{"id":275057,"date":"2016-02-27T01:23:01","date_gmt":"2016-02-26T22:23:01","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=275057"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=275057","title":{"rendered":"\u041f\u0430\u0442\u0447\u0438\u043c gnupg \u0438\u043b\u0438 \u043f\u0430\u0440\u0430 RSA-32768 \u0437\u0430 106 \u043c\u0438\u043d\u0443\u0442"},"content":{"rendered":"

\"security\"<\/p>\n

\u041d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u043f\u0430\u0442\u0447\u0438\u043c gnupg \u0438 libgcrypt\u2026<\/p>\n

\u041a\u043e\u0433\u0434\u0430-\u0442\u043e \u0434\u0430\u0432\u043d\u044b\u043c \u0434\u0430\u0432\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c 8192 \u0438 16384 RSA \u043a\u043b\u044e\u0447\u0438 \u044f \u043f\u0440\u0430\u0432\u0438\u043b \u0440\u0430\u0437\u043c\u0435\u0440 \u0432 keygen.c \u0438 \u0440\u0430\u0437\u043c\u0435\u0440 SECMEM \u0431\u0443\u0444\u0444\u0435\u0440\u0430 \u043f\u043e \u0441\u043e\u0441\u0435\u0434\u0441\u0442\u0432\u0443. \u0414\u0435\u043b\u0430 \u0434\u0430\u0432\u043d\u043e \u043c\u0438\u043d\u0443\u0432\u0448\u0438\u0445 \u0434\u043d\u0435\u0439, \u0442\u0435\u043f\u0435\u0440\u044c SECMEM \u0432\u044b\u043d\u0435\u0441\u0435\u043d\u0430 \u0432 config.h \u0438 \u0438\u043c\u0435\u043d\u0443\u0435\u0442\u0441\u044f SECMEM_BUFFER_SIZE<\/code>.<\/p>\n

\u0412 \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u0441\u043b\u0435 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u0432\u0435\u0440\u0438\u0438 2.0.29 \u043f\u043e\u0434 \u0441\u0432\u0435\u0436\u0438\u0439 debian 8.3, \u0437\u0430 \u043c\u0435\u0441\u0442\u043e \u0443\u0431\u0438\u0442\u043e\u0439 12\u0439 \u0443\u0431\u0443\u043d\u0442\u044b \u0430\u043f\u0434\u0435\u0439\u0442\u043e\u043c \u043d\u0430 14\u0443\u044e, \u044f \u0431\u044b\u0441\u0442\u0440\u0435\u043d\u044c\u043a\u043e \u043f\u043e\u0434\u043a\u0440\u0443\u0442\u0438\u043b \u0440\u0430\u0437\u043c\u0435\u0440 \u043a\u043b\u044e\u0447\u0438\u043a\u0430 \u0438 \u0440\u0430\u0437\u043c\u0435\u0440 \u0431\u0443\u0444\u0435\u0440\u0430 \u0438 \u0440\u0430\u0434\u043e\u0441\u0442\u043d\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043b \u043d\u0430 5200U 16\u043a\u0431\u0438\u0442 \u043a\u043b\u044e\u0447 \u0437\u0430 18 (\u0438\u043b\u0438 19) \u043c\u0438\u043d\u0443\u0442, \u0447\u0442\u043e \u0440\u0430\u043d\u044c\u0448\u0435 \u0437\u0430\u043d\u0438\u043c\u0430\u043b\u043e 45-50 \u043c\u0438\u043d\u0443\u0442 \u043d\u0430 P6200.<\/p>\n

