[STABLE-BRANCH-1-4 PATCH 1/2] gpg: Reject signatures made with MD5.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 27 05:01:31 CET 2015
From: Werner Koch <wk at gnupg.org>
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
--
(cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c)
Resolved conflicts:
g10/gpg.c - adjust.
tests/openpgp/defs.inc - no changes
---
checks/options | 1 +
doc/gpg.texi | 9 ++++++++-
g10/gpg.c | 7 +++++++
g10/options.h | 1 +
g10/sig-check.c | 16 ++++++++++++++++
5 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/checks/options b/checks/options
index 7060a66..7db73be 100644
--- a/checks/options
+++ b/checks/options
@@ -3,3 +3,4 @@ no-secmem-warning
no-permission-warning
batch
no-auto-check-trustdb
+allow-weak-digest-algos
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 27ae18c..f7dad42 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2178,7 +2178,7 @@ available, but the MIT release is a good common baseline.
This option implies
@option{--rfc1991 --disable-mdc --no-force-v4-certs
- --escape-from-lines --force-v3-sigs
+ --escape-from-lines --force-v3-sigs --allow-weak-digest-algos
--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
It also disables @option{--textmode} when encrypting.
@@ -2608,6 +2608,13 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at item --allow-weak-digest-algos
+ at opindex allow-weak-digest-algos
+Signatures made with the broken MD5 algorithm are normally rejected
+with an ``invalid digest algorithm'' message. This option allows the
+verification of signatures made with such weak algorithms.
+
+
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
diff --git a/g10/gpg.c b/g10/gpg.c
index 3f0d305..20d249a 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -376,6 +376,7 @@ enum cmd_and_opt_values
oDisableDSA2,
oAllowMultipleMessages,
oNoAllowMultipleMessages,
+ oAllowWeakDigestAlgos,
oNoop
};
@@ -725,6 +726,7 @@ static ARGPARSE_OPTS opts[] = {
{ oDisableDSA2, "disable-dsa2", 0, "@"},
{ oAllowMultipleMessages, "allow-multiple-messages", 0, "@"},
{ oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"},
+ { oAllowWeakDigestAlgos, "allow-weak-digest-algos", 0, "@"},
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
@@ -2880,6 +2882,10 @@ main (int argc, char **argv )
opt.flags.allow_multiple_messages=0;
break;
+ case oAllowWeakDigestAlgos:
+ opt.flags.allow_weak_digest_algos = 1;
+ break;
+
case oNoop: break;
default : pargs.err = configfp? 1:2; break;
@@ -3047,6 +3053,7 @@ main (int argc, char **argv )
opt.pgp2_workarounds = 1;
opt.ask_sig_expire = 0;
opt.ask_cert_expire = 0;
+ opt.flags.allow_weak_digest_algos = 1;
xfree(def_digest_string);
def_digest_string = xstrdup("md5");
xfree(s2k_digest_string);
diff --git a/g10/options.h b/g10/options.h
index f3543b1..26d65e5 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -230,6 +230,7 @@ struct
unsigned int utf8_filename:1;
unsigned int dsa2:1;
unsigned int allow_multiple_messages:1;
+ unsigned int allow_weak_digest_algos:1;
unsigned int large_rsa:1;
} flags;
diff --git a/g10/sig-check.c b/g10/sig-check.c
index b7709c1..94f0cc5 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -243,6 +243,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc;
+ if (sig->digest_algo == DIGEST_ALGO_MD5
+ && !opt.flags.allow_weak_digest_algos)
+ {
+ static int shown;
+
+ if (!shown)
+ {
+ log_info
+ (_("Note: signatures using the %s algorithm are rejected\n"),
+ "MD5");
+ shown = 1;
+ }
+
+ return G10ERR_DIGEST_ALGO;
+ }
+
/* make sure the digest algo is enabled (in case of a detached signature)*/
md_enable( digest, sig->digest_algo );
--
2.6.1
More information about the Gnupg-devel
mailing list