Revert "Mark SHA1 as a weak digest"

and "Drop the ancient DSA/SHA1 keys from openpgp tests" This was premature as it turns out there is too many SHA-1 keys in the wild. This reverts commit 24e5415f91. This reverts commit 464efce3c5. Resolves: rhbz#2184640
2023-04-19 10:21:27 +02:00 · 2023-04-19 10:21:27 +02:00 · f011a7be8f
commit f011a7be8f
parent 82c38c2911
2 changed files with 0 additions and 50 deletions
--- a/gnupg-2.3.3-disable-sha1.patch
+++ b/gnupg-2.3.3-disable-sha1.patch
@ -1,47 +0,0 @@
-diff --git a/g10/gpg.c b/g10/gpg.c
-index 84706ca6b..74946b0dd 100644
--- a/g10/gpg.c
-+++ b/g10/gpg.c
-@@ -2573,6 +2573,7 @@ main (int argc, char **argv)
- 
-     /* Set default options which require that malloc stuff is ready.  */
-     additional_weak_digest ("MD5");
-+    additional_weak_digest ("SHA1");
-     parse_auto_key_locate (DEFAULT_AKL_LIST);
- 
-     argc = orig_argc;
-diff --git a/g10/gpgv.c b/g10/gpgv.c
-index ceded4af9..277d3c8ca 100644
--- a/g10/gpgv.c
-+++ b/g10/gpgv.c
-@@ -205,6 +205,7 @@ main( int argc, char **argv )
-   dotlock_disable ();
-   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-   additional_weak_digest("MD5");
-+  additional_weak_digest("SHA1");
-   gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
- 
-   pargs.argc = &argc;
-diff --git a/tests/openpgp/gpgv.scm b/tests/openpgp/gpgv.scm
-index 398f05052..7e137a390 100755
--- a/tests/openpgp/gpgv.scm
-+++ b/tests/openpgp/gpgv.scm
-@@ -59,7 +59,7 @@
-    (pipe:do
-     (pipe:echo (eval armored-file (current-environment)))
-     (pipe:spawn `(,@gpgv --keyring ,keyring))))
- '(msg_ols_asc msg_cols_asc msg_sl_asc msg_oolss_asc msg_cls_asc msg_clss_asc))
-+ '())
- 
- (for-each-p
-  "Checking that an invalid signature is verified as such"
-@@ -69,7 +69,7 @@
- 	   (pipe:echo (eval armored-file (current-environment)))
- 	   (pipe:spawn `(,@gpgv --keyring ,keyring)))
- 	  (fail "verification succeeded but should not")))
- '(bad_ls_asc bad_fols_asc bad_olsf_asc bad_ools_asc))
-+ '(bad_ls_asc bad_fols_asc bad_olsf_asc bad_ools_asc msg_ols_asc msg_cols_asc msg_sl_asc msg_oolss_asc msg_cls_asc msg_clss_asc))
- 
- 
- ;; Need to import the ed25519 sample key used for the next two tests.
-
--- a/gnupg2.spec
+++ b/gnupg2.spec
@ -31,8 +31,6 @@ Patch30: gnupg-2.2.21-coverity.patch
 Patch31: gnupg-2.3.1-revert-default-eddsa.patch
 # Revert default EdDSA key types
 Patch32: gnupg-2.3.3-CVE-2022-34903.patch
-# Mark SHA-1 weak algorithm to prevent its usage for verification
-Patch33: gnupg-2.3.3-disable-sha1.patch
 # Fix AEAD packet construction
 # https://dev.gnupg.org/T5856
 Patch34: gnupg-2.3.3-aead-packet.patch
@ -124,7 +122,6 @@ to the base GnuPG package
 %patch30 -p1 -b .coverity
 %patch31 -p1 -R -b .eddsa
 %patch32 -p1 -b .CVE-2022-34903
-%patch33 -p1 -b .sha1
 %patch34 -p1 -b .aead
 %patch35 -p1 -b .ssh-fips