gnupg2/backport-0003-CVE-2025-30258.patch

From 9cd371b12d80cfc5bc85cb6e5f5eebb4decbe94f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 20 Feb 2025 14:50:20 +0100
Subject: [PATCH] gpg: Remove a signature check function wrapper.

* g10/sig-check.c (check_signature2): Rename to
(check_signature): this and remove the old wrapper. Adjust all
callers.
---
 g10/mainproc.c  | 13 +++++--------
 g10/packet.h    |  6 +-----
 g10/sig-check.c | 26 ++++++++------------------
 3 files changed, 14 insertions(+), 31 deletions(-)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 739ad0a35..86f5a2db9 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1240,19 +1240,17 @@ do_check_sig (CTX c, kbnode_t node, const void *extrahash, size_t extrahashlen,
 
   /* We only get here if we are checking the signature of a binary
      (0x00) or text document (0x01).  */
-  rc = check_signature2 (c->ctrl, sig, md, extrahash, extrahashlen,
-                         forced_pk,
-                         NULL, is_expkey, is_revkey, r_pk);
+  rc = check_signature (c->ctrl, sig, md, extrahash, extrahashlen,
+                        forced_pk, NULL, is_expkey, is_revkey, r_pk);
   if (! rc)
     md_good = md;
   else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
     {
       PKT_public_key *pk2;
 
-      rc = check_signature2 (c->ctrl, sig, md2, extrahash, extrahashlen,
-                             forced_pk,
-                             NULL, is_expkey, is_revkey,
-                             r_pk? &pk2 : NULL);
+      rc = check_signature (c->ctrl, sig, md2, extrahash, extrahashlen,
+                            forced_pk, NULL, is_expkey, is_revkey,
+                            r_pk? &pk2 : NULL);
       if (!rc)
         {
           md_good = md2;
@@ -1834,7 +1832,6 @@ issuer_fpr_string (PKT_signature *sig)
   return p? bin2hex (p, n, NULL) : NULL;
 }
 
-
 static void
 print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
                           PKT_signature *sig, int rc)
diff --git a/g10/packet.h b/g10/packet.h
index 7bc0a6461..b61c65417 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -907,16 +907,12 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
 
 
 /*-- sig-check.c --*/
-/* Check a signature.  This is shorthand for check_signature2 with
-   the unnamed arguments passed as NULL.  */
-int check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest);
-
 /* Check a signature.  Looks up the public key from the key db.  (If
  * R_PK is not NULL, it is stored at RET_PK.)  DIGEST contains a
  * valid hash context that already includes the signed data.  This
  * function adds the relevant meta-data to the hash before finalizing
  * it and verifying the signature.  FOCRED_PK is usually NULL. */
-gpg_error_t check_signature2 (ctrl_t ctrl,
+gpg_error_t check_signature (ctrl_t ctrl,
                               PKT_signature *sig, gcry_md_hd_t digest,
                               const void *extrahash, size_t extrahashlen,
                               PKT_public_key *forced_pk,
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 06329f659..54db2089a 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -88,17 +88,6 @@ check_key_verify_compliance (PKT_public_key *pk)
 }
 
 
-
-/* Check a signature.  This is shorthand for check_signature2 with
-   the unnamed arguments passed as NULL.  */
-int
-check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
-{
-  return check_signature2 (ctrl, sig, digest, NULL, 0, NULL,
-                           NULL, NULL, NULL, NULL);
-}
-
-
 /* Check a signature.
  *
  * Looks up the public key that created the signature (SIG->KEYID)
@@ -144,12 +133,12 @@ check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
  *
  * Returns 0 on success.  An error code otherwise.  */
 gpg_error_t
-check_signature2 (ctrl_t ctrl,
-                  PKT_signature *sig, gcry_md_hd_t digest,
-                  const void *extrahash, size_t extrahashlen,
-                  PKT_public_key *forced_pk,
-                  u32 *r_expiredate,
-		  int *r_expired, int *r_revoked, PKT_public_key **r_pk)
+check_signature (ctrl_t ctrl,
+                 PKT_signature *sig, gcry_md_hd_t digest,
+                 const void *extrahash, size_t extrahashlen,
+                 PKT_public_key *forced_pk,
+                 u32 *r_expiredate, int *r_expired, int *r_revoked,
+                 PKT_public_key **r_pk)
 {
   int rc=0;
   PKT_public_key *pk;
@@ -802,7 +791,8 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
               hash_public_key(md,pk);
 	      /* Note: check_signature only checks that the signature
 		 is good.  It does not fail if the key is revoked.  */
-              rc = check_signature (ctrl, sig, md);
+              rc = check_signature (ctrl, sig, md, NULL, 0, NULL,
+                                    NULL, NULL, NULL, NULL);
 	      cache_sig_result(sig,rc);
               gcry_md_close (md);
 	      break;
-- 
2.33.0
Fix CVE-2025-30258 2025-03-27 17:33:28 +08:00			`From 9cd371b12d80cfc5bc85cb6e5f5eebb4decbe94f Mon Sep 17 00:00:00 2001`
			`From: Werner Koch <wk@gnupg.org>`
			`Date: Thu, 20 Feb 2025 14:50:20 +0100`
			`Subject: [PATCH] gpg: Remove a signature check function wrapper.`

