From c5f5fbbfc793763f02b5c890dbd62d8c555b4b23 Mon Sep 17 00:00:00 2001
From: larabr <7375870+larabr@users.noreply.github.com>
Date: Thu, 26 Mar 2020 18:01:28 +0100
Subject: [PATCH] Remove SHA-1 from default preferred hash algorithms (#1067)

Also, remove SHA-1 from the (unused) KDF params constructor defaults.
---
 src/key/factory.js     | 5 ++---
 src/type/kdf_params.js | 6 ++----
 test/general/key.js    | 4 ++--
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/key/factory.js b/src/key/factory.js
index 102f94f4f..1ab3806b5 100644
--- a/src/key/factory.js
+++ b/src/key/factory.js
@@ -191,10 +191,9 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options) {
       ], config.aead_mode);
     }
     signaturePacket.preferredHashAlgorithms = createdPreferredAlgos([
-      // prefer fast asm.js implementations (SHA-256). SHA-1 will not be secure much longer...move to bottom of list
+      // prefer fast asm.js implementations (SHA-256)
       enums.hash.sha256,
-      enums.hash.sha512,
-      enums.hash.sha1
+      enums.hash.sha512
     ], config.prefer_hash_algorithm);
     signaturePacket.preferredCompressionAlgorithms = createdPreferredAlgos([
       enums.compression.zlib,
diff --git a/src/type/kdf_params.js b/src/type/kdf_params.js
index 7cf1eec73..49f6a335f 100644
--- a/src/type/kdf_params.js
+++ b/src/type/kdf_params.js
@@ -27,8 +27,6 @@
  * @module type/kdf_params
  */
 
-import enums from '../enums.js';
-
 /**
  * @constructor
  * @param  {enums.hash}       hash    Hash algorithm
@@ -39,8 +37,8 @@ function KDFParams(data) {
     this.hash = data[0];
     this.cipher = data[1];
   } else {
-    this.hash = enums.hash.sha1;
-    this.cipher = enums.symmetric.aes128;
+    this.hash = null;
+    this.cipher = null;
   }
 }
 
diff --git a/test/general/key.js b/test/general/key.js
index e4aa4b390..692b3f381 100644
--- a/test/general/key.js
+++ b/test/general/key.js
@@ -1820,7 +1820,7 @@ function versionSpecificTests() {
         expect(key.users[0].selfCertifications[0].preferredAeadAlgorithms).to.eql([aead.eax, aead.ocb]);
       }
       const hash = openpgp.enums.hash;
-      expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha256, hash.sha512, hash.sha1]);
+      expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha256, hash.sha512]);
       const compr = openpgp.enums.compression;
       expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip, compr.uncompressed]);
 
@@ -1870,7 +1870,7 @@ function versionSpecificTests() {
         expect(key.users[0].selfCertifications[0].preferredAeadAlgorithms).to.eql([aead.experimental_gcm, aead.eax, aead.ocb]);
       }
       const hash = openpgp.enums.hash;
-      expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha224, hash.sha256, hash.sha512, hash.sha1]);
+      expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha224, hash.sha256, hash.sha512]);
       const compr = openpgp.enums.compression;
       expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip, compr.uncompressed]);