void-packages/srcpkgs/gnupg1/patches/0005-gpg-Change-default-digest-algorithm-to-SHA256.patch
2021-07-22 21:30:59 +07:00

55 lines
1.8 KiB
Diff

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 14 Nov 2016 07:57:20 +0900
Subject: gpg: Change default digest algorithm to SHA256
* g10/main.h: set DEFAULT_DIGEST_ALGO to DIGEST_ALGO_SHA256
--
gnupg 2.x defaults to making signatures and certifications with
sha256, and has for quite some time; i know of no problems with that
decision today (it's 2016!). We should emulate it in the 1.4.x
branch.
Debian-Bug-Id: 824084
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/main.h | 2 +-
g10/sign.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/g10/main.h b/g10/main.h
index a0b96f9..a5500cc 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -38,7 +38,7 @@
# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES
#endif
-#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA256
#define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP
#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
diff --git a/g10/sign.c b/g10/sign.c
index ed8ac73..81c5452 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1396,7 +1396,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
if( !digest_algo )
{
- /* Basically, this means use SHA1 always unless it's a v3 RSA
+ /* Basically, this means use the default digest algo always unless it's a v3 RSA
key making a v3 cert (use MD5), or the user specified
something (use whatever they said), or it's DSA (use the
best match). They still can't pick an inappropriate hash
@@ -1412,7 +1412,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
digest_algo = match_dsa_hash(mpi_get_nbits(sk->skey[1])/8);
else
- digest_algo = DIGEST_ALGO_SHA1;
+ digest_algo = DEFAULT_DIGEST_ALGO;
}
md = md_open( digest_algo, 0 );