diff options
| -rw-r--r-- | doc/gpg.texi | 14 | ||||
| -rw-r--r-- | g10/gpg.c | 7 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/sig-check.c | 16 | ||||
| -rwxr-xr-x | tests/openpgp/defs.inc | 4 | ||||
| -rw-r--r-- | tests/openpgp/gpg.conf.tmpl | 1 |
6 files changed, 38 insertions, 5 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 26179bd77..7d314b6c3 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2244,9 +2244,10 @@ a message that PGP 2.x will not be able to handle. Note that `PGP available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc ---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo -IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables -@option{--textmode} when encrypting. +--no-force-v4-certs --escape-from-lines --force-v3-sigs +--allow-weak-digest-algos --cipher-algo IDEA --digest-algo +MD5--compress-algo ZIP}. It also disables @option{--textmode} when +encrypting. @item --pgp6 @opindex pgp6 @@ -2702,6 +2703,13 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. +@item --allow-weak-digest-algos +@opindex allow-weak-digest-algos +Signatures made with the broken MD5 algorithm are normally rejected +with an ``invalid digest algorithm'' message. This option allows the +verification of signatures made with such weak algorithms. + + @item --no-default-keyring @opindex no-default-keyring Do not add the default keyrings to the list of keyrings. Note that @@ -367,6 +367,7 @@ enum cmd_and_opt_values oDisableDSA2, oAllowMultipleMessages, oNoAllowMultipleMessages, + oAllowWeakDigestAlgos, oNoop }; @@ -742,6 +743,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"), ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), + ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common @@ -2949,6 +2951,10 @@ main (int argc, char **argv) opt.flags.allow_multiple_messages=0; break; + case oAllowWeakDigestAlgos: + opt.flags.allow_weak_digest_algos = 1; + break; + case oNoop: break; default: @@ -3131,6 +3137,7 @@ main (int argc, char **argv) opt.pgp2_workarounds = 1; opt.ask_sig_expire = 0; opt.ask_cert_expire = 0; + opt.flags.allow_weak_digest_algos = 1; xfree(def_digest_string); def_digest_string = xstrdup("md5"); xfree(s2k_digest_string); diff --git a/g10/options.h b/g10/options.h index 3c5b2c5a0..1a1384120 100644 --- a/g10/options.h +++ b/g10/options.h @@ -231,6 +231,7 @@ struct unsigned int utf8_filename:1; unsigned int dsa2:1; unsigned int allow_multiple_messages:1; + unsigned int allow_weak_digest_algos:1; } flags; /* Linked list of ways to find a key if the key isn't on the local diff --git a/g10/sig-check.c b/g10/sig-check.c index 07a983621..ed4fa8978 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -269,6 +269,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest, if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) ) return rc; + if (sig->digest_algo == GCRY_MD_MD5 + && !opt.flags.allow_weak_digest_algos) + { + static int shown; + + if (!shown) + { + log_info + (_("Note: signatures using the %s algorithm are rejected\n"), + "MD5"); + shown = 1; + } + + return GPG_ERR_DIGEST_ALGO; + } + /* Make sure the digest algo is enabled (in case of a detached signature). */ gcry_md_enable (digest, sig->digest_algo); diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index b0115498f..5d5e03da9 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -68,7 +68,7 @@ error () { defs_error_seen=yes echo "$pgmname:" $* >&5 if [ x$defs_stop_on_error != xyes ]; then - exit 1 + exit 1 fi } @@ -189,7 +189,7 @@ pgmname=`basename $0` [ -z "$srcdir" ] && fatal "not called from make" # Make sure we have a valid option file even with VPATH builds. -for f in gpg.conf ; do +for f in gpg.conf ; do if [ -f ./$f ]; then : elif [ -f $srcdir/$f.tmpl ]; then diff --git a/tests/openpgp/gpg.conf.tmpl b/tests/openpgp/gpg.conf.tmpl index 7060a6610..7db73bea3 100644 --- a/tests/openpgp/gpg.conf.tmpl +++ b/tests/openpgp/gpg.conf.tmpl @@ -3,3 +3,4 @@ no-secmem-warning no-permission-warning batch no-auto-check-trustdb +allow-weak-digest-algos |