diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2017-04-11 13:07:59 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2017-04-11 19:00:45 +0300 |
commit | b8855cc6e8a31409d1002a9b71b21b5134b885bb (patch) | |
tree | ef87bd3d0b594916adfdac9c409c9e5a3a434300 | |
parent | 1c0bc572f05d47663948edd4ef4ba84b398bf938 (diff) | |
download | rpm-b8855cc6e8a31409d1002a9b71b21b5134b885bb.tar.gz |
Move payload digest index hack to rpmsinfoInit()
For purposes of the generic signature checking machinery, only the last
value is ever needed so handling it in rpmsinfoInit() is far more
appropriate.
-rw-r--r-- | lib/signature.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/signature.c b/lib/signature.c index 508a4299f..48485d6e2 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -91,6 +91,9 @@ rpmRC rpmSigInfoParse(rpmtd td, const char *origin, sinfo->hashalgo = PGPHASHALGO_SHA256; sinfo->type = RPMSIG_DIGEST_TYPE; sinfo->range = RPMSIG_PAYLOAD; + /* XXX: get the last element, fail due to tagcount is arbitrary */ + if (rpmtdSetIndex(td, rpmtdCount(td)-1) == -1) + tagcount = 0; break; default: /* anything unknown just falls through for now */ @@ -423,6 +426,9 @@ rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig, case RPMSIGTAG_SHA256: res = verifyDigest(sigtd, ctx, _("Header SHA256 digest:"), &msg); break; + case RPMTAG_PAYLOADDIGEST: + res = verifyDigest(sigtd, ctx, _("Payload SHA256 digest:"), &msg); + break; case RPMSIGTAG_RSA: case RPMSIGTAG_DSA: hdrsig = 1; @@ -433,10 +439,6 @@ rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig, if (sig != NULL) res = verifySignature(keyring, sig, ctx, hdrsig, &msg); break; - case RPMTAG_PAYLOADDIGEST: - if (rpmtdSetIndex(sigtd, rpmtdCount(sigtd)-1) != -1) - res = verifyDigest(sigtd, ctx, _("Payload SHA256 digest:"), &msg); - break; default: break; } |