diff options
| author | Werner Koch <[email protected]> | 2019-05-13 10:38:32 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-05-13 10:39:17 +0000 |
| commit | d07666412d4317460c6f03b3ffd03edf4a715ef7 (patch) | |
| tree | 3cb40ac32c45abe181769091b64726a9cb673dae /g10/sign.c | |
| parent | build: Update m4/iconv.m4. (diff) | |
| download | gnupg-d07666412d4317460c6f03b3ffd03edf4a715ef7.tar.gz gnupg-d07666412d4317460c6f03b3ffd03edf4a715ef7.zip | |
gpg: Cleanup use of make_keysig_packet.
* g10/sign.c (make_keysig_packet): Remove obsolete arg diegst_algo
which was always passed as 0. Change all callers.
* g10/gpgcompose.c (signature): Warn when trying to set a digest algo.
--
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/sign.c')
| -rw-r--r-- | g10/sign.c | 38 |
1 files changed, 15 insertions, 23 deletions
diff --git a/g10/sign.c b/g10/sign.c index 176940bff..132b94101 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1593,7 +1593,7 @@ make_keysig_packet (ctrl_t ctrl, PKT_signature **ret_sig, PKT_public_key *pk, PKT_user_id *uid, PKT_public_key *subpk, PKT_public_key *pksk, - int sigclass, int digest_algo, + int sigclass, u32 timestamp, u32 duration, int (*mksubpkt)(PKT_signature *, void *), void *opaque, const char *cache_nonce) @@ -1601,6 +1601,7 @@ make_keysig_packet (ctrl_t ctrl, PKT_signature *sig; int rc = 0; int sigversion; + int digest_algo; gcry_md_hd_t md; log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F @@ -1612,31 +1613,22 @@ make_keysig_packet (ctrl_t ctrl, else sigversion = 4; - if (!digest_algo) + /* Select the digest algo to use. */ + if (opt.cert_digest_algo) /* Forceful override by the user. */ + digest_algo = opt.cert_digest_algo; + else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA) /* Meet DSA requirements. */ + digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8); + else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA /* Meet ECDSA requirements. */ + || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA) { - /* Basically, this means use SHA1 always unless the user - * specified something (use whatever they said), or it's DSA - * (use the best match). They still can't pick an inappropriate - * hash for DSA or the signature will fail. Note that this - * still allows the caller of make_keysig_packet to override the - * user setting if it must. */ - - if (opt.cert_digest_algo) - digest_algo = opt.cert_digest_algo; - else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA) - digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8); - else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA - || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA) - { - if (openpgp_oid_is_ed25519 (pksk->pkey[0])) - digest_algo = DIGEST_ALGO_SHA256; - else - digest_algo = match_dsa_hash - (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8); - } + if (openpgp_oid_is_ed25519 (pksk->pkey[0])) + digest_algo = DIGEST_ALGO_SHA256; else - digest_algo = DEFAULT_DIGEST_ALGO; + digest_algo = match_dsa_hash + (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8); } + else /* Use the default. */ + digest_algo = DEFAULT_DIGEST_ALGO; if (gcry_md_open (&md, digest_algo, 0)) BUG (); |