SLFO-pool/gpg2
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
pull from: SLFO-pool:1.1
Branches Tags
SLFO-pool:1.1 SLFO-pool:main

4 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
5f7d6b9305 Sync from SUSE:SLFO:1.1 gpg2 revision 045c6036ffb3d8c960bc2c6934c19a20 2025-07-08 18:09:06 +02:00
Adrian Schröter
5e48815f44 Sync from SUSE:SLFO:1.1 gpg2 revision 9c3801b96630127eb85114532b8c21b3 2025-07-01 13:15:12 +02:00
Adrian Schröter
70a7e70ef7 Sync from SUSE:SLFO:1.1 gpg2 revision 12aaf5c8a556b0eba2fdbd5802fdd8ee 2025-06-30 10:25:11 +02:00
Adrian Schröter
6febc95324 Sync from SUSE:SLFO:1.1 gpg2 revision 18ea93c1d270ad592ec2dec0f138b0f3 2025-06-23 15:28:36 +02:00
7 changed files with 968 additions and 0 deletions
Expand all files Collapse all files

39
gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch Normal file
View File

@@ -0,0 +1,39 @@
From 018a2289ba8e4c23f4e800ed997abecd7c6a144d Mon Sep 17 00:00:00 2001
From: Lucas Mulling via Gnupg-devel <gnupg-devel@gnupg.org>
Date: Mon, 26 May 2025 10:05:21 +0200
Subject: [PATCH GnuPG] dirmngr: Don't install expired sks certificate
* dirmngr/Makefile.am (dist_pkgdata_DATA): Remove
sks-keyservers.netCA.pem.
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
dirmngr/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: gnupg-2.4.4/dirmngr/Makefile.am
===================================================================
--- gnupg-2.4.4.orig/dirmngr/Makefile.am
+++ gnupg-2.4.4/dirmngr/Makefile.am
@@ -29,7 +29,7 @@ EXTRA_DIST = OAUTHORS ONEWS ChangeLog-20
-dist_pkgdata_DATA = sks-keyservers.netCA.pem
+dist_pkgdata_DATA =
bin_PROGRAMS = dirmngr dirmngr-client
Index: gnupg-2.4.4/dirmngr/Makefile.in
===================================================================
--- gnupg-2.4.4.orig/dirmngr/Makefile.in
+++ gnupg-2.4.4/dirmngr/Makefile.in
@@ -682,7 +682,7 @@ EXTRA_DIST = OAUTHORS ONEWS ChangeLog-20
dirmngr_ldap-w32info.rc dirmngr_ldap.w32-manifest.in \
dirmngr-client-w32info.rc dirmngr-client.w32-manifest.in
-dist_pkgdata_DATA = sks-keyservers.netCA.pem
+dist_pkgdata_DATA =
# NB: AM_CFLAGS may also be used by tools running on the build
# platform to create source files.

51
gnupg-gpg-Allow-the-use-of-an-ADSK-subkey-as-ADSK-subkey.patch Normal file
View File

@@ -0,0 +1,51 @@
From d30e345692440b9c6677118c1d20b9d17d80f873 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 31 Oct 2024 15:11:55 +0100
Subject: [PATCH GnuPG] gpg: Allow the use of an ADSK subkey as ADSK subkey.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--
If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage. However, it used to have that E usage when it was added.
While testing this I found another pecularity: If you do
gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error. I hesitate to fix that due to
possible side-effects.
GnuPG-bug-id: 6882
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
g10/packet.h | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/g10/packet.h b/g10/packet.h
index 5cef17543..375392807 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -400,11 +400,10 @@ typedef struct
when serializing. (Serialized.) */
byte version;
byte selfsigversion; /* highest version of all of the self-sigs */
- /* The public key algorithm. (Serialized.) */
- byte pubkey_algo;
- u16 pubkey_usage; /* carries the usage info. */
- byte req_usage; /* hack to pass a request to getkey() */
byte fprlen; /* 0 or length of FPR. */
+ byte pubkey_algo; /* The public key algorithm. (PGP format) */
+ u16 pubkey_usage; /* carries the usage info. */
+ u16 req_usage; /* hack to pass a request to getkey() */
u32 has_expired; /* set to the expiration date if expired */
/* keyid of the primary key. Never access this value directly.
Instead, use pk_main_keyid(). */
--
2.50.0

634
gnupg-gpg-Fix-a-verification-DoS-due-to-a-malicious-subkey-in-the-keyring.patch Normal file
View File

