summaryrefslogblamecommitdiff
path: root/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch
blob: e13f8b56386052785ad5c6f130ae1737374d390a (plain) (tree)



















































                                                                                 
From 0984ca854ce4b9fddbf1dc7503058406ded6e2cc Mon Sep 17 00:00:00 2001
From: Andrew Wilcox <AWilcox@Wilcox-Tech.com>
Date: Sun, 18 Oct 2015 11:19:36 -0500
Subject: [PATCH] package: use SHA256 for signature instead of SHA1

---
 src/apk_blob.h | 2 +-
 src/package.c  | 8 ++------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/apk_blob.h b/src/apk_blob.h
index 2d2e30e..a879d27 100644
--- a/src/apk_blob.h
+++ b/src/apk_blob.h
@@ -41,7 +41,7 @@ extern apk_blob_t apk_null_blob;
 
 /* Internal cointainer for MD5 or SHA1 */
 struct apk_checksum {
-	unsigned char data[20];
+	unsigned char data[40];
 	unsigned char type;
 };
 
diff --git a/src/package.c b/src/package.c
index 24a4f94..14993b3 100644
--- a/src/package.c
+++ b/src/package.c
@@ -570,8 +570,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
 	if (ctx->keys_fd < 0)
 		return 0;
 
-	if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
-	    strncmp(&fi->name[6], "DSA.", 4) == 0) {
+	if (strncmp(&fi->name[6], "RSA.", 4) == 0) {
 		int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
 		BIO *bio;
 
@@ -581,10 +580,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
 		bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE);
 		ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
 		if (ctx->signature.pkey != NULL) {
-			if (fi->name[6] == 'R')
-				ctx->md = EVP_sha1();
-			else
-				ctx->md = EVP_dss1();
+			ctx->md = EVP_sha256();
 		}
 		BIO_free(bio);
 	} else
-- 
2.7.0