security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-09 22:21:12 +01:00
Code Activity

gpg: Fix regression for the recent malicious subkey DoS fix.

Browse Source 
* g10/packet.h (PUBKEY_USAGE_VERIFY): New.
* g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested
usage.
(finish_lookup): Introduce a verify_mode.
--

Fixes-commit: da0164efc7f32013bc24d97b9afa9f8d67c318bb
GnuPG-bug-id: 7547
This commit is contained in:
Werner Koch 2025-03-06 17:17:17 +01:00
parent da0164efc7
commit 1e581619bf
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 29 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
g10/getkey.c
View File

@ -315,11 +315,12 @@ pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
/* Specialized version of get_pubkey which retrieves the key based on /* Specialized version of get_pubkey which retrieves the key based on
* information in SIG. In contrast to get_pubkey PK is required. IF * information in SIG. In contrast to get_pubkey PK is required. If
* FORCED_PK is not NULL, this public key is used and copied to PK. * FORCED_PK is not NULL, this public key is used and copied to PK.
* If R_KEYBLOCK is not NULL the entire keyblock is stored there if * If R_KEYBLOCK is not NULL the entire keyblock is stored there if
* found and FORCED_PK is not used; if not used or on error NULL is * found and FORCED_PK is not used; if not used or on error NULL is
* stored there. */ * stored there. Use this function only to find the key for
* verification; it can't be used to select a key for signing. */
gpg_error_t gpg_error_t
get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig, get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
PKT_public_key *forced_pk, kbnode_t *r_keyblock) PKT_public_key *forced_pk, kbnode_t *r_keyblock)
@ -339,8 +340,9 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
/* Make sure to request only keys cabable of signing. This makes /* Make sure to request only keys cabable of signing. This makes
* sure that a subkey w/o a valid backsig or with bad usage flags * sure that a subkey w/o a valid backsig or with bad usage flags
* will be skipped. */ * will be skipped. We also request the verification mode so that
pk->req_usage = PUBKEY_USAGE_SIG; * expired and reoked keys are returned. */
pk->req_usage = (PUBKEY_USAGE_SIG | PUBKEY_USAGE_VERIFY);
/* First try the ISSUER_FPR info. */ /* First try the ISSUER_FPR info. */
fpr = issuer_fpr_raw (sig, &fprlen); fpr = issuer_fpr_raw (sig, &fprlen);
@ -404,10 +406,10 @@ get_pubkey_bykid (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
/* Try to get it from the cache. We don't do this when pk is /* Try to get it from the cache. We don't do this when pk is
* NULL as it does not guarantee that the user IDs are cached. * NULL as it does not guarantee that the user IDs are cached.
* The old get_pubkey_function did not check PK->REQ_USAGE when * The old get_pubkey_function did not check PK->REQ_USAGE when
* reading form the caceh. This is probably a bug. Note that * reading from the cache. This is probably a bug. Note that
* the cache is not used when the caller asked to return the * the cache is not used when the caller asked to return the
* entire keyblock. This is because the cache does not * entire keyblock. This is because the cache does not
* associate the public key wit its primary key. */ * associate the public key with its primary key. */
pk_cache_entry_t ce; pk_cache_entry_t ce;
for (ce = pk_cache; ce; ce = ce->next) for (ce = pk_cache; ce; ce = ce->next)
{ {
@ -3724,11 +3726,18 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
PKT_public_key *pk; PKT_public_key *pk;
int req_prim; int req_prim;
int diag_exactfound = 0; int diag_exactfound = 0;
int verify_mode = 0;
u32 curtime = make_timestamp (); u32 curtime = make_timestamp ();
if (r_flags) if (r_flags)
*r_flags = 0; *r_flags = 0;
/* The verify mode is used to change the behaviour so that we can
* return an expired or revoked key for signature verification. */
verify_mode = ((req_usage & PUBKEY_USAGE_VERIFY)
&& (req_usage & PUBKEY_USAGE_SIG));
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT) #define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
