Imported Upstream version 2.1.10upstream/2.1.10

author: DongHun Kwak <dh0128.kwak@samsung.com> 2021-02-09 16:00:06 +0900
committer: DongHun Kwak <dh0128.kwak@samsung.com> 2021-02-09 16:00:06 +0900
commit: 723cf5853fa655cec32478e13cd74b5b483fae7f (patch)
tree: 169be38ed659085286049254202f148449001eff /g10/misc.c
parent: 4c55d00bf18af0217b3929420232b25f24215829 (diff)
download: gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.tar.gz
gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.tar.bz2
gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.zip
1 files changed, 62 insertions, 17 deletions
diff --git a/g10/misc.c b/g10/misc.c
index 9134b28..547944d 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -67,6 +67,7 @@
 #include "options.h"
 #include "call-agent.h"
 #include "i18n.h"
+#include "zb32.h"
 
 #include <assert.h>
 
@@ -97,7 +98,7 @@ register_secured_file (const char *fname)
   struct stat buf;
   struct secured_file_item *sf;
 
-  /* Note that we stop immediatley if something goes wrong here. */
+  /* Note that we stop immediately if something goes wrong here. */
   if (stat (fname, &buf))
     log_fatal (_("fstat of '%s' failed in %s: %s\n"), fname,
                "register_secured_file", strerror (errno));
@@ -307,6 +308,9 @@ print_cipher_algo_note (cipher_algo_t algo)
 void
 print_digest_algo_note (digest_algo_t algo)
 {
+  const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
+  const struct weakhash *weak;
+
   if(algo >= 100 && algo <= 110)
     {
       static int warn=0;
@@ -315,30 +319,41 @@ print_digest_algo_note (digest_algo_t algo)
 	  warn=1;
           es_fflush (es_stdout);
 	  log_info (_("WARNING: using experimental digest algorithm %s\n"),
-                    gcry_md_algo_name (algo));
+                    gcry_md_algo_name (galgo));
 	}
     }
-  else if(algo==DIGEST_ALGO_MD5)
-    {
-      es_fflush (es_stdout);
-      log_info (_("WARNING: digest algorithm %s is deprecated\n"),
-                gcry_md_algo_name (algo));
-    }
+  else
+      for (weak = opt.weak_digests; weak != NULL; weak = weak->next)
+        if (weak->algo == galgo)
+          {
+            es_fflush (es_stdout);
+            log_info (_("WARNING: digest algorithm %s is deprecated\n"),
+                      gcry_md_algo_name (galgo));
+          }
 }
 
 
 void
-print_md5_rejected_note (void)
+print_digest_rejected_note (enum gcry_md_algos algo)
 {
-  static int shown;
-
-  if (!shown)
+  struct weakhash* weak;
+  int show = 1;
+  for (weak = opt.weak_digests; weak; weak = weak->next)
+    if (weak->algo == algo)
+      {
+        if (weak->rejection_shown)
+          show = 0;
+        else
+          weak->rejection_shown = 1;
+        break;
+      }
+
+  if (show)
     {
       es_fflush (es_stdout);
       log_info
         (_("Note: signatures using the %s algorithm are rejected\n"),
-         "MD5");
-      shown = 1;
+         gcry_md_algo_name(algo));
     }
 }
 
@@ -483,7 +498,7 @@ openpgp_cipher_blocklen (cipher_algo_t algo)
 }
 
 /****************
- * Wrapper around the libgcrypt function with additonal checks on
+ * Wrapper around the libgcrypt function with additional checks on
  * the OpenPGP contraints for the algo ID.
  */
 int
@@ -847,7 +862,7 @@ pct_expando(const char *string,struct expando_args *args)
 
 	    case 'f': /* Fingerprint of key being signed */
 	    case 'p': /* Fingerprint of the primary key making the signature. */
-	    case 'g': /* Fingerprint of thge key making the signature.  */
+	    case 'g': /* Fingerprint of the key making the signature.  */
 	      {
 		byte array[MAX_FINGERPRINT_LEN];
 		size_t len;
@@ -1059,7 +1074,7 @@ string_to_digest_algo (const char *string)
 {
   int val;
 
-  /* FIXME: We should make use of our wrapper fucntion and not assume
+  /* FIXME: We should make use of our wrapper function and not assume
      that there is a 1 to 1 mapping between OpenPGP and Libgcrypt.  */
   val = gcry_md_map_name (string);
   if (!val && string && (string[0]=='H' || string[0]=='h'))
@@ -1676,3 +1691,33 @@ ecdsa_qbits_from_Q (unsigned int qbits)
   qbits /= 2;
   return qbits;
 }
+
+
+/* Ignore signatures and certifications made over certain digest
+ * algorithms by default, MD5 is considered weak.  This allows users
+ * to deprecate support for other algorithms as well.
+ */
+void
+additional_weak_digest (const char* digestname)
+{
+  struct weakhash *weak = NULL;
+  const enum gcry_md_algos algo = string_to_digest_algo(digestname);
+
+  if (algo == GCRY_MD_NONE)
+    {
+      log_error (_("unknown weak digest '%s'\n"), digestname);
+      return;
+    }
+
+  /* Check to ensure it's not already present.  */
+  for (weak = opt.weak_digests; weak; weak = weak->next)
+    if (algo == weak->algo)
+      return;
+
+  /* Add it to the head of the list.  */
+  weak = xmalloc(sizeof(*weak));
+  weak->algo = algo;
+  weak->rejection_shown = 0;
+  weak->next = opt.weak_digests;
+  opt.weak_digests = weak;
+}
author	DongHun Kwak <dh0128.kwak@samsung.com>	2021-02-09 16:00:06 +0900
committer	DongHun Kwak <dh0128.kwak@samsung.com>	2021-02-09 16:00:06 +0900
commit	723cf5853fa655cec32478e13cd74b5b483fae7f (patch)
tree	169be38ed659085286049254202f148449001eff /g10/misc.c
parent	4c55d00bf18af0217b3929420232b25f24215829 (diff)
download	gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.tar.gz gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.tar.bz2 gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.zip