From 760f81e6a918460835faddf8b6591b57aad9cbe3 Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Thu, 19 Sep 2024 11:31:58 +0200 Subject: [PATCH] Add rpmKeyringVerifySig2 that return the matching key Add the key to rpmsinfo_s so we have the key available with the verified signature and can print the key's finger print when desired --- include/rpm/rpmkeyring.h | 10 ++++++++++ lib/rpmvs.c | 9 ++++++--- lib/rpmvs.h | 1 + rpmio/rpmkeyring.c | 14 ++++++++++---- 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h index 1c41ad0e8d..3d83286dd3 100644 --- a/include/rpm/rpmkeyring.h +++ b/include/rpm/rpmkeyring.h @@ -56,6 +56,16 @@ int rpmKeyringAddKey(rpmKeyring keyring, rpmPubkey key); */ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx); +/** \ingroup rpmkeyring + * Perform combined keyring lookup and signature verification + * @param keyring keyring handle + * @param sig OpenPGP signature parameters + * @param ctx signature hash context + * @param keyptr matching key + * @return RPMRC_OK / RPMRC_FAIL / RPMRC_NOKEY + */ +rpmRC rpmKeyringVerifySig2(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx, rpmPubkey * keyptr); + /** \ingroup rpmkeyring * Reference a keyring. * @param keyring keyring handle diff --git a/lib/rpmvs.c b/lib/rpmvs.c index 783dbba874..997b613176 100644 --- a/lib/rpmvs.c +++ b/lib/rpmvs.c @@ -144,6 +144,7 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo, *sinfo = vinfo->vi; /* struct assignment */ sinfo->wrapped = (vinfo->sigh == 0); sinfo->strength = sinfo->type; + sinfo->key = NULL; if (td == NULL) { rc = RPMRC_NOTFOUND; @@ -591,9 +592,11 @@ static rpmRC verifySignature(rpmKeyring keyring, struct rpmsinfo_s *sinfo) { rpmRC res = RPMRC_FAIL; - if (pgpSignatureType(sinfo->sig) == PGPSIGTYPE_BINARY) - res = rpmKeyringVerifySig(keyring, sinfo->sig, sinfo->ctx); - + if (pgpSignatureType(sinfo->sig) == PGPSIGTYPE_BINARY) { + rpmPubkey key; + res = rpmKeyringVerifySig2(keyring, sinfo->sig, sinfo->ctx, &key); + sinfo->key = key; + } return res; } diff --git a/lib/rpmvs.h b/lib/rpmvs.h index e45b20e92a..83f543bca6 100644 --- a/lib/rpmvs.h +++ b/lib/rpmvs.h @@ -23,6 +23,7 @@ struct rpmsinfo_s { int id; int wrapped; int strength; + rpmPubkey key; unsigned int keyid; union { pgpDigParams sig; diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c index a35a5066a4..6c0a3517f3 100644 --- a/rpmio/rpmkeyring.c +++ b/rpmio/rpmkeyring.c @@ -298,7 +298,7 @@ static rpmPubkey findbySig(rpmKeyring keyring, pgpDigParams sig) return key; } -rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx) +rpmRC rpmKeyringVerifySig2(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx, rpmPubkey * keyptr) { rpmRC rc = RPMRC_FAIL; @@ -319,10 +319,16 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx) rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints); free(lints); } - } - - if (keyring) + if (keyptr) + *keyptr = key; + } + if (keyring) pthread_rwlock_unlock(&keyring->lock); return rc; } + +rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx) +{ + return rpmKeyringVerifySig2(keyring, sig, ctx, NULL); +}