@@ -0,0 +1,634 @@
From 48978ccb4e20866472ef18436a32744350a65158 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 21 Feb 2025 12:16:17 +0100
Subject: [PATCH GnuPG] gpg: Fix a verification DoS due to a malicious subkey
in the keyring.
* g10/getkey.c (get_pubkey): Factor code out to ...
(get_pubkey_bykid): new. Add feature to return the keyblock.
(get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock.
Request a signing usage.
(get_pubkeyblock_for_sig): Remove.
(finish_lookup): Improve debug output.
* g10/sig-check.c (check_signature): Add arg r_keyblock and pass it
down.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Use the keyblock returned by do_check_sig to
show further information instead of looking it up again with
get_pubkeyblock_for_sig. Also re-check the signature after the import
of an included keyblock.
--
The problem here is that it is possible to import a key from someone
who added a signature subkey from another public key and thus inhibits
that a good signature good be verified.
Such a malicious key signature subkey must have been created w/o the
mandatory backsig which bind a signature subkey to its primary key.
For encryption subkeys this is not an issue because the existence of a
decryption private key is all you need to decrypt something and then
it does not matter if the public subkey or its binding signature has
been put below another primary key; in fact we do the latter for
ADSKs.
GnuPG-bug-id: 7527
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
NEWS | 2 +
g10/getkey.c | 108 ++++++++++++++++++++++++++++++------------------
g10/gpg.h | 3 +-
g10/keydb.h | 10 ++++-
g10/mainproc.c | 92 ++++++++++++++++++++++++++---------------
g10/packet.h | 2 +-
g10/sig-check.c | 23 +++++++----
7 files changed, 154 insertions(+), 86 deletions(-)
Index: gnupg-2.4.4/NEWS
===================================================================
--- gnupg-2.4.4.orig/NEWS
+++ gnupg-2.4.4/NEWS
@@ -99,6 +99,8 @@ Noteworthy changes in version 2.4.4 (202
* Improve the speedo build system for Unix. [T6710]
+ * gpg: Fix a verification DoS due to a malicious subkey in the
+ keyring. [T7527]
Release-info: https://dev.gnupg.org/T6578
Index: gnupg-2.4.4/g10/getkey.c
===================================================================
--- gnupg-2.4.4.orig/g10/getkey.c
+++ gnupg-2.4.4/g10/getkey.c
@@ -310,27 +310,51 @@ pk_from_block (PKT_public_key *pk, kbnod
/* Specialized version of get_pubkey which retrieves the key based on
* information in SIG. In contrast to get_pubkey PK is required. IF
- * FORCED_PK is not NULL, this public key is used and copied to PK. */
+ * FORCED_PK is not NULL, this public key is used and copied to PK.
+ * If R_KEYBLOCK is not NULL the entire keyblock is stored there if
+ * found and FORCED_PK is not used; if not used or on error NULL is
+ * stored there. */
gpg_error_t
get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
- PKT_public_key *forced_pk)
+ PKT_public_key *forced_pk, kbnode_t *r_keyblock)
{
+ gpg_error_t err;
const byte *fpr;
size_t fprlen;
+ if (r_keyblock)
+ *r_keyblock = NULL;
+
if (forced_pk)
{
copy_public_key (pk, forced_pk);
return 0;
}
+ /* Make sure to request only keys cabable of signing. This makes
+ * sure that a subkey w/o a valid backsig or with bad usage flags
+ * will be skipped. */
+ pk->req_usage = PUBKEY_USAGE_SIG;
+
/* First try the ISSUER_FPR info. */
fpr = issuer_fpr_raw (sig, &fprlen);
- if (fpr && !get_pubkey_byfprint (ctrl, pk, NULL, fpr, fprlen))
+ if (fpr && !get_pubkey_byfprint (ctrl, pk, r_keyblock, fpr, fprlen))
return 0;
+ if (r_keyblock)
+ {
+ release_kbnode (*r_keyblock);
+ *r_keyblock = NULL;
+ }
+
/* Fallback to use the ISSUER_KEYID. */
- return get_pubkey (ctrl, pk, sig->keyid);
+ err = get_pubkey_bykid (ctrl, pk, r_keyblock, sig->keyid);
+ if (err && r_keyblock)
+ {
+ release_kbnode (*r_keyblock);
+ *r_keyblock = NULL;
+ }
+ return err;
}
@@ -348,6 +372,10 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_pub
* usage will be returned. As such, it is essential that
* PK->REQ_USAGE be correctly initialized!
*
+ * If R_KEYBLOCK is not NULL, then the first result's keyblock is
+ * returned in *R_KEYBLOCK. This should be freed using
+ * release_kbnode().
+ *
* Returns 0 on success, GPG_ERR_NO_PUBKEY if there is no public key
* with the specified key id, or another error code if an error
* occurs.
@@ -355,24 +383,30 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_pub
* If the data was not read from the cache, then the self-signed data
* has definitely been merged into the public key using
* merge_selfsigs. */
-int
-get_pubkey (ctrl_t ctrl, PKT_public_key * pk, u32 * keyid)
+gpg_error_t
+get_pubkey_bykid (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
+ u32 *keyid)
{
int internal = 0;
- int rc = 0;
+ gpg_error_t rc = 0;
+
+ if (r_keyblock)
+ *r_keyblock = NULL;
#if MAX_PK_CACHE_ENTRIES
- if (pk)
+ if (pk && !r_keyblock)
{
/* Try to get it from the cache. We don't do this when pk is
