diff options
| author | David Shaw <[email protected]> | 2002-11-25 04:06:04 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-11-25 04:06:04 +0000 |
| commit | 8b9e9d33c15ceb660d440acc45ab95b3ff54ebac (patch) | |
| tree | 4dd9eda56ddbfc39b17f11c80970cfcf0a6bb799 | |
| parent | * g10.c (main), keydb.c (keydb_add_resource, keydb_locate_writable): (diff) | |
| download | gnupg-8b9e9d33c15ceb660d440acc45ab95b3ff54ebac.tar.gz gnupg-8b9e9d33c15ceb660d440acc45ab95b3ff54ebac.zip | |
* sign.c (hash_for): If --digest-algo is not set, but
--personal-digest-preferences is, then use the first hash algorithm in the
personal list. If the signing algorithm is DSA, then use the first
160-bit hash algorithm in the personal list. If --pgp2 is set and it's a
v3 RSA key, use MD5.
| -rw-r--r-- | g10/ChangeLog | 6 | ||||
| -rw-r--r-- | g10/sign.c | 40 |
2 files changed, 38 insertions, 8 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 4956c70aa..bb3101ebd 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,11 @@ 2002-11-24 David Shaw <[email protected]> + * sign.c (hash_for): If --digest-algo is not set, but + --personal-digest-preferences is, then use the first hash + algorithm in the personal list. If the signing algorithm is DSA, + then use the first 160-bit hash algorithm in the personal list. + If --pgp2 is set and it's a v3 RSA key, use MD5. + * g10.c (main), keydb.c (keydb_add_resource, keydb_locate_writable): Rename --default-keyring as --primary-keyring. Stefan wins the naming contest. diff --git a/g10/sign.c b/g10/sign.c index 047dd13fc..8e444ddda 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -332,14 +332,38 @@ complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md ) static int hash_for(int pubkey_algo, int packet_version ) { - if( opt.def_digest_algo ) - return opt.def_digest_algo; - if( recipient_digest_algo ) - return recipient_digest_algo; - if( pubkey_algo == PUBKEY_ALGO_DSA ) - return DIGEST_ALGO_SHA1; - if( pubkey_algo == PUBKEY_ALGO_RSA && packet_version < 4 ) - return DIGEST_ALGO_MD5; + if( opt.def_digest_algo ) + return opt.def_digest_algo; + else if( recipient_digest_algo ) + return recipient_digest_algo; + else if(opt.pgp2 && pubkey_algo == PUBKEY_ALGO_RSA && packet_version < 4 ) + { + /* Old-style PGP only understands MD5 */ + return DIGEST_ALGO_MD5; + } + else if( pubkey_algo == PUBKEY_ALGO_DSA ) + { + /* We need a 160-bit hash for DSA, so we can't just take the first + in the pref list */ + + if(opt.personal_digest_prefs) + { + prefitem_t *prefs; + + for(prefs=opt.personal_digest_prefs;prefs->type;prefs++) + if(md_digest_length(prefs->value)==20) + return prefs->value; + } + + return DIGEST_ALGO_SHA1; + } + else if( opt.personal_digest_prefs ) + { + /* It's not DSA, so we can use whatever the first hash algorithm + is in the pref list */ + return opt.personal_digest_prefs[0].value; + } + else return DEFAULT_DIGEST_ALGO; } |