rpmDigestUpdate(ctx, pe, (ril * sizeof(*pe)));
rpmDigestUpdate(ctx, dataStart, rdl);
- rc = rpmVerifySignature(keyring, &sigtd, dig, ctx, buf);
+ rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, buf);
rpmDigestFinal(ctx, NULL, NULL, 0);
}
}
/** @todo Implement disable/enable/warn/error/anal policy. */
- rc = rpmVerifySignature(keyring, &sigtd, dig, ctx, &msg);
+ rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, &msg);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
break;
}
- rc = rpmVerifySignature(keyring, &sigtd, dig, ctx, &result);
+ rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, &result);
rpmDigestFinal(ctx, NULL, NULL, 0);
formatResult(sigtd.tag, rc, result, havekey,
/**
* Verify DSA/RSA signature.
* @param keyring pubkey keyring
- * @param dig OpenPGP container
+ * @param sig OpenPGP signature parameters
* @param hashctx digest context
* @param isHdr header-only signature?
* @retval msg verbose success/failure text
* @return RPMRC_OK on success
*/
static rpmRC
-verifySignature(rpmKeyring keyring, pgpDig dig, DIGEST_CTX hashctx, int isHdr,
- char **msg)
+verifySignature(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX hashctx,
+ int isHdr, char **msg)
{
- rpmRC res = RPMRC_FAIL; /* assume failure */
- char *sigid = NULL;
- *msg = NULL;
- pgpDigParams sig = pgpDigGetParams(dig, PGPTAG_SIGNATURE);
-
- /* Call verify even if we dont have a key for a basic sanity check */
- if (sig) {
- (void) rpmKeyringLookup(keyring, dig);
- res = pgpVerifySignature(pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY),
- sig, hashctx);
-
- sigid = pgpIdentItem(sig);
- rasprintf(msg, "%s%s: %s\n", isHdr ? _("Header ") : "", sigid,
- rpmSigString(res));
- free(sigid);
- }
+
+ rpmRC res = rpmKeyringVerifySig(keyring, sig, hashctx);
+
+ char *sigid = pgpIdentItem(sig);
+ rasprintf(msg, "%s%s: %s\n", isHdr ? _("Header ") : "", sigid,
+ rpmSigString(res));
+ free(sigid);
return res;
}
rpmRC
-rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, DIGEST_CTX ctx, char ** result)
+rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig,
+ DIGEST_CTX ctx, char ** result)
{
rpmRC res = RPMRC_NOTFOUND;
char *msg = NULL;
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
case RPMSIGTAG_GPG:
- if (dig != NULL)
- res = verifySignature(keyring, dig, ctx, hdrsig, &msg);
+ if (sig != NULL)
+ res = verifySignature(keyring, sig, ctx, hdrsig, &msg);
break;
default:
break;
if (res == RPMRC_NOTFOUND) {
rasprintf(&msg,
_("Verify signature: BAD PARAMETERS (%d %p %d %p %p)\n"),
- sigtd->tag, sigtd->data, sigtd->count, ctx, dig);
+ sigtd->tag, sigtd->data, sigtd->count, ctx, sig);
res = RPMRC_FAIL;
}
*
* @param keyring keyring handle
* @param sigtd signature tag data container
- * @param dig signature/pubkey parameters
+ * @param sig signature/pubkey parameters
* @retval result detailed text result of signature verification
* (malloc'd)
* @return result of signature verification
*/
-rpmRC rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, DIGEST_CTX ctx, char ** result);
+rpmRC rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig,
+ DIGEST_CTX ctx, char ** result);
/** \ingroup signature
* Destroy signature header from package.