Allow signed data to include other hashes later.

Previously, we insisted that a valid signature must be a signature of
the expected digest.  Now we accept anything that starts with the
expected digest.  This lets us include another digest later.

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index f6d6dc9a14c2d53cdb3501ee42eb99274614a348..bfcf20b09cd39c43a34490a0dc0831c319a1a985 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1028,7 +1028,7 @@ check_signature_token(const char *digest,
   signed_digest = tor_malloc(tok->object_size);
   if (crypto_pk_public_checksig(pkey, signed_digest, tok->object_body,
                                 tok->object_size)
-      != digest_len) {
+      < digest_len) {
     log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
     tor_free(signed_digest);
     return -1;