- NULL as it does not guarantee that the user IDs are
- cached. */
+ * NULL as it does not guarantee that the user IDs are cached.
+ * The old get_pubkey_function did not check PK->REQ_USAGE when
+ * reading form the caceh. This is probably a bug. Note that
+ * the cache is not used when the caller asked to return the
+ * entire keyblock. This is because the cache does not
+ * associate the public key wit its primary key. */
pk_cache_entry_t ce;
for (ce = pk_cache; ce; ce = ce->next)
{
if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
- /* XXX: We don't check PK->REQ_USAGE here, but if we don't
- read from the cache, we do check it! */
{
copy_public_key (pk, ce->pk);
return 0;
@@ -380,6 +414,7 @@ get_pubkey (ctrl_t ctrl, PKT_public_key
}
}
#endif
+
/* More init stuff. */
if (!pk)
{
@@ -425,16 +460,18 @@ get_pubkey (ctrl_t ctrl, PKT_public_key
ctx.req_usage = pk->req_usage;
rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
if (!rc)
+ pk_from_block (pk, kb, found_key);
+ getkey_end (ctrl, &ctx);
+ if (!rc && r_keyblock)
{
- pk_from_block (pk, kb, found_key);
+ *r_keyblock = kb;
+ kb = NULL;
}
- getkey_end (ctrl, &ctx);
release_kbnode (kb);
}
- if (!rc)
- goto leave;
- rc = GPG_ERR_NO_PUBKEY;
+ if (rc) /* Return a more useful error code. */
+ rc = gpg_error (GPG_ERR_NO_PUBKEY);
leave:
if (!rc)
@@ -445,6 +482,14 @@ leave:
}
+/* Wrapper for get_pubkey_bykid w/o keyblock return feature. */
+int
+get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
+{
+ return get_pubkey_bykid (ctrl, pk, NULL, keyid);
+}
+
+
/* Same as get_pubkey but if the key was not found the function tries
* to import it from LDAP. FIXME: We should not need this but swicth
* to a fingerprint lookup. */
@@ -557,28 +602,6 @@ get_pubkey_fast (ctrl_t ctrl, PKT_public
}
-/* Return the entire keyblock used to create SIG. This is a
- * specialized version of get_pubkeyblock.
- *
- * FIXME: This is a hack because get_pubkey_for_sig was already called
- * and it could have used a cache to hold the key. */
-kbnode_t
-get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig)
-{
- const byte *fpr;
- size_t fprlen;
- kbnode_t keyblock;
-
- /* First try the ISSUER_FPR info. */
- fpr = issuer_fpr_raw (sig, &fprlen);
- if (fpr && !get_pubkey_byfprint (ctrl, NULL, &keyblock, fpr, fprlen))
- return keyblock;
-
- /* Fallback to use the ISSUER_KEYID. */
- return get_pubkeyblock (ctrl, sig->keyid);
-}
-
-
/* Return the key block for the key with key id KEYID or NULL, if an
* error occurs. Use release_kbnode() to release the key block.
*
@@ -3640,6 +3663,7 @@ finish_lookup (kbnode_t keyblock, unsign
kbnode_t latest_key;
PKT_public_key *pk;
int req_prim;
+ int diag_exactfound = 0;
u32 curtime = make_timestamp ();
if (r_flags)
@@ -3667,11 +3691,10 @@ finish_lookup (kbnode_t keyblock, unsign
{
if (want_exact)
{
- if (DBG_LOOKUP)
- log_debug ("finish_lookup: exact search requested and found\n");
foundk = k;
pk = k->pkt->pkt.public_key;
pk->flags.exact = 1;
+ diag_exactfound = 1;
break;
}
else if ((k->pkt->pkt.public_key->pubkey_usage == PUBKEY_USAGE_RENC))
@@ -3700,10 +3723,14 @@ finish_lookup (kbnode_t keyblock, unsign
log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
(ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
foundk ? "one" : "all", req_usage);
+ if (diag_exactfound && DBG_LOOKUP)
+ log_debug ("\texact search requested and found\n");
if (!req_usage)
{
latest_key = foundk ? foundk : keyblock;
+ if (DBG_LOOKUP)
+ log_debug ("\tno usage requested - accepting key\n");
goto found;
}
Index: gnupg-2.4.4/g10/gpg.h
===================================================================
--- gnupg-2.4.4.orig/g10/gpg.h
+++ gnupg-2.4.4/g10/gpg.h
@@ -69,7 +69,8 @@ struct dirmngr_local_s;
typedef struct dirmngr_local_s *dirmngr_local_t;
/* Object used to describe a keyblock node. */
-typedef struct kbnode_struct *KBNODE; /* Deprecated use kbnode_t. */typedef struct kbnode_struct *kbnode_t;
+typedef struct kbnode_struct *KBNODE; /* Deprecated use kbnode_t. */
+typedef struct kbnode_struct *kbnode_t;
/* The handle for keydb operations. */
typedef struct keydb_handle_s *KEYDB_HANDLE;
Index: gnupg-2.4.4/g10/keydb.h
===================================================================
--- gnupg-2.4.4.orig/g10/keydb.h
+++ gnupg-2.4.4/g10/keydb.h
@@ -332,9 +332,15 @@ void getkey_disable_caches(void);
/* Return the public key used for signature SIG and store it at PK. */
gpg_error_t get_pubkey_for_sig (ctrl_t ctrl,
PKT_public_key *pk, PKT_signature *sig,
- PKT_public_key *forced_pk);
+ PKT_public_key *forced_pk,
+ kbnode_t *r_keyblock);
-/* Return the public key with the key id KEYID and store it at PK. */
+/* Return the public key with the key id KEYID and store it at PK.
+ * Optionally return the entire keyblock. */
+gpg_error_t get_pubkey_bykid (ctrl_t ctrl, PKT_public_key *pk,
+ kbnode_t *r_keyblock, u32 *keyid);
+
+/* Same as get_pubkey_bykid but w/o r_keyblock. */
int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
/* Same as get_pubkey but with auto LDAP fetch. */