\u041d\u043e \u0432\u043e\u0442 32\u043a\u0431\u0438\u0442 \u0434\u0430\u043b\u0438 \u043c\u043d\u0435 \u043f\u0430\u0447\u043a\u0443 \u043e\u0448\u0438\u0431\u043e\u043a. \u0421\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0435\u0441\u0442\u044c \u2014 \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u0435\u043c\u0441\u044f.
<\/a>
\u041f\u0435\u0440\u0432\u043e\u0435, \u0447\u0442\u043e \u0431\u0440\u043e\u0441\u0430\u0435\u0442\u0441\u044f \u0432 \u0433\u043b\u0430\u0437\u0430, \u044d\u0442\u043e \u0436\u0435\u0441\u0442\u043a\u043e \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 \u043f\u0440\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u0438\u0438 SECMEM’\u043e\u0432. \u0412\u043e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e:<\/p>\n

agent\/gpg-agent.c: gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);<\/code> \u2014 4 \u043a\u0438\u043b\u043e\u0431\u0430\u0439\u0442\u0430 (\u0442\u0430\u043a \u043a\u0430\u043a \u044d\u0442\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0432 \u0431\u0438\u0442\u0430\u0445)
scd\/scdaemon.c: gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);<\/code>
tools\/gpg-check-pattern.c: gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);<\/code><\/p>\n

\u0412 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0435 \u044d\u043a\u043e\u043d\u043e\u043c\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u0434\u0435\u043b\u043e \u0445\u043e\u0440\u043e\u0448\u0435\u0435\u2026 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0435\u0441\u043b\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u0445\u0432\u0430\u0442\u0430\u0435\u0442, \u043f\u043e\u0447\u0435\u043c\u0443 \u043d\u0435 \u0432\u044b\u0434\u0435\u043b\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043e\u0431\u044a\u0435\u043c, \u0440\u0430\u0432\u043d\u044b\u0439 \u043a\u043e\u043d\u0441\u0442\u0430\u043d\u0442\u0435 SECMEM_BUFFER_SIZE<\/code>.<\/p>\n

\u0414\u0430\u043b\u0435\u0435 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435 \u043f\u043e\u043b\u043d\u043e \u043c\u0435\u0441\u0442 \u0433\u0434\u0435 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u0443\u044e\u0442 \u0442\u043e 4\u043a\u0431 \u043a\u043b\u044e\u0447\u0438 \u0438\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 (\u0432\u044b\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435, \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u00ab\u043f\u0430\u043a\u0435\u0442\u0430\u00bb \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438), \u043f\u0440\u0438\u0432\u043e\u0436\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e:<\/p>\n

agent\/command-ssh.c: log_error (_("ssh keys greater than %d bits are not supported\\n"), 4096);<\/code>
g10\/card-util.c: n = get_data_from_file (args, 16384, &data);<\/code>
g10\/plaintext.c: byte *buffer = xmalloc( 32768 );<\/code>
common\/dns-cert.c: rc=get_dns_cert (argv[1],16384,&iobuf,&fpr,&fpr_len,&url);<\/code><\/p>\n

\u0421\u0430\u043c \u0440\u0430\u0437\u043c\u0435\u0440 \u043a\u043b\u044e\u0447\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0435\u0441\u0442, \u0437\u0430\u0434\u0430\u0435\u0442\u0441\u044f \u0432 g10\/keygen.c:<\/p>\n

const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);<\/code>
unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;<\/code><\/p>\n

\u041d\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0432 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u0438 gnupg \u043f\u0440\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043a\u043b\u044e\u0447\u0430 RSA-32768 \u043c\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u043c: <\/p>\n

gpg: checking the trustdb
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: keydb_search failed: Invalid packet
gpg: public key of ultimately trusted key FB2E6BDF not found
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: keydb_search failed: Invalid keyring
gpg: public key of ultimately trusted key 6146D68D not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: validate_key_list failed<\/p><\/blockquote>\n

\u0414\u044c\u044f\u0432\u043e\u043b \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0434\u0435\u0442\u0430\u043b\u044f\u0445<\/del> \u0432 libgcrypt:<\/p>\n

mpi\/mpicoder.c: #define MAX_EXTERN_MPI_BITS 16384<\/code> \u2014 \u0440\u0430\u0437\u043c\u0435\u0440 \u043f\u0430\u043a\u0435\u0442\u0430 \u0432 \u0431\u0438\u0442\u0430\u0445.<\/p>\n

