Make signature range clearer and more flexible

Rename the siginfo payload field to range, which better explains what it means. Also make it a bitfield which allows expressing the actual combinations: modern signature/digest items are on header only, rpm v3 ones are on header+payload and in the future we might have payload-only digest(s) as well. No functional changes intended.
cms-externals · Feb 22, 2017 · 6c7b85e · 6c7b85e
1 parent b74096a
commit 6c7b85e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
@@ -267,7 +267,8 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
 	if (nodigests && sinfo.type == RPMSIG_DIGEST_TYPE)
 	    continue;
 	if (rc == RPMRC_OK && sinfo.hashalgo) {
-	    rpmDigestBundleAdd(sinfo.payload ? plbundle : hdrbundle,
+	    rpmDigestBundleAdd((sinfo.range & RPMSIG_PAYLOAD) ?
+				plbundle : hdrbundle,
 			       sinfo.hashalgo, RPMDIGEST_NONE);
 	}
     }
@@ -302,7 +303,8 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
 	    continue;
 
 	if (sinfo.type != RPMSIG_OTHER_TYPE && rc == RPMRC_OK) {
-	    ctx = rpmDigestBundleDupCtx(sinfo.payload ? plbundle : hdrbundle,
+	    ctx = rpmDigestBundleDupCtx((sinfo.range & RPMSIG_PAYLOAD) ?
+					plbundle : hdrbundle,
 					sinfo.hashalgo);
 	    rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, &result);
 	    rpmDigestFinal(ctx, NULL, NULL, 0);

diff --git a/lib/signature.c b/lib/signature.c
@@ -34,38 +34,43 @@ rpmRC rpmSigInfoParse(rpmtd td, const char *origin,
     case RPMSIGTAG_GPG:
     case RPMSIGTAG_PGP5:	/* XXX legacy */
     case RPMSIGTAG_PGP:
-	sinfo->payload = 1;
+	sinfo->range = RPMSIG_PAYLOAD;
 	/* fallthrough */
     case RPMSIGTAG_RSA:
     case RPMSIGTAG_DSA:
 	tagtype = RPM_BIN_TYPE;
 	sinfo->type = RPMSIG_SIGNATURE_TYPE;
+	/* GPG/PGP are hdr+payload, RSA/DSA are hdr-only */
+	sinfo->range |= RPMSIG_HEADER;
 	break;
     case RPMSIGTAG_SHA1:
 	tagsize = 41; /* includes trailing \0 */
 	tagtype = RPM_STRING_TYPE;
 	hexstring = 1;
 	sinfo->hashalgo = PGPHASHALGO_SHA1;
 	sinfo->type = RPMSIG_DIGEST_TYPE;
+	sinfo->range = RPMSIG_HEADER;
 	break;
     case RPMSIGTAG_MD5:
 	tagtype = RPM_BIN_TYPE;
 	tagsize = 16;
 	sinfo->hashalgo = PGPHASHALGO_MD5;
 	sinfo->type = RPMSIG_DIGEST_TYPE;
-	sinfo->payload = 1;
+	sinfo->range = (RPMSIG_HEADER|RPMSIG_PAYLOAD);
 	break;
     case RPMSIGTAG_SIZE:
     case RPMSIGTAG_PAYLOADSIZE:
 	tagsize = 4;
 	tagtype = RPM_INT32_TYPE;
 	sinfo->type = RPMSIG_OTHER_TYPE;
+	sinfo->range = RPMSIG_PAYLOAD;
 	break;
     case RPMSIGTAG_LONGSIZE:
     case RPMSIGTAG_LONGARCHIVESIZE:
 	tagsize = 8;
 	tagtype = RPM_INT64_TYPE;
 	sinfo->type = RPMSIG_OTHER_TYPE;
+	sinfo->range = RPMSIG_PAYLOAD;
 	break;
     case RPMSIGTAG_RESERVEDSPACE:
 	tagtype = RPM_BIN_TYPE;

diff --git a/lib/signature.h b/lib/signature.h
@@ -15,9 +15,15 @@ enum {
     RPMSIG_OTHER_TYPE		= 3,
 };
 
+/* siginfo range bits */
+enum {
+    RPMSIG_HEADER	= (1 << 0),
+    RPMSIG_PAYLOAD	= (1 << 1),
+};
+
 struct sigtInfo_s {
     int hashalgo;
-    int payload;
+    int range;
     int type;
 };