mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-09 22:21:12 +01:00
gpg: Fix regression for the recent malicious subkey DoS fix.
* g10/packet.h (PUBKEY_USAGE_VERIFY): New. * g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested usage. (finish_lookup): Introduce a verify_mode. -- Fixes-commit: da0164efc7f32013bc24d97b9afa9f8d67c318bb GnuPG-bug-id: 7547
This commit is contained in:
Werner Koch
parent
da0164efc7
commit
1e581619bf
44
g10/getkey.c
44
g10/getkey.c
@ -315,11 +315,12 @@ pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
|
|||||||
|
|
||||||
|
|
||||||
/* Specialized version of get_pubkey which retrieves the key based on
|
/* Specialized version of get_pubkey which retrieves the key based on
|
||||||
* information in SIG. In contrast to get_pubkey PK is required. IF
|
* information in SIG. In contrast to get_pubkey PK is required. If
|
||||||
* FORCED_PK is not NULL, this public key is used and copied to PK.
|
* FORCED_PK is not NULL, this public key is used and copied to PK.
|
||||||
* If R_KEYBLOCK is not NULL the entire keyblock is stored there if
|
* If R_KEYBLOCK is not NULL the entire keyblock is stored there if
|
||||||
* found and FORCED_PK is not used; if not used or on error NULL is
|
* found and FORCED_PK is not used; if not used or on error NULL is
|
||||||
* stored there. */
|
* stored there. Use this function only to find the key for
|
||||||
|
* verification; it can't be used to select a key for signing. */
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
|
get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
|
||||||
PKT_public_key *forced_pk, kbnode_t *r_keyblock)
|
PKT_public_key *forced_pk, kbnode_t *r_keyblock)
|
||||||
@ -339,8 +340,9 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
|
|||||||
|
|
||||||
/* Make sure to request only keys cabable of signing. This makes
|
/* Make sure to request only keys cabable of signing. This makes
|
||||||
* sure that a subkey w/o a valid backsig or with bad usage flags
|
* sure that a subkey w/o a valid backsig or with bad usage flags
|
||||||
* will be skipped. */
|
* will be skipped. We also request the verification mode so that
|
||||||
pk->req_usage = PUBKEY_USAGE_SIG;
|
* expired and reoked keys are returned. */
|
||||||
|
pk->req_usage = (PUBKEY_USAGE_SIG | PUBKEY_USAGE_VERIFY);
|
||||||
|
|
||||||
/* First try the ISSUER_FPR info. */
|
/* First try the ISSUER_FPR info. */
|
||||||
fpr = issuer_fpr_raw (sig, &fprlen);
|
fpr = issuer_fpr_raw (sig, &fprlen);
|
||||||
@ -404,10 +406,10 @@ get_pubkey_bykid (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
|
|||||||
/* Try to get it from the cache. We don't do this when pk is
|
/* Try to get it from the cache. We don't do this when pk is
|
||||||
* NULL as it does not guarantee that the user IDs are cached.
|
* NULL as it does not guarantee that the user IDs are cached.
|
||||||
* The old get_pubkey_function did not check PK->REQ_USAGE when
|
* The old get_pubkey_function did not check PK->REQ_USAGE when
|
||||||
* reading form the caceh. This is probably a bug. Note that
|
* reading from the cache. This is probably a bug. Note that
|
||||||
* the cache is not used when the caller asked to return the
|
* the cache is not used when the caller asked to return the
|
||||||
* entire keyblock. This is because the cache does not
|
* entire keyblock. This is because the cache does not
|
||||||
* associate the public key wit its primary key. */
|
* associate the public key with its primary key. */
|
||||||
pk_cache_entry_t ce;
|
pk_cache_entry_t ce;
|
||||||
for (ce = pk_cache; ce; ce = ce->next)
|
for (ce = pk_cache; ce; ce = ce->next)
|
||||||
{
|
{
|
||||||
@ -3724,11 +3726,18 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
|
|||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
int req_prim;
|
int req_prim;
|
||||||
int diag_exactfound = 0;
|
int diag_exactfound = 0;
|
||||||
|
int verify_mode = 0;
|
||||||
u32 curtime = make_timestamp ();
|
u32 curtime = make_timestamp ();
|
||||||
|
|
||||||
if (r_flags)
|
if (r_flags)
|
||||||
*r_flags = 0;
|
*r_flags = 0;
|
||||||
|
|
||||||
|
|
||||||
|
/* The verify mode is used to change the behaviour so that we can
|
||||||
|
* return an expired or revoked key for signature verification. */
|
||||||
|
verify_mode = ((req_usage & PUBKEY_USAGE_VERIFY)
|
||||||
|
&& (req_usage & PUBKEY_USAGE_SIG));
|
||||||
|
|
||||||
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
|
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
|
||||||
req_usage &= USAGE_MASK;
|
req_usage &= USAGE_MASK;
|
||||||
