Page MenuHome GnuPG
Create Task
Maniphest T2153

agent_pksign_do ignores do_encode_raw_pkcs1 do_encode_md return values
Closed, ResolvedPublic
Actions

Description

after "if (check_signature)" ... , if there is good reason to ignore return
values, please add a good comment about that.

Related Objects

Event Timeline

Safari added projects: gnupg, Bug Report.Nov 19 2015, 12:38 PM
Safari added a subscriber: Safari.
gniibe added a subscriber: gniibe.Dec 15 2015, 4:36 AM

Thank you for your audit.

It ignores the calculated value if it detects failure of gcry_pk_verify.
This is now a kind of standard practice to avoid possible attacks.

Here is a reference:
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

gniibe claimed this task.Dec 15 2015, 4:36 AM
werner added a subscriber: werner.Jan 15 2016, 12:54 PM

I am not sure about which code part you are talking. Please can one of you
explain. If this is what I assume, please have a look at commit 25f0f05.

gniibe closed this task as Resolved.Apr 4 2017, 3:01 AM