\u0418 \u0432 \u043d\u0435\u043a\u043e\u0435\u043c \u0440\u043e\u0434\u0435:
src\/secmem.c: #define MINIMUM_POOL_SIZE 16384<\/code>
src\/secmem.c: #define STANDARD_POOL_SIZE 32768<\/code>
\u0412 \u043d\u0435\u043a\u043e\u0435\u043c \u043f\u043e\u0442\u043e\u043c\u0443, \u0447\u0442\u043e, \u043a\u0430\u043a \u044f \u043f\u043e\u043d\u044f\u043b \u0438\u0437 \u043a\u043e\u0434\u0430, \u044d\u0442\u043e \u0440\u0430\u0437\u043c\u0435\u0440 \u043f\u0443\u043b\u0430 \u0434\u043b\u044f SECMEM \u0432 \u0431\u0430\u0439\u0442\u0430\u0445, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c gnupg \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442 \u0441\u0432\u043e\u0439 securememory \u0447\u0435\u0440\u0435\u0437 gcry_control (GCRYCTL_INIT_SECMEM, \u0440\u0430\u0437\u043c\u0435\u0440_\u0432_\u0431\u0438\u0442\u0430\u0445, 0);<\/code><\/p>\n

\u0412 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0432\u044b\u043b\u0438\u043b\u0430\u0441\u044c \u0432\u043e\u0442 \u0432 \u0442\u0430\u043a\u043e\u0439 diff \u0434\u043b\u044f GnuPG-2.0.29<\/p>\n

