diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2015-10-23 23:46:57 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2015-10-26 16:56:56 +0100 |
| commit | 91015d021b3dcbe21ad0e580a4f34c523abf9e72 (patch) | |
| tree | b01eb463119fa01aacb6a191e2cbbbe9521c951c /g10/sig-check.c | |
| parent | w32: Make it build again if Tofu support is not available. (diff) | |
| download | gnupg2-91015d021b3dcbe21ad0e580a4f34c523abf9e72.tar.xz gnupg2-91015d021b3dcbe21ad0e580a4f34c523abf9e72.zip | |
gpg: Ensure all weak digest rejection notices are shown
* g10/main.h: Add rejection_shown flag to each weakhash struct
* g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
treat MD5 separately; (print_digest_rejected_note): Use
weakhash.rejection_shown instead of static shown.
* g10/options.h (opt): Change from additional_weak_digests to
weak_digests.
* g10/sig-check.c: Do not treat MD5 separately.
* g10/gpg.c (main): Explicitly set MD5 as weak.
* g10/gpgv.c (main): Explicitly set MD5 as weak.
--
Previously, only one weak digest rejection message was shown, of
whichever was the first type encountered. This meant that if "gpg
--weak-digest SHA224" encountered both an MD5 digest and a SHA224
digest, it would only show the user that the MD5 digest was rejected.
In order to let the user know which algorithms were rejected, we
needed to move the "shown" flag into a per-weak-algorithm location.
Given this additional complication, it made no sense to continue to
treat MD5 specially, so it is added as a default weak algorithm in the
same opt.weak_digests data structure as any other.
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'g10/sig-check.c')
| -rw-r--r-- | g10/sig-check.c | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index f912c0ce2..2cfc5da50 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -360,19 +360,12 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig, return rc; if (!opt.flags.allow_weak_digest_algos) - { - if (sig->digest_algo == GCRY_MD_MD5) + for (weak = opt.weak_digests; weak; weak = weak->next) + if (sig->digest_algo == weak->algo) { print_digest_rejected_note(sig->digest_algo); return GPG_ERR_DIGEST_ALGO; } - for (weak = opt.additional_weak_digests; weak; weak = weak->next) - if (sig->digest_algo == weak->algo) - { - print_digest_rejected_note(sig->digest_algo); - return GPG_ERR_DIGEST_ALGO; - } - } /* Make sure the digest algo is enabled (in case of a detached signature). */ |