gpg: Set the default digest algo for S2K to SHA256.

* g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO. -- GnuPG-bug-id: 6367
2023-04-04 09:20:26 +02:00 · 2023-04-04 09:20:26 +02:00 · 7bf57a794b
parent 56d309133f
commit 7bf57a794b
2 changed files with 9 additions and 3 deletions
--- a/8
+++ b/8
@ -7,12 +7,18 @@ Noteworthy changes in version 2.4.1 (unreleased)
    "[self-signature]" instead of the user-id in key signature
    listings.  [rG103acfe9ca]

+  * gpg: For symmetric encryption the default S2K hash is now SHA256.
+    [T6367]
+
  * gpgsm: Verification of detached signatures does now strip trailing
    zeroes from the input if --assume-binary is used.  [rG2a13f7f9dc]

  * gpgsm: Non-armored detached signature are now created without
    using indefinite form length octets.  This improves compatibility
-    with some PDF signature verification software.
+    with some PDF signature verification software.  [rG8996b0b655]
+
+  * dirmngr: The LDAP modifyTimestamp is now returned by some
+    keyserver commands.  [rG56d309133f]

  * gpg: Make list-options "show-sig-subpackets" work again.
    Fixes regression in 2.4.0.  [rG5a223303d7]
--- a/g10/main.h
+++ b/g10/main.h
@ -42,7 +42,7 @@
 #endif

 #define DEFAULT_DIGEST_ALGO     ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
-#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
+#define DEFAULT_S2K_DIGEST_ALGO  DEFAULT_DIGEST_ALGO
 #ifdef HAVE_ZIP
 # define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
 #else
@ -235,7 +235,7 @@ int  cpr_get_answer_okay_cancel (const char *keyword,
 /*-- helptext.c --*/
 void display_online_help( const char *keyword );

-/*-- encode.c --*/
+/*-- encrypt.c --*/
 gpg_error_t setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
 aead_algo_t use_aead (pk_list_t pk_list, int algo);
 int use_mdc (pk_list_t pk_list,int algo);