Page MenuHome GnuPG
Create Task
Maniphest T7071

gpg: Support of No CRC in ASCII armor
Closed, ResolvedPublic
Actions

Description

In gpg/g10/armor.c, I found:

/* No CRC at all is legal ("MAY") */

But with current implementation, it actually requires a character = after base64 encoded data.

It's good to support no CRC checksum at all (I mean, with no =) in ASCII armored data.

In the specification, it says:

The checksum with its leading equal sign MAY appear on the first line after the base64 encoded data.

My interpretation is that the checksum (= plus three characters) is optional.

Revisions and Commits

rG GnuPG
rGb1857a2836c9 gpg: Fix handling with no CRC armor.
rG0eefa08295b2 gpg: Allow no CRC24 checksum in armor.
rG3a344d623652 gpg: Allow no CRC24 checksum in armor.

Related Objects

Event Timeline

gniibe claimed this task.Apr 4 2024, 9:02 AM
gniibe triaged this task as Low priority.
gniibe created this task.
gniibe added a comment.Apr 5 2024, 9:32 AM

The following patch works.

diff --git a/g10/armor.c b/g10/armor.c
index b47c04ab3..81af15339 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -1031,10 +1031,10 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 	    checkcrc++;
 	    break;
 	}
-        else if (afx->dearmor_state && c == '-'
+        else if (c == '-'
                  && afx->buffer_pos + 8 < afx->buffer_len
                  && !strncmp (afx->buffer, "-----END ", 8)) {
-            break; /* End in --dearmor mode.  */
+            break; /* End in --dearmor mode or No CRC.  */
         }
 	else {
 	    log_error(_("invalid radix64 character %02X skipped\n"), c);

It's better to keep accepting a single = for backward compatibility for no CRC.

gniibe updated the task description. (Show Details)Apr 8 2024, 4:36 AM
gniibe added a commit: rG3a344d623652: gpg: Allow no CRC24 checksum in armor..Apr 9 2024, 2:26 AM
gniibe added a comment.Apr 9 2024, 7:16 AM

Applied to master. If no problem will be found, I'll apply to 2.4 branch too.
Let's see.

gniibe changed the task status from Open to Testing.Apr 22 2024, 8:05 AM

Applied to 2.4 branch.

gniibe added a commit: rG0eefa08295b2: gpg: Allow no CRC24 checksum in armor..May 16 2024, 2:44 AM
werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM
werner mentioned this in T7030: Release GnuPG 2.4.6.Oct 21 2024, 3:29 PM
gniibe closed this task as Resolved.Dec 20 2024, 1:17 AM
gniibe reopened this task as Open.Jan 20 2025, 7:10 AM

When CHECKCRC == 0 (no CRC), ->any_data was not set, resulted

	no valid OpenPGP data found.

wrongly.

gniibe added a comment.Jan 20 2025, 7:11 AM

Fixed in: rGb1857a2836c9: gpg: Fix handling with no CRC armor.

gniibe changed the task status from Open to Testing.Jan 20 2025, 7:13 AM

Reported gnupg channel on IRC.
An ascii armored file in question was: https://github.com/syncthing/syncthing/releases/download/v1.29.2/sha256sum.txt.asc

gniibe added a commit: rGb1857a2836c9: gpg: Fix handling with no CRC armor..Jan 20 2025, 7:16 AM
werner mentioned this in T7480: Release GnuPG 2.5.4.Feb 12 2025, 12:01 PM
werner closed this task as Resolved.Feb 12 2025, 12:04 PM
ametzler1 added a subscriber: ametzler1.Sun, Apr 6, 6:33 PM

Hello,

this marked as fixed in 2.4.7. However afaict only one of the two patches made it to STABLE-BRANCH-2-4, b1857a2836c9a91ef4e359ef7ba949b54c77219d did not.

This shows up when trying to verify to verify
syncthing-source-v2.0.0-beta.5.tar.gz.asc /
syncthing-source-v2.0.0-beta.5.tar.gz ( from
https://github.com/syncthing/syncthing/releases/tag/v2.0.0-beta.5 ) against the attached keyring

both.gpg5 KBDownload

ametzler@argenau:/tmp/SY$ /tmp/GNUPG2/2.4.7//usr/bin/gpgv  --homedir /tmp/SY/gpghome --keyring /tmp/SY/both.gpg syncthing-source-v2.0.0-beta.5.tar.gz.asc syncthing-source-v2.0.0-beta.5.tar.gz  ; echo  exit $?
gpgv: no valid OpenPGP data found.
gpgv: Signature made Fr 04 Apr 2025 19:29:52 CEST
gpgv:                using RSA key FBA2E162F2F44657B38F0309E5665F9BD5970C47
gpgv: Good signature from "Syncthing Release Management <release@syncthing.net>"
gpgv: Signature made Fr 04 Apr 2025 19:29:52 CEST
gpgv:                using RSA key 37C84554E7E0A261E4F76E1ED26E6ED000654A3E
gpgv: Good signature from "Syncthing Release Management <release@syncthing.net>"
exit 2

whereas 2.4.7 with the missing patch or 2.5.4 and later yield:

ametzler@argenau:/tmp/SY$ /tmp/GNUPG2/2.5.4//usr/bin/gpgv  --homedir /tmp/SY/gpghome --keyring /tmp/SY/both.gpg syncthing-source-v2.0.0-beta.5.tar.gz.asc syncthing-source-v2.0.0-beta.5.tar.gz  ; echo  exit $?
gpgv: Signature made Fr 04 Apr 2025 19:29:52 CEST
gpgv:                using RSA key FBA2E162F2F44657B38F0309E5665F9BD5970C47
gpgv: Good signature from "Syncthing Release Management <release@syncthing.net>"
gpgv: Signature made Fr 04 Apr 2025 19:29:52 CEST
gpgv:                using RSA key 37C84554E7E0A261E4F76E1ED26E6ED000654A3E
gpgv: Good signature from "Syncthing Release Management <release@syncthing.net>"
exit 0