[Pkg-gnupg-commit] [gnupg2] 05/16: prefer SHA-512 specifically on personal-digest-preferences.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Feb 6 04:20:13 UTC 2018


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 17bd4a71a395ce4235e31d883ea4b228086b3efe
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Wed Jan 3 12:36:12 2018 -0500

    prefer SHA-512 specifically on personal-digest-preferences.
    
    upstream has already accepted the change for default-preference-list,
    so our default improvements need only target the
    personal-digest-preferences now.
---
 debian/patches/series                              |  2 +-
 ...SHA-512-and-SHA-384-in-default-preference.patch | 48 ----------------------
 ...er-SHA-512-and-SHA-384-in-personal-digest.patch | 44 ++++++++++++++++++++
 3 files changed, 45 insertions(+), 49 deletions(-)

diff --git a/debian/patches/series b/debian/patches/series
index 1bc9a96..d33906d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,7 +17,7 @@ from-master/scd-Distinguish-cancel-by-user-and-protocol-error.patch
 from-master/agent-Fix-cancellation-handling-for-scdaemon.patch
 from-master/g10-Select-a-secret-key-by-checking-availability-und.patch
 update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
-update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
+update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
 from-master/gpg-Fix-comparison.patch
 from-master/assuan-Reorganize-waiting-for-socket.patch
 from-master/assuan-Use-exponential-decay-for-first-1s-of-spinlock.patch
diff --git a/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
deleted file mode 100644
index 49193bf..0000000
--- a/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Thu, 7 Sep 2017 18:58:50 -0400
-Subject: gpg: Prefer SHA-512 and SHA-384 in default-preference-list.
-
-* g10/keygen.c (keygen_set_std_prefs): State a preference for SHA-512
-and SHA-384 in the default preference list.
-
---
-
-Most modern 64-bit architectures can do SHA-512 faster than they can
-do SHA-256.  Another approach here would be to switch the default
-preferences based on the architecture of the machine.  However, this
-leaks unnecessary metadata about what machine the key was generated
-on, and the key may eventually be transfered to a modern 64-bit
-platform anyway.  And the cost of the digest is trivial compared to
-the rest of the crypto that is involved.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- g10/keygen.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/g10/keygen.c b/g10/keygen.c
-index e63fbaa..3f47a1e 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -384,16 +384,16 @@ keygen_set_std_prefs (const char *string,int personal)
- 	    strcat(dummy_string,"S2 "); /* 3DES */
- 
-             /* The default hash algo order is:
--                 SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
-+                 SHA-512, SHA-384, SHA-256, SHA-224, SHA-1.
-              */
--	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
--	      strcat (dummy_string, "H8 ");
-+	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
-+	      strcat (dummy_string, "H10 ");
- 
- 	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
- 	      strcat (dummy_string, "H9 ");
- 
--	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
--	      strcat (dummy_string, "H10 ");
-+	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
-+	      strcat (dummy_string, "H8 ");
- 
- 	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
- 	      strcat (dummy_string, "H11 ");
diff --git a/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
new file mode 100644
index 0000000..cb98784
--- /dev/null
+++ b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
@@ -0,0 +1,44 @@
+From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+Date: Wed, 03 Jan 2018 12:34:26 -0500
+Subject: gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences.
+
+* g10/keygen.c (keygen_set_std_prefs): prefer SHA-512
+and SHA-384 by default.
+
+--
+
+In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the
+defaults for --default-preference-list to advertise a preference for
+SHA-512, without touching --personal-digest-preferences.  This makes
+the same change for --personal-digest-preferences, since every modern
+OpenPGP library supports them all.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+---
+ g10/keygen.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -386,16 +386,16 @@
+             if (personal)
+               {
+                 /* The default internal hash algo order is:
+-                 *  SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
++                 *  SHA-512, SHA-384, SHA-256, SHA-224, SHA-1.
+                  */
+-                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
+-                  strcat (dummy_string, "H8 ");
++                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
++                  strcat (dummy_string, "H10 ");
+ 
+                 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
+                   strcat (dummy_string, "H9 ");
+ 
+-                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
+-                  strcat (dummy_string, "H10 ");
++                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
++                  strcat (dummy_string, "H8 ");
+               }
+             else
+               {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list