From 0984ca854ce4b9fddbf1dc7503058406ded6e2cc Mon Sep 17 00:00:00 2001 From: Andrew Wilcox Date: Sun, 18 Oct 2015 11:19:36 -0500 Subject: [PATCH] package: use SHA256 for signature instead of SHA1 --- src/apk_blob.h | 2 +- src/package.c | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/apk_blob.h b/src/apk_blob.h index 2d2e30e..a879d27 100644 --- a/src/apk_blob.h +++ b/src/apk_blob.h @@ -41,7 +41,7 @@ extern apk_blob_t apk_null_blob; /* Internal cointainer for MD5 or SHA1 */ struct apk_checksum { - unsigned char data[20]; + unsigned char data[40]; unsigned char type; }; diff --git a/src/package.c b/src/package.c index 24a4f94..14993b3 100644 --- a/src/package.c +++ b/src/package.c @@ -570,8 +570,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, if (ctx->keys_fd < 0) return 0; - if (strncmp(&fi->name[6], "RSA.", 4) == 0 || - strncmp(&fi->name[6], "DSA.", 4) == 0) { + if (strncmp(&fi->name[6], "RSA.", 4) == 0) { int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC); BIO *bio; @@ -581,10 +580,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE); ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); if (ctx->signature.pkey != NULL) { - if (fi->name[6] == 'R') - ctx->md = EVP_sha1(); - else - ctx->md = EVP_dss1(); + ctx->md = EVP_sha256(); } BIO_free(bio); } else -- 2.7.0