security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-25 15:27:03 +01:00
Code Activity

gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.

Browse Source 
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
SHA-1 based signatures.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4)

Adjusted for changed added arguments in a function.
This commit is contained in:
Werner Koch 2019-10-03 17:43:26 +02:00
parent de57b5bf91
commit edc36f59fc
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
g10/sig-check.c
View File

@ -824,6 +824,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
PKT_public_key *pripk = kb->pkt->pkt.public_key; PKT_public_key *pripk = kb->pkt->pkt.public_key;
gcry_md_hd_t md; gcry_md_hd_t md;
int signer_alloced = 0; int signer_alloced = 0;
int stub_is_selfsig;
if (!is_selfsig)
is_selfsig = &stub_is_selfsig;
rc = openpgp_pk_test_algo (sig->pubkey_algo); rc = openpgp_pk_test_algo (sig->pubkey_algo);
if (rc) if (rc)
@ -856,8 +860,6 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
/* PACKET is the right type for SIG. */ /* PACKET is the right type for SIG. */
if (signer) if (signer)
{
if (is_selfsig)
{ {
if (signer->keyid[0] == pripk->keyid[0] if (signer->keyid[0] == pripk->keyid[0]
&& signer->keyid[1] == pripk->keyid[1]) && signer->keyid[1] == pripk->keyid[1])
@ -865,7 +867,6 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
else else
*is_selfsig = 0; *is_selfsig = 0;
} }
}
else else
{ {
/* Get the signer. If possible, avoid a look up. */ /* Get the signer. If possible, avoid a look up. */
@ -874,7 +875,6 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
{ {
/* Issued by the primary key. */ /* Issued by the primary key. */
signer = pripk; signer = pripk;
if (is_selfsig)
*is_selfsig = 1; *is_selfsig = 1;
} }
else else
@ -904,7 +904,6 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
if (! signer) if (! signer)
{ {
/* Signer by some other key. */ /* Signer by some other key. */
if (is_selfsig)
*is_selfsig = 0; *is_selfsig = 0;
if (ret_pk) if (ret_pk)
{ {
@ -966,10 +965,23 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
else if (IS_UID_SIG (sig) || IS_UID_REV (sig)) else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
{ {
log_assert (packet->pkttype == PKT_USER_ID); log_assert (packet->pkttype == PKT_USER_ID);
if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
&& sig->timestamp > 1547856000)
{
/* If the signature was created using SHA-1 we consider this
* signature invalid because it makes it possible to mount a
* chosen-prefix collision. We don't do this for
* self-signatures or for signatures created before the
* somewhat arbitrary cut-off date 2019-01-19. */
rc = gpg_error (GPG_ERR_DIGEST_ALGO);
}
else
{
hash_public_key (md, pripk); hash_public_key (md, pripk);
hash_uid_packet (packet->pkt.user_id, md, sig); hash_uid_packet (packet->pkt.user_id, md, sig);
rc = check_signature_end_simple (signer, sig, md); rc = check_signature_end_simple (signer, sig, md);
} }
}
else else
{ {
/* We should never get here. (The first if above should have /* We should never get here. (The first if above should have