gpg: Ensure all weak digest rejection notices are shown

* g10/main.h: Add rejection_shown flag to each weakhash struct
* g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
treat MD5 separately; (print_digest_rejected_note): Use
weakhash.rejection_shown instead of static shown.
* g10/options.h (opt): Change from additional_weak_digests to
weak_digests.
* g10/sig-check.c: Do not treat MD5 separately.
* g10/gpg.c (main): Explicitly set MD5 as weak.
* g10/gpgv.c (main): Explicitly set MD5 as weak.

--

Previously, only one weak digest rejection message was shown, of
whichever was the first type encountered.  This meant that if "gpg
--weak-digest SHA224" encountered both an MD5 digest and a SHA224
digest, it would only show the user that the MD5 digest was rejected.

In order to let the user know which algorithms were rejected, we
needed to move the "shown" flag into a per-weak-algorithm location.
Given this additional complication, it made no sense to continue to
treat MD5 specially, so it is added as a default weak algorithm in the
same opt.weak_digests data structure as any other.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

g10/gpg.c

@@ -2216,7 +2216,8 @@ main (int argc, char **argv)
     set_homedir (default_homedir ());
     opt.passphrase_repeat = 1;
     opt.emit_version = 1; /* Limit to the major number.  */
-    opt.additional_weak_digests = NULL;
+    opt.weak_digests = NULL;
+    additional_weak_digest("MD5");
 
     /* Check whether we have a config file on the command line.  */
     orig_argc = argc;

g10/gpgv.c

@@ -169,11 +169,13 @@ main( int argc, char **argv )
   opt.batch = 1;
 
   opt.homedir = default_homedir ();
+  opt.weak_digests = NULL;
 
   tty_no_terminal(1);
   tty_batchmode(1);
   dotlock_disable ();
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+  additional_weak_digest("MD5");
 
   pargs.argc = &argc;
   pargs.argv = &argv;

g10/main.h

@@ -72,6 +72,7 @@ struct groupitem
 struct weakhash
 {
   enum gcry_md_algos algo;
+  int rejection_shown;
   struct weakhash *next;
 };
 

g10/misc.c

@@ -307,7 +307,6 @@ print_cipher_algo_note (cipher_algo_t algo)
 void
 print_digest_algo_note (digest_algo_t algo)
 {
-  int deprecated = 0;
   const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
   const struct weakhash *weak;
 
@@ -322,34 +321,38 @@ print_digest_algo_note (digest_algo_t algo)
                     gcry_md_algo_name (galgo));
 	}
     }
-  else if(algo == DIGEST_ALGO_MD5)
-    deprecated = 1;
   else
-      for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next)
+      for (weak = opt.weak_digests; weak != NULL; weak = weak->next)
         if (weak->algo == galgo)
-          deprecated = 1;
-
-  if (deprecated)
-    {
-      es_fflush (es_stdout);
-      log_info (_("WARNING: digest algorithm %s is deprecated\n"),
-                gcry_md_algo_name (galgo));
-    }
+          {
+            es_fflush (es_stdout);
+            log_info (_("WARNING: digest algorithm %s is deprecated\n"),
+                      gcry_md_algo_name (galgo));
+          }
 }
 
 
 void
 print_digest_rejected_note (enum gcry_md_algos algo)
 {
-  static int shown;
+  struct weakhash* weak;
+  int show = 1;
+  for (weak = opt.weak_digests; weak; weak = weak->next)
+    if (weak->algo == algo)
+      {
+        if (weak->rejection_shown)
+          show = 0;
+        else
+          weak->rejection_shown = 1;
+        break;
+      }
 
-  if (!shown)
+  if (show)
     {
       es_fflush (es_stdout);
       log_info
         (_("Note: signatures using the %s algorithm are rejected\n"),
          gcry_md_algo_name(algo));
-      shown = 1;
     }
 }
 
@@ -1699,9 +1702,6 @@ additional_weak_digest (const char* digestname)
   struct weakhash *weak = NULL;
   const enum gcry_md_algos algo = string_to_digest_algo(digestname);
 
-  if (algo == GCRY_MD_MD5)
-    return; /* MD5 is always considered weak, no need to add it.  */
-
   if (algo == GCRY_MD_NONE)
     {
       log_error(_("Unknown weak digest '%s'\n"), digestname);
@@ -1709,15 +1709,14 @@ additional_weak_digest (const char* digestname)
     }
 
   /* Check to ensure it's not already present.  */
-  for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next)
-    {
-      if (algo == weak->algo)
-        return;
-    }
+  for (weak = opt.weak_digests; weak; weak = weak->next)
+    if (algo == weak->algo)
+      return;
 
   /* Add it to the head of the list.  */
   weak = xmalloc(sizeof(*weak));
   weak->algo = algo;
-  weak->next = opt.additional_weak_digests;
-  opt.additional_weak_digests = weak;
+  weak->rejection_shown = 0;
+  weak->next = opt.weak_digests;
+  opt.weak_digests = weak;
 }

g10/options.h

@@ -169,7 +169,7 @@ struct
   prefitem_t *personal_cipher_prefs;
   prefitem_t *personal_digest_prefs;
   prefitem_t *personal_compress_prefs;
-  struct weakhash *additional_weak_digests;
+  struct weakhash *weak_digests;
   int no_perm_warn;
   int no_mdc_warn;
   char *temp_dir;

g10/sig-check.c

@@ -360,19 +360,12 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig,
         return rc;
 
     if (!opt.flags.allow_weak_digest_algos)
-      {
-        if (sig->digest_algo == GCRY_MD_MD5)
+      for (weak = opt.weak_digests; weak; weak = weak->next)
+        if (sig->digest_algo == weak->algo)
           {
             print_digest_rejected_note(sig->digest_algo);
             return GPG_ERR_DIGEST_ALGO;
           }
-        for (weak = opt.additional_weak_digests; weak; weak = weak->next)
-          if (sig->digest_algo == weak->algo)
-            {
-              print_digest_rejected_note(sig->digest_algo);
-              return GPG_ERR_DIGEST_ALGO;
-            }
-      }
 
     /* Make sure the digest algo is enabled (in case of a detached
        signature).  */