diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2011-11-09 12:31:23 +0200 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2011-11-09 12:51:39 +0200 |
| commit | 6f7700dbed99068449717f384e2683c4b2f5fe67 (patch) | |
| tree | 3169cb39243348ed33522601a41b92f8e84ebcb7 /rpmio | |
| parent | 564242f23b9b449556c6ed21b8fb3cf8099d956a (diff) | |
| download | rpm-6f7700dbed99068449717f384e2683c4b2f5fe67.tar.gz rpm-6f7700dbed99068449717f384e2683c4b2f5fe67.tar.bz2 rpm-6f7700dbed99068449717f384e2683c4b2f5fe67.zip | |
Split keyring find-by-signature to helper function, document...
- Document the broken rpmKeyringLookup() behavior / side-effect,
the new helper uses the values from our stored pgp parameters though.
- Shouldn't make any difference functionality-wise, but we'll need
the helper function shortly.
Diffstat (limited to 'rpmio')
| -rw-r--r-- | rpmio/rpmkeyring.c | 47 |
1 files changed, 31 insertions, 16 deletions
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c index 3be7bd1c0..74b152aba 100644 --- a/rpmio/rpmkeyring.c +++ b/rpmio/rpmkeyring.c @@ -215,28 +215,43 @@ char * rpmPubkeyBase64(rpmPubkey key) return enc; } -rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig) +static rpmPubkey findbySig(rpmKeyring keyring, pgpDigParams sig) { - rpmRC res = RPMRC_NOKEY; - pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE); - - if (keyring && sigp) { - struct rpmPubkey_s needle, *key; - needle.pkt = NULL; - needle.pktlen = 0; - memcpy(needle.keyid, sigp->signid, sizeof(needle.keyid)); + rpmPubkey key = NULL; - if ((key = rpmKeyringFindKeyid(keyring, &needle))) { - /* Retrieve parameters from pubkey packet(s) */ - int pktrc = pgpPrtPkts(key->pkt, key->pktlen, sig, 0); - pgpDigParams pubp = pgpDigGetParams(sig, PGPTAG_PUBLIC_KEY); + if (keyring && sig) { + struct rpmPubkey_s needle; + memset(&needle, 0, sizeof(needle)); + memcpy(needle.keyid, sig->signid, sizeof(needle.keyid)); + + key = rpmKeyringFindKeyid(keyring, &needle); + if (key) { + pgpDigParams pub = key->pgpkey; /* Do the parameters match the signature? */ - if (pubp && pktrc == 0 && sigp->pubkey_algo == pubp->pubkey_algo && - memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid)) == 0) { - res = RPMRC_OK; + if ((sig->pubkey_algo != pub->pubkey_algo) || + memcmp(sig->signid, pub->signid, sizeof(sig->signid))) { + key = NULL; } } } + return key; +} + +rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig) +{ + rpmRC res = RPMRC_NOKEY; + pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE); + rpmPubkey key = findbySig(keyring, sigp); + + if (key) { + /* + * Callers expect sig to have the key data parsed into pgpDig + * on (successful) return, sigh. No need to check for return + * here as this is validated at rpmPubkeyNew() already. + */ + pgpPrtPkts(key->pkt, key->pktlen, sig, 0); + res = RPMRC_OK; + } return res; } |