[PATCH STABLE-BRANCH-2-0] Fix honoring --cert-digest-algo when recreating a cert

Christian Aistleitner christian at quelltextlich.at
Sun Oct 14 20:31:41 CEST 2012


* g10/sign.c (update_keysig_packet): Override original signature's
    digest algo in hashed data and for hash computation.
--
---
 g10/sign.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/g10/sign.c b/g10/sign.c
index a464bb6..65f1d0c 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1517,7 +1517,7 @@ update_keysig_packet( PKT_signature **ret_sig,
     else
       digest_algo = orig_sig->digest_algo;
 
-    if ( gcry_md_open (&md, orig_sig->digest_algo, 0 ) )
+    if ( gcry_md_open (&md, digest_algo, 0 ) )
       BUG ();
 
     /* Hash the public key certificate and the user id. */
@@ -1531,6 +1531,8 @@ update_keysig_packet( PKT_signature **ret_sig,
     /* create a new signature packet */
     sig = copy_signature (NULL, orig_sig);
 
+    sig->digest_algo=digest_algo;
+
     /* We need to create a new timestamp so that new sig expiration
        calculations are done correctly... */
     sig->timestamp=make_timestamp();
-- 
1.7.8.6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20121014/a9b65cd3/attachment.pgp>


More information about the Gnupg-devel mailing list