diff options
author | Neal H. Walfield <neal@pep.foundation> | 2020-11-27 15:07:39 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2020-11-27 15:14:21 +0100 |
commit | fb1cbfb34ad0a895c449a9bcdcf9c8f5e9298fd9 (patch) | |
tree | 6cb775fcd06062826debd3907541b09a19765994 /openpgp | |
parent | b8f9395af74a199d666085e3eb29138d5e152a73 (diff) |
openpgp: Reset the hash algorithm when creating a SignatureBuilder.
- When creating a `SignatureBuilder` from a `Signature`, reset the
hash algorithm to `HashAlgorithm::default()`.
- This ensures that updating an outdated signature won't use an
outdated hash algorithm.
- Fixes #609.
Diffstat (limited to 'openpgp')
-rw-r--r-- | openpgp/src/packet/signature.rs | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index 50f84dd2..f083bffc 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -302,6 +302,13 @@ impl SignatureFields { /// /// [`From`]: https://doc.rust-lang.org/stable/std/convert/trait.From.html /// +/// When converting a `Signature` to a `SignatureBuilder`, the hash +/// algorithm is reset to the default hash algorithm +/// (`HashAlgorithm::Default()`). This ensures that a recommended +/// hash algorithm is used even when an old signature is used as a +/// template, which is often the case when updating self signatures, +/// and binding signatures. +/// /// According to [Section 5.2.3.4 of RFC 4880], `Signatures` must /// include a [`Signature Creation Time`] subpacket. Since this /// should usually be set to the current time, and is easy to forget @@ -1592,6 +1599,8 @@ impl From<Signature4> for SignatureBuilder { fn from(sig: Signature4) -> Self { let mut fields = sig.fields; + fields.hash_algo = HashAlgorithm::default(); + let creation_time = fields.signature_creation_time(); fields.hashed_area_mut().remove_all(SubpacketTag::SignatureCreationTime); |