Skip to content

Commit edc36f5

Browse files
dd9jndd9jn
committed
gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain SHA-1 based signatures. -- Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from c4f2d9e) Adjusted for changed added arguments in a function.
1 parent de57b5b commit edc36f5

File tree

1 file changed

+27
-15
lines changed

1 file changed

+27
-15
lines changed

g10/sig-check.c

+27-15
Original file line numberDiff line numberDiff line change
@@ -824,6 +824,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
824824
PKT_public_key*pripk=kb->pkt->pkt.public_key;
825825
gcry_md_hd_tmd;
826826
intsigner_alloced=0;
827+
intstub_is_selfsig;
828+
829+
if (!is_selfsig)
830+
is_selfsig=&stub_is_selfsig;
827831

828832
rc=openpgp_pk_test_algo (sig->pubkey_algo);
829833
if (rc)
@@ -857,14 +861,11 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
857861

858862
if (signer)
859863
{
860-
if (is_selfsig)
861-
{
862-
if (signer->keyid[0] ==pripk->keyid[0]
863-
&&signer->keyid[1] ==pripk->keyid[1])
864-
*is_selfsig=1;
865-
else
866-
*is_selfsig=0;
867-
}
864+
if (signer->keyid[0] ==pripk->keyid[0]
865+
&&signer->keyid[1] ==pripk->keyid[1])
866+
*is_selfsig=1;
867+
else
868+
*is_selfsig=0;
868869
}
869870
else
870871
{
@@ -874,8 +875,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
874875
{
875876
/* Issued by the primary key. */
876877
signer=pripk;
877-
if (is_selfsig)
878-
*is_selfsig=1;
878+
*is_selfsig=1;
879879
}
880880
else
881881
{
@@ -904,8 +904,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
904904
if (! signer)
905905
{
906906
/* Signer by some other key. */
907-
if (is_selfsig)
908-
*is_selfsig=0;
907+
*is_selfsig=0;
909908
if (ret_pk)
910909
{
911910
signer=ret_pk;
@@ -966,9 +965,22 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
966965
elseif (IS_UID_SIG (sig) ||IS_UID_REV (sig))
967966
{
968967
log_assert (packet->pkttype==PKT_USER_ID);
969-
hash_public_key (md, pripk);
970-
hash_uid_packet (packet->pkt.user_id, md, sig);
971-
rc=check_signature_end_simple (signer, sig, md);
968+
if (sig->digest_algo==DIGEST_ALGO_SHA1&& !*is_selfsig
969+
&&sig->timestamp>1547856000)
970+
{
971+
/* If the signature was created using SHA-1 we consider this
972+
* signature invalid because it makes it possible to mount a
973+
* chosen-prefix collision. We don't do this for
974+
* self-signatures or for signatures created before the
975+
* somewhat arbitrary cut-off date 2019-01-19. */
976+
rc=gpg_error (GPG_ERR_DIGEST_ALGO);
977+
}
978+
else
979+
{
980+
hash_public_key (md, pripk);
981+
hash_uid_packet (packet->pkt.user_id, md, sig);
982+
rc=check_signature_end_simple (signer, sig, md);
983+
}
972984
}
973985
else
974986
{

0 commit comments

Comments
 (0)
close