gnupg-2.0.29-RSA32k.patch<\/b><\/p>\n
\n
diff -uraN a\/agent\/command-ssh.c b\/agent\/command-ssh.c --- a\/agent\/command-ssh.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/agent\/command-ssh.c\t2016-02-26 21:46:47.000000000 +0100 @@ -592,7 +592,7 @@       not too large. *\/    if (mpi_data_size > 520)      { -      log_error (_("ssh keys greater than %d bits are not supported\\n"), 4096); +      log_error (_("ssh keys greater than %d bits are not supported\\n"), KEY_MAX_SIZE_LOOKSLIKE);        err = GPG_ERR_TOO_LARGE;        goto out;      } diff -uraN a\/agent\/gpg-agent.c b\/agent\/gpg-agent.c --- a\/agent\/gpg-agent.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/agent\/gpg-agent.c\t2016-02-26 21:46:47.000000000 +0100 @@ -233,7 +233,7 @@  \/* To avoid surprises we limit the size of the mapped IPC file to this     value.  Putty currently (0.62) uses 8k, thus 16k should be enough     for the foreseeable future.  *\/ -#define PUTTY_IPC_MAXLEN 16384 +#define PUTTY_IPC_MAXLEN KEY_MAX_SIZE_LOOKSLIKE  #endif \/*HAVE_W32_SYSTEM*\/    \/* The list of open file descriptors at startup.  Note that this list @@ -743,7 +743,7 @@      }      \/* Initialize the secure memory. *\/ -  gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0); +  gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);    maybe_setuid = 0;      \/* diff -uraN a\/agent\/protect-tool.c b\/agent\/protect-tool.c --- a\/agent\/protect-tool.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/agent\/protect-tool.c\t2016-02-26 21:46:47.000000000 +0100 @@ -1036,7 +1036,7 @@      }      setup_libgcrypt_logging (); -  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); +  gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);        opt_homedir = default_homedir (); diff -uraN a\/common\/dns-cert.c b\/common\/dns-cert.c --- a\/common\/dns-cert.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/common\/dns-cert.c\t2016-02-26 21:46:47.000000000 +0100 @@ -305,7 +305,7 @@      printf("CERT lookup on %s\\n",argv[1]);   -  rc=get_dns_cert (argv[1],16384,&iobuf,&fpr,&fpr_len,&url); +  rc=get_dns_cert (argv[1],KEY_MAX_SIZE_LOOKSLIKE,&iobuf,&fpr,&fpr_len,&url);    if(rc==-1)      printf("error\\n");    else if(rc==0) diff -uraN a\/config.h.in b\/config.h.in --- a\/config.h.in\t2015-09-08 15:30:25.000000000 +0200 +++ b\/config.h.in\t2016-02-26 21:46:47.000000000 +0100 @@ -608,6 +608,9 @@  \/* Size of secure memory buffer *\/  #undef SECMEM_BUFFER_SIZE   +\/* Maximum key size or lookslike *\/ +#undef KEY_MAX_SIZE_LOOKSLIKE +  \/* defines the filename of the shred program *\/  #undef SHRED   diff -uraN a\/configure b\/configure --- a\/configure\t2015-09-08 16:12:06.000000000 +0200 +++ b\/configure\t2016-02-26 21:46:47.000000000 +0100 @@ -5307,13 +5307,13 @@  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $large_secmem" >&5  $as_echo "$large_secmem" >&6; }  if test "$large_secmem" = yes ; then -   SECMEM_BUFFER_SIZE=65536 +   SECMEM_BUFFER_SIZE=262144  else -   SECMEM_BUFFER_SIZE=32768 +   SECMEM_BUFFER_SIZE=262144  fi -  cat >>confdefs.h <<_ACEOF  #define SECMEM_BUFFER_SIZE $SECMEM_BUFFER_SIZE +#define KEY_MAX_SIZE_LOOKSLIKE 32768  _ACEOF     diff -uraN a\/configure.ac b\/configure.ac --- a\/configure.ac\t2015-09-08 14:39:24.000000000 +0200 +++ b\/configure.ac\t2016-02-26 21:46:47.000000000 +0100 @@ -183,12 +183,15 @@                large_secmem=$enableval, large_secmem=no)  AC_MSG_RESULT($large_secmem)  if test "$large_secmem" = yes ; then -   SECMEM_BUFFER_SIZE=65536 +   SECMEM_BUFFER_SIZE=262144  else -   SECMEM_BUFFER_SIZE=32768 +   SECMEM_BUFFER_SIZE=262144  fi  AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,                     [Size of secure memory buffer]) +                    +AC_DEFINE_UNQUOTED(KEY_MAX_SIZE_LOOKSLIKE,32768, +                   [Maximum key size or lookslike])                         # Allow disabling of bzib2 support. diff -uraN a\/doc\/gnupg.info-1 b\/doc\/gnupg.info-1 --- a\/doc\/gnupg.info-1\t2015-09-08 16:15:29.000000000 +0200 +++ b\/doc\/gnupg.info-1\t2016-02-26 21:46:47.000000000 +0100 @@ -2552,7 +2552,7 @@         max-cert-size            When retrieving a key via DNS CERT, only accept keys up to -          this size.  Defaults to 16384 bytes. +          this size.  Defaults to 32768 bytes.         debug            Turn on debug output in the keyserver helper program.  Note diff -uraN a\/doc\/gpg.texi b\/doc\/gpg.texi --- a\/doc\/gpg.texi\t2015-09-08 14:39:24.000000000 +0200 +++ b\/doc\/gpg.texi\t2016-02-26 21:46:47.000000000 +0100 @@ -1645,7 +1645,7 @@  @ifclear gpgtwoone    @item max-cert-size    When retrieving a key via DNS CERT, only accept keys up to this size. -  Defaults to 16384 bytes. +  Defaults to 32768 bytes.  @end ifclear      @item debug diff -uraN a\/g10\/card-util.c b\/g10\/card-util.c --- a\/g10\/card-util.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/g10\/card-util.c\t2016-02-26 21:46:47.000000000 +0100 @@ -946,7 +946,7 @@      {        for (args++; spacep (args); args++)          ; -      n = get_data_from_file (args, 16384, &data); +      n = get_data_from_file (args, KEY_MAX_SIZE_LOOKSLIKE, &data);        if (n < 0) return -1; } @@ -1285,7 +1285,7 @@ ask_card_keysize (int keyno, unsigned int nbits) { unsigned int min_nbits = 1024; - unsigned int max_nbits = 4096; + unsigned int max_nbits = KEY_MAX_SIZE_LOOKSLIKE; char *prompt, *answer; unsigned int req_nbits; diff -uraN a\/g10\/gpg.h b\/g10\/gpg.h --- a\/g10\/gpg.h 2015-09-08 14:39:24.000000000 +0200 +++ b\/g10\/gpg.h 2016-02-26 21:46:47.000000000 +0100 @@ -35,7 +35,7 @@ \/* Number of bits we accept when reading or writing MPIs. *\/ -#define MAX_EXTERN_MPI_BITS 16384 +#define MAX_EXTERN_MPI_BITS KEY_MAX_SIZE_LOOKSLIKE \/* The maximum length of a binary fingerprints. *\/ #define MAX_FINGERPRINT_LEN 20 diff -uraN a\/g10\/keygen.c b\/g10\/keygen.c --- a\/g10\/keygen.c 2015-09-08 14:39:24.000000000 +0200 +++ b\/g10\/keygen.c 2016-02-26 21:46:47.000000000 +0100 @@ -1429,7 +1429,7 @@ PKT_secret_key *sk; PKT_public_key *pk; gcry_sexp_t s_parms, s_key; - const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096); + const unsigned maxsize = KEY_MAX_SIZE_LOOKSLIKE; assert (is_RSA(algo)); @@ -1798,7 +1798,7 @@ static unsigned ask_keysize (int algo, unsigned int primary_keysize) { - unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096; + unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=KEY_MAX_SIZE_LOOKSLIKE; int for_subkey = !!primary_keysize; int autocomp = 0; diff -uraN a\/g10\/keyserver.c b\/g10\/keyserver.c --- a\/g10\/keyserver.c 2015-09-08 14:39:24.000000000 +0200 +++ b\/g10\/keyserver.c 2016-02-26 21:46:47.000000000 +0100 @@ -94,7 +94,7 @@ struct keyserver_spec *keyserver); \/* Reasonable guess *\/ -#define DEFAULT_MAX_CERT_SIZE 16384 +#define DEFAULT_MAX_CERT_SIZE KEY_MAX_SIZE_LOOKSLIKE static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE; diff -uraN a\/g10\/parse-packet.c b\/g10\/parse-packet.c --- a\/g10\/parse-packet.c 2015-09-08 14:39:24.000000000 +0200 +++ b\/g10\/parse-packet.c 2016-02-26 21:46:47.000000000 +0100 @@ -1681,7 +1681,7 @@ --*length; nbits |= c; - if (nbits > 16384) +  if (nbits > KEY_MAX_SIZE_LOOKSLIKE)      {        log_error ("mpi too large (%u bits)\\n", nbits);        return NULL; diff -uraN a\/g10\/plaintext.c b\/g10\/plaintext.c --- a\/g10\/plaintext.