From 43e5d28c6dbab9e5bcf652b4051184d409910c69 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 27 Oct 2015 00:01:31 -0400 Subject: [PATCH] gpg: Reject signatures made with MD5. * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos. -- (cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c) Resolved conflicts: g10/gpg.c - adjust. tests/openpgp/defs.inc - no changes --- checks/options | 1 + doc/gpg.texi | 9 ++++++++- g10/gpg.c | 7 +++++++ g10/options.h | 1 + g10/sig-check.c | 16 ++++++++++++++++ 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/checks/options b/checks/options index 7060a6610..7db73bea3 100644 --- a/checks/options +++ b/checks/options @@ -3,3 +3,4 @@ no-secmem-warning no-permission-warning batch no-auto-check-trustdb +allow-weak-digest-algos diff --git a/doc/gpg.texi b/doc/gpg.texi index 0b8beed1e..93baf16e1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2178,7 +2178,7 @@ available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc --no-force-v4-certs - --escape-from-lines --force-v3-sigs + --escape-from-lines --force-v3-sigs --allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables @option{--textmode} when encrypting. @@ -2608,6 +2608,13 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. +@item --allow-weak-digest-algos +@opindex allow-weak-digest-algos +Signatures made with the broken MD5 algorithm are normally rejected +with an ``invalid digest algorithm'' message. This option allows the +verification of signatures made with such weak algorithms. + + @item --no-default-keyring @opindex no-default-keyring Do not add the default keyrings to the list of keyrings. Note that diff --git a/g10/gpg.c b/g10/gpg.c index 590be23d3..ce33e12d4 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -376,6 +376,7 @@ enum cmd_and_opt_values oDisableDSA2, oAllowMultipleMessages, oNoAllowMultipleMessages, + oAllowWeakDigestAlgos, oNoop }; @@ -725,6 +726,7 @@ static ARGPARSE_OPTS opts[] = { { oDisableDSA2, "disable-dsa2", 0, "@"}, { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"}, { oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"}, + { oAllowWeakDigestAlgos, "allow-weak-digest-algos", 0, "@"}, /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common @@ -2876,6 +2878,10 @@ main (int argc, char **argv ) opt.flags.allow_multiple_messages=0; break; + case oAllowWeakDigestAlgos: + opt.flags.allow_weak_digest_algos = 1; + break; + case oNoop: break; default : pargs.err = configfp? 1:2; break; @@ -3043,6 +3049,7 @@ main (int argc, char **argv ) opt.pgp2_workarounds = 1; opt.ask_sig_expire = 0; opt.ask_cert_expire = 0; + opt.flags.allow_weak_digest_algos = 1; xfree(def_digest_string); def_digest_string = xstrdup("md5"); xfree(s2k_digest_string); diff --git a/g10/options.h b/g10/options.h index f3543b18a..26d65e560 100644 --- a/g10/options.h +++ b/g10/options.h @@ -230,6 +230,7 @@ struct unsigned int utf8_filename:1; unsigned int dsa2:1; unsigned int allow_multiple_messages:1; + unsigned int allow_weak_digest_algos:1; unsigned int large_rsa:1; } flags; diff --git a/g10/sig-check.c b/g10/sig-check.c index b7709c15a..94f0cc5ff 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -243,6 +243,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) ) return rc; + if (sig->digest_algo == DIGEST_ALGO_MD5 + && !opt.flags.allow_weak_digest_algos) + { + static int shown; + + if (!shown) + { + log_info + (_("Note: signatures using the %s algorithm are rejected\n"), + "MD5"); + shown = 1; + } + + return G10ERR_DIGEST_ALGO; + } + /* make sure the digest algo is enabled (in case of a detached signature)*/ md_enable( digest, sig->digest_algo );