[or-cvs] [tor/master] Allow signed data to include other hashes later.

Mon Oct 19 04:48:28 UTC 2009

Author: Nick Mathewson <nickm at torproject.org>
Date: Mon, 14 Sep 2009 12:02:49 -0400
Subject: Allow signed data to include other hashes later.
Commit: c5f7f04aff850e8e3fad28e93e6300447625fdbb

Previously, we insisted that a valid signature must be a signature of
the expected digest.  Now we accept anything that starts with the
expected digest.  This lets us include another digest later.
---
 src/or/routerparse.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index f6d6dc9..bfcf20b 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1028,7 +1028,7 @@ check_signature_token(const char *digest,
   signed_digest = tor_malloc(tok->object_size);
   if (crypto_pk_public_checksig(pkey, signed_digest, tok->object_body,
                                 tok->object_size)
-      != digest_len) {
+      < digest_len) {
     log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
     tor_free(signed_digest);
     return -1;
-- 
1.5.6.5


