From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 14 Sep 2009 16:02:49 +0000 (-0400)
Subject: Allow signed data to include other hashes later.
X-Git-Tag: tor-0.2.2.6-alpha~36^2~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c5f7f04aff850e8e3fad28e93e6300447625fdbb;p=thirdparty%2Ftor.git

Allow signed data to include other hashes later.

Previously, we insisted that a valid signature must be a signature of
the expected digest.  Now we accept anything that starts with the
expected digest.  This lets us include another digest later.
---

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index f6d6dc9a14..bfcf20b09c 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1028,7 +1028,7 @@ check_signature_token(const char *digest,
   signed_digest = tor_malloc(tok->object_size);
   if (crypto_pk_public_checksig(pkey, signed_digest, tok->object_body,
                                 tok->object_size)
-      != digest_len) {
+      < digest_len) {
     log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
     tor_free(signed_digest);
     return -1;