]> git.sommitrealweird.co.uk Git - onak.git/commitdiff
Don't reject sig hashes we don't have support for.
authorJonathan McDowell <noodles@earth.li>
Fri, 13 Jul 2012 17:25:12 +0000 (11:25 -0600)
committerJonathan McDowell <noodles@earth.li>
Fri, 13 Jul 2012 17:25:12 +0000 (11:25 -0600)
  We should err on the side of caution when we can't verify a sighash
  because we don't have that algorithm compiled in, and allow it.

sigcheck.c

index fc046266248df3d8dd98d6f127758a1c6d163189..e5e8ccde9640e6bce5ce248e0d3d16bf200d9557 100644 (file)
@@ -173,10 +173,11 @@ int check_packet_sighash(struct openpgp_publickey *key,
                                hashdata[i]);
                }
                sha224_digest(&sha224_context, SHA224_DIGEST_SIZE, hash);
                                hashdata[i]);
                }
                sha224_digest(&sha224_context, SHA224_DIGEST_SIZE, hash);
+               break;
 #else
                logthing(LOGTHING_INFO, "SHA224 support not available.");
 #else
                logthing(LOGTHING_INFO, "SHA224 support not available.");
+               return -1;
 #endif
 #endif
-               break;
        case OPENPGP_HASH_SHA256:
 #ifdef NETTLE_WITH_SHA256
                sha256_init(&sha256_context);
        case OPENPGP_HASH_SHA256:
 #ifdef NETTLE_WITH_SHA256
                sha256_init(&sha256_context);
@@ -185,10 +186,11 @@ int check_packet_sighash(struct openpgp_publickey *key,
                                hashdata[i]);
                }
                sha256_digest(&sha256_context, SHA256_DIGEST_SIZE, hash);
                                hashdata[i]);
                }
                sha256_digest(&sha256_context, SHA256_DIGEST_SIZE, hash);
+               break;
 #else
                logthing(LOGTHING_INFO, "SHA256 support not available.");
 #else
                logthing(LOGTHING_INFO, "SHA256 support not available.");
+               return -1;
 #endif
 #endif
-               break;
        case OPENPGP_HASH_SHA384:
 #ifdef NETTLE_WITH_SHA384
                sha384_init(&sha384_context);
        case OPENPGP_HASH_SHA384:
 #ifdef NETTLE_WITH_SHA384
                sha384_init(&sha384_context);
@@ -197,10 +199,11 @@ int check_packet_sighash(struct openpgp_publickey *key,
                                hashdata[i]);
                }
                sha384_digest(&sha384_context, SHA384_DIGEST_SIZE, hash);
                                hashdata[i]);
                }
                sha384_digest(&sha384_context, SHA384_DIGEST_SIZE, hash);
+               break;
 #else
                logthing(LOGTHING_INFO, "SHA384 support not available.");
 #else
                logthing(LOGTHING_INFO, "SHA384 support not available.");
+               return -1;
 #endif
 #endif
-               break;
        case OPENPGP_HASH_SHA512:
 #ifdef NETTLE_WITH_SHA512
                sha512_init(&sha512_context);
        case OPENPGP_HASH_SHA512:
 #ifdef NETTLE_WITH_SHA512
                sha512_init(&sha512_context);
@@ -209,10 +212,11 @@ int check_packet_sighash(struct openpgp_publickey *key,
                                hashdata[i]);
                }
                sha512_digest(&sha512_context, SHA512_DIGEST_SIZE, hash);
                                hashdata[i]);
                }
                sha512_digest(&sha512_context, SHA512_DIGEST_SIZE, hash);
+               break;
 #else
                logthing(LOGTHING_INFO, "SHA512 support not available.");
 #else
                logthing(LOGTHING_INFO, "SHA512 support not available.");
+               return -1;
 #endif
 #endif
-               break;
        default:
                logthing(LOGTHING_ERROR, "Unsupported signature hash type %d",
                                hashtype);
        default:
                logthing(LOGTHING_ERROR, "Unsupported signature hash type %d",
                                hashtype);