diff options
Diffstat (limited to 'debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch')
-rw-r--r-- | debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch new file mode 100644 index 0000000..c55502a --- /dev/null +++ b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch @@ -0,0 +1,46 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Wed, 3 Jan 2018 12:34:26 -0500 +Subject: gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences. + +* g10/keygen.c (keygen_set_std_prefs): prefer SHA-512 +and SHA-384 by default. + +-- + +In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the +defaults for --default-preference-list to advertise a preference for +SHA-512, without touching --personal-digest-preferences. This makes +the same change for --personal-digest-preferences, since every modern +OpenPGP library supports them all. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/keygen.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/g10/keygen.c b/g10/keygen.c +index 79d4579..cb92468 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -391,16 +391,16 @@ keygen_set_std_prefs (const char *string,int personal) + if (personal) + { + /* The default internal hash algo order is: +- * SHA-256, SHA-384, SHA-512, SHA-224, SHA-1. ++ * SHA-512, SHA-384, SHA-256, SHA-224, SHA-1. + */ +- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) +- strcat (dummy_string, "H8 "); ++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) ++ strcat (dummy_string, "H10 "); + + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) + strcat (dummy_string, "H9 "); + +- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) +- strcat (dummy_string, "H10 "); ++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) ++ strcat (dummy_string, "H8 "); + } + else + { |