[rock-linux] [PATCH][SECURITY] Insecure ElGamal Keys in GnuPG since V1.0.2

Attachments
Entire message (text/plain) 20031127_gnupg.patch (text/plain) (application/pgp-signature)

Author:
Date:
To:
Subject: [rock-linux] [PATCH][SECURITY] Insecure ElGamal Keys in GnuPG since V1.0.2

GnuPGs ElGamal Type 20 Keys are comprimisable since version 1.0.2
The attached patch disables ElGamal Type 20 Keys.

See:
https://lists.gnupg.org/pipermail/gnupg-users/2003-November/020772.html
for the message and
https://lists.gnupg.org/pipermail/gnupg-users/2003-November/020771.html
for the patch.

[X] COMPILES
[X] if this mail reaches you then it WORKS :-)

blindy

-- 
Benjamin 'blindCoder' Schieder
Registered Linux User #289529: https://counter.li.org

-- 
/lusr/bin/brain: received signal: SIGIDIOT

[ Generated by ./scripts/Create-Diff for ROCK Linux 2.0.0-rc4 ]
--- rock-old/package/base/gnupg/disable_elgamal.patch 1970-01-01 01:00:00.000000000 +0100
+++ rock-new/package/base/gnupg/disable_elgamal.patch 2003-11-27 14:27:27.000000000 +0100
@@ -0,0 +1,63 @@
+diff -pruN gnupg-1.2.3_orig/g10/getkey.c gnupg-1.2.3/g10/getkey.c
+--- gnupg-1.2.3_orig/g10/getkey.c 2003-11-27 14:27:05.000000000 +0100
++++ gnupg-1.2.3/g10/getkey.c 2003-11-27 14:27:10.000000000 +0100
+@@ -1655,6 +1655,11 @@ merge_selfsigs_main( KBNODE keyblock, in
+ if ( x ) /* mask it down to the actual allowed usage */
+ key_usage &= x;
+ }
++
++ /* Type 20 Elgamal keys are not usable. */
++ if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
++ key_usage=0;
++
+ pk->pubkey_usage = key_usage;
+
+ if ( !key_expire_seen ) {
+@@ -1869,6 +1874,13 @@ merge_selfsigs_subkey( KBNODE keyblock,
+ if ( x ) /* mask it down to the actual allowed usage */
+ key_usage &= x;
+ }
++
++ /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
++ not usable. */
++ if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
++ || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
++ key_usage=0;
++
+ subpk->pubkey_usage = key_usage;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+diff -pruN gnupg-1.2.3_orig/g10/keygen.c gnupg-1.2.3/g10/keygen.c
+--- gnupg-1.2.3_orig/g10/keygen.c 2003-11-27 14:27:05.000000000 +0100
++++ gnupg-1.2.3/g10/keygen.c 2003-11-27 14:27:10.000000000 +0100
+@@ -958,8 +958,6 @@ ask_algo (int addmode, unsigned int *r_u
+ tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
+ if( addmode )
+ tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 );
+- if (opt.expert)
+- tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 );
+ tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
+ if (addmode)
+ tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 );
+@@ -990,21 +988,6 @@ ask_algo (int addmode, unsigned int *r_u
+ *r_usage = PUBKEY_USAGE_SIG;
+ break;
+ }
+- else if( algo == 4 && opt.expert)
+- {
+- tty_printf(_(
+-"The use of this algorithm is only supported by GnuPG. You will not be\n"
+-"able to use this key to communicate with PGP users. This algorithm is also\n"
+-"very slow, and may not be as secure as the other choices.\n"));
+-
+- if( cpr_get_answer_is_yes("keygen.algo.elg_se",
+- _("Create anyway? ")))
+- {
+- algo = PUBKEY_ALGO_ELGAMAL;
+- *r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
+- break;
+- }
+- }
+ else if( algo == 3 && addmode ) {
+ algo = PUBKEY_ALGO_ELGAMAL_E;
+ *r_usage = PUBKEY_USAGE_ENC;
--- rock-old/package/base/gnupg/gnupg.conf 2003-09-30 09:03:53.000000000 +0200
+++ rock-new/package/base/gnupg/gnupg.conf 2003-11-27 14:34:38.000000000 +0100
@@ -30,7 +30,14 @@

         fi
 }

+gnupg_checkpatch() {
+ if [[ ${xsrctar} != *gnupg* ]] ; then
+ unset patchfiles
+ fi
+}
+

 hook_add postmake 5 "pm_main"

+hook_add prepatch 9 "gnupg_checkpatch"

 var_append configprefix " " 'CFLAGS="-I$pkg_openldap_prefix/include"'
 var_append configprefix " " 'LDFLAGS="-L$pkg_openldap_prefix/lib"'

[rock-linux] [PATCH][SECURITY] Insecure ElGamal Keys in GnuP…

ROCK Mailing List Archives

This message is part of the following thread:
	the complete thread tree sorted by date

	Rene Rebe at