From 214b0077264e35c079e854a8b6374704aea45cd5 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 4 Jul 2018 08:59:12 +0200 Subject: gpg: Extra check for sign usage when verifying a data signature. * g10/sig-check.c (check_signature_end_simple): Check sign usage. -- Without this patch the signature verification fails only due to the missing back signature. This check better explains what went wrong. GnuPG-bug-id: 4014 Signed-off-by: Werner Koch --- g10/sig-check.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'g10/sig-check.c') diff --git a/g10/sig-check.c b/g10/sig-check.c index fc6983993..a68e031f6 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -478,8 +478,17 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, sig->sig_class, pk->pubkey_usage); return rc; } - /* Fixme: Should we also check the signing capability here for data - * signature? */ + + /* For data signatures check that the key has sign usage. */ + if (IS_SIG (sig) && !(pk->pubkey_usage & PUBKEY_USAGE_SIG)) + { + rc = gpg_error (GPG_ERR_WRONG_KEY_USAGE); + if (!opt.quiet) + log_info (_("bad data signature from key %s: %s (0x%02x, 0x%x)\n"), + keystr_from_pk (pk), gpg_strerror (rc), + sig->sig_class, pk->pubkey_usage); + return rc; + } /* Make sure the digest algo is enabled (in case of a detached * signature). */ -- cgit v1.2.3 From f7526c7bc754acf68bde0b79c785e875a9365d60 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 5 Jul 2018 20:55:32 +0200 Subject: gpg: Prepare for signatures with ISSUER_FPR but without ISSUER. * g10/getkey.c (get_pubkey_for_sig): New. (get_pubkeyblock_for_sig): New. * g10/mainproc.c (issuer_fpr_raw): Give global scope. (check_sig_and_print): Use get_pubkeyblock_for_sig. * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig. * g10/sig-check.c (check_signature2): Ditto. (check_signature_over_key_or_uid): Ditto. -- GnuPG-bug-id: 4046 The whole getkey stuff is still a mess with way to much duplication and missing caching of already fetched data. Signed-off-by: Werner Koch --- g10/sig-check.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'g10/sig-check.c') diff --git a/g10/sig-check.c b/g10/sig-check.c index a68e031f6..0ec384347 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -156,7 +156,7 @@ check_signature2 (ctrl_t ctrl, log_info(_("WARNING: signature digest conflict in message\n")); rc = gpg_error (GPG_ERR_GENERAL); } - else if (get_pubkey (ctrl, pk, sig->keyid)) + else if (get_pubkey_for_sig (ctrl, pk, sig)) rc = gpg_error (GPG_ERR_NO_PUBKEY); else if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION, pk->pubkey_algo, pk->pkey, @@ -926,7 +926,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, if (IS_CERT (sig)) signer->req_usage = PUBKEY_USAGE_CERT; - rc = get_pubkey (ctrl, signer, sig->keyid); + rc = get_pubkey_for_sig (ctrl, signer, sig); if (rc) { xfree (signer); -- cgit v1.2.3