Latest CVE-2014-5270 patch breaks ElGamal keys of 16k
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg (Debian) |
Fix Released
|
Unknown
|
|||
gnupg (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I'm currenty using Ubuntu 12.04.5 LTS, 32-bit.
This is what i get with GnuPG version 1.4.11-3ubuntu2.6 using Enigmail (correct behavior):
2014-09-19 13:44:09.630 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --encrypt-to 0x135C7291 -
r 0x0B7D1987135C7291 -u 0x135C7291
2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=16, sendFlags=00000142, outputLen=5768
2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message:
gpg: 0x0B7D1987135C7291: skipped: public key already present
[GNUPG:] BEGIN_ENCRYPTION 2 9
[GNUPG:] END_ENCRYPTION
2014-09-19 13:44:40.548 [DEBUG] enigmailCommon.jsm: parseErrorOutput: statusFlags = 80000000
2014-09-19 13:44:40.549 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.550 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.556 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.569 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.573 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComp
2014-09-19 13:44:40.575 [DEBUG] enigmail.js: Enigmail.
2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: encryptMessageS
2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: getEncryptCommand: hashAlgorithm=null
2014-09-19 13:44:40.577 enigmailCommon.jsm: execStart: command = /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291, needPassphrase=1, domWindow=[object ChromeWindow], listener=[object Object]
2014-09-19 13:44:40.577 [DEBUG] enigmailCommon.jsm: getPassphrase:
2014-09-19 13:44:40.578 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291 --use-agent
2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=00000043, outputLen=5906
2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message:
[GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby <email address hidden>
[GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0
[GNUPG:] GOOD_PASSPHRASE
gpg: 0x0B7D1987135C7291: skipped: public key already present
[GNUPG:] BEGIN_SIGNING
[GNUPG:] SIG_CREATED S 17 10 01 1411152280 D0178161A8FA6E5
[GNUPG:] BEGIN_ENCRYPTION 2 9
[GNUPG:] END_ENCRYPTION
This is what i get with GnuPG version 1.4.11-3ubuntu2.7 using Enigmail (incorrect behavior):
2014-09-18 22:41:19.504 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135
C7291 -r 0x834AC0577A169C63 -u 0x135C7291 --use-agent
2014-09-18 22:41:37.732 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=00000043, outputLen=0
2014-09-18 22:41:37.733 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message:
[GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby <email address hidden>
[GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0
[GNUPG:] GOOD_PASSPHRASE
gpg: out of secure memory while allocating 2048 bytes
gpg: (this may be caused by too many secret keys used simultaneously or due to excessive large key sizes)
Obviously, the latest security patch breaks ElGamal encryption with large keys (in this case, 16384 bytes).
Although GnuPG doesn't allow to generate these keys, the PGP standard (and GnuPG itself) supports large key sizes.
Please review the latest patch and make sure that all key sizes are supported.
CVE References
information type: | Private Security → Public |
Changed in gnupg (Debian): | |
status: | Unknown → New |
Changed in gnupg (Debian): | |
status: | New → Fix Released |
This is an upstream decision. In fact, they've now limited the size of ElGamal keys to 4096 with the following commit:
http:// git.gnupg. org/cgi- bin/gitweb. cgi?p=gnupg. git;a=commit; h=aae7ec516b79e 20938c56fd48fc0 bc9d2116426c
Another relevant Debian bug: https:/ /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 749335