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/g10\/plaintext.c\t2016-02-26 21:46:47.000000000 +0100 @@ -225,9 +225,9 @@  \t    }  \t}  \telse { \/* binary mode *\/ -\t    byte *buffer = xmalloc( 32768 ); +\t    byte *buffer = xmalloc( KEY_MAX_SIZE_LOOKSLIKE );  \t    while( pt->len ) { -\t\tint len = pt->len > 32768 ? 32768 : pt->len; +\t\tint len = pt->len > KEY_MAX_SIZE_LOOKSLIKE ? KEY_MAX_SIZE_LOOKSLIKE : pt->len;  \t\tlen = iobuf_read( pt->buf, buffer, len );  \t\tif( len == -1 ) {                      rc = gpg_error_from_syserror (); @@ -294,7 +294,7 @@  \t    }  \t}  \telse { \/* binary mode *\/ -\t    byte *buffer = xmalloc( 32768 ); +\t    byte *buffer = xmalloc( KEY_MAX_SIZE_LOOKSLIKE );  \t    int eof_seen = 0;    \t    while ( !eof_seen ) { @@ -304,10 +304,10 @@  \t\t * off and therefore we don't catch the boundary.  \t\t * So, always assume EOF if iobuf_read returns less bytes  \t\t * then requested *\/ -\t\tint len = iobuf_read( pt->buf, buffer, 32768 ); +\t\tint len = iobuf_read( pt->buf, buffer, KEY_MAX_SIZE_LOOKSLIKE );  \t\tif( len == -1 )  \t\t    break; -\t\tif( len < 32768 ) +\t\tif( len < KEY_MAX_SIZE_LOOKSLIKE ) eof_seen = 1; if( mfx->md )  \t\t    gcry_md_write ( mfx->md, buffer, len ); diff -uraN a\/scd\/apdu.c b\/scd\/apdu.c --- a\/scd\/apdu.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/scd\/apdu.c\t2016-02-26 21:46:47.000000000 +0100 @@ -2964,7 +2964,7 @@      if (opt.ctapi_driver && *opt.ctapi_driver)      { -      int port = portstr? atoi (portstr) : 32768; +      int port = portstr? atoi (portstr) : KEY_MAX_SIZE_LOOKSLIKE;          if (!ct_api_loaded)          { @@ -3612,7 +3612,7 @@        else if (extended_mode < 0) { \/* Send APDU using chaining mode. *\/ - if (lc > 16384) +          if (lc > KEY_MAX_SIZE_LOOKSLIKE)              return SW_WRONG_LENGTH;   \/* Sanity check.  *\/            if ((class&0xf0) != 0)              return SW_HOST_INV_VALUE; \/* Upper 4 bits need to be 0.  *\/ diff -uraN a\/scd\/command.c b\/scd\/command.c --- a\/scd\/command.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/scd\/command.c\t2016-02-26 21:46:47.000000000 +0100 @@ -45,13 +45,13 @@  #define MAXLEN_PIN 100    \/* Maximum allowed size of key data as used in inquiries. *\/ -#define MAXLEN_KEYDATA 4096 +#define MAXLEN_KEYDATA KEY_MAX_SIZE_LOOKSLIKE    \/* Maximum allowed total data size for SETDATA.  *\/ -#define MAXLEN_SETDATA 4096 +#define MAXLEN_SETDATA KEY_MAX_SIZE_LOOKSLIKE    \/* Maximum allowed size of certificate data as used in inquiries. *\/ -#define MAXLEN_CERTDATA 16384 +#define MAXLEN_CERTDATA KEY_MAX_SIZE_LOOKSLIKE      #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) diff -uraN a\/scd\/scdaemon.c b\/scd\/scdaemon.c --- a\/scd\/scdaemon.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/scd\/scdaemon.c\t2016-02-26 21:46:47.000000000 +0100 @@ -497,7 +497,7 @@      }      \/* initialize the secure memory. *\/ -  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); +  gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);    maybe_setuid = 0;      \/* diff -uraN a\/sm\/gpgsm.c b\/sm\/gpgsm.c --- a\/sm\/gpgsm.