[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-8-g36179da

by Werner Koch cvs at cvs.gnupg.org
Sat Sep 27 15:37:28 CEST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  36179da032fa43d82042b3d31ed175d17b8e9bc4 (commit)
       via  ba2b8c20ee68f7ee3e7a58f7c3449d94004131d8 (commit)
      from  b9b6ac9d26848bfcbd703d7410f066f4aeb9e418 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 36179da032fa43d82042b3d31ed175d17b8e9bc4
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Sep 27 15:21:02 2014 +0200

    gpg: Default to SHA-256 for all signature types on RSA keys.
    
    * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
    strict RFC or PGP modes.
    * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
    RSA key signatures.
    --
    
    (Backported from commit d33246700578cddd1cb8ed8164cfbba50aba4ef3)

diff --git a/g10/main.h b/g10/main.h
index 226898d..4cf2cc7 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -33,7 +33,7 @@
    issues of speed and size come into play here. */
 
 #define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
-#define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO     ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
 #define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 
diff --git a/g10/sign.c b/g10/sign.c
index 0de3321..e7e79cc 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1425,7 +1425,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 	else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
 	  digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8);
 	else
-	  digest_algo = DIGEST_ALGO_SHA1;
+	  digest_algo = DEFAULT_DIGEST_ALGO;
       }
 
     if ( gcry_md_open (&md, digest_algo, 0 ) )

commit ba2b8c20ee68f7ee3e7a58f7c3449d94004131d8
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Sep 27 11:17:07 2014 +0200

    doc: Update the file OpenPGP
    
    --
    
    It should actually be completey reworked but for now I added just a
    few notes.

diff --git a/doc/OpenPGP b/doc/OpenPGP
index a511ad7..96223d7 100644
--- a/doc/OpenPGP
+++ b/doc/OpenPGP
@@ -1,9 +1,8 @@
 		    GnuPG and OpenPGP
 		    =================
 
-   See RFC2440 for a description of OpenPGP.  We have an annotated version
-   of this RFC online:	http://www.gnupg.org/rfc2440.html
-
+   See RFC-4880 for a description of OpenPGP.  These notes are older
+   than RFC-4880 and refer to the predecessor of the specs (RFC-2440).
 
 
   Compatibility Notes
@@ -12,7 +11,9 @@
 
     * (9.2) states that IDEA SHOULD be implemented.  This is not done
       due to patent problems.
-
+      UPDATE: Since version 1.4.13 (or GnuPG 2.x with Libgcrypt 1.6)
+              IDEA support has been added to allow decryption of old
+              PGP-2 encrypted material.
 
    All MAY features are implemented with this exception:
 
@@ -28,17 +29,17 @@
    A special format of partial packet length exists for v3 packets
    which can be considered to be in compliance with RFC1991;  this
    format is only created if a special option is active.
+   UPDATE: This support has been removed with version 1.3.6.
 
    GnuPG uses a S2K mode of 101 for GNU extensions to the secret key
    protection algorithms.  This number is not defined in OpenPGP, but
-   given the fact that this number is in a range which used at many
-   other places in OpenPGP for private/experimenat algorithm identifiers,
-   this should be not a so bad choice.	The 3 bytes "GNU" are used
-   to identify this as a GNU extension - see the file DETAILS for a
+   given that this number is in a range which is used at many other
+   places in OpenPGP for private/experimental algorithm identifiers,
+   this should be not a too bad choice.  The 3 bytes "GNU" are used to
+   identify this as a GNU extension - see the file DETAILS for a
    definition of the used data formats.
 
 
-
   Some Notes on OpenPGP / PGP Compatibility:
   ==========================================
 
@@ -104,5 +105,3 @@
 
    The limited permissions granted above are perpetual and will not be
    revoked by the Internet Society or its successors or assigns.
-
-

-----------------------------------------------------------------------

Summary of changes:
 doc/OpenPGP |   21 ++++++++++-----------
 g10/main.h  |    2 +-
 g10/sign.c  |    2 +-
 3 files changed, 12 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list