			`* g10/sig-check.c (check_signature2): Rename to`
			`(check_signature): this and remove the old wrapper. Adjust all`
			`callers.`
			`---`
			`g10/mainproc.c \| 13 +++++--------`
			`g10/packet.h \| 6 +-----`
			`g10/sig-check.c \| 26 ++++++++------------------`
			`3 files changed, 14 insertions(+), 31 deletions(-)`

			`diff --git a/g10/mainproc.c b/g10/mainproc.c`
			`index 739ad0a35..86f5a2db9 100644`
			`--- a/g10/mainproc.c`
			`+++ b/g10/mainproc.c`
			`@@ -1240,19 +1240,17 @@ do_check_sig (CTX c, kbnode_t node, const void *extrahash, size_t extrahashlen,`

			`/* We only get here if we are checking the signature of a binary`
			`(0x00) or text document (0x01). */`
			`- rc = check_signature2 (c->ctrl, sig, md, extrahash, extrahashlen,`
			`- forced_pk,`
			`- NULL, is_expkey, is_revkey, r_pk);`
			`+ rc = check_signature (c->ctrl, sig, md, extrahash, extrahashlen,`
			`+ forced_pk, NULL, is_expkey, is_revkey, r_pk);`
			`if (! rc)`
			`md_good = md;`
			`else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)`
			`{`
			`PKT_public_key *pk2;`

			`- rc = check_signature2 (c->ctrl, sig, md2, extrahash, extrahashlen,`
			`- forced_pk,`
			`- NULL, is_expkey, is_revkey,`
			`- r_pk? &pk2 : NULL);`
			`+ rc = check_signature (c->ctrl, sig, md2, extrahash, extrahashlen,`
			`+ forced_pk, NULL, is_expkey, is_revkey,`
			`+ r_pk? &pk2 : NULL);`
			`if (!rc)`
			`{`
			`md_good = md2;`
			`@@ -1834,7 +1832,6 @@ issuer_fpr_string (PKT_signature *sig)`
			`return p? bin2hex (p, n, NULL) : NULL;`
			`}`

			`-`
			`static void`
			`print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,`
			`PKT_signature *sig, int rc)`
			`diff --git a/g10/packet.h b/g10/packet.h`
			`index 7bc0a6461..b61c65417 100644`
			`--- a/g10/packet.h`
			`+++ b/g10/packet.h`
			`@@ -907,16 +907,12 @@ int cmp_user_ids( PKT_user_id a, PKT_user_id b );`


			`/-- sig-check.c --/`
			`-/* Check a signature. This is shorthand for check_signature2 with`
			`- the unnamed arguments passed as NULL. */`
			`-int check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest);`
			`-`
			`/* Check a signature. Looks up the public key from the key db. (If`
			`* R_PK is not NULL, it is stored at RET_PK.) DIGEST contains a`
			`* valid hash context that already includes the signed data. This`
			`* function adds the relevant meta-data to the hash before finalizing`
			`* it and verifying the signature. FOCRED_PK is usually NULL. */`
			`-gpg_error_t check_signature2 (ctrl_t ctrl,`
			`+gpg_error_t check_signature (ctrl_t ctrl,`
			`PKT_signature *sig, gcry_md_hd_t digest,`
			`const void *extrahash, size_t extrahashlen,`
			`PKT_public_key *forced_pk,`
			`diff --git a/g10/sig-check.c b/g10/sig-check.c`
			`index 06329f659..54db2089a 100644`
			`--- a/g10/sig-check.c`
			`+++ b/g10/sig-check.c`
			`@@ -88,17 +88,6 @@ check_key_verify_compliance (PKT_public_key *pk)`
			`}`


			`-`
			`-/* Check a signature. This is shorthand for check_signature2 with`
			`- the unnamed arguments passed as NULL. */`
			`-int`
			`-check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)`
			`-{`
			`- return check_signature2 (ctrl, sig, digest, NULL, 0, NULL,`
			`- NULL, NULL, NULL, NULL);`
			`-}`
			`-`
			`-`
			`/* Check a signature.`
			`*`
			`* Looks up the public key that created the signature (SIG->KEYID)`
			`@@ -144,12 +133,12 @@ check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)`
			`*`
			`* Returns 0 on success. An error code otherwise. */`
			`gpg_error_t`
			`-check_signature2 (ctrl_t ctrl,`
			`- PKT_signature *sig, gcry_md_hd_t digest,`
			`- const void *extrahash, size_t extrahashlen,`
			`- PKT_public_key *forced_pk,`
			`- u32 *r_expiredate,`
			`- int r_expired, int r_revoked, PKT_public_key **r_pk)`
			`+check_signature (ctrl_t ctrl,`
			`+ PKT_signature *sig, gcry_md_hd_t digest,`
			`+ const void *extrahash, size_t extrahashlen,`
			`+ PKT_public_key *forced_pk,`
			`+ u32 r_expiredate, int r_expired, int *r_revoked,`
			`+ PKT_public_key **r_pk)`
			`{`
			`int rc=0;`
			`PKT_public_key *pk;`
			`@@ -802,7 +791,8 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key pk, PKT_signature sig)`
			`hash_public_key(md,pk);`
			`/* Note: check_signature only checks that the signature`
			`is good. It does not fail if the key is revoked. */`
			`- rc = check_signature (ctrl, sig, md);`
			`+ rc = check_signature (ctrl, sig, md, NULL, 0, NULL,`
			`+ NULL, NULL, NULL, NULL);`
			`cache_sig_result(sig,rc);`
			`gcry_md_close (md);`
			`break;`
			`--`
			`2.33.0`