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/sm\/gpgsm.c\t2016-02-26 21:46:47.000000000 +0100 @@ -965,7 +965,7 @@        \/* Initialize the secure memory. *\/ -  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); +  gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);    maybe_setuid = 0;      \/* diff -uraN a\/tools\/gpg-check-pattern.c b\/tools\/gpg-check-pattern.c --- a\/tools\/gpg-check-pattern.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/tools\/gpg-check-pattern.c\t2016-02-26 21:46:47.000000000 +0100 @@ -179,7 +179,7 @@      }      setup_libgcrypt_logging (); -  gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); +  gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);      opt.homedir = default_homedir ();   diff -uraN a\/tools\/make-dns-cert.c b\/tools\/make-dns-cert.c --- a\/tools\/make-dns-cert.c\t2015-09-01 08:52:21.000000000 +0200 +++ b\/tools\/make-dns-cert.c\t2016-02-26 21:46:47.000000000 +0100 @@ -64,7 +64,7 @@        goto fail;      }   -  if(statbuf.st_size>16384) +  if(statbuf.st_size>KEY_MAX_SIZE_LOOKSLIKE)      fprintf(stderr,"Warning: key file %s is larger than the default"  \t    " GnuPG max-cert-size\\n",keyfile);   diff -uraN a\/tools\/symcryptrun.c b\/tools\/symcryptrun.c --- a\/tools\/symcryptrun.c\t2015-09-08 14:39:24.000000000 +0200 +++ b\/tools\/symcryptrun.c\t2016-02-26 21:46:47.000000000 +0100 @@ -999,7 +999,7 @@                   NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );      }    setup_libgcrypt_logging (); -  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); +  gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);      \/* Tell simple-pwquery about the the standard socket name.  *\/    { <\/code><\/pre>\n
  <\/div>\n<\/div>\n
  \u0414\u043e \u043a\u0443\u0447\u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0438 \u043a\u043b\u044e\u0447\u0430 \u0434\u043b\u044f ssh.<\/em><\/p>\n
  \u0418 \u0432\u043e\u0442 \u0442\u0430\u043a\u043e\u0439 diff \u0434\u043b\u044f libgcrypt-1.6.5<\/p>\n
libgcrypt-1.6.5-RSA32k.patch<\/b><\/p>\n
\n
diff -uraN a\/mpi\/mpicoder.c b\/mpi\/mpicoder.c --- a\/mpi\/mpicoder.c\t2015-02-23 11:55:58.000000000 +0100 +++ b\/mpi\/mpicoder.c\t2016-02-25 17:45:29.000000000 +0100 @@ -27,7 +27,7 @@  #include "mpi-internal.h"  #include "g10lib.h"   -#define MAX_EXTERN_MPI_BITS 16384 +#define MAX_EXTERN_MPI_BITS 32768    \/* Helper used to scan PGP style MPIs.  Returns NULL on failure. *\/  static gcry_mpi_t diff -uraN a\/src\/secmem.c b\/src\/secmem.c --- a\/src\/secmem.c\t2016-02-09 10:10:38.000000000 +0100 +++ b\/src\/secmem.c\t2016-02-25 17:45:29.000000000 +0100 @@ -45,8 +45,8 @@  #define MAP_ANONYMOUS MAP_ANON  #endif   -#define MINIMUM_POOL_SIZE 16384 -#define STANDARD_POOL_SIZE 32768 +#define MINIMUM_POOL_SIZE 32768 +#define STANDARD_POOL_SIZE 65536  #define DEFAULT_PAGE_SIZE 4096    typedef struct memblock <\/code><\/pre>\n<\/p><\/div>\n<\/div>\n
  \u0420\u0430\u0437\u043c\u0435\u0440 \u043f\u0443\u043b\u0430 \u0431\u044b\u043b \u0443\u0434\u0432\u043e\u0435\u043d. \u0414\u043b\u044f \u043f\u043e\u0447\u0442\u0438 \u0431\u0435\u0437\u0433\u043b\u044e\u043a\u043e\u0432\u044b\u0445 16384 \u043a\u043b\u044e\u0447\u0435\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 \u043f\u0443\u043b\u0430 \u0431\u044b\u043b 32768 (\u043f\u0440\u0438 \u043d\u043e\u0440\u043c\u0435 \u043a\u043b\u044e\u0447\u0435\u0439 \u0432 4096 \u0438 8192).<\/p>\n
