Package: gnupg1 / 1.4.23-1

0005-gpg-Change-default-digest-algorithm-to-SHA256.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 14 Nov 2016 07:57:20 +0900
Subject: gpg: Change default digest algorithm to SHA256

* g10/main.h: set DEFAULT_DIGEST_ALGO to DIGEST_ALGO_SHA256

--

gnupg 2.x defaults to making signatures and certifications with
sha256, and has for quite some time; i know of no problems with that
decision today (it's 2016!).  We should emulate it in the 1.4.x
branch.

Debian-Bug-Id: 824084
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 g10/main.h | 2 +-
 g10/sign.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/g10/main.h b/g10/main.h
index a0b96f9..a5500cc 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -38,7 +38,7 @@
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_3DES
 #endif
 
-#define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA256
 #define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 
diff --git a/g10/sign.c b/g10/sign.c
index ed8ac73..81c5452 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1396,7 +1396,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 
     if( !digest_algo )
       {
-	/* Basically, this means use SHA1 always unless it's a v3 RSA
+	/* Basically, this means use the default digest algo always unless it's a v3 RSA
 	   key making a v3 cert (use MD5), or the user specified
 	   something (use whatever they said), or it's DSA (use the
 	   best match).  They still can't pick an inappropriate hash
@@ -1412,7 +1412,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 	else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
 	  digest_algo = match_dsa_hash(mpi_get_nbits(sk->skey[1])/8);
 	else
-	  digest_algo = DIGEST_ALGO_SHA1;
+	  digest_algo = DEFAULT_DIGEST_ALGO;
       }
 
     md = md_open( digest_algo, 0 );