req_usage &= USAGE_MASK; req_usage &= USAGE_MASK;
/* In allow ADSK mode make sure both encryption bits are set. */ /* In allow ADSK mode make sure both encryption bits are set. */
@ -3784,9 +3793,9 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
} }
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n", log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x%s)\n",
(ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL), (ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
foundk ? "one" : "all", req_usage); foundk ? "one" : "all", req_usage, verify_mode? ",verify":"");
if (diag_exactfound && DBG_LOOKUP) if (diag_exactfound && DBG_LOOKUP)
log_debug ("\texact search requested and found\n"); log_debug ("\texact search requested and found\n");
@ -3850,28 +3859,29 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
} }
n_subkeys++; n_subkeys++;
if (pk->flags.revoked) if (!verify_mode && pk->flags.revoked)
{ {
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("\tsubkey has been revoked\n"); log_debug ("\tsubkey has been revoked\n");
n_revoked_or_expired++; n_revoked_or_expired++;
continue; continue;
} }
if (pk->has_expired && !opt.ignore_expiration) if (!verify_mode && pk->has_expired && !opt.ignore_expiration)
{ {
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("\tsubkey has expired\n"); log_debug ("\tsubkey has expired\n");
n_revoked_or_expired++; n_revoked_or_expired++;
continue; continue;
} }
if (pk->timestamp > curtime && !opt.ignore_valid_from) if (!verify_mode && pk->timestamp > curtime && !opt.ignore_valid_from)
{ {
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("\tsubkey not yet valid\n"); log_debug ("\tsubkey not yet valid\n");
continue; continue;
} }
if (want_secret)
if (!verify_mode && want_secret)
{ {
int secret_key_avail = agent_probe_secret_key (NULL, pk); int secret_key_avail = agent_probe_secret_key (NULL, pk);
@ -3898,7 +3908,8 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
} }
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("\tsubkey might be fine\n"); log_debug ("\tsubkey might be fine%s\n",
verify_mode? " for verification":"");
/* In case a key has a timestamp of 0 set, we make sure /* In case a key has a timestamp of 0 set, we make sure
that it is used. A better change would be to compare that it is used. A better change would be to compare
">=" but that might also change the selected keys and ">=" but that might also change the selected keys and
@ -3939,12 +3950,12 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
log_debug ("\tprimary key usage does not match: " log_debug ("\tprimary key usage does not match: "
"want=%x have=%x\n", req_usage, pk->pubkey_usage); "want=%x have=%x\n", req_usage, pk->pubkey_usage);
} }
else if (pk->flags.revoked) else if (!verify_mode && pk->flags.revoked)
{ {
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("\tprimary key has been revoked\n"); log_debug ("\tprimary key has been revoked\n");
} }
else if (pk->has_expired) else if (!verify_mode && pk->has_expired)
{ {
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("\tprimary key has expired\n"); log_debug ("\tprimary key has expired\n");
@ -3952,7 +3963,8 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
else /* Okay. */ else /* Okay. */
{ {
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("\tprimary key may be used\n"); log_debug ("\tprimary key may be used%s\n",
verify_mode? " for verification":"");
latest_key = keyblock; latest_key = keyblock;
} }
} }

1
g10/packet.h
View File

@ -60,6 +60,7 @@
#define PUBKEY_USAGE_RENC 1024 /* Restricted encryption. */ #define PUBKEY_USAGE_RENC 1024 /* Restricted encryption. */
#define PUBKEY_USAGE_TIME 2048 /* Timestamp use. */ #define PUBKEY_USAGE_TIME 2048 /* Timestamp use. */
#define PUBKEY_USAGE_VERIFY 16384 /* Verify only modifier. */
/* The usage bits which can be derived from the algo. */ /* The usage bits which can be derived from the algo. */
#define PUBKEY_USAGE_BASIC_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC\ #define PUBKEY_USAGE_BASIC_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC\