diff options
| -rw-r--r-- | g10/gpg.c | 3 | ||||
| -rw-r--r-- | g10/gpgv.c | 2 | ||||
| -rw-r--r-- | g10/main.h | 1 | ||||
| -rw-r--r-- | g10/misc.c | 51 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/sig-check.c | 11 |
6 files changed, 33 insertions, 37 deletions
@@ -2216,7 +2216,8 @@ main (int argc, char **argv) set_homedir (default_homedir ()); opt.passphrase_repeat = 1; opt.emit_version = 1; /* Limit to the major number. */ - opt.additional_weak_digests = NULL; + opt.weak_digests = NULL; + additional_weak_digest("MD5"); /* Check whether we have a config file on the command line. */ orig_argc = argc; diff --git a/g10/gpgv.c b/g10/gpgv.c index ec09706b6..9a6dbd6d6 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -169,11 +169,13 @@ main( int argc, char **argv ) opt.batch = 1; opt.homedir = default_homedir (); + opt.weak_digests = NULL; tty_no_terminal(1); tty_batchmode(1); dotlock_disable (); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + additional_weak_digest("MD5"); pargs.argc = &argc; pargs.argv = &argv; diff --git a/g10/main.h b/g10/main.h index a50c85c03..cb79a71e9 100644 --- a/g10/main.h +++ b/g10/main.h @@ -72,6 +72,7 @@ struct groupitem struct weakhash { enum gcry_md_algos algo; + int rejection_shown; struct weakhash *next; }; diff --git a/g10/misc.c b/g10/misc.c index 93ddaa042..5c77714d3 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -307,7 +307,6 @@ print_cipher_algo_note (cipher_algo_t algo) void print_digest_algo_note (digest_algo_t algo) { - int deprecated = 0; const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo); const struct weakhash *weak; @@ -322,34 +321,38 @@ print_digest_algo_note (digest_algo_t algo) gcry_md_algo_name (galgo)); } } - else if(algo == DIGEST_ALGO_MD5) - deprecated = 1; else - for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next) + for (weak = opt.weak_digests; weak != NULL; weak = weak->next) if (weak->algo == galgo) - deprecated = 1; - - if (deprecated) - { - es_fflush (es_stdout); - log_info (_("WARNING: digest algorithm %s is deprecated\n"), - gcry_md_algo_name (galgo)); - } + { + es_fflush (es_stdout); + log_info (_("WARNING: digest algorithm %s is deprecated\n"), + gcry_md_algo_name (galgo)); + } } void print_digest_rejected_note (enum gcry_md_algos algo) { - static int shown; - - if (!shown) + struct weakhash* weak; + int show = 1; + for (weak = opt.weak_digests; weak; weak = weak->next) + if (weak->algo == algo) + { + if (weak->rejection_shown) + show = 0; + else + weak->rejection_shown = 1; + break; + } + + if (show) { es_fflush (es_stdout); log_info (_("Note: signatures using the %s algorithm are rejected\n"), gcry_md_algo_name(algo)); - shown = 1; } } @@ -1699,9 +1702,6 @@ additional_weak_digest (const char* digestname) struct weakhash *weak = NULL; const enum gcry_md_algos algo = string_to_digest_algo(digestname); - if (algo == GCRY_MD_MD5) - return; /* MD5 is always considered weak, no need to add it. */ - if (algo == GCRY_MD_NONE) { log_error(_("Unknown weak digest '%s'\n"), digestname); @@ -1709,15 +1709,14 @@ additional_weak_digest (const char* digestname) } /* Check to ensure it's not already present. */ - for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next) - { - if (algo == weak->algo) - return; - } + for (weak = opt.weak_digests; weak; weak = weak->next) + if (algo == weak->algo) + return; /* Add it to the head of the list. */ weak = xmalloc(sizeof(*weak)); weak->algo = algo; - weak->next = opt.additional_weak_digests; - opt.additional_weak_digests = weak; + weak->rejection_shown = 0; + weak->next = opt.weak_digests; + opt.weak_digests = weak; } diff --git a/g10/options.h b/g10/options.h index 0c674e6a5..4c7a5db9e 100644 --- a/g10/options.h +++ b/g10/options.h @@ -169,7 +169,7 @@ struct prefitem_t *personal_cipher_prefs; prefitem_t *personal_digest_prefs; prefitem_t *personal_compress_prefs; - struct weakhash *additional_weak_digests; + struct weakhash *weak_digests; int no_perm_warn; int no_mdc_warn; char *temp_dir; diff --git a/g10/sig-check.c b/g10/sig-check.c index f912c0ce2..2cfc5da50 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -360,19 +360,12 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig, return rc; if (!opt.flags.allow_weak_digest_algos) - { - if (sig->digest_algo == GCRY_MD_MD5) + for (weak = opt.weak_digests; weak; weak = weak->next) + if (sig->digest_algo == weak->algo) { print_digest_rejected_note(sig->digest_algo); return GPG_ERR_DIGEST_ALGO; } - for (weak = opt.additional_weak_digests; weak; weak = weak->next) - if (sig->digest_algo == weak->algo) - { - print_digest_rejected_note(sig->digest_algo); - return GPG_ERR_DIGEST_ALGO; - } - } /* Make sure the digest algo is enabled (in case of a detached signature). */ |