[PATCH STABLE-BRANCH-2-0] Fix honoring --cert-digest-algo when recreating a cert
Christian Aistleitner
christian at quelltextlich.at
Sun Oct 14 20:31:41 CEST 2012
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.
--
---
g10/sign.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/g10/sign.c b/g10/sign.c
index a464bb6..65f1d0c 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1517,7 +1517,7 @@ update_keysig_packet( PKT_signature **ret_sig,
else
digest_algo = orig_sig->digest_algo;
- if ( gcry_md_open (&md, orig_sig->digest_algo, 0 ) )
+ if ( gcry_md_open (&md, digest_algo, 0 ) )
BUG ();
/* Hash the public key certificate and the user id. */
@@ -1531,6 +1531,8 @@ update_keysig_packet( PKT_signature **ret_sig,
/* create a new signature packet */
sig = copy_signature (NULL, orig_sig);
+ sig->digest_algo=digest_algo;
+
/* We need to create a new timestamp so that new sig expiration
calculations are done correctly... */
sig->timestamp=make_timestamp();
--
1.7.8.6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20121014/a9b65cd3/attachment.pgp>
More information about the Gnupg-devel
mailing list