summaryrefslogtreecommitdiff
path: root/sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch')
-rw-r--r--sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch52
1 files changed, 52 insertions, 0 deletions
diff --git a/sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch b/sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch
new file mode 100644
index 000000000..e13f8b563
--- /dev/null
+++ b/sys-apps/apk-tools/files/apk-tools-2.6.6-use-sha256-signature.patch
@@ -0,0 +1,52 @@
+From 0984ca854ce4b9fddbf1dc7503058406ded6e2cc Mon Sep 17 00:00:00 2001
+From: Andrew Wilcox <AWilcox@Wilcox-Tech.com>
+Date: Sun, 18 Oct 2015 11:19:36 -0500
+Subject: [PATCH] package: use SHA256 for signature instead of SHA1
+
+---
+ src/apk_blob.h | 2 +-
+ src/package.c | 8 ++------
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/apk_blob.h b/src/apk_blob.h
+index 2d2e30e..a879d27 100644
+--- a/src/apk_blob.h
++++ b/src/apk_blob.h
+@@ -41,7 +41,7 @@ extern apk_blob_t apk_null_blob;
+
+ /* Internal cointainer for MD5 or SHA1 */
+ struct apk_checksum {
+- unsigned char data[20];
++ unsigned char data[40];
+ unsigned char type;
+ };
+
+diff --git a/src/package.c b/src/package.c
+index 24a4f94..14993b3 100644
+--- a/src/package.c
++++ b/src/package.c
+@@ -570,8 +570,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
+ if (ctx->keys_fd < 0)
+ return 0;
+
+- if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
+- strncmp(&fi->name[6], "DSA.", 4) == 0) {
++ if (strncmp(&fi->name[6], "RSA.", 4) == 0) {
+ int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
+ BIO *bio;
+
+@@ -581,10 +580,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
+ bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE);
+ ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+ if (ctx->signature.pkey != NULL) {
+- if (fi->name[6] == 'R')
+- ctx->md = EVP_sha1();
+- else
+- ctx->md = EVP_dss1();
++ ctx->md = EVP_sha256();
+ }
+ BIO_free(bio);
+ } else
+--
+2.7.0
+