From 7bf57a794b77c5002c337b892bf90f59d5c82fe7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 4 Apr 2023 09:20:26 +0200 Subject: [PATCH] gpg: Set the default digest algo for S2K to SHA256. * g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO. -- GnuPG-bug-id: 6367 --- NEWS | 8 +++++++- g10/main.h | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 5eb609987..6d46e1d34 100644 --- a/NEWS +++ b/NEWS @@ -7,12 +7,18 @@ Noteworthy changes in version 2.4.1 (unreleased) "[self-signature]" instead of the user-id in key signature listings. [rG103acfe9ca] + * gpg: For symmetric encryption the default S2K hash is now SHA256. + [T6367] + * gpgsm: Verification of detached signatures does now strip trailing zeroes from the input if --assume-binary is used. [rG2a13f7f9dc] * gpgsm: Non-armored detached signature are now created without using indefinite form length octets. This improves compatibility - with some PDF signature verification software. + with some PDF signature verification software. [rG8996b0b655] + + * dirmngr: The LDAP modifyTimestamp is now returned by some + keyserver commands. [rG56d309133f] * gpg: Make list-options "show-sig-subpackets" work again. Fixes regression in 2.4.0. [rG5a223303d7] diff --git a/g10/main.h b/g10/main.h index dbaa0c6f3..3d71d0c09 100644 --- a/g10/main.h +++ b/g10/main.h @@ -42,7 +42,7 @@ #endif #define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) -#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 +#define DEFAULT_S2K_DIGEST_ALGO DEFAULT_DIGEST_ALGO #ifdef HAVE_ZIP # define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP #else @@ -235,7 +235,7 @@ int cpr_get_answer_okay_cancel (const char *keyword, /*-- helptext.c --*/ void display_online_help( const char *keyword ); -/*-- encode.c --*/ +/*-- encrypt.c --*/ gpg_error_t setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek); aead_algo_t use_aead (pk_list_t pk_list, int algo); int use_mdc (pk_list_t pk_list,int algo);