From d0fd08fab7a646c47fae21491c8d8f1c2b790a2c Mon Sep 17 00:00:00 2001 From: Jonathan McDowell Date: Fri, 13 Jul 2012 11:25:12 -0600 Subject: [PATCH 1/1] Don't reject sig hashes we don't have support for. We should err on the side of caution when we can't verify a sighash because we don't have that algorithm compiled in, and allow it. --- sigcheck.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/sigcheck.c b/sigcheck.c index fc04626..e5e8ccd 100644 --- a/sigcheck.c +++ b/sigcheck.c @@ -173,10 +173,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha224_digest(&sha224_context, SHA224_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA224 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA256: #ifdef NETTLE_WITH_SHA256 sha256_init(&sha256_context); @@ -185,10 +186,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha256_digest(&sha256_context, SHA256_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA256 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA384: #ifdef NETTLE_WITH_SHA384 sha384_init(&sha384_context); @@ -197,10 +199,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha384_digest(&sha384_context, SHA384_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA384 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA512: #ifdef NETTLE_WITH_SHA512 sha512_init(&sha512_context); @@ -209,10 +212,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha512_digest(&sha512_context, SHA512_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA512 support not available."); + return -1; #endif - break; default: logthing(LOGTHING_ERROR, "Unsupported signature hash type %d", hashtype); -- 2.39.5