Lukas Burkhalter 1ddf4e151c Accept cleartext messages without hash header
The latest version of the crypto refresh (i.e., !313, !314) specifies that
the  "Hash" header is deprecated, and that an implementation that is verifying
a cleartext signed message MUST ignore this header.
However, we go against this directive, and keep the checks in place to avoid
arbitrary injection of text as part of the "Hash" header payload.
We also mandate that if the hash header is present, the declared
algorithm matches the signature algorithm. This is again to avoid
a spoofing attack where e.g. a SHA1 signature is presented as
using SHA512.
Related CVEs: CVE-2019-11841, CVE-2023-41037.

This commit does not change the writing part of cleartext messages.

# Conflicts:
#	src/cleartext.js
2023-10-25 12:53:12 +02:00
..
2023-10-25 12:53:12 +02:00
2023-10-25 12:53:11 +02:00