[fedor] fix gpg signature when hash algo is not SHA-1. Fixes #7569

2013-11-30 10:10:39 +01:00 · 2013-11-30 10:10:39 +01:00 · fbf8fd7ca0
commit fbf8fd7ca0
parent 90847091c5
1 changed files with 14 additions and 7 deletions
--- a/src/common/gpg.py
+++ b/src/common/gpg.py
@ -80,14 +80,21 @@ if HAVE_GPG:
        def verify(self, str_, sign):
            if str_ is None:
                return ''
-            data = '-----BEGIN PGP SIGNED MESSAGE-----' + os.linesep
-            data = data + 'Hash: SHA1' + os.linesep + os.linesep
-            data = data + str_ + os.linesep
-            data = data + self._addHeaderFooter(sign, 'SIGNATURE')
-            result = super(GnuPG, self).verify(data)
+            # Hash algorithm is not transfered in the signed presence stanza so try
+            # all algorithms. Text name for hash algorithms from RFC 4880 - section 9.4
+            hash_algorithms = ['SHA512', 'SHA384', 'SHA256', 'SHA224', 'SHA1', 'RIPEMD160']
+            for algo in hash_algorithms:
+                data = os.linesep.join(
+                    ['-----BEGIN PGP SIGNED MESSAGE-----',
+                     'Hash: ' + algo,
+                     '',
+                     str_,
+                     self._addHeaderFooter(sign, 'SIGNATURE')]
+                    )
+                result = super(GnuPG, self).verify(data)
+                if result.valid:
+                    return result.key_id

-            if result.valid:
-                return result.key_id
            return ''

        def get_keys(self, secret=False):