c702aba We are signing with SHA256 RSA, not SHA1 — HardenedBSD-pkg

HardenedBSD Package Manager

We are signing with SHA256 RSA, not SHA1

Bryan Drewery committed 12 years ago

commit c702aba4bd656b11c2946b401834c488f838dae3
parent a934114c73158fd81840395ee7f4b5321756c30a

1 file changed +1 -1

modified libpkg/rsa.c

@@ -120,7 +120,7 @@ rsa_verify_cert(const char *path, unsigned char *key, int keylen,

 	if (rsa == NULL)
 		return (EPKG_FATAL);
 	ret = RSA_verify(NID_sha1, sha256, sizeof(sha256), sig, siglen, rsa);
 	ret = RSA_verify(NID_sha256, sha256, sizeof(sha256), sig, siglen, rsa);
 	if (ret == 0) {
 		pkg_emit_error("%s: %s", key,
 		    ERR_error_string(ERR_get_error(), errbuf));