1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Cleanup use of make_keysig_packet.

* g10/sign.c (make_keysig_packet): Remove obsolete arg diegst_algo
which was always passed as 0.  Change all callers.

* g10/gpgcompose.c (signature): Warn when trying to set a digest algo.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-05-13 12:38:32 +02:00
parent 1cd2aca03b
commit d07666412d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 48 additions and 44 deletions

View File

@ -3081,10 +3081,14 @@ the same thing.
@opindex cert-digest-algo @opindex cert-digest-algo
Use @var{name} as the message digest algorithm used when signing a Use @var{name} as the message digest algorithm used when signing a
key. Running the program with the command @option{--version} yields a key. Running the program with the command @option{--version} yields a
list of supported algorithms. Be aware that if you choose an algorithm list of supported algorithms. Be aware that if you choose an
that GnuPG supports but other OpenPGP implementations do not, then some algorithm that GnuPG supports but other OpenPGP implementations do
users will not be able to use the key signatures you make, or quite not, then some users will not be able to use the key signatures you
possibly your entire key. make, or quite possibly your entire key. Note also that a public key
algorithm must be compatible with the specified digest algorithm; thus
selecting an arbitrary digest algorithm may result in error messages
from lower crypto layers or lead to security flaws.
@item --disable-cipher-algo @var{name} @item --disable-cipher-algo @var{name}
@opindex disable-cipher-algo @opindex disable-cipher-algo

View File

@ -1799,12 +1799,19 @@ signature (const char *option, int argc, char *argv[], void *cookie)
keyid_copy (si.issuer_pk->keyid, pk_keyid (pripk)); keyid_copy (si.issuer_pk->keyid, pk_keyid (pripk));
} }
/* The reuse of core gpg stuff by this tool is questionable when it
* requires adding extra code to the actual gpg code. It does not
* make sense to pass an extra parameter and in particular not given
* that gpg already has opt.cert_digest_algo to override it. */
if (si.digest_algo)
log_info ("note: digest algo can't be passed to make_keysig_packet\n");
/* Changing the issuer's key id is fragile. Check to make sure /* Changing the issuer's key id is fragile. Check to make sure
make_keysig_packet didn't recompute the keyid. */ make_keysig_packet didn't recompute the keyid. */
keyid_copy (keyid, si.issuer_pk->keyid); keyid_copy (keyid, si.issuer_pk->keyid);
err = make_keysig_packet (global_ctrl, err = make_keysig_packet (global_ctrl,
&sig, si.pk, si.uid, si.sk, si.issuer_pk, &sig, si.pk, si.uid, si.sk, si.issuer_pk,
si.class, si.digest_algo, si.class,
si.timestamp, si.expiration, si.timestamp, si.expiration,
mksubpkt_callback, &si, NULL); mksubpkt_callback, &si, NULL);
log_assert (keyid_cmp (keyid, si.issuer_pk->keyid) == 0); log_assert (keyid_cmp (keyid, si.issuer_pk->keyid) == 0);

