mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Do not use weak digest algos if selected by recipient prefs.
* g10/misc.c (is_weak_digest): New. (print_digest_algo_note): Use it here. * g10/sig-check.c (check_signature_end_simple): Use it. * g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in the least of weak digest algorithm. -- If a message is signed and encrypted to several recipients, the to be used digest algorithm is deduced from the preferences of the recipient. This is so that all recipients are able to check the the signature. However, if the sender has a declared an algorithm as week, that algorithm shall not be used - in this case we fallback to the standard way of selecting an algorithm. Note that a smarter way of selecting the algo is to check this while figuring out the algorithm - this needs more testing and thus we do it the simple way. Reported-by: Phil Pennock Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
b004701adc
commit
15746d60d4
4 changed files with 31 additions and 19 deletions
|
|
@ -99,6 +99,7 @@ void print_sha1_keysig_rejected_note (void);
|
|||
void print_reported_error (gpg_error_t err, gpg_err_code_t skip_if_ec);
|
||||
void print_further_info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2);
|
||||
void additional_weak_digest (const char* digestname);
|
||||
int is_weak_digest (digest_algo_t algo);
|
||||
|
||||
/*-- armor.c --*/
|
||||
char *make_radix64_string( const byte *data, size_t len );
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue