[PATCH] g10: release DEK soon after its use

NIIBE Yutaka gniibe at fsij.org
Fri Dec 12 02:00:38 CET 2014

Reported to Debian gnupg 1.4: bugs.debian.org/772780

With the configuration of : s2k-cipher-algo S10, adding a subkey of
RSA-4096 to primary of RSA-4096 (by --edit-key) causes out_of_core of
secmem in write_keybinding function (if its size is 32768).

I think that this is a regression introduced by RSA Blinding.

Here is a patch to lower the memory pressure of secmem and fix the
particular failure.

Mostly same fix can be applied to 2.0.x.  For 2.1, the management of
private key is under gpg-agent, so, this is not relevant.

May I apply this change (to 1.4.x and 2.0.x)?

diff --git a/g10/keygen.c b/g10/keygen.c
index 9020908..5af0043 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3447,6 +3447,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )

     rc = do_create (algo, nbits, pub_keyblock, sec_keyblock,
 		    dek, s2k, &sub_sk, timestamp, expire, 1 );
+    xfree( dek );
     if (!rc)
 	rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,
                                use, timestamp);
@@ -3463,7 +3464,6 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
     if( rc )
 	log_error(_("Key generation failed: %s\n"), g10_errstr(rc) );
     xfree( passphrase );
-    xfree( dek );
     xfree( s2k );
     /* release the copy of the (now unprotected) secret keys */
     if( pri_sk )

More information about the Gnupg-devel mailing list