security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.

Browse Source 
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--

GnuPG-bug-id: 6043
This commit is contained in:
Werner Koch 2022-07-28 10:39:45 +02:00
parent d0bd91ba73
commit 890e616593
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
g10/pkclist.c
View File

@ -1490,8 +1490,16 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
code will never even be called. Even if the hash wasn't code will never even be called. Even if the hash wasn't
locked at MD5, we don't support sign+encrypt in --pgp2 locked at MD5, we don't support sign+encrypt in --pgp2
mode, and that's the only time PREFTYPE_HASH is used mode, and that's the only time PREFTYPE_HASH is used
anyway. -dms */ anyway. -dms
Because "de-vs" compliance does not allow SHA-1 it does
not make sense to assign SHA-1 as implicit algorithm.
Instead it is better to use SHA-256 as implicit algorithm
(which will be the case for rfc4880bis anyway). */
if (opt.compliance == CO_DE_VS)
implicit = DIGEST_ALGO_SHA256;
else
implicit = DIGEST_ALGO_SHA1; implicit = DIGEST_ALGO_SHA1;
break; break;