[Pkg-gnupg-commit] [gnupg2] 18/241: gpg: Print warning when rejecting weak digests
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Dec 9 20:31:48 UTC 2015
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit b98939812abf6c643c752ce7c325f98039a1a9e2
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Oct 19 10:41:23 2015 -0400
gpg: Print warning when rejecting weak digests
* g10/misc.c (print_md5_rejected_note): Rename to ..
(print_digest_rejected_note): this. Parameterize function to take an
enum gcry_md_algos.
* g10/sig-check.c: Use print_digest_rejected_note() when rejecting
signatures.
--
76afaed65e3b0ddfa4923cb577ada43217dd4b18 allowed extra --weak-digests,
but removed the one call to print_md5_rejected_note(). This replaces
and generalizes that warning.
Signed-Off-By: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
g10/main.h | 2 +-
g10/misc.c | 4 ++--
g10/sig-check.c | 10 ++++++++--
3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/g10/main.h b/g10/main.h
index 0226c64..601a952 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -87,7 +87,7 @@ extern int g10_errors_seen;
void print_pubkey_algo_note (pubkey_algo_t algo);
void print_cipher_algo_note (cipher_algo_t algo);
void print_digest_algo_note (digest_algo_t algo);
-void print_md5_rejected_note (void);
+void print_digest_rejected_note (enum gcry_md_algos algo);
void additional_weak_digest (const char* digestname);
/*-- armor.c --*/
diff --git a/g10/misc.c b/g10/misc.c
index c135059..93ddaa0 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -339,7 +339,7 @@ print_digest_algo_note (digest_algo_t algo)
void
-print_md5_rejected_note (void)
+print_digest_rejected_note (enum gcry_md_algos algo)
{
static int shown;
@@ -348,7 +348,7 @@ print_md5_rejected_note (void)
es_fflush (es_stdout);
log_info
(_("Note: signatures using the %s algorithm are rejected\n"),
- "MD5");
+ gcry_md_algo_name(algo));
shown = 1;
}
}
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 84930d6..23f42b9 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -282,10 +282,16 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
if (!opt.flags.allow_weak_digest_algos)
{
if (sig->digest_algo == GCRY_MD_MD5)
- return GPG_ERR_DIGEST_ALGO;
+ {
+ print_digest_rejected_note(sig->digest_algo);
+ return GPG_ERR_DIGEST_ALGO;
+ }
for (weak = opt.additional_weak_digests; weak; weak = weak->next)
if (sig->digest_algo == weak->algo)
- return GPG_ERR_DIGEST_ALGO;
+ {
+ print_digest_rejected_note(sig->digest_algo);
+ return GPG_ERR_DIGEST_ALGO;
+ }
}
/* Make sure the digest algo is enabled (in case of a detached
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list