Index: gnupg-2.4.4/g10/mainproc.c
===================================================================
--- gnupg-2.4.4.orig/g10/mainproc.c
+++ gnupg-2.4.4/g10/mainproc.c
@@ -1155,12 +1155,15 @@ proc_compressed (CTX c, PACKET *pkt)
* used to verify the signature will be stored there, or NULL if not
* found. If FORCED_PK is not NULL, this public key is used to verify
* _data signatures_ and no key lookup is done. Returns: 0 = valid
- * signature or an error code
+ * signature or an error code. If R_KEYBLOCK is not NULL the keyblock
+ * carries the used PK is stored there. The caller should always free
+ * the return value using release_kbnode.
*/
static int
do_check_sig (CTX c, kbnode_t node, const void *extrahash, size_t extrahashlen,
PKT_public_key *forced_pk, int *is_selfsig,
- int *is_expkey, int *is_revkey, PKT_public_key **r_pk)
+ int *is_expkey, int *is_revkey,
+ PKT_public_key **r_pk, kbnode_t *r_keyblock)
{
PKT_signature *sig;
gcry_md_hd_t md = NULL;
@@ -1170,6 +1173,8 @@ do_check_sig (CTX c, kbnode_t node, cons
if (r_pk)
*r_pk = NULL;
+ if (r_keyblock)
+ *r_keyblock = NULL;
log_assert (node->pkt->pkttype == PKT_SIGNATURE);
if (is_selfsig)
@@ -1247,17 +1252,19 @@ do_check_sig (CTX c, kbnode_t node, cons
(0x00) or text document (0x01). */
rc = check_signature2 (c->ctrl, sig, md, extrahash, extrahashlen,
forced_pk,
- NULL, is_expkey, is_revkey, r_pk);
+ NULL, is_expkey, is_revkey, r_pk, r_keyblock);
if (! rc)
md_good = md;
else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
{
PKT_public_key *pk2;
+ if (r_keyblock)
+ release_kbnode (*r_keyblock);
rc = check_signature2 (c->ctrl, sig, md2, extrahash, extrahashlen,
forced_pk,
NULL, is_expkey, is_revkey,
- r_pk? &pk2 : NULL);
+ r_pk? &pk2 : NULL, r_keyblock);
if (!rc)
{
md_good = md2;
@@ -1420,7 +1427,7 @@ list_node (CTX c, kbnode_t node)
{
fflush (stdout);
rc2 = do_check_sig (c, node, NULL, 0, NULL,
- &is_selfsig, NULL, NULL, NULL);
+ &is_selfsig, NULL, NULL, NULL, NULL);
switch (gpg_err_code (rc2))
{
case 0: sigrc = '!'; break;
@@ -1880,7 +1887,7 @@ check_sig_and_print (CTX c, kbnode_t nod
PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
const void *extrahash = NULL;
size_t extrahashlen = 0;
- kbnode_t included_keyblock = NULL;
+ kbnode_t keyblock = NULL;
if (opt.skip_verify)
{
@@ -1999,7 +2006,8 @@ check_sig_and_print (CTX c, kbnode_t nod
{
ambiguous:
log_error(_("can't handle this ambiguous signature data\n"));
- return 0;
+ rc = 0;
+ goto leave;
}
} /* End checking signature packet composition. */
@@ -2035,7 +2043,7 @@ check_sig_and_print (CTX c, kbnode_t nod
log_info (_(" issuer \"%s\"\n"), sig->signers_uid);
rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
- NULL, &is_expkey, &is_revkey, &pk);
+ NULL, &is_expkey, &is_revkey, &pk, &keyblock);
/* If the key is not found but the signature includes a key block we
* use that key block for verification and on success import it. */
@@ -2043,6 +2051,7 @@ check_sig_and_print (CTX c, kbnode_t nod
&& sig->flags.key_block
&& opt.flags.auto_key_import)
{
+ kbnode_t included_keyblock = NULL;
PKT_public_key *included_pk;
const byte *kblock;
size_t kblock_len;
@@ -2054,10 +2063,12 @@ check_sig_and_print (CTX c, kbnode_t nod
kblock+1, kblock_len-1,
sig->keyid, &included_keyblock))
{
+ /* Note: This is the only place where we use the forced_pk
+ * arg (ie. included_pk) with do_check_sig. */
rc = do_check_sig (c, node, extrahash, extrahashlen, included_pk,
- NULL, &is_expkey, &is_revkey, &pk);
+ NULL, &is_expkey, &is_revkey, &pk, NULL);
if (opt.verbose)
- log_debug ("checked signature using included key block: %s\n",
+ log_info ("checked signature using included key block: %s\n",
gpg_strerror (rc));
if (!rc)
{
@@ -2067,6 +2078,18 @@ check_sig_and_print (CTX c, kbnode_t nod
}
free_public_key (included_pk);
+ release_kbnode (included_keyblock);
+
+ /* To make sure that nothing strange happened we check the
+ * signature again now using our own key store. This also
+ * returns the keyblock which we use later on. */
+ if (!rc)
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
+ NULL, &is_expkey, &is_revkey, &pk, &keyblock);
+ }
}
/* If the key isn't found, check for a preferred keyserver. Note
@@ -2113,8 +2136,13 @@ check_sig_and_print (CTX c, kbnode_t nod
KEYSERVER_IMPORT_FLAG_QUICK);
glo_ctrl.in_auto_key_retrieve--;
if (!res)
- rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
- NULL, &is_expkey, &is_revkey, &pk);
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
+ NULL, &is_expkey, &is_revkey, &pk,
+ &keyblock);
+ }
else if (DBG_LOOKUP)
log_debug ("lookup via %s failed: %s\n", "Pref-KS",
gpg_strerror (res));
@@ -2155,8 +2183,12 @@ check_sig_and_print (CTX c, kbnode_t nod
/* Fixme: If the fingerprint is embedded in the signature,
* compare it to the fingerprint of the returned key. */
if (!res)
- rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
- NULL, &is_expkey, &is_revkey, &pk);
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
