From 0a4d0898091e9a6ff584f14d310a13f61fb3d9a3 Mon Sep 17 00:00:00 2001 From: CoolStar Date: Thu, 10 May 2018 17:19:42 -0700 Subject: Treat SHA1 as Weak rather than untrusted. Add hardcoded exceptions for Modmyi/Zodttd/Bigboss to silence errors --- methods/gpgv.cc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'methods/gpgv.cc') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index f66e3356f..e9f3c9d07 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -68,7 +68,7 @@ struct Digest { static constexpr Digest Digests[] = { {Digest::State::Untrusted, "Invalid digest"}, {Digest::State::Untrusted, "MD5"}, - {Digest::State::Untrusted, "SHA1"}, + {Digest::State::Weak, "SHA1"}, {Digest::State::Untrusted, "RIPE-MD/160"}, {Digest::State::Trusted, "Reserved digest"}, {Digest::State::Trusted, "Reserved digest"}, @@ -233,6 +233,13 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, auto const sig = tokens[0]; // Reject weak digest algorithms Digest digest = FindDigest(tokens[7]); + if (sig == "CFC100B9AA5CDC6430F2E9B5AA011AC1718BABDF" || //ZodTTD + sig == "EB22AD483B83E9A7460D86F387F92E166197E890" || //ModMyi + sig == "A9C96A37115894A23B894107694D17D38764B4F4"){ //BigBoss + if (tokens[7] == "2"){ + digest = {Digest::State::Trusted, "SHA1"}; + } + } switch (digest.getState()) { case Digest::State::Weak: // Treat them like an expired key: For that a message about expiry -- cgit v1.2.3