  \u0420\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043b\u0438 \u0441\u0438\u0435?<\/p>\n
  \u0414\u0430:  <\/p>\n
sec 32768R\/18B54A62 2016-02-24<\/p>\n
  uid test32768key<\/p>\n
  ssb 32768R\/1507CD2A 2016-02-24<\/p><\/blockquote>\n
  \u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043d\u0430 i5-5200 \u043f\u043e\u0434 Debian 8.3 (4.3.0-0.bpo.1-amd64 #1 SMP Debian 4.3.3-7~bpo8+1 (2016-01-19) x86_64 GNU\/Linux):  <\/p>\n
RSA 16384 \u2014 19 \u043c\u0438\u043d\u0443\u0442 (\u0432\u0440\u0435\u043c\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0430\u0440\u044b)<\/p>\n
  RSA 32768 \u2014 106 \u043c\u0438\u043d\u0443\u0442 (\u0432\u0440\u0435\u043c\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0430\u0440\u044b)<\/p><\/blockquote>\n
  \u0428\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u0430 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c 12\u041c\u0431 (\u0434\u0440\u0443\u0433\u043e\u0439 \u043a\u043b\u044e\u0447 RSA-32768, \u0437\u0430 \u0432\u0440\u0435\u043c\u044f \u0442\u0435\u0441\u0442\u043e\u0432 \u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u044f \u0438\u0445 \u0448\u0442\u0443\u043a 10 \u043d\u0430\u0433\u0435\u043d\u0435\u0440\u0438\u043b):  <\/p>\n
time gpg2 —out file.gz.enc —recipient \u00abtest32768pair\u00bb —encrypt file.gz<\/p>\n
  real 0m0.079s<\/p>\n
  user 0m0.072s<\/p>\n
  sys 0m0.004s<\/p><\/blockquote>\n
  \u0414\u0435\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0430:  <\/p>\n
time gpg2 —out file.gz.gz —decrypt file.gz.enc<\/p>\n
  real 0m7.610s<\/p>\n
  user 0m5.624s<\/p>\n
  sys 0m0.024s<\/p><\/blockquote>\n
  \u0418 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430:  <\/p>\n
7ab98fd4a154fad5f5bbe0d698178783cd2ac994 file.gz<\/p>\n
  9773bb1b9d7f75f408f562d476e8936aafa0f3b9 file.gz.enc<\/p>\n
  7ab98fd4a154fad5f5bbe0d698178783cd2ac994 file.gz.gz<\/p><\/blockquote>\n
  \u0422\u043e\u043d\u043a\u043e\u0441\u0442\u0438: \u0435\u0441\u043b\u0438 \u0432 \u043a\u0435\u0439\u0440\u0438\u043d\u0433 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0442\u0430\u043a\u043e\u0439 \u043a\u043b\u044e\u0447, \u0442\u043e \u0432\u0430\u043d\u0438\u043b\u044c\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u0447\u0438\u0442\u0430\u0442\u044c, \u0432 \u0432\u0438\u0434\u0443 \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0448\u0435 (mpi \u0438 \u0442.\u0434.). \u0422\u0430\u043a \u0447\u0442\u043e \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0442\u0430\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 (\u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439) \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0432\u0430\u043d\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u043e\u0444\u0442\u0430 (\u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043a\u043b\u044e\u0447\u0430\u043c\u0438) \u043d\u0430\u0434\u043e \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u043a\u0435\u0439\u0440\u0438\u043d\u0433.<\/p>\n
  \u041d\u0443 \u0438, \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e: \u0412\u041e\u0417\u041c\u041e\u0416\u041d\u042b \u041f\u041e\u0422\u0415\u0420\u042f \u0414\u0410\u041d\u041d\u042b\u0425, \u041a\u0420\u0410\u0425 \u0421\u0418\u0421\u0422\u0415\u041c\u042b \u0418 \u041a\u0420\u0410\u0421\u041d\u042b\u0415 \u0413\u041b\u0410\u0417\u0410.<\/p>\n
  \u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442 \u0438 \u043f\u0430\u0442\u0447\u0438 (=diff) \u043d\u0430 github:  <\/p>\n