Error handling for signatures with unsupported hash algorithm

hakuna-m · Nov 29, 2015 · b269b75 · b269b75
1 parent 0fd67ae
commit b269b75
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+wubi (15.10) wily; urgency=low
+
+  [Hakuna Matata]
+
+  * Error handling for signatures with unsupported hash algorithm
+
 wubi (15.10) wily; urgency=low
 
   [Hakuna Matata]

diff --git a/src/openpgp/sap/api.py b/src/openpgp/sap/api.py
@@ -47,6 +47,7 @@
 from openpgp.code import *
 
 import openpgp.sap.crypto as CRYPT
+import openpgp.sap.text as TXT
 
 from openpgp.sap.exceptions import *
 
@@ -1097,7 +1098,9 @@ def verify_msg(signed, key, **kw):
         if keypkt: # either the sigpkt specified a key or an fprint was forced
             assigned += 1
 
-            if CRYPT.verify(sig, target, keypkt, **opts):
+            if sig.body.alg_hash not in (HASH_MD5, HASH_SHA1):
+                saplog.warn("A signature from ID:%r has an unsupported hash algorithm:%s(%s)." % (signer_id, sig.body.alg_hash, TXT.alg_hash_msg(sig.body.alg_hash)))
+            elif CRYPT.verify(sig, target, keypkt, **opts):
                 saplog.info("Verified a signature from ID:%r." % signer_id)
                 ex_verified += 1
 

diff --git a/src/openpgp/sap/crypto.py b/src/openpgp/sap/crypto.py
@@ -171,7 +171,7 @@ def hash_context(version, hashalg, sigtype, sigcontext, target, primary):
             import sha
             hashed_target = sha.new(context.read()).digest()
         else:
-            raise NotImplementedError, "Unsupported signature hash algorithm->(%s)" % sig.alg_hash
+            raise NotImplementedError, "Unsupported signature hash algorithm->(%s)" % hashalg
     finally:
         context.close()
 
@@ -194,7 +194,7 @@ def pad_rsa(alg_hash, hashed_msg, rsa_n_bit_length):
     elif HASH_SHA1 == alg_hash:
         prefix = '\x30\x21\x30\x09\x06\x05\x2b\x0E\x03\x02\x1A\x05\x00\x04\x14'
     else:
-        raise NotImplementedError, "Prefix unassigned for RSA signature hash->(%s)" % sig.alg_hash
+        raise NotImplementedError, "Prefix unassigned for RSA signature hash->(%s)" % alg_hash
     padlen = ((rsa_n_bit_length + 7)/8) - len(prefix) - len(hashed_msg) - 3
     padding = ''.join(['\xff' for x in range(padlen)])
     return ''.join(['\x00\x01', padding, '\x00', prefix, hashed_msg])