mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain SHA-1 based signatures. -- Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
63dbc817e7
commit
c4f2d9e3e1
@ -871,6 +871,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
|
|||||||
PKT_public_key *pripk = kb->pkt->pkt.public_key;
|
PKT_public_key *pripk = kb->pkt->pkt.public_key;
|
||||||
gcry_md_hd_t md;
|
gcry_md_hd_t md;
|
||||||
int signer_alloced = 0;
|
int signer_alloced = 0;
|
||||||
|
int stub_is_selfsig;
|
||||||
|
|
||||||
|
if (!is_selfsig)
|
||||||
|
is_selfsig = &stub_is_selfsig;
|
||||||
|
|
||||||
rc = openpgp_pk_test_algo (sig->pubkey_algo);
|
rc = openpgp_pk_test_algo (sig->pubkey_algo);
|
||||||
if (rc)
|
if (rc)
|
||||||
@ -904,14 +908,11 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
|
|||||||
|
|
||||||
if (signer)
|
if (signer)
|
||||||
{
|
{
|
||||||
if (is_selfsig)
|
if (signer->keyid[0] == pripk->keyid[0]
|
||||||
{
|
&& signer->keyid[1] == pripk->keyid[1])
|
||||||
if (signer->keyid[0] == pripk->keyid[0]
|
*is_selfsig = 1;
|
||||||
&& signer->keyid[1] == pripk->keyid[1])
|
else
|
||||||
*is_selfsig = 1;
|
*is_selfsig = 0;
|
||||||
else
|
|
||||||
*is_selfsig = 0;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -921,8 +922,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
|
|||||||
{
|
{
|
||||||
/* Issued by the primary key. */
|
/* Issued by the primary key. */
|
||||||
signer = pripk;
|
signer = pripk;
|
||||||
if (is_selfsig)
|
*is_selfsig = 1;
|
||||||
*is_selfsig = 1;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -951,8 +951,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
|
|||||||
if (! signer)
|
if (! signer)
|
||||||
{
|
{
|
||||||
/* Signer by some other key. */
|
/* Signer by some other key. */
|
||||||
if (is_selfsig)
|
*is_selfsig = 0;
|
||||||
*is_selfsig = 0;
|
|
||||||
if (ret_pk)
|
if (ret_pk)
|
||||||
{
|
{
|
||||||
signer = ret_pk;
|
signer = ret_pk;
|
||||||
@ -1013,9 +1012,24 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
|
|||||||
else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
|
else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
|
||||||
{
|
{
|
||||||
log_assert (packet->pkttype == PKT_USER_ID);
|
log_assert (packet->pkttype == PKT_USER_ID);
|
||||||
hash_public_key (md, pripk);
|
log_debug ("algo=%d selfsig=%d tm=%lu\n",
|
||||||
hash_uid_packet (packet->pkt.user_id, md, sig);
|
sig->digest_algo, *is_selfsig, (unsigned long)sig->timestamp);
|
||||||
rc = check_signature_end_simple (signer, sig, md, NULL, 0);
|
if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
|
||||||
|
&& sig->timestamp > 1547856000)
|
||||||
|
{
|
||||||
|
/* If the signature was created using SHA-1 we consider this
|
||||||
|
* signature invalid because it makes it possible to mount a
|
||||||
|
* chosen-prefix collision. We don't do this for
|
||||||
|
* self-signatures or for signatures created before the
|
||||||
|
* somewhat arbitrary cut-off date 2019-01-19. */
|
||||||
|
rc = gpg_error (GPG_ERR_DIGEST_ALGO);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
hash_public_key (md, pripk);
|
||||||
|
hash_uid_packet (packet->pkt.user_id, md, sig);
|
||||||
|
rc = check_signature_end_simple (signer, sig, md, NULL, 0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user