Treat SHA1 as Weak rather than untrusted. Add hardcoded exceptions for Modmyi/Zodttd/Bigboss to silence errors

author: CoolStar <coolstarorganization@gmail.com> 2018-05-10 17:19:42 -0700
committer: Sam Bingner <sam@bingner.com> 2019-12-26 15:12:15 -1000
commit: 0a4d0898091e9a6ff584f14d310a13f61fb3d9a3 (patch)
tree: 1ccd3a9adadcf7d8cf694138369a7e014e81051f
parent: af136b1dde2b9ed04575093b87e96275fa13f799 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index f66e3356f..e9f3c9d07 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -68,7 +68,7 @@ struct Digest {
 static constexpr Digest Digests[] = {
    {Digest::State::Untrusted, "Invalid digest"},
    {Digest::State::Untrusted, "MD5"},
-   {Digest::State::Untrusted, "SHA1"},
+   {Digest::State::Weak, "SHA1"},
    {Digest::State::Untrusted, "RIPE-MD/160"},
    {Digest::State::Trusted, "Reserved digest"},
    {Digest::State::Trusted, "Reserved digest"},
@@ -233,6 +233,13 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
          auto const sig = tokens[0];
          // Reject weak digest algorithms
          Digest digest = FindDigest(tokens[7]);
+         if (sig == "CFC100B9AA5CDC6430F2E9B5AA011AC1718BABDF" || //ZodTTD
+            sig == "EB22AD483B83E9A7460D86F387F92E166197E890" || //ModMyi
+            sig == "A9C96A37115894A23B894107694D17D38764B4F4"){ //BigBoss
+            if (tokens[7] == "2"){
+               digest = {Digest::State::Trusted, "SHA1"};
+            }
+         }
          switch (digest.getState()) {
          case Digest::State::Weak:
             // Treat them like an expired key: For that a message about expiry
author	CoolStar <coolstarorganization@gmail.com>	2018-05-10 17:19:42 -0700
committer	Sam Bingner <sam@bingner.com>	2019-12-26 15:12:15 -1000
commit	0a4d0898091e9a6ff584f14d310a13f61fb3d9a3 (patch)
tree	1ccd3a9adadcf7d8cf694138369a7e014e81051f
parent	af136b1dde2b9ed04575093b87e96275fa13f799 (diff)