diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/gpg.c | 8 | ||||
| -rw-r--r-- | g10/main.h | 1 | ||||
| -rw-r--r-- | g10/misc.c | 18 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/sig-check.c | 4 |
5 files changed, 31 insertions, 1 deletions
@@ -414,6 +414,7 @@ enum cmd_and_opt_values oEnableDSA2, oDisableDSA2, oAllowWeakDigestAlgos, + oAllowWeakKeySignatures, oFakedSystemTime, oNoAutostart, oPrintPKARecords, @@ -902,6 +903,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"), ARGPARSE_s_n (oUseKeyboxd, "use-keyboxd", "@"), + /* Options to override new security defaults. */ + ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"), + /* Options which can be used in special circumstances. They are not * published and we hope they are never required. */ ARGPARSE_s_n (oUseOnlyOpenPGPCard, "use-only-openpgp-card", "@"), @@ -3639,6 +3643,10 @@ main (int argc, char **argv) opt.flags.allow_weak_digest_algos = 1; break; + case oAllowWeakKeySignatures: + opt.flags.allow_weak_key_signatures = 1; + break; + case oFakedSystemTime: { size_t len = strlen (pargs.r.ret_str); diff --git a/g10/main.h b/g10/main.h index 981315a4a..2001c8646 100644 --- a/g10/main.h +++ b/g10/main.h @@ -101,6 +101,7 @@ void print_pubkey_algo_note (pubkey_algo_t algo); void print_cipher_algo_note (cipher_algo_t algo); void print_digest_algo_note (digest_algo_t algo); void print_digest_rejected_note (enum gcry_md_algos algo); +void print_sha1_keysig_rejected_note (void); void print_reported_error (gpg_error_t err, gpg_err_code_t skip_if_ec); void print_further_info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); void additional_weak_digest (const char* digestname); diff --git a/g10/misc.c b/g10/misc.c index d4ceb4db6..07ce1d41d 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -362,6 +362,24 @@ print_digest_rejected_note (enum gcry_md_algos algo) } +void +print_sha1_keysig_rejected_note (void) +{ + static int shown; + + if (shown) + return; + + shown = 1; + es_fflush (es_stdout); + log_info (_("Note: third-party key signatures using" + " the %s algorithm are rejected\n"), + gcry_md_algo_name (GCRY_MD_SHA1)); + print_further_info ("use option \"%s\" to override", + "--allow-weak-key-signatures"); +} + + /* Print a message * "(reported error: %s)\n * in verbose mode to further explain an error. If the error code has diff --git a/g10/options.h b/g10/options.h index 26c8439b6..339804f59 100644 --- a/g10/options.h +++ b/g10/options.h @@ -246,6 +246,7 @@ struct unsigned int utf8_filename:1; unsigned int dsa2:1; unsigned int allow_weak_digest_algos:1; + unsigned int allow_weak_key_signatures:1; unsigned int large_rsa:1; unsigned int disable_signer_uid:1; /* Flag to enable experimental features from RFC4880bis. */ diff --git a/g10/sig-check.c b/g10/sig-check.c index 3d8ed20f2..8a46f7653 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -1012,12 +1012,14 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, else if (IS_UID_SIG (sig) || IS_UID_REV (sig)) { log_assert (packet->pkttype == PKT_USER_ID); - if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig) + if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig + && !opt.flags.allow_weak_key_signatures) { /* If the signature was created using SHA-1 we consider this * signature invalid because it makes it possible to mount a * chosen-prefix collision. We don't do this for * self-signatures, though. */ + print_sha1_keysig_rejected_note (); rc = gpg_error (GPG_ERR_DIGEST_ALGO); } else |