[Pkg-gnupg-maint] Bug#739424: gnupg dies with "gpg: out of secure memory [...]" since 1.4.16-1

Thu Mar 20 17:48:09 UTC 2014

Werner Koch, <wk at gnupg.org>, wrote:
>On Tue, 18 Feb 2014 18:26, rak at debian.org said:
>
>> 10240-bit RSA key, ID 4A11C97A, created 2009-09-23
>  ^^^^^^  !!!
>
>> gpg: (this may be caused by too many secret keys used simultaneously
>> or due to excessive large key sizes)
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>There are reasons why upstream gpg does not allow the creation of such
>stupidly long keys.

The fix for being able to deal with such key-sizes seems rather 
 trivial, though.

gnupg-1.4.16/g10/gpg.c:1998
     got_secmem=secmem_init( 32768 );

Changing that to, say, 262144 (*8) lets GnuPG deal with keys > ~5kBit. A 
 quick test shows that it can deal with 16kBit keys with that value, but
 32kBit are still too much.

I do think that in Good Old Internet Tradition ("be liberal in what you 
 accept") it'd be fine to change that value. It still won't let you 
 *create* keys >4kBit anyway, just deal with situations where the user 
 (or a correspondent, in case of the user wanting to sign such a thing)
 has created such large keys with something else.

Kind regards,
-robert
-- 
-- A "militant agnostic" is someone who's credo is
-- "No, I don't know, and NEITHER DO YOU, DAMMIT!"
-- (partly) Kevin Martin, asr

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 173 bytes
Desc: Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20140320/1bac106c/attachment.sig>