diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2017-04-11 18:39:26 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2017-04-11 19:00:45 +0300 |
commit | 011cfeceab11da824de60e478b614a09883c23f1 (patch) | |
tree | dcab5c298063227b6c3a6d8842edf17f0f8b48b6 | |
parent | 0777f87a912f46c28d8eb423009c450b7ffabf1c (diff) | |
download | rpm-011cfeceab11da824de60e478b614a09883c23f1.tar.gz |
Update rpmVerifySignature() internals to get by with just struct rpmsinfo
-rw-r--r-- | lib/package.c | 2 | ||||
-rw-r--r-- | lib/rpmchecksig.c | 4 | ||||
-rw-r--r-- | lib/signature.c | 49 | ||||
-rw-r--r-- | lib/signature.h | 2 |
4 files changed, 25 insertions, 32 deletions
diff --git a/lib/package.c b/lib/package.c index fcc908059..78f380f25 100644 --- a/lib/package.c +++ b/lib/package.c @@ -216,7 +216,7 @@ static rpmRC headerSigVerify(rpmKeyring keyring, rpmVSFlags vsflags, rpmDigestUpdate(ctx, dstblob->pe, (dstblob->ril * sizeof(*dstblob->pe))); rpmDigestUpdate(ctx, dstblob->dataStart, dstblob->rdl); - rc = rpmVerifySignature(keyring, &sigtd, sinfo.sig, ctx, buf); + rc = rpmVerifySignature(keyring, &sinfo, ctx, buf); if (keyidp && sinfo.type == RPMSIG_SIGNATURE_TYPE) *keyidp = sinfo.keyid; diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index fb1d08e61..737b3246b 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -268,13 +268,13 @@ static int verifyItems(FD_t fd, Header sigh, int range, rpmQueryFlags flags, if (sinfo.hashalgo && sinfo.range == range && rc == RPMRC_OK) { DIGEST_CTX ctx = fdDupDigest(fd, sinfo.id); - rc = rpmVerifySignature(keyring, &sigtd, sinfo.sig, ctx, &result); + rc = rpmVerifySignature(keyring, &sinfo, ctx, &result); rpmDigestFinal(ctx, NULL, NULL, 0); fdFiniDigest(fd, sinfo.id, NULL, NULL, 0); } if (result) { - formatResult(sigtd.tag, rc, result, + formatResult(sinfo.tag, rc, result, (rc == RPMRC_NOKEY ? missingKeys : untrustedKeys), buf); } diff --git a/lib/signature.c b/lib/signature.c index 2ba6d1d3b..7660f0a2a 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -377,13 +377,12 @@ static const char * rpmSigString(rpmRC res) return str; } -static rpmRC verifyDigest(rpmtd sigtd, DIGEST_CTX digctx, const char *title, - char **msg) +static rpmRC verifyDigest(struct rpmsinfo_s *sinfo, DIGEST_CTX digctx, + const char *title, char **msg) { rpmRC res = RPMRC_FAIL; /* assume failure */ char * dig = NULL; size_t diglen = 0; - char *pkgdig = rpmtdFormat(sigtd, RPMTD_FORMAT_STRING, NULL); DIGEST_CTX ctx = rpmDigestDup(digctx); if (rpmDigestFinal(ctx, (void **)&dig, &diglen, 1) || diglen == 0) { @@ -391,37 +390,35 @@ static rpmRC verifyDigest(rpmtd sigtd, DIGEST_CTX digctx, const char *title, goto exit; } - if (strcasecmp(pkgdig, dig) == 0) { + if (strcasecmp(sinfo->dig, dig) == 0) { res = RPMRC_OK; - rasprintf(msg, "%s %s (%s)", title, rpmSigString(res), pkgdig); + rasprintf(msg, "%s %s (%s)", title, rpmSigString(res), sinfo->dig); } else { rasprintf(msg, "%s: %s Expected(%s) != (%s)", - title, rpmSigString(res), pkgdig, dig); + title, rpmSigString(res), sinfo->dig, dig); } exit: free(dig); - free(pkgdig); return res; } /** * Verify