Skip to content

Commit

Permalink
gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
Browse files Browse the repository at this point in the history 
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
SHA-1 based signatures.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
  • Loading branch information
@dd9jn
dd9jn committed Oct 3, 2019
1 parent 63dbc81 commit c4f2d9e
Showing 1 changed file with 29 additions and 15 deletions.
44 changes: 29 additions & 15 deletions g10/sig-check.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -871,6 +871,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
PKT_public_key *pripk = kb->pkt->pkt.public_key;
gcry_md_hd_t md;
int signer_alloced = 0;
int stub_is_selfsig;

if (!is_selfsig)
is_selfsig = &stub_is_selfsig;

rc = openpgp_pk_test_algo (sig->pubkey_algo);
if (rc)
Expand Down Expand Up @@ -904,14 +908,11 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,

if (signer)
{
if (is_selfsig)
{
if (signer->keyid[0] == pripk->keyid[0]
&& signer->keyid[1] == pripk->keyid[1])
*is_selfsig = 1;
else
*is_selfsig = 0;
}
if (signer->keyid[0] == pripk->keyid[0]
&& signer->keyid[1] == pripk->keyid[1])
*is_selfsig = 1;
else
*is_selfsig = 0;
}
else
{
Expand All @@ -921,8 +922,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
{
/* Issued by the primary key. */
signer = pripk;
if (is_selfsig)
*is_selfsig = 1;
*is_selfsig = 1;
}
else
{
Expand Down Expand Up @@ -951,8 +951,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
if (! signer)
{
/* Signer by some other key. */
if (is_selfsig)
*is_selfsig = 0;
*is_selfsig = 0;
if (ret_pk)
{
signer = ret_pk;
Expand Down Expand Up @@ -1013,9 +1012,24 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
{
log_assert (packet->pkttype == PKT_USER_ID);
hash_public_key (md, pripk);
hash_uid_packet (packet->pkt.user_id, md, sig);
rc = check_signature_end_simple (signer, sig, md, NULL, 0);
log_debug ("algo=%d selfsig=%d tm=%lu\n",
sig->digest_algo, *is_selfsig, (unsigned long)sig->timestamp);
if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
&& sig->timestamp > 1547856000)
{
/* If the signature was created using SHA-1 we consider this
* signature invalid because it makes it possible to mount a
* chosen-prefix collision. We don't do this for
* self-signatures or for signatures created before the
* somewhat arbitrary cut-off date 2019-01-19. */
rc = gpg_error (GPG_ERR_DIGEST_ALGO);
}
else
{
hash_public_key (md, pripk);
hash_uid_packet (packet->pkt.user_id, md, sig);
rc = check_signature_end_simple (signer, sig, md, NULL, 0);
}
}
else
{
Expand Down

0 comments on commit c4f2d9e

Please sign in to comment.