Re: gnupg22+ vs netpgpverify status

To: Jonathan Perkin <jperkin%mnx.io@localhost>
Subject: Re: gnupg22+ vs netpgpverify status
From: Taylor R Campbell <campbell+netbsd-tech-pkg%mumble.net@localhost>
Date: Wed, 4 Sep 2024 18:19:08 +0000

> Date: Wed, 4 Sep 2024 18:37:28 +0100
> From: Jonathan Perkin <jperkin%mnx.io@localhost>
> 
> Related to the libassuan upgrade, does anyone know of the current status 
> of support for gnupg 2.2+ keys in netpgpverify?  This is one of the 
> reasons why I still need to build my own version of gnupg20 (which is 
> now going to be a lot more difficult after the upgrade).
> 
> Essentially packages signed using GnuPG 2.2 or newer can no longer be 
> verified by netpgpverify, something changed in the format of the keys, 
> so you just get e.g.
> 
>    pkg_add: unable to verify signature: Signature key id 8918e8130c2627d6 not found 
> 
> even though:
> 
>    pub   rsa4096 2022-06-29 [SC]
>          59C22B295D7A6D8918E8130C2627D6EF6BD79CFC
>    uid           [ultimate] MNX Cloud Package Signing (trunk) <pkgsrc+trunk%smartos.org@localhost>

When I looked into this last year, I drafted the attached patch so
that netpgpverify would skip `trust' packets generated by gpg2 in the
keyring, instead of barfing on the first `trust' packet before finding
any signature packets.  But I was busy with something else and ran out
of time to pursue further, write automatic tests, &c.

It's possible that you can work around this by removing the `trust'
packets in the keyring.

(I also found PR security/57449: Approximately a bajillion buffer
overruns in netpgpverify <https://gnats.NetBSD.org/57449> while
looking into this, as I recall.)

diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
index 7d0818a50cad..9b6a873b961b 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
@@ -1242,11 +1242,6 @@ read_sigpkt(pgpv_t *pgp, uint8_t mement, pgpv_sigpkt_t *sigpkt, uint8_t *p, size
 			printf("read_sigpkt: can't read sig subpackets, v4\n");
 			return 0;
 		}
-		if (sigpkt->sig.signer[0] == 0x0) {
-			memcpy(sigpkt->sig.signer,
-				get_ref(&sigpkt->sig.hashstart) + 16,
-				sizeof(sigpkt->sig.signer));
-		}
 		p += sigpkt->subslen;
 		sigpkt->sig.hashlen = (unsigned)(p - base);
 		sigpkt->unhashlen = get_16(p);
@@ -1629,7 +1624,13 @@ recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid)
 	userid->userid.data = pkt->s.data;
 	userid->userid.allocated = 0;
 	pgp->pkt += 1;
-	while (pkt_is(pgp, SIGNATURE_PKT)) {
+	while (pgp->pkt < ARRAY_COUNT(pgp->pkts)) {
+		if (pkt_is(pgp, TRUST_PKT)) {
+			pgp->pkt += 1;
+			continue;
+		}
+		if (!pkt_is(pgp, SIGNATURE_PKT))
+			break;
 		if (!recog_signature(pgp, &signature)) {
 			printf("recog_userid: can't recognise signature/trust\n");
 			return 0;
@@ -2482,6 +2483,13 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 	}
 	/* some keys out there have user ids where they shouldn't */
 	do {
+		while (pgp->pkt < ARRAY_COUNT(pgp->pkts) &&
+		    pkt_is(pgp, TRUST_PKT)) {
+			/* skip trust packets, generated by gpg2 */
+			pgp->pkt += 1;
+		}
+		if (pgp->pkt >= ARRAY_COUNT(pgp->pkts))
+			break;
 		if (!recog_userid(pgp, &userid)) {
 			printf("recog_primary_key: not userid\n");
 			return 0;
@@ -2491,6 +2499,13 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 		if (userid.primary_userid) {
 			primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1;
 		}
+		while (pgp->pkt < ARRAY_COUNT(pgp->pkts) &&
+		    pkt_is(pgp, TRUST_PKT)) {
+			/* skip trust packets, generated by gpg2 */
+			pgp->pkt += 1;
+		}
+		if (pgp->pkt >= ARRAY_COUNT(pgp->pkts))
+			break;
 		while (pkt_is(pgp, USERID_PKT)) {
 			if (!recog_userid(pgp, &userid)) {
 				printf("recog_primary_key: not signed secondary userid\n");
@@ -3196,16 +3211,6 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
 		return 0;
 	}
 	memset(&obuf, 0x0, sizeof(obuf));
-	if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) {
-		if (!fmt_binary(&obuf, onepass->keyid, (unsigned)sizeof(onepass->keyid))) {
-			snprintf(cursor->why, sizeof(cursor->why), "Memory allocation failure");
-			return 0;
-		}
-		snprintf(cursor->why, sizeof(cursor->why),
-			"Signature key id %.*s does not match onepass keyid",
-			(int)obuf.c, (char *)obuf.v);
-		return 0;
-	}
 	if (onepass->hashalg != signature->hashalg) {
 		snprintf(cursor->why, sizeof(cursor->why),
 			"Signature hashalg %u does not match onepass hashalg %u",

References:
- gnupg22+ vs netpgpverify status
  - From: Jonathan Perkin

Prev by Date: gnupg22+ vs netpgpverify status
Next by Date: Re: kerberos is the new sqlite: disable, force mit, or ?
Previous by Thread: gnupg22+ vs netpgpverify status
Indexes:

Home | Main Index | Thread Index | Old Index