From: Jonathan McDowell Date: Fri, 13 Jul 2012 17:25:12 +0000 (-0600) Subject: Don't reject sig hashes we don't have support for. X-Git-Url: https://git.sommitrealweird.co.uk/onak.git/commitdiff_plain/d0fd08fab7a646c47fae21491c8d8f1c2b790a2c?hp=4c8bebffd4bc105ebaa09256b7a57f4a6201bd52 Don't reject sig hashes we don't have support for. We should err on the side of caution when we can't verify a sighash because we don't have that algorithm compiled in, and allow it. --- diff --git a/sigcheck.c b/sigcheck.c index fc04626..e5e8ccd 100644 --- a/sigcheck.c +++ b/sigcheck.c @@ -173,10 +173,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha224_digest(&sha224_context, SHA224_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA224 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA256: #ifdef NETTLE_WITH_SHA256 sha256_init(&sha256_context); @@ -185,10 +186,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha256_digest(&sha256_context, SHA256_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA256 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA384: #ifdef NETTLE_WITH_SHA384 sha384_init(&sha384_context); @@ -197,10 +199,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha384_digest(&sha384_context, SHA384_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA384 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA512: #ifdef NETTLE_WITH_SHA512 sha512_init(&sha512_context); @@ -209,10 +212,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha512_digest(&sha512_context, SHA512_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA512 support not available."); + return -1; #endif - break; default: logthing(LOGTHING_ERROR, "Unsupported signature hash type %d", hashtype);