================================================================
--- b/configure.ac
+++ b/configure.ac
@@ -345,6 +345,39 @@
[Size of the key and UID caches])
+#
+# Check for the max RSA key size. This defaults to 4096.
+#
+AC_MSG_CHECKING([for the max rsa key size])
+AC_ARG_ENABLE(max-rsa-key-size,
+ AC_HELP_STRING([--enable-max-rsa-key-size=SIZE],
+ [Set maximum generated RSA key size to SIZE (must be
+ between 4096 and 65535; default 4096)]),,enableval=4096)
+if test "$enableval" = "no"; then
+ enableval=4096
+ AC_MSG_WARN([using default max rsa key size 4096])
+elif test "$enableval" = "yes" || test "$enableval" = ""; then
+ enableval=4096
+fi
+changequote(,)dnl
+max_rsa_key_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
+changequote([,])dnl
+if test "$enableval" != "$max_rsa_key_size" || test "$max_rsa_key_size" -lt 4096 || test "$max_rsa_key_size" -gt 65535; then
+ AC_MSG_ERROR([invalid max rsa key size])
+elif test "$max_rsa_key_size" -gt 16384; then
+ AC_MSG_WARN([[
+***
+*** RSA key sizes above 16384 are incompatible with binaries compiled without
+*** a similarly large setting. Setting max rsa key size to greater than
+*** 16384 makes it possible to create incompatible keys and therefore is
+*** not currently recommended. Proceeding anyhow...
+***]])
+fi
+AC_MSG_RESULT($max_rsa_key_size)
+AC_DEFINE_UNQUOTED(GNUPG_MAX_RSA_KEY_SIZE,$max_rsa_key_size,
+ [Maximum size of generated RSA keys])
+
+
#
# Check whether we want to use Linux capabilities
Index: b/g10/gpg.c
===================================================================
--- b/g10/gpg.c
+++ b/g10/gpg.c
@@ -2067,8 +2067,13 @@
#endif
/* Initialize the secure memory. */
+#if GNUPG_MAX_RSA_KEY_SIZE > 4096
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, 131072, 0))
+ got_secmem = 1;
+#else
if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
got_secmem = 1;
+#endif
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
setuid privs. Just in case, bomb out if we are. */
Index: b/g10/keygen.c
===================================================================
--- b/g10/keygen.c
+++ b/g10/keygen.c
@@ -1981,6 +1981,9 @@
case PUBKEY_ALGO_RSA:
min=1024;
+#if GNUPG_MAX_RSA_KEY_SIZE > 4096
+ max=GNUPG_MAX_RSA_KEY_SIZE
+#endif
break;
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Dec 8, 1:14 AM (22 h, 10 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
1f/e2/a6b315e8af1291503e96913c614d
Attached To
D183: 407_0001-gpg-Compile-time-flag-for-RSA-key-sizes-4096.patch
Event Timeline
Log In to Comment