diff options
Diffstat (limited to 'sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch')
-rw-r--r-- | sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch b/sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch new file mode 100644 index 000000000..e13f8b563 --- /dev/null +++ b/sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch @@ -0,0 +1,52 @@ +From 0984ca854ce4b9fddbf1dc7503058406ded6e2cc Mon Sep 17 00:00:00 2001 +From: Andrew Wilcox <AWilcox@Wilcox-Tech.com> +Date: Sun, 18 Oct 2015 11:19:36 -0500 +Subject: [PATCH] package: use SHA256 for signature instead of SHA1 + +--- + src/apk_blob.h | 2 +- + src/package.c | 8 ++------ + 2 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/src/apk_blob.h b/src/apk_blob.h +index 2d2e30e..a879d27 100644 +--- a/src/apk_blob.h ++++ b/src/apk_blob.h +@@ -41,7 +41,7 @@ extern apk_blob_t apk_null_blob; + + /* Internal cointainer for MD5 or SHA1 */ + struct apk_checksum { +- unsigned char data[20]; ++ unsigned char data[40]; + unsigned char type; + }; + +diff --git a/src/package.c b/src/package.c +index 24a4f94..14993b3 100644 +--- a/src/package.c ++++ b/src/package.c +@@ -570,8 +570,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, + if (ctx->keys_fd < 0) + return 0; + +- if (strncmp(&fi->name[6], "RSA.", 4) == 0 || +- strncmp(&fi->name[6], "DSA.", 4) == 0) { ++ if (strncmp(&fi->name[6], "RSA.", 4) == 0) { + int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC); + BIO *bio; + +@@ -581,10 +580,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, + bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE); + ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + if (ctx->signature.pkey != NULL) { +- if (fi->name[6] == 'R') +- ctx->md = EVP_sha1(); +- else +- ctx->md = EVP_dss1(); ++ ctx->md = EVP_sha256(); + } + BIO_free(bio); + } else +-- +2.7.0 + |