diff options
Diffstat (limited to 'g10/pkclist.c')
| -rw-r--r-- | g10/pkclist.c | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/g10/pkclist.c b/g10/pkclist.c index 9c8315540..5154b19b1 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1266,7 +1266,6 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, u32 bits[8]; const prefitem_t *prefs; int result=-1,i; - unsigned int best=-1; u16 scores[256]; if( !pk_list ) @@ -1403,10 +1402,31 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, if(result==-1) { + unsigned int best=-1; + /* At this point, we have not selected an algorithm due to a special request or via personal prefs. Pick the highest ranked algorithm (i.e. the one with the lowest score). */ + if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5]) + { + /* "If you are building an authentication system, the recipient + may specify a preferred signing algorithm. However, the + signer would be foolish to use a weak algorithm simply + because the recipient requests it." (RFC4880:14). If any + other hash algorithm is available, pretend that MD5 isn't. + Note that if the user intentionally chose MD5 by putting it + in their personal prefs, then we do what the user said (as we + never reach this code). */ + + for(i=DIGEST_ALGO_MD5+1;i<256;i++) + if(scores[i]) + { + scores[DIGEST_ALGO_MD5]=0; + break; + } + } + for(i=0;i<256;i++) { /* Note the '<' here. This means in case of a tie, we will @@ -1424,18 +1444,6 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, result=i; } } - - /* "If you are building an authentication system, the recipient - may specify a preferred signing algorithm. However, the - signer would be foolish to use a weak algorithm simply - because the recipient requests it." (RFC4880:14). If we - settle on MD5, and SHA1 is also available, use SHA1 instead. - Note that if the user intentionally chose MD5 by putting it - in their personal prefs, then we do what the user said (as we - never reach this code). */ - if(preftype==PREFTYPE_HASH && result==DIGEST_ALGO_MD5 - && (bits[0] & (1<<DIGEST_ALGO_SHA1))) - result=DIGEST_ALGO_SHA1; } return result; |