Signing using Netkey 3 cards does now work.

sm/ChangeLog

@@ -1,5 +1,12 @@
 2009-03-26  Werner Koch  <wk@g10code.com>
 
+	* gpgsm.c (main): s/def_digest_string/forced_digest_algo/ and
+	activate the --digest-algo option.
+	* gpgsm.h (struct opt): s/def_digest_algo/forced_digest_algo/.
+	* sign.c (gpgsm_sign): Implement --digest-algo.
+
+	* sign.c (MAX_DIGEST_LEN): Change to 64.
+
 	* call-agent.c (gpgsm_agent_marktrusted): Format the issuer name.
 
 2009-03-25  Werner Koch  <wk@g10code.com>

sm/gpgsm.c

@@ -843,8 +843,8 @@ main ( int argc, char **argv)
   int use_random_seed = 1;
   int no_common_certs_import = 0;
   int with_fpr = 0;
-  char *def_digest_string = NULL;
-  char *extra_digest_algo = NULL;
+  const char *forced_digest_algo = NULL;
+  const char *extra_digest_algo = NULL;
   enum cmd_and_opt_values cmd = 0;
   struct server_control_s ctrl;
   certlist_t recplist = NULL;
@@ -1301,7 +1301,7 @@ main ( int argc, char **argv)
           break;
 
         case oDigestAlgo:
-          /* Dummy for now. */
+          forced_digest_algo = pargs.r.ret_str;
           break;
 
         case oExtraDigestAlgo: 
@@ -1460,12 +1460,10 @@ main ( int argc, char **argv)
            || !gcry_cipher_mode_from_oid (opt.def_cipher_algoid))
         log_error (_("selected cipher algorithm is invalid\n"));
 
-      if (def_digest_string)
+      if (forced_digest_algo)
         {
-          opt.def_digest_algo = gcry_md_map_name (def_digest_string);
-          xfree (def_digest_string);
-          def_digest_string = NULL;
-          if (our_md_test_algo(opt.def_digest_algo) )
+          opt.forced_digest_algo = gcry_md_map_name (forced_digest_algo);
+          if (our_md_test_algo(opt.forced_digest_algo) )
             log_error (_("selected digest algorithm is invalid\n"));
         }
       if (extra_digest_algo)

sm/gpgsm.h

@@ -33,7 +33,7 @@
 #include "../common/estream.h"
 #include "../common/audit.h"
 
-#define MAX_DIGEST_LEN 24 
+#define MAX_DIGEST_LEN 64
 
 struct keyserver_spec
 {
@@ -92,9 +92,10 @@ struct
   const char *def_cipher_algoid;  /* cipher algorithm to use if
                                      nothing else is specified */
 
-  int def_digest_algo;    /* Ditto for hash algorithm */
   int def_compress_algo;  /* Ditto for compress algorithm */
 
+  int forced_digest_algo; /* User forced hash algorithm. */
+
   char *def_recipient;    /* userID of the default recipient */
   int def_recipient_self; /* The default recipient is the default key */
 

sm/sign.c

@@ -399,11 +399,22 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
   /* Figure out the hash algorithm to use. We do not want to use the
      one for the certificate but if possible an OID for the plain
      algorithm.  */
+  if (opt.forced_digest_algo && opt.verbose)
+    log_info ("user requested hash algorithm %d\n", opt.forced_digest_algo);
   for (i=0, cl=signerlist; cl; cl = cl->next, i++)
     {
       const char *oid = ksba_cert_get_digest_algo (cl->cert);
 
-      cl->hash_algo = oid ? gcry_md_map_name (oid) : 0;
+      if (opt.forced_digest_algo)
+        {
+          oid = NULL;
+          cl->hash_algo = opt.forced_digest_algo;
+        }
+      else
+        {
+          oid = ksba_cert_get_digest_algo (cl->cert);
+          cl->hash_algo = oid ? gcry_md_map_name (oid) : 0;
+        }
       switch (cl->hash_algo)
         {
         case GCRY_MD_SHA1:   oid = "1.3.14.3.2.26"; break;
@@ -427,6 +438,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
         }
       cl->hash_algo_oid = oid;
     }
+
   if (opt.verbose)
     {
       for (i=0, cl=signerlist; cl; cl = cl->next, i++)