diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:06 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:06 +0900 |
commit | 723cf5853fa655cec32478e13cd74b5b483fae7f (patch) | |
tree | 169be38ed659085286049254202f148449001eff /g10/misc.c | |
parent | 4c55d00bf18af0217b3929420232b25f24215829 (diff) | |
download | gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.tar.gz gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.tar.bz2 gpg2-723cf5853fa655cec32478e13cd74b5b483fae7f.zip |
Imported Upstream version 2.1.10upstream/2.1.10
Diffstat (limited to 'g10/misc.c')
-rw-r--r-- | g10/misc.c | 79 |
1 files changed, 62 insertions, 17 deletions
@@ -67,6 +67,7 @@ #include "options.h" #include "call-agent.h" #include "i18n.h" +#include "zb32.h" #include <assert.h> @@ -97,7 +98,7 @@ register_secured_file (const char *fname) struct stat buf; struct secured_file_item *sf; - /* Note that we stop immediatley if something goes wrong here. */ + /* Note that we stop immediately if something goes wrong here. */ if (stat (fname, &buf)) log_fatal (_("fstat of '%s' failed in %s: %s\n"), fname, "register_secured_file", strerror (errno)); @@ -307,6 +308,9 @@ print_cipher_algo_note (cipher_algo_t algo) void print_digest_algo_note (digest_algo_t algo) { + const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo); + const struct weakhash *weak; + if(algo >= 100 && algo <= 110) { static int warn=0; @@ -315,30 +319,41 @@ print_digest_algo_note (digest_algo_t algo) warn=1; es_fflush (es_stdout); log_info (_("WARNING: using experimental digest algorithm %s\n"), - gcry_md_algo_name (algo)); + gcry_md_algo_name (galgo)); } } - else if(algo==DIGEST_ALGO_MD5) - { - es_fflush (es_stdout); - log_info (_("WARNING: digest algorithm %s is deprecated\n"), - gcry_md_algo_name (algo)); - } + else + for (weak = opt.weak_digests; weak != NULL; weak = weak->next) + if (weak->algo == galgo) + { + es_fflush (es_stdout); + log_info (_("WARNING: digest algorithm %s is deprecated\n"), + gcry_md_algo_name (galgo)); + } } void -print_md5_rejected_note (void) +print_digest_rejected_note (enum gcry_md_algos algo) { - static int shown; - - if (!shown) + struct weakhash* weak; + int show = 1; + for (weak = opt.weak_digests; weak; weak = weak->next) + if (weak->algo == algo) + { + if (weak->rejection_shown) + show = 0; + else + weak->rejection_shown = 1; + break; + } + + if (show) { es_fflush (es_stdout); log_info (_("Note: signatures using the %s algorithm are rejected\n"), - "MD5"); - shown = 1; + gcry_md_algo_name(algo)); } } @@ -483,7 +498,7 @@ openpgp_cipher_blocklen (cipher_algo_t algo) } /**************** - * Wrapper around the libgcrypt function with additonal checks on + * Wrapper around the libgcrypt function with additional checks on * the OpenPGP contraints for the algo ID. */ int @@ -847,7 +862,7 @@ pct_expando(const char *string,struct expando_args *args) case 'f': /* Fingerprint of key being signed */ case 'p': /* Fingerprint of the primary key making the signature. */ - case 'g': /* Fingerprint of thge key making the signature. */ + case 'g': /* Fingerprint of the key making the signature. */ { byte array[MAX_FINGERPRINT_LEN]; size_t len; @@ -1059,7 +1074,7 @@ string_to_digest_algo (const char *string) { int val; - /* FIXME: We should make use of our wrapper fucntion and not assume + /* FIXME: We should make use of our wrapper function and not assume that there is a 1 to 1 mapping between OpenPGP and Libgcrypt. */ val = gcry_md_map_name (string); if (!val && string && (string[0]=='H' || string[0]=='h')) @@ -1676,3 +1691,33 @@ ecdsa_qbits_from_Q (unsigned int qbits) qbits /= 2; return qbits; } + + +/* Ignore signatures and certifications made over certain digest + * algorithms by default, MD5 is considered weak. This allows users + * to deprecate support for other algorithms as well. + */ +void +additional_weak_digest (const char* digestname) +{ + struct weakhash *weak = NULL; + const enum gcry_md_algos algo = string_to_digest_algo(digestname); + + if (algo == GCRY_MD_NONE) + { + log_error (_("unknown weak digest '%s'\n"), digestname); + return; + } + + /* Check to ensure it's not already present. */ + for (weak = opt.weak_digests; weak; weak = weak->next) + if (algo == weak->algo) + return; + + /* Add it to the head of the list. */ + weak = xmalloc(sizeof(*weak)); + weak->algo = algo; + weak->rejection_shown = 0; + weak->next = opt.weak_digests; + opt.weak_digests = weak; +} |