View File

@ -1012,7 +1012,8 @@ sign_uids (ctrl_t ctrl, estream_t fp,
node->pkt->pkt.user_id, node->pkt->pkt.user_id,
NULL, NULL,
pk, pk,
0x13, 0, 0, 0, 0x13,
0, 0,
keygen_add_std_prefs, primary_pk, keygen_add_std_prefs, primary_pk,
NULL); NULL);
else else
@ -1020,7 +1021,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
node->pkt->pkt.user_id, node->pkt->pkt.user_id,
NULL, NULL,
pk, pk,
class, 0, class,
timestamp, duration, timestamp, duration,
sign_mk_attrib, &attrib, sign_mk_attrib, &attrib,
NULL); NULL);
@ -3991,7 +3992,7 @@ menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock,
return 0; return 0;
} }
err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x13, 0, 0,
keygen_add_std_prefs, pk, NULL); keygen_add_std_prefs, pk, NULL);
if (err) if (err)
{ {
@ -4374,7 +4375,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
break; break;
} }
rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0, rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk, 0x1F, 0, 0,
keygen_add_revkey, &revkey, NULL); keygen_add_revkey, &revkey, NULL);
if (rc) if (rc)
{ {
@ -5898,7 +5899,7 @@ reloop: /* (must use this, because we are modifying the list) */
} }
rc = make_keysig_packet (ctrl, &sig, primary_pk, rc = make_keysig_packet (ctrl, &sig, primary_pk,
unode->pkt->pkt.user_id, unode->pkt->pkt.user_id,
NULL, signerkey, 0x30, 0, 0, 0, NULL, signerkey, 0x30, 0, 0,
sign_mk_attrib, &attrib, NULL); sign_mk_attrib, &attrib, NULL);
free_public_key (signerkey); free_public_key (signerkey);
if (rc) if (rc)
@ -5977,11 +5978,11 @@ core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
memset (&attrib, 0, sizeof attrib); memset (&attrib, 0, sizeof attrib);
/* should not need to cast away const here; but /* should not need to cast away const here; but
revocation_reason_build_cb needs to take a non-const revocation_reason_build_cb needs to take a non-const
void* in order to meet the function signtuare for the void* in order to meet the function signutare for the
mksubpkt argument to make_keysig_packet */ mksubpkt argument to make_keysig_packet */
attrib.reason = (struct revocation_reason_info *)reason; attrib.reason = (struct revocation_reason_info *)reason;
rc = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x30, 0, rc = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x30,
timestamp, 0, timestamp, 0,
sign_mk_attrib, &attrib, NULL); sign_mk_attrib, &attrib, NULL);
if (rc) if (rc)
@ -6111,7 +6112,7 @@ menu_revkey (ctrl_t ctrl, kbnode_t pub_keyblock)
return 0; return 0;
rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk, rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk,
0x20, 0, 0, 0, 0x20, 0, 0,
revocation_reason_build_cb, reason, NULL); revocation_reason_build_cb, reason, NULL);
if (rc) if (rc)
{ {
@ -6173,7 +6174,7 @@ menu_revsubkey (ctrl_t ctrl, kbnode_t pub_keyblock)
node->flag &= ~NODFLG_SELKEY; node->flag &= ~NODFLG_SELKEY;
rc = make_keysig_packet (ctrl, &sig, mainpk, NULL, subpk, mainpk, rc = make_keysig_packet (ctrl, &sig, mainpk, NULL, subpk, mainpk,
0x28, 0, 0, 0, sign_mk_attrib, &attrib, 0x28, 0, 0, sign_mk_attrib, &attrib,
NULL); NULL);
if (rc) if (rc)
{ {

View File

@ -1022,7 +1022,7 @@ make_backsig (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pk,
cache_public_key (sub_pk); cache_public_key (sub_pk);
err = make_keysig_packet (ctrl, &backsig, pk, NULL, sub_pk, sub_psk, 0x19, err = make_keysig_packet (ctrl, &backsig, pk, NULL, sub_pk, sub_psk, 0x19,
0, timestamp, 0, NULL, NULL, cache_nonce); timestamp, 0, NULL, NULL, cache_nonce);
if (err) if (err)
log_error ("make_keysig_packet failed for backsig: %s\n", log_error ("make_keysig_packet failed for backsig: %s\n",
gpg_strerror (err)); gpg_strerror (err));
@ -1130,7 +1130,7 @@ write_direct_sig (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk,
/* Make the signature. */ /* Make the signature. */
err = make_keysig_packet (ctrl, &sig, pk, NULL,NULL, psk, 0x1F, err = make_keysig_packet (ctrl, &sig, pk, NULL,NULL, psk, 0x1F,
0, timestamp, 0, timestamp, 0,
keygen_add_revkey, revkey, cache_nonce); keygen_add_revkey, revkey, cache_nonce);
if (err) if (err)
{ {
@ -1185,7 +1185,7 @@ write_selfsigs (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk,
/* Make the signature. */ /* Make the signature. */
err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, psk, 0x13, err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, psk, 0x13,
0, timestamp, 0, timestamp, 0,
keygen_add_std_prefs, pk, cache_nonce); keygen_add_std_prefs, pk, cache_nonce);
if (err) if (err)
{ {
@ -1245,7 +1245,7 @@ write_keybinding (ctrl_t ctrl, kbnode_t root,
oduap.usage = use; oduap.usage = use;
oduap.pk = sub_pk; oduap.pk = sub_pk;
err = make_keysig_packet (ctrl, &sig, pri_pk, NULL, sub_pk, pri_psk, 0x18, err = make_keysig_packet (ctrl, &sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
0, timestamp, 0, timestamp, 0,
keygen_add_key_flags_and_expire, &oduap, keygen_add_key_flags_and_expire, &oduap,
cache_nonce); cache_nonce);
if (err) if (err)

