gpg: Default to SHA-256 for all signature types on RSA keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
* configure.ac: Do not allow to disable sha256.

3 files changed, 3 insertions, 3 deletions

diff --git a/configure.ac b/configure.ac
index a2f07cbb9..c627c27aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -254,7 +254,7 @@ GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash])
 # SHA1 is a MUSt algorithm
 GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash])
 GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash])
-GNUPG_GPG_DISABLE_ALGO([sha256],[SHA-256 hash])
+# SHA256 is a MUST algorithm for GnuPG.
 GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash])
 GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash])
 
diff --git a/g10/main.h b/g10/main.h
index 17a050d54..76541c771 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -38,7 +38,7 @@
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_3DES
 #endif
 
-#define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO     ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 #ifdef HAVE_ZIP
 # define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
diff --git a/g10/sign.c b/g10/sign.c
index c8139d74c..bd78c1750 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1499,7 +1499,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
                 (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8);
           }
 	else
-	  digest_algo = DIGEST_ALGO_SHA1;
+	  digest_algo = DEFAULT_DIGEST_ALGO;
       }
 
     if ( gcry_md_open (&md, digest_algo, 0 ) )