security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Reject signatures made with MD5.

Browse source 
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
--
(cherry picked from commit f90cfe6b66)

Resolved conflicts:
	g10/gpg.c - adjust.
	tests/openpgp/defs.inc - no changes
This commit is contained in:
Werner Koch 2014-03-17 17:54:36 +01:00
parent 3d4a36c8c9
commit 8a4bd132f7
6 changed files with 38 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
g10/sig-check.c
View file

@ -269,6 +269,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc;
if (sig->digest_algo == GCRY_MD_MD5
&& !opt.flags.allow_weak_digest_algos)
{
static int shown;
if (!shown)
{
log_info
(_("Note: signatures using the %s algorithm are rejected\n"),
"MD5");
shown = 1;
}
return GPG_ERR_DIGEST_ALGO;
}
/* Make sure the digest algo is enabled (in case of a detached
signature). */
gcry_md_enable (digest, sig->digest_algo);