View File

@ -931,7 +931,7 @@ int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2,
int make_keysig_packet (ctrl_t ctrl, int make_keysig_packet (ctrl_t ctrl,
PKT_signature **ret_sig, PKT_public_key *pk, PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk, PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk, int sigclass, int digest_algo, PKT_public_key *pksk, int sigclass,
u32 timestamp, u32 duration, u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *), int (*mksubpkt)(PKT_signature *, void *),
void *opaque, void *opaque,

View File

@ -343,7 +343,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
push_armor_filter (afx, out); push_armor_filter (afx, out);
/* create it */ /* create it */
rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk2, 0x20, 0, rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk2, 0x20,
0, 0, 0, 0,
revocation_reason_build_cb, reason, revocation_reason_build_cb, reason,
NULL); NULL);
@ -474,7 +474,7 @@ create_revocation (ctrl_t ctrl,
afx->hdrlines = "Comment: This is a revocation certificate\n"; afx->hdrlines = "Comment: This is a revocation certificate\n";
push_armor_filter (afx, out); push_armor_filter (afx, out);
rc = make_keysig_packet (ctrl, &sig, psk, NULL, NULL, psk, 0x20, 0, rc = make_keysig_packet (ctrl, &sig, psk, NULL, NULL, psk, 0x20,
0, 0, 0, 0,
revocation_reason_build_cb, reason, cache_nonce); revocation_reason_build_cb, reason, cache_nonce);
if (rc) if (rc)

View File

@ -1593,7 +1593,7 @@ make_keysig_packet (ctrl_t ctrl,
PKT_signature **ret_sig, PKT_public_key *pk, PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk, PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk, PKT_public_key *pksk,
int sigclass, int digest_algo, int sigclass,
u32 timestamp, u32 duration, u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *), void *opaque, int (*mksubpkt)(PKT_signature *, void *), void *opaque,
const char *cache_nonce) const char *cache_nonce)
@ -1601,6 +1601,7 @@ make_keysig_packet (ctrl_t ctrl,
PKT_signature *sig; PKT_signature *sig;
int rc = 0; int rc = 0;
int sigversion; int sigversion;
int digest_algo;
gcry_md_hd_t md; gcry_md_hd_t md;
log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
@ -1612,31 +1613,22 @@ make_keysig_packet (ctrl_t ctrl,
else else
sigversion = 4; sigversion = 4;
if (!digest_algo) /* Select the digest algo to use. */
if (opt.cert_digest_algo) /* Forceful override by the user. */
digest_algo = opt.cert_digest_algo;
else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA) /* Meet DSA requirements. */
digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8);
else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA /* Meet ECDSA requirements. */
|| pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
{ {
/* Basically, this means use SHA1 always unless the user if (openpgp_oid_is_ed25519 (pksk->pkey[0]))
* specified something (use whatever they said), or it's DSA digest_algo = DIGEST_ALGO_SHA256;
* (use the best match). They still can't pick an inappropriate
* hash for DSA or the signature will fail. Note that this
* still allows the caller of make_keysig_packet to override the
* user setting if it must. */
if (opt.cert_digest_algo)
digest_algo = opt.cert_digest_algo;
else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA)
digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8);
else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
|| pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
{
if (openpgp_oid_is_ed25519 (pksk->pkey[0]))
digest_algo = DIGEST_ALGO_SHA256;
else
digest_algo = match_dsa_hash
(ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8);
}
else else
digest_algo = DEFAULT_DIGEST_ALGO; digest_algo = match_dsa_hash
(ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8);
} }
else /* Use the default. */
digest_algo = DEFAULT_DIGEST_ALGO;
if (gcry_md_open (&md, digest_algo, 0)) if (gcry_md_open (&md, digest_algo, 0))
BUG (); BUG ();