gpg: Do not use weak digest algos if selected by recipient prefs.

* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
the least of weak digest algorithm.
--

If a message is signed and encrypted to several recipients, the to be
used digest algorithm is deduced from the preferences of the
recipient.  This is so that all recipients are able to check the the
signature.  However, if the sender has a declared an algorithm as
week, that algorithm shall not be used - in this case we fallback to
the standard way of selecting an algorithm.

Note that a smarter way of selecting the algo is to check this while
figuring out the algorithm - this needs more testing and thus we do it
the simple way.

Reported-by: Phil Pennock
Signed-off-by: Werner Koch <[email protected]>

1 files changed, 5 insertions, 7 deletions

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 438fc0cf9..8dd18b2e2 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -488,16 +488,14 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
 {
   gcry_mpi_t result = NULL;
   int rc = 0;
-  const struct weakhash *weak;
 
   if (!opt.flags.allow_weak_digest_algos)
     {
-      for (weak = opt.weak_digests; weak; weak = weak->next)
-        if (sig->digest_algo == weak->algo)
-          {
-            print_digest_rejected_note(sig->digest_algo);
-            return GPG_ERR_DIGEST_ALGO;
-          }
+      if (is_weak_digest (sig->digest_algo))
+        {
+          print_digest_rejected_note (sig->digest_algo);
+          return GPG_ERR_DIGEST_ALGO;
+        }
     }
 
   /* For key signatures check that the key has a cert usage.  We may