security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Replace --override-compliance-check by a real fix. 

* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--

The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key.  The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.

Fixes-commit: fb26e144ad
GnuPG-bug-id: 5655
This commit is contained in:
Werner Koch 2023-01-20 11:02:02 +01:00
parent b9528830d6
commit d98bf02a03
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 8 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common/compliance.c
View File

@ -353,6 +353,10 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
case PUBKEY_ALGO_EDDSA: case PUBKEY_ALGO_EDDSA:
if (use == PK_USE_VERIFICATION)
result = 1;
else /* We may not create such signatures in de-vs mode. */
result = 0;
break; break;
default: default:

8
doc/gpg.texi
View File

@ -3559,13 +3559,7 @@ signatures made using SHA-1, those key signatures are considered
invalid. This options allows to override this restriction. invalid. This options allows to override this restriction.
@item --override-compliance-check @item --override-compliance-check
@opindex --override-compliance-check This was a temporary introduced option and has no more effect.
The signature verification only allows the use of keys suitable in the
current compliance mode. If the compliance mode has been forced by a
global option, there might be no way to check certain signature. This
option allows to override this and prints an extra warning in such a
case. This option is ignored in --batch mode so that no accidental
unattended verification may happen.
@item --no-default-keyring @item --no-default-keyring
@opindex no-default-keyring @opindex no-default-keyring

16
g10/gpg.c
View File

@ -360,7 +360,6 @@ enum cmd_and_opt_values
oShowSessionKey, oShowSessionKey,
oOverrideSessionKey, oOverrideSessionKey,
oOverrideSessionKeyFD, oOverrideSessionKeyFD,
oOverrideComplianceCheck,
oNoRandomSeedFile, oNoRandomSeedFile,
oAutoKeyRetrieve, oAutoKeyRetrieve,
oNoAutoKeyRetrieve, oNoAutoKeyRetrieve,
@ -878,7 +877,6 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
ARGPARSE_header (NULL, N_("Options for unattended use")), ARGPARSE_header (NULL, N_("Options for unattended use")),
@ -972,6 +970,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oNoop, "aead-algo", "@"), ARGPARSE_s_s (oNoop, "aead-algo", "@"),
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
ARGPARSE_group (302, N_( ARGPARSE_group (302, N_(
@ -3666,10 +3665,6 @@ main (int argc, char **argv)
opt.flags.allow_old_cipher_algos = 1; opt.flags.allow_old_cipher_algos = 1;
break; break;
case oOverrideComplianceCheck:
opt.flags.override_compliance_check = 1;
break;
case oFakedSystemTime: case oFakedSystemTime:
{ {
size_t len = strlen (pargs.r.ret_str); size_t len = strlen (pargs.r.ret_str);
@ -3879,15 +3874,6 @@ main (int argc, char **argv)
g10_exit(2); g10_exit(2);
} }
/* We allow overriding the compliance check only in non-batch mode
* so that the user has a chance to see the message. */
if (opt.flags.override_compliance_check && opt.batch)
{
opt.flags.override_compliance_check = 0;
log_info ("Note: '%s' ignored due to batch mode\n",
"--override-compliance-check");
}
set_debug (debug_level); set_debug (debug_level);
if (opt.verbose) /* Print the compatibility flags. */ if (opt.verbose) /* Print the compatibility flags. */
parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags); parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);

1
g10/options.h
View File

@ -245,7 +245,6 @@ struct
unsigned int allow_old_cipher_algos:1; unsigned int allow_old_cipher_algos:1;
unsigned int allow_weak_digest_algos:1; unsigned int allow_weak_digest_algos:1;
unsigned int allow_weak_key_signatures:1; unsigned int allow_weak_key_signatures:1;
unsigned int override_compliance_check:1;
unsigned int large_rsa:1; unsigned int large_rsa:1;
unsigned int disable_signer_uid:1; unsigned int disable_signer_uid:1;
unsigned int include_key_block:1; unsigned int include_key_block:1;

11
g10/sig-check.c
View File

@ -78,17 +78,10 @@ check_key_verify_compliance (PKT_public_key *pk)
NULL)) NULL))
{ {
/* Compliance failure. */ /* Compliance failure. */
log_info (_("key %s may not be used for signing in %s mode\n"), log_error (_("key %s may not be used for signing in %s mode\n"),
keystr_from_pk (pk), keystr_from_pk (pk),
gnupg_compliance_option_string (opt.compliance)); gnupg_compliance_option_string (opt.compliance));
if (opt.flags.override_compliance_check) err = gpg_error (GPG_ERR_PUBKEY_ALGO);
log_info (_("continuing verification anyway due to option %s\n"),
"--override-compliance-failure");
else
{
log_inc_errorcount (); /* We used log info above. */
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
}
} }
return err; return err;