Unify the parsePGP() variants from package.c and rpmchecksig.c

- Hide allocation inside the helper, automatically free on failure
- Return pointer to the signature parameters on success to simplify
  life for callers
- Don't bother checking or reporting the signature version: the
  pgp parser errors out if it encounters unsupported version and
  does not scrible anything to the version field in that case,
  mumbling about "V0 signatures" is not particularly helpful.
- Log the bad package names from rpmpkgReadHeader() too

3 files changed, 26 insertions, 38 deletions

diff --git a/lib/package.c b/lib/package.c
index 227368290..4dd7f2872 100644
--- a/lib/package.c
+++ b/lib/package.c
@@ -137,19 +137,23 @@ static int stashKeyid(pgpDigParams sigp)
     return 0;
 }
 
-/* Parse the parameters from the OpenPGP packets that will be needed. */
-static pgpDigParams parsePGP(rpmtd sigtd, const char *type, pgpDig *digp)
+pgpDigParams parsePGPSig(rpmtd sigtd, const char *type, const char *fn,
+			 pgpDig *digp)
 {
     int debug = (_print_pkts & rpmIsDebug());
     pgpDig dig = pgpNewDig();
     pgpDigParams sig = &dig->signature;
 
-    if ((pgpPrtPkts(sigtd->data, sigtd->count, dig, debug) == 0) &&
-	 (sig->version == 3 || sig->version == 4)) {
+    if ((pgpPrtPkts(sigtd->data, sigtd->count, dig, debug) == 0)) {
 	*digp = dig;
     } else {
-	rpmlog(RPMLOG_ERR, _("skipping %s with unverifiable V%u signature\n"),
-			    type, sig->version);
+	if (fn) {
+	    rpmlog(RPMLOG_ERR,
+		   _("skipping %s %s with unverifiable signature\n"), type, fn);
+	} else {
+	    rpmlog(RPMLOG_ERR,
+		   _("skipping %s with unverifiable signature\n"), type);
+	}
 	pgpFreeDig(dig);
 	sig = NULL;
     }
@@ -248,7 +252,7 @@ static rpmRC headerSigVerify(rpmKeyring keyring, rpmVSFlags vsflags,
     switch (info.tag) {
     case RPMTAG_RSAHEADER:
     case RPMTAG_DSAHEADER:
-	sig = parsePGP(&sigtd, "header", &dig);
+	sig = parsePGPSig(&sigtd, "header", NULL, &dig);
 	if (sig == NULL)
 	    goto exit;
 	hashalgo = sig->hash_algo;
@@ -600,7 +604,7 @@ static rpmRC rpmpkgRead(rpmKeyring keyring, rpmVSFlags vsflags,
     switch (sigtag) {
     case RPMSIGTAG_RSA:
     case RPMSIGTAG_DSA:
-	sig = parsePGP(&sigtd, "package", &dig);
+	sig = parsePGPSig(&sigtd, "package", fn, &dig);
 	if (sig == NULL)
 	    goto exit;
 	/* fallthrough */
@@ -619,7 +623,7 @@ static rpmRC rpmpkgRead(rpmKeyring keyring, rpmVSFlags vsflags,
     case RPMSIGTAG_GPG:
     case RPMSIGTAG_PGP5:	/* XXX legacy */
     case RPMSIGTAG_PGP:
-	sig = parsePGP(&sigtd, "package", &dig);
+	sig = parsePGPSig(&sigtd, "package", fn, &dig);
 	if (sig == NULL)
 	    goto exit;
 	/* fallthrough */
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index 44f27f36e..879868f2f 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -147,23 +147,6 @@ exit:
     return rc;
 }
 
-/* Parse the parameters from the OpenPGP packets that will be needed. */
-/* XXX TODO: unify with similar parsePGP() in package.c */
-static rpmRC parsePGP(rpmtd sigtd, const char *fn, pgpDig dig)
-{
-    rpmRC rc = RPMRC_FAIL;
-    int debug = (_print_pkts & rpmIsDebug());
-    if ((pgpPrtPkts(sigtd->data, sigtd->count, dig, debug) == 0) &&
-	 (dig->signature.version == 3 || dig->signature.version == 4)) {
-	rc = RPMRC_OK;
-    } else {
-	rpmlog(RPMLOG_ERR,
-	    _("skipping package %s with unverifiable V%u signature\n"), fn,
-	    dig->signature.version);
-    }
-    return rc;
-}
-
 /* 
  * Figure best available signature. 
  * XXX TODO: Similar detection in rpmReadPackageFile(), unify these.
@@ -267,7 +250,7 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
     struct rpmtd_s sigtd;
     rpmTagVal sigtag;
     pgpDig dig = NULL;
-    pgpDigParams sigp;
+    pgpDigParams sig = NULL;
     Header sigh = NULL;
     HeaderIterator hi = NULL;
     char * msg = NULL;
@@ -305,22 +288,18 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
     /* Grab a hint of what needs doing to avoid duplication. */
     sigtag = bestSig(sigh, nosignatures, nodigests);
 
-    dig = pgpNewDig();
-    sigp = &dig->signature;
-
     /* XXX RSA needs the hash_algo, so decode early. */
     if (sigtag == RPMSIGTAG_RSA || sigtag == RPMSIGTAG_PGP ||
 		sigtag == RPMSIGTAG_DSA || sigtag == RPMSIGTAG_GPG) {
-	int xx = -1;
 	if (headerGet(sigh, sigtag, &sigtd, HEADERGET_DEFAULT)) {
-	    xx = pgpPrtPkts(sigtd.data, sigtd.count, dig, 0);
+	    sig = parsePGPSig(&sigtd, "package", fn, &dig);
 	    rpmtdFreeData(&sigtd);
 	}
-	if (xx) goto exit;
+	if (sig == NULL) goto exit;
 	    
 	/* XXX assume same hash_algo in header-only and header+payload */
-	rpmDigestBundleAdd(plbundle, sigp->hash_algo, RPMDIGEST_NONE);
-	rpmDigestBundleAdd(hdrbundle, sigp->hash_algo, RPMDIGEST_NONE);
+	rpmDigestBundleAdd(plbundle, sig->hash_algo, RPMDIGEST_NONE);
+	rpmDigestBundleAdd(hdrbundle, sig->hash_algo, RPMDIGEST_NONE);
     }
 
     if (headerIsEntry(sigh, RPMSIGTAG_PGP) ||
@@ -363,11 +342,11 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
 	case RPMSIGTAG_DSA:
 	    if (nosignatures)
 		 continue;
-	    if (parsePGP(&sigtd, fn, dig) != RPMRC_OK) {
+	    sig = parsePGPSig(&sigtd, "package", fn, &dig);
+	    if (sig == NULL)
 		goto exit;
-	    }
 	    ctx = rpmDigestBundleDupCtx(havekey ? plbundle : hdrbundle,
-					dig->signature.hash_algo);
+					sig->hash_algo);
 	    break;
 	case RPMSIGTAG_SHA1:
 	    if (nodigests)
diff --git a/lib/signature.h b/lib/signature.h
index 726f7f0a4..781ffd61a 100644
--- a/lib/signature.h
+++ b/lib/signature.h
@@ -72,6 +72,11 @@ rpmRC rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, DIGEST_CTX
  */
 Header rpmFreeSignature(Header h);
 
+/* Parse the parameters from the OpenPGP packets that will be needed. */
+RPM_GNUC_INTERNAL
+pgpDigParams parsePGPSig(rpmtd sigtd, const char *type, const char *fn,
+			 pgpDig *digp);
+
 #ifdef __cplusplus
 }
 #endif