[Pkg-gnupg-commit] [gnupg2] 18/241: gpg: Print warning when rejecting weak digests

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Dec 9 20:31:48 UTC 2015 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit b98939812abf6c643c752ce7c325f98039a1a9e2
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Oct 19 10:41:23 2015 -0400

    gpg: Print warning when rejecting weak digests
    
    * g10/misc.c (print_md5_rejected_note): Rename to ..
    (print_digest_rejected_note): this.  Parameterize function to take an
    enum gcry_md_algos.
    * g10/sig-check.c: Use print_digest_rejected_note() when rejecting
    signatures.
    
    --
    
    76afaed65e3b0ddfa4923cb577ada43217dd4b18 allowed extra --weak-digests,
    but removed the one call to print_md5_rejected_note().  This replaces
    and generalizes that warning.
    
    Signed-Off-By: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
 g10/main.h      |  2 +-
 g10/misc.c      |  4 ++--
 g10/sig-check.c | 10 ++++++++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/g10/main.h b/g10/main.h
index 0226c64..601a952 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -87,7 +87,7 @@ extern int g10_errors_seen;
 void print_pubkey_algo_note (pubkey_algo_t algo);
 void print_cipher_algo_note (cipher_algo_t algo);
 void print_digest_algo_note (digest_algo_t algo);
-void print_md5_rejected_note (void);
+void print_digest_rejected_note (enum gcry_md_algos algo);
 void additional_weak_digest (const char* digestname);
 
 /*-- armor.c --*/
diff --git a/g10/misc.c b/g10/misc.c
index c135059..93ddaa0 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -339,7 +339,7 @@ print_digest_algo_note (digest_algo_t algo)
 
 
 void
-print_md5_rejected_note (void)
+print_digest_rejected_note (enum gcry_md_algos algo)
 {
   static int shown;
 
@@ -348,7 +348,7 @@ print_md5_rejected_note (void)
       es_fflush (es_stdout);
       log_info
         (_("Note: signatures using the %s algorithm are rejected\n"),
-         "MD5");
+         gcry_md_algo_name(algo));
       shown = 1;
     }
 }
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 84930d6..23f42b9 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -282,10 +282,16 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
     if (!opt.flags.allow_weak_digest_algos)
       {
         if (sig->digest_algo == GCRY_MD_MD5)
-          return GPG_ERR_DIGEST_ALGO;
+          {
+            print_digest_rejected_note(sig->digest_algo);
+            return GPG_ERR_DIGEST_ALGO;
+          }
         for (weak = opt.additional_weak_digests; weak; weak = weak->next)
           if (sig->digest_algo == weak->algo)
-            return GPG_ERR_DIGEST_ALGO;
+            {
+              print_digest_rejected_note(sig->digest_algo);
+              return GPG_ERR_DIGEST_ALGO;
+            }
       }
 
     /* Make sure the digest algo is enabled (in case of a detached

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list