DSA/RSA signature. * @param keyring pubkey keyring - * @param sig OpenPGP signature parameters + * @param sinfo OpenPGP signature parameters * @param hashctx digest context - * @param isHdr header-only signature? * @retval msg verbose success/failure text * @return RPMRC_OK on success */ static rpmRC -verifySignature(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX hashctx, - int isHdr, char **msg) +verifySignature(rpmKeyring keyring, struct rpmsinfo_s *sinfo, + DIGEST_CTX hashctx, char **msg) { + int isHdr = (sinfo->range == RPMSIG_HEADER); + rpmRC res = rpmKeyringVerifySig(keyring, sinfo->sig, hashctx); - rpmRC res = rpmKeyringVerifySig(keyring, sig, hashctx); - - char *sigid = pgpIdentItem(sig); + char *sigid = pgpIdentItem(sinfo->sig); rasprintf(msg, "%s%s: %s", isHdr ? _("Header ") : "", sigid, rpmSigString(res)); free(sigid); @@ -429,38 +426,34 @@ verifySignature(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX hashctx, } rpmRC -rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig, +rpmVerifySignature(rpmKeyring keyring, struct rpmsinfo_s *sinfo, DIGEST_CTX ctx, char ** result) { rpmRC res = RPMRC_NOTFOUND; char *msg = NULL; - int hdrsig = 0; - if (sigtd->data == NULL || sigtd->count <= 0 || ctx == NULL) + if (sinfo->sig == NULL || ctx == NULL) goto exit; - switch (sigtd->tag) { + switch (sinfo->tag) { case RPMSIGTAG_MD5: - res = verifyDigest(sigtd, ctx, _("MD5 digest:"), &msg); + res = verifyDigest(sinfo, ctx, _("MD5 digest:"), &msg); break; case RPMSIGTAG_SHA1: - res = verifyDigest(sigtd, ctx, _("Header SHA1 digest:"), &msg); + res = verifyDigest(sinfo, ctx, _("Header SHA1 digest:"), &msg); break; case RPMSIGTAG_SHA256: - res = verifyDigest(sigtd, ctx, _("Header SHA256 digest:"), &msg); + res = verifyDigest(sinfo, ctx, _("Header SHA256 digest:"), &msg); break; case RPMTAG_PAYLOADDIGEST: - res = verifyDigest(sigtd, ctx, _("Payload SHA256 digest:"), &msg); + res = verifyDigest(sinfo, ctx, _("Payload SHA256 digest:"), &msg); break; case RPMSIGTAG_RSA: case RPMSIGTAG_DSA: - hdrsig = 1; - /* fallthrough */ case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: case RPMSIGTAG_GPG: - if (sig != NULL) - res = verifySignature(keyring, sig, ctx, hdrsig, &msg); + res = verifySignature(keyring, sinfo, ctx, &msg); break; default: break; @@ -469,8 +462,8 @@ rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig, exit: if (res == RPMRC_NOTFOUND) { rasprintf(&msg, - _("Verify signature: BAD PARAMETERS (%d %p %d %p %p)"), - sigtd->tag, sigtd->data, sigtd->count, ctx, sig); + _("Verify signature: BAD PARAMETERS (%d %p %d %p)"), + sinfo->tag, sinfo->sig, sinfo->hashalgo, ctx); res = RPMRC_FAIL; } diff --git a/lib/signature.h b/lib/signature.h index 2242143ac..4a7bf7c61 100644 --- a/lib/signature.h +++ b/lib/signature.h @@ -67,7 +67,7 @@ int rpmWriteSignature(FD_t fd, Header h); * (malloc'd) * @return result of signature verification */ -rpmRC rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig, +rpmRC rpmVerifySignature(rpmKeyring keyring, struct rpmsinfo_s *sinfo, DIGEST_CTX ctx, char ** result); /** \ingroup signature |