packages/gnupg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gnupg2/backport-0005-CVE-2025-30258-gpg-Allow-the-use-of-an-ADSK-subkey-as-ADSK-subkey.patch
yixiangzhike cf184233d5 Fix CVE-2025-30258
2025-05-06 15:50:10 +08:00

55 lines
2.1 KiB
Diff
Raw Permalink Blame History

From 660926a5cd6daedab2f7b9df935bb3f7f5776169 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 31 Oct 2024 15:11:55 +0100
Subject: [PATCH] gpg: Allow the use of an ADSK subkey as ADSK subkey.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--
If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage. However, it used to have that E usage when it was added.
While testing this I found another pecularity: If you do
gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error. I hesitate to fix that due to
possible side-effects.
GnuPG-bug-id: 6882
Backported-from-master: d30e345692440b9c6677118c1d20b9d17d80f873
Reference link:
https://dev.gnupg.org/rG794950ec755eab3729d5a5905cbbc2e2d98b8699
(sbg: for fixing the poc failed, we only backport the type of req_usage change line)
Note that we still use the NO_AKL and not the newer TRY_LDAP in 2.2.
We may want to backport that change as well.
Signed-off-by: baogen shang <baogen.shang@windriver.com>
---
g10/packet.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/g10/packet.h b/g10/packet.h
index ca7aad9..9e7685c 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -387,7 +387,7 @@ typedef struct
/* The public key algorithm. (Serialized.) */
byte pubkey_algo;
byte pubkey_usage; /* for now only used to pass it to getkey() */
- byte req_usage; /* hack to pass a request to getkey() */
+ u16 req_usage; /* hack to pass a request to getkey() */
u32 has_expired; /* set to the expiration date if expired */
/* keyid of the primary key. Never access this value directly.
Instead, use pk_main_keyid(). */
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink