diff options
| -rw-r--r-- | g10/main.h | 1 | ||||
| -rw-r--r-- | g10/misc.c | 34 | ||||
| -rw-r--r-- | g10/sig-check.c | 12 | ||||
| -rw-r--r-- | g10/sign.c | 3 |
4 files changed, 31 insertions, 19 deletions
diff --git a/g10/main.h b/g10/main.h index 06cbfc8d8..05ec8c26a 100644 --- a/g10/main.h +++ b/g10/main.h @@ -99,6 +99,7 @@ void print_sha1_keysig_rejected_note (void); void print_reported_error (gpg_error_t err, gpg_err_code_t skip_if_ec); void print_further_info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); void additional_weak_digest (const char* digestname); +int is_weak_digest (digest_algo_t algo); /*-- armor.c --*/ char *make_radix64_string( const byte *data, size_t len ); diff --git a/g10/misc.c b/g10/misc.c index 67a2f1928..c7107be06 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -331,12 +331,11 @@ print_cipher_algo_note (cipher_algo_t algo) void print_digest_algo_note (digest_algo_t algo) { - const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo); - const struct weakhash *weak; - if(algo >= 100 && algo <= 110) { static int warn=0; + const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo); + if(!warn) { warn=1; @@ -345,14 +344,13 @@ print_digest_algo_note (digest_algo_t algo) gcry_md_algo_name (galgo)); } } - else - for (weak = opt.weak_digests; weak != NULL; weak = weak->next) - if (weak->algo == galgo) - { - es_fflush (es_stdout); - log_info (_("WARNING: digest algorithm %s is deprecated\n"), - gcry_md_algo_name (galgo)); - } + else if (is_weak_digest (algo)) + { + const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo); + es_fflush (es_stdout); + log_info (_("WARNING: digest algorithm %s is deprecated\n"), + gcry_md_algo_name (galgo)); + } } @@ -1908,3 +1906,17 @@ additional_weak_digest (const char* digestname) weak->next = opt.weak_digests; opt.weak_digests = weak; } + + +/* Return true if ALGO is in the list of weak digests. */ +int +is_weak_digest (digest_algo_t algo) +{ + const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo); + const struct weakhash *weak; + + for (weak = opt.weak_digests; weak; weak = weak->next) + if (weak->algo == galgo) + return 1; + return 0; +} diff --git a/g10/sig-check.c b/g10/sig-check.c index 438fc0cf9..8dd18b2e2 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -488,16 +488,14 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, { gcry_mpi_t result = NULL; int rc = 0; - const struct weakhash *weak; if (!opt.flags.allow_weak_digest_algos) { - for (weak = opt.weak_digests; weak; weak = weak->next) - if (sig->digest_algo == weak->algo) - { - print_digest_rejected_note(sig->digest_algo); - return GPG_ERR_DIGEST_ALGO; - } + if (is_weak_digest (sig->digest_algo)) + { + print_digest_rejected_note (sig->digest_algo); + return GPG_ERR_DIGEST_ALGO; + } } /* For key signatures check that the key has a cert usage. We may diff --git a/g10/sign.c b/g10/sign.c index 9fa11c564..d92531eb2 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -646,7 +646,7 @@ hash_for (PKT_public_key *pk) { return opt.def_digest_algo; } - else if (recipient_digest_algo) + else if (recipient_digest_algo && !is_weak_digest (recipient_digest_algo)) { return recipient_digest_algo; } @@ -1204,6 +1204,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, && ((algo = select_algo_from_prefs (pk_list, PREFTYPE_HASH, -1, &hint)) > 0)) { + /* Note that we later check that the algo is not weak. */ recipient_digest_algo = algo; } } |