diff options
| author | Werner Koch <[email protected]> | 2019-10-03 16:20:59 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-10-03 16:20:59 +0000 |
| commit | 7d9aad63c4f1aefe97da61baf5acd96c12c0278e (patch) | |
| tree | b7bc3fa658c15186202884ca55978aa2e27fa1d1 | |
| parent | gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures. (diff) | |
| download | gnupg-7d9aad63c4f1aefe97da61baf5acd96c12c0278e.tar.gz gnupg-7d9aad63c4f1aefe97da61baf5acd96c12c0278e.zip | |
gpg: Ignore all SHA-1 signatures in 3rd party key signatures.
* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
and remove debug output.
--
With 2.2 we do not not support SHA-1 key signatures anymore even if
that means that the WoT shrinks.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | g10/sig-check.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index 139ad93eb..3d8ed20f2 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -1012,16 +1012,12 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, else if (IS_UID_SIG (sig) || IS_UID_REV (sig)) { log_assert (packet->pkttype == PKT_USER_ID); - log_debug ("algo=%d selfsig=%d tm=%lu\n", - sig->digest_algo, *is_selfsig, (unsigned long)sig->timestamp); - if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig - && sig->timestamp > 1547856000) + if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig) { /* If the signature was created using SHA-1 we consider this * signature invalid because it makes it possible to mount a * chosen-prefix collision. We don't do this for - * self-signatures or for signatures created before the - * somewhat arbitrary cut-off date 2019-01-19. */ + * self-signatures, though. */ rc = gpg_error (GPG_ERR_DIGEST_ALGO); } else |