gpg: Add option --allow-weak-key-signatures.

* g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2019-11-07 10:36:17 +01:00 · 2019-11-07 10:36:17 +01:00 · e624c41dba
commit e624c41dba
parent f4047f5605
6 changed files with 45 additions and 6 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -414,6 +414,7 @@ enum cmd_and_opt_values
    oEnableDSA2,
    oDisableDSA2,
    oAllowWeakDigestAlgos,
+    oAllowWeakKeySignatures,
    oFakedSystemTime,
    oNoAutostart,
    oPrintPKARecords,
@ -902,6 +903,9 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"),
  ARGPARSE_s_n (oUseKeyboxd,    "use-keyboxd", "@"),

+  /* Options to override new security defaults.  */
+  ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
+
  /* Options which can be used in special circumstances. They are not
   * published and we hope they are never required.  */
  ARGPARSE_s_n (oUseOnlyOpenPGPCard, "use-only-openpgp-card", "@"),
@ -3639,6 +3643,10 @@ main (int argc, char **argv)
            opt.flags.allow_weak_digest_algos = 1;
            break;

+          case oAllowWeakKeySignatures:
+            opt.flags.allow_weak_key_signatures = 1;
+            break;
+
          case oFakedSystemTime:
            {
              size_t len = strlen (pargs.r.ret_str);
--- a/g10/main.h
+++ b/g10/main.h
@ -101,6 +101,7 @@ void print_pubkey_algo_note (pubkey_algo_t algo);
 void print_cipher_algo_note (cipher_algo_t algo);
 void print_digest_algo_note (digest_algo_t algo);
 void print_digest_rejected_note (enum gcry_md_algos algo);
+void print_sha1_keysig_rejected_note (void);
 void print_reported_error (gpg_error_t err, gpg_err_code_t skip_if_ec);
 void print_further_info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2);
 void additional_weak_digest (const char* digestname);
--- a/g10/misc.c
+++ b/g10/misc.c
@ -362,6 +362,24 @@ print_digest_rejected_note (enum gcry_md_algos algo)
 }


+void
+print_sha1_keysig_rejected_note (void)
+{
+  static int shown;
+
+  if (shown)
+    return;
+
+  shown = 1;
+  es_fflush (es_stdout);
+  log_info (_("Note: third-party key signatures using"
+              " the %s algorithm are rejected\n"),
+            gcry_md_algo_name (GCRY_MD_SHA1));
+  print_further_info ("use option \"%s\" to override",
+                      "--allow-weak-key-signatures");
+}
+
+
 /* Print a message
 *  "(reported error: %s)\n
 * in verbose mode to further explain an error.  If the error code has
--- a/g10/options.h
+++ b/g10/options.h
@ -246,6 +246,7 @@ struct
    unsigned int utf8_filename:1;
    unsigned int dsa2:1;
    unsigned int allow_weak_digest_algos:1;
+    unsigned int allow_weak_key_signatures:1;
    unsigned int large_rsa:1;
    unsigned int disable_signer_uid:1;
    /* Flag to enable experimental features from RFC4880bis.  */
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -1012,12 +1012,14 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
  else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
    {
      log_assert (packet->pkttype == PKT_USER_ID);
-      if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig)
+      if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
+          && !opt.flags.allow_weak_key_signatures)
        {
          /* If the signature was created using SHA-1 we consider this
           * signature invalid because it makes it possible to mount a
           * chosen-prefix collision.  We don't do this for
           * self-signatures, though.  */
+          print_sha1_keysig_rejected_note ();
          rc = gpg_error (GPG_ERR_DIGEST_ALGO);
        }
      else