+ NULL, &is_expkey, &is_revkey, &pk, &keyblock);
+ }
else if (DBG_LOOKUP)
log_debug ("lookup via %s failed: %s\n", "WKD", gpg_strerror (res));
}
@@ -2186,8 +2218,13 @@ check_sig_and_print (CTX c, kbnode_t nod
KEYSERVER_IMPORT_FLAG_QUICK);
glo_ctrl.in_auto_key_retrieve--;
if (!res)
- rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
- NULL, &is_expkey, &is_revkey, &pk);
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
+ NULL, &is_expkey, &is_revkey, &pk,
+ &keyblock);
+ }
else if (DBG_LOOKUP)
log_debug ("lookup via %s failed: %s\n", "KS", gpg_strerror (res));
}
@@ -2198,7 +2235,7 @@ check_sig_and_print (CTX c, kbnode_t nod
{
/* We have checked the signature and the result is either a good
* signature or a bad signature. Further examination follows. */
- kbnode_t un, keyblock;
+ kbnode_t un;
int count = 0;
int keyblock_has_pk = 0; /* For failsafe check. */
int statno;
@@ -2216,18 +2253,6 @@ check_sig_and_print (CTX c, kbnode_t nod
else
statno = STATUS_GOODSIG;
- /* FIXME: We should have the public key in PK and thus the
- * keyblock has already been fetched. Thus we could use the
- * fingerprint or PK itself to lookup the entire keyblock. That
- * would best be done with a cache. */
- if (included_keyblock)
- {
- keyblock = included_keyblock;
- included_keyblock = NULL;
- }
- else
- keyblock = get_pubkeyblock_for_sig (c->ctrl, sig);
-
snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
(ulong)sig->keyid[0], (ulong)sig->keyid[1]);
@@ -2293,10 +2318,10 @@ check_sig_and_print (CTX c, kbnode_t nod
* contained in the keyring.*/
}
- log_assert (mainpk);
- if (!keyblock_has_pk)
+ if (!mainpk || !keyblock_has_pk)
{
- log_error ("signature key lost from keyblock\n");
+ log_error ("signature key lost from keyblock (%p,%p,%d)\n",
+ keyblock, mainpk, keyblock_has_pk);
rc = gpg_error (GPG_ERR_INTERNAL);
}
@@ -2567,8 +2592,8 @@ check_sig_and_print (CTX c, kbnode_t nod
log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
}
+ leave:
free_public_key (pk);
- release_kbnode (included_keyblock);
xfree (issuer_fpr);
return rc;
}
Index: gnupg-2.4.4/g10/packet.h
===================================================================
--- gnupg-2.4.4.orig/g10/packet.h
+++ gnupg-2.4.4/g10/packet.h
@@ -914,7 +914,7 @@ gpg_error_t check_signature2 (ctrl_t ctr
const void *extrahash, size_t extrahashlen,
PKT_public_key *forced_pk,
u32 *r_expiredate, int *r_expired, int *r_revoked,
- PKT_public_key **r_pk);
+ PKT_public_key **r_pk, kbnode_t *r_keyblock);
/*-- pubkey-enc.c --*/
Index: gnupg-2.4.4/g10/sig-check.c
===================================================================
--- gnupg-2.4.4.orig/g10/sig-check.c
+++ gnupg-2.4.4/g10/sig-check.c
@@ -95,7 +95,7 @@ int
check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
{
return check_signature2 (ctrl, sig, digest, NULL, 0, NULL,
- NULL, NULL, NULL, NULL);
+ NULL, NULL, NULL, NULL, NULL);
}
@@ -142,6 +142,11 @@ check_signature (ctrl_t ctrl, PKT_signat
* If R_PK is not NULL, the public key is stored at that address if it
* was found; other wise NULL is stored.
*
+ * If R_KEYBLOCK is not NULL, the entire keyblock used to verify the
+ * signature is stored at that address. If no key was found or on
+ * some other errors NULL is stored there. The callers needs to
+ * release the keyblock using release_kbnode (kb).
+ *
* Returns 0 on success. An error code otherwise. */
gpg_error_t
check_signature2 (ctrl_t ctrl,
@@ -149,7 +154,7 @@ check_signature2 (ctrl_t ctrl,
const void *extrahash, size_t extrahashlen,
PKT_public_key *forced_pk,
u32 *r_expiredate,
- int *r_expired, int *r_revoked, PKT_public_key **r_pk)
+ int *r_expired, int *r_revoked, PKT_public_key **r_pk, kbnode_t *r_keyblock)
{
int rc=0;
PKT_public_key *pk;
@@ -162,6 +167,8 @@ check_signature2 (ctrl_t ctrl,
*r_revoked = 0;
if (r_pk)
*r_pk = NULL;
+ if (r_keyblock)
+ *r_keyblock = NULL;
pk = xtrycalloc (1, sizeof *pk);
if (!pk)
@@ -192,7 +199,7 @@ check_signature2 (ctrl_t ctrl,
log_info(_("WARNING: signature digest conflict in message\n"));
rc = gpg_error (GPG_ERR_GENERAL);
}
- else if (get_pubkey_for_sig (ctrl, pk, sig, forced_pk))
+ else if (get_pubkey_for_sig (ctrl, pk, sig, forced_pk, r_keyblock))
rc = gpg_error (GPG_ERR_NO_PUBKEY);
else if ((rc = check_key_verify_compliance (pk)))
;/* Compliance failure. */
@@ -791,9 +798,9 @@ check_revocation_keys (ctrl_t ctrl, PKT_
keyid_from_fingerprint (ctrl, pk->revkey[i].fpr, pk->revkey[i].fprlen,
keyid);
- if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
- /* The signature was generated by a designated revoker.
- Verify the signature. */
+ /* If the signature was generated by a designated revoker
+ * verify the signature. */
+ if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
{
gcry_md_hd_t md;
@@ -1007,7 +1014,7 @@ check_signature_over_key_or_uid (ctrl_t
if (IS_CERT (sig))
signer->req_usage = PUBKEY_USAGE_CERT;
- rc = get_pubkey_for_sig (ctrl, signer, sig, NULL);
+ rc = get_pubkey_for_sig (ctrl, signer, sig, NULL, NULL);
if (rc)
{
xfree (signer);

