Page MenuHome GnuPG

g10: Disallow compressed signatures and certificates
AbandonedPublic

Authored by DemiMarie on Fri, Jun 10, 9:01 PM.

Details

Summary

Compressed packets have significant attack surface, and are forbidden
in certificates, keys, and detached signatures. When parsing detached
signatures, forbid any packet that is not a signature or marker packet.
When parsing certificates, return an error when encountering a
compressed packet, instead of decompressing the packet.

Furthermore, certificates, keys, and signatures are not allowed to
contain partial-length or indeterminate-length packets. Reject those in
parse_packet, rather than activating the partial-length filter code.

Test Plan

This will be covered by the OpenPGP conformance tests.

Diff Detail

Repository
rG GnuPG
Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

DemiMarie created this revision.

Added missing context lines and replaced some tabs with spaces

DemiMarie set the repository for this revision to rG GnuPG.
DemiMarie added a project: gnupg.
DemiMarie retitled this revision from Disallow compressed signatures and certificates to g10: Disallow compressed signatures and certificates.Thu, Jun 16, 6:52 PM
DemiMarie edited projects, added g10; removed gnupg.
DemiMarie edited projects, added gnupg; removed g10.
DemiMarie added a subscriber: DemiMarie.
werner requested changes to this revision.Thu, Jun 16, 6:56 PM

Sorry, there is no padding packet in OpenPGP. Please do no try to push ideas from that crypto-refresh-06 thing into GnuPG. We continue to follow the last draft with consesus, which is rfc4880bis-10.

This revision now requires changes to proceed.Thu, Jun 16, 6:56 PM
This revision now requires review to proceed.Thu, Jun 16, 6:58 PM
DemiMarie edited the summary of this revision. (Show Details)
In D555#5569, @werner wrote:

Sorry, there is no padding packet in OpenPGP. Please do no try to push ideas from that crypto-refresh-06 thing into GnuPG. We continue to follow the last draft with consesus, which is rfc4880bis-10.

That’s fine. I ripped out the padding packet.

Compressed packets in detached signatures and/or certificates have never been permitted by any version of the standard.