From 1b2fb445ca21b2a5d786e56e6a25a4607efc4432 Mon Sep 17 00:00:00 2001
From: Adam Kelly <adam@cthulahoops.org>
Date: Wed, 19 Aug 2020 13:33:58 +0100
Subject: [PATCH 1/2] Use the correct digest algorithm. (Fixes: #191)

---
 fedireads/signatures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fedireads/signatures.py b/fedireads/signatures.py
index 49d1a2d3..db46aa4b 100644
--- a/fedireads/signatures.py
+++ b/fedireads/signatures.py
@@ -39,7 +39,7 @@ def make_signature(sender, destination, date, digest):
     return ','.join('%s="%s"' % (k, v) for (k, v) in signature.items())
 
 def make_digest(data):
-    return 'SHA-256=' + b64encode(hashlib.sha512(data).digest()).decode('utf-8')
+    return 'SHA-256=' + b64encode(hashlib.sha256(data).digest()).decode('utf-8')
 
 def verify_digest(request):
     algorithm, digest = request.headers['digest'].split('=', 1)

From 54f381c1d8cacf37710a404ce7070bcfa73cd0a4 Mon Sep 17 00:00:00 2001
From: Adam Kelly <adam@cthulahoops.org>
Date: Wed, 19 Aug 2020 13:53:17 +0100
Subject: [PATCH 2/2] Raise don't return an exception if digest is wrong.

---
 fedireads/signatures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fedireads/signatures.py b/fedireads/signatures.py
index db46aa4b..7dce1489 100644
--- a/fedireads/signatures.py
+++ b/fedireads/signatures.py
@@ -52,7 +52,7 @@ def verify_digest(request):
 
     expected = hash_function(request.body).digest()
     if b64decode(digest) != expected:
-        return ValueError("Invalid HTTP Digest header")
+        raise ValueError("Invalid HTTP Digest header")
 
 class Signature:
     def __init__(self, key_id, headers, signature):