42
gnupg-gpg-Fix-another-regression-due-to-the-T7547-fix.patch Normal file
View File

@@ -0,0 +1,42 @@
From 483f2ba02e70968e6c9f57afa0fc88f7566a76c4 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 2 May 2025 11:11:05 +0200
Subject: [PATCH 0938/1000] gpg: Fix another regression due to the T7547 fix.
* g10/getkey.c (get_pubkey_for_sig): Keep a requested
PUBKEY_USAGE_CERT.
(finish_lookup): For correctness in future use cases allow
PUBKEY_USAGE_CERT to also trigger verify mode.
--
The case here was that a cert-only primary key was removed with
export-clean.
GnuPG-bug-id: 7583
Index: gnupg-2.4.4/g10/getkey.c
===================================================================
--- gnupg-2.4.4.orig/g10/getkey.c
+++ gnupg-2.4.4/g10/getkey.c
@@ -336,8 +336,10 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_pub
/* Make sure to request only keys cabable of signing. This makes
* sure that a subkey w/o a valid backsig or with bad usage flags
* will be skipped. We also request the verification mode so that
- * expired and revoked keys are returned. */
- pk->req_usage = (PUBKEY_USAGE_SIG | PUBKEY_USAGE_VERIFY);
+ * expired and revoked keys are returned. We keep only a requested
+ * CERT usage in PK for the sake of key signatures. */
+ pk->req_usage = (PUBKEY_USAGE_SIG | PUBKEY_USAGE_VERIFY
+ | (pk->req_usage & PUBKEY_USAGE_CERT));
/* First try the ISSUER_FPR info. */
fpr = issuer_fpr_raw (sig, &fprlen);
@@ -3675,7 +3677,7 @@ finish_lookup (kbnode_t keyblock, unsign
/* The verify mode is used to change the behaviour so that we can
* return an expired or revoked key for signature verification. */
verify_mode = ((req_usage & PUBKEY_USAGE_VERIFY)
- && (req_usage & PUBKEY_USAGE_SIG));
+ && (req_usage & (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)));
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
req_usage &= USAGE_MASK;