/* In allow ADSK mode make sure both encryption bits are set. */
|
/* In allow ADSK mode make sure both encryption bits are set. */
|
||||||
@ -3784,9 +3793,9 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
|
log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x%s)\n",
|
||||||
(ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
|
(ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
|
||||||
foundk ? "one" : "all", req_usage);
|
foundk ? "one" : "all", req_usage, verify_mode? ",verify":"");
|
||||||
if (diag_exactfound && DBG_LOOKUP)
|
if (diag_exactfound && DBG_LOOKUP)
|
||||||
log_debug ("\texact search requested and found\n");
|
log_debug ("\texact search requested and found\n");
|
||||||
|
|
||||||
@ -3850,28 +3859,29 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
|
|||||||
}
|
}
|
||||||
|
|
||||||
n_subkeys++;
|
n_subkeys++;
|
||||||
if (pk->flags.revoked)
|
if (!verify_mode && pk->flags.revoked)
|
||||||
{
|
{
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("\tsubkey has been revoked\n");
|
log_debug ("\tsubkey has been revoked\n");
|
||||||
n_revoked_or_expired++;
|
n_revoked_or_expired++;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (pk->has_expired && !opt.ignore_expiration)
|
if (!verify_mode && pk->has_expired && !opt.ignore_expiration)
|
||||||
{
|
{
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("\tsubkey has expired\n");
|
log_debug ("\tsubkey has expired\n");
|
||||||
n_revoked_or_expired++;
|
n_revoked_or_expired++;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (pk->timestamp > curtime && !opt.ignore_valid_from)
|
if (!verify_mode && pk->timestamp > curtime && !opt.ignore_valid_from)
|
||||||
{
|
{
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("\tsubkey not yet valid\n");
|
log_debug ("\tsubkey not yet valid\n");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (want_secret)
|
|
||||||
|
if (!verify_mode && want_secret)
|
||||||
{
|
{
|
||||||
int secret_key_avail = agent_probe_secret_key (NULL, pk);
|
int secret_key_avail = agent_probe_secret_key (NULL, pk);
|
||||||
|
|
||||||
@ -3898,7 +3908,8 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("\tsubkey might be fine\n");
|
log_debug ("\tsubkey might be fine%s\n",
|
||||||
|
verify_mode? " for verification":"");
|
||||||
/* In case a key has a timestamp of 0 set, we make sure
|
/* In case a key has a timestamp of 0 set, we make sure
|
||||||
that it is used. A better change would be to compare
|
that it is used. A better change would be to compare
|
||||||
">=" but that might also change the selected keys and
|
">=" but that might also change the selected keys and
|
||||||
@ -3939,12 +3950,12 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
|
|||||||
log_debug ("\tprimary key usage does not match: "
|
log_debug ("\tprimary key usage does not match: "
|
||||||
"want=%x have=%x\n", req_usage, pk->pubkey_usage);
|
"want=%x have=%x\n", req_usage, pk->pubkey_usage);
|
||||||
}
|
}
|
||||||
else if (pk->flags.revoked)
|
else if (!verify_mode && pk->flags.revoked)
|
||||||
{
|
{
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("\tprimary key has been revoked\n");
|
log_debug ("\tprimary key has been revoked\n");
|
||||||
}
|
}
|
||||||
else if (pk->has_expired)
|
else if (!verify_mode && pk->has_expired)
|
||||||
{
|
{
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("\tprimary key has expired\n");
|
log_debug ("\tprimary key has expired\n");
|
||||||
@ -3952,7 +3963,8 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
|
|||||||
else /* Okay. */
|
else /* Okay. */
|
||||||
{
|
{
|
||||||
if (DBG_LOOKUP)
|
if (DBG_LOOKUP)
|
||||||
log_debug ("\tprimary key may be used\n");
|
log_debug ("\tprimary key may be used%s\n",
|
||||||
|
verify_mode? " for verification":"");
|
||||||
latest_key = keyblock;
|
latest_key = keyblock;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -60,6 +60,7 @@
|
|||||||
#define PUBKEY_USAGE_RENC 1024 /* Restricted encryption. */
|
#define PUBKEY_USAGE_RENC 1024 /* Restricted encryption. */
|
||||||
#define PUBKEY_USAGE_TIME 2048 /* Timestamp use. */
|
#define PUBKEY_USAGE_TIME 2048 /* Timestamp use. */
|
||||||
|
|
||||||
|
#define PUBKEY_USAGE_VERIFY 16384 /* Verify only modifier. */
|
||||||
|
|
||||||
/* The usage bits which can be derived from the algo. */
|
/* The usage bits which can be derived from the algo. */
|
||||||
#define PUBKEY_USAGE_BASIC_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC\
|
#define PUBKEY_USAGE_BASIC_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC\
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user