From dae4b2a83a35e30cb6b4bc7c5119fd19861b5e22 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 16 May 2007 11:10:07 +0000
Subject: [PATCH] Fix for bug 797.

---
 g10/ChangeLog   |  5 +++++
 g10/sig-check.c | 27 +++++++++++++++------------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 49cf5cf19..93fe77d2b 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2007-05-16  Werner Koch  <wk@g10code.com>
+
+	* sig-check.c (check_backsig): Check the digest algorithm before
+	using it.  Fixed bug 797.
+
 2007-05-09  Werner Koch  <wk@g10code.com>
 
 	* openfile.c (overwrite_filep, open_outfile) [W32]: Need to use
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 5a3cb886f..ac9d0da7d 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -438,22 +438,25 @@ check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
   gcry_md_hd_t md;
   int rc;
 
+  /* Always check whether the algorithm is available.  Although
+     gcry_md_open woyuld throw an error, some libgcrypt versions will
+     print a debug message in that case too. */
+  if ((rc=openpgp_md_test_algo (backsig->digest_algo)))
+    return rc;
+
   if(!opt.no_sig_cache && backsig->flags.checked)
+    return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE);
+
+  rc = gcry_md_open (&md, backsig->digest_algo,0);
+  if (!rc)
     {
-      if((rc=openpgp_md_test_algo (backsig->digest_algo)))
-	return rc;
-
-      return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE);
+      hash_public_key(md,main_pk);
+      hash_public_key(md,sub_pk);
+      rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL);
+      cache_sig_result(backsig,rc);
+      gcry_md_close(md);
     }
 
-  if (gcry_md_open (&md, backsig->digest_algo,0))
-    BUG ();
-  hash_public_key(md,main_pk);
-  hash_public_key(md,sub_pk);
-  rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL);
-  cache_sig_result(backsig,rc);
-  gcry_md_close(md);
-
   return rc;
 }