170
gnupg-gpg-Fix-regression-for-the-recent-malicious-subkey-D.patch Normal file
View File

@@ -0,0 +1,170 @@
From d3d7713c1799754160260cb350309dd183b397f5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 6 Mar 2025 17:17:17 +0100
Subject: [PATCH 0901/1000] gpg: Fix regression for the recent malicious subkey
DoS fix.
* g10/packet.h (PUBKEY_USAGE_VERIFY): New.
* g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested
usage.
(finish_lookup): Introduce a verify_mode.
--
Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158
GnuPG-bug-id: 7547
Index: gnupg-2.4.4/g10/getkey.c
===================================================================
--- gnupg-2.4.4.orig/g10/getkey.c
+++ gnupg-2.4.4/g10/getkey.c
@@ -309,11 +309,12 @@ pk_from_block (PKT_public_key *pk, kbnod
/* Specialized version of get_pubkey which retrieves the key based on
- * information in SIG. In contrast to get_pubkey PK is required. IF
+ * information in SIG. In contrast to get_pubkey PK is required. If
* FORCED_PK is not NULL, this public key is used and copied to PK.
* If R_KEYBLOCK is not NULL the entire keyblock is stored there if
* found and FORCED_PK is not used; if not used or on error NULL is
- * stored there. */
+ * stored there. Use this function only to find the key for
+ * verification; it can't be used to select a key for signing. */
gpg_error_t
get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
PKT_public_key *forced_pk, kbnode_t *r_keyblock)
@@ -333,8 +334,9 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_pub
/* Make sure to request only keys cabable of signing. This makes
* sure that a subkey w/o a valid backsig or with bad usage flags
- * will be skipped. */
- pk->req_usage = PUBKEY_USAGE_SIG;
+ * will be skipped. We also request the verification mode so that
+ * expired and revoked keys are returned. */
+ pk->req_usage = (PUBKEY_USAGE_SIG | PUBKEY_USAGE_VERIFY);
/* First try the ISSUER_FPR info. */
fpr = issuer_fpr_raw (sig, &fprlen);
@@ -399,10 +401,10 @@ get_pubkey_bykid (ctrl_t ctrl, PKT_publi
/* Try to get it from the cache. We don't do this when pk is
* NULL as it does not guarantee that the user IDs are cached.
* The old get_pubkey_function did not check PK->REQ_USAGE when
- * reading form the caceh. This is probably a bug. Note that
+ * reading from the cache. This is probably a bug. Note that
* the cache is not used when the caller asked to return the
* entire keyblock. This is because the cache does not
- * associate the public key wit its primary key. */
+ * associate the public key with its primary key. */
pk_cache_entry_t ce;
for (ce = pk_cache; ce; ce = ce->next)
{
@@ -3664,11 +3666,18 @@ finish_lookup (kbnode_t keyblock, unsign
PKT_public_key *pk;
int req_prim;
int diag_exactfound = 0;
+ int verify_mode = 0;
u32 curtime = make_timestamp ();
if (r_flags)
*r_flags = 0;
+
+ /* The verify mode is used to change the behaviour so that we can
+ * return an expired or revoked key for signature verification. */
+ verify_mode = ((req_usage & PUBKEY_USAGE_VERIFY)
+ && (req_usage & PUBKEY_USAGE_SIG));
+
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
req_usage &= USAGE_MASK;
@@ -3720,9 +3729,9 @@ finish_lookup (kbnode_t keyblock, unsign
}
if (DBG_LOOKUP)
- log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
+ log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x%s)\n",
(ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
- foundk ? "one" : "all", req_usage);
+ foundk ? "one" : "all", req_usage, verify_mode? ",verify":"");
if (diag_exactfound && DBG_LOOKUP)
log_debug ("\texact search requested and found\n");
@@ -3785,28 +3794,28 @@ finish_lookup (kbnode_t keyblock, unsign
}
n_subkeys++;
- if (pk->flags.revoked)
+ if (!verify_mode && pk->flags.revoked)
{
if (DBG_LOOKUP)
log_debug ("\tsubkey has been revoked\n");
n_revoked_or_expired++;
continue;
}
- if (pk->has_expired && !opt.ignore_expiration)
+ if (!verify_mode && pk->has_expired && !opt.ignore_expiration)
{
if (DBG_LOOKUP)
log_debug ("\tsubkey has expired\n");
n_revoked_or_expired++;
continue;
}
- if (pk->timestamp > curtime && !opt.ignore_valid_from)
+ if (!verify_mode && pk->timestamp > curtime && !opt.ignore_valid_from)
{
if (DBG_LOOKUP)
log_debug ("\tsubkey not yet valid\n");
continue;
}
- if (want_secret)
+ if (!verify_mode && want_secret)
{
int secret_key_avail = agent_probe_secret_key (NULL, pk);
@@ -3833,7 +3842,8 @@ finish_lookup (kbnode_t keyblock, unsign
}
if (DBG_LOOKUP)
- log_debug ("\tsubkey might be fine\n");
+ log_debug ("\tsubkey might be fine%s\n",
+ verify_mode? " for verification":"");
/* In case a key has a timestamp of 0 set, we make sure
that it is used. A better change would be to compare
">=" but that might also change the selected keys and
@@ -3874,12 +3884,12 @@ finish_lookup (kbnode_t keyblock, unsign
log_debug ("\tprimary key usage does not match: "
"want=%x have=%x\n", req_usage, pk->pubkey_usage);
}
- else if (pk->flags.revoked)
+ else if (!verify_mode && pk->flags.revoked)
{
if (DBG_LOOKUP)
log_debug ("\tprimary key has been revoked\n");
}
- else if (pk->has_expired)
+ else if (!verify_mode && pk->has_expired)
{
if (DBG_LOOKUP)
log_debug ("\tprimary key has expired\n");
@@ -3887,7 +3897,8 @@ finish_lookup (kbnode_t keyblock, unsign
else /* Okay. */
{
if (DBG_LOOKUP)
- log_debug ("\tprimary key may be used\n");
+ log_debug ("\tprimary key may be used%s\n",
+ verify_mode? " for verification":"");
latest_key = keyblock;
}
}
Index: gnupg-2.4.4/g10/packet.h
===================================================================
--- gnupg-2.4.4.orig/g10/packet.h
+++ gnupg-2.4.4/g10/packet.h
@@ -65,6 +65,7 @@
#define SIGNHINT_SELFSIG 2
#define SIGNHINT_ADSK 4
+#define PUBKEY_USAGE_VERIFY 16384 /* Verify only modifier. */
/* Helper macros. */
#define is_RSA(a) ((a)==PUBKEY_ALGO_RSA || (a)==PUBKEY_ALGO_RSA_E \

24
gpg2.changes
View File

@@ -1,3 +1,27 @@
-------------------------------------------------------------------
Thu Jun 26 11:26:15 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
- Security fix: [bsc#1236931, bsc#1239119, CVE-2025-30258]
* gpg: Fix regression for the recent malicious subkey DoS fix.
* gpg: Fix another regression due to the T7547 fix.
* gpg: Allow the use of an ADSK subkey as ADSK subkey.
* Add patches:
- gnupg-gpg-Fix-regression-for-the-recent-malicious-subkey-D.patch
- gnupg-gpg-Fix-another-regression-due-to-the-T7547-fix.patch
- gnupg-gpg-Allow-the-use-of-an-ADSK-subkey-as-ADSK-subkey.patch
-------------------------------------------------------------------
Tue Jun 3 11:31:57 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Don't install expired sks certificate [bsc#1243069]
* Add patch gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
-------------------------------------------------------------------
Mon Mar 17 17:36:17 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Fix a verification DoS due to a malicious subkey in the keyring: [bsc#1239119]
* Add patch gnupg-gpg-Fix-a-verification-DoS-due-to-a-malicious-subkey-in-the-keyring.patch
-------------------------------------------------------------------
Thu Jan 25 18:51:03 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

8
gpg2.spec
View File

@@ -46,6 +46,14 @@ Patch11: gnupg-allow-large-rsa.patch
Patch12: gnupg-revert-rfc4880bis.patch
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
Patch13: gnupg-nobetasuffix.patch
#PATCH-FIX-UPSTREAM: bsc#1239119 - VUL-0: gpg2: verification DoS due to a malicious subkey in the keyring
Patch14: gnupg-gpg-Fix-a-verification-DoS-due-to-a-malicious-subkey-in-the-keyring.patch
#PATCH-FIX-UPSTREAM: bsc#1243069 - remove expired and insecure key /usr/share/gnupg/sks-keyservers.netCA.pem
Patch15: gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
#PATCH-FIX-UPSTREAM Fix regressions introduced in the fix for CVE-2025-30258
Patch16: gnupg-gpg-Fix-regression-for-the-recent-malicious-subkey-D.patch
Patch17: gnupg-gpg-Fix-another-regression-due-to-the-T7547-fix.patch
Patch18: gnupg-gpg-Allow-the-use-of-an-ADSK-subkey-as-ADSK-subkey.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: ibmswtpm2