From 74766d30b95f1575df8a42d185f2643caa235a8b Mon Sep 17 00:00:00 2001
Message-Id: <74766d30b95f1575df8a42d185f2643caa235a8b.1543835412.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Fri, 23 Nov 2018 12:47:27 +0200
Subject: [PATCH] Handle unsupported digests the same as disabled ones
 (RhBug:1652529)

A digest type unsupported by the underlying crypto library (whether
technically or by configuration) does not mean the digest is invalid,
it just cannot be used. Which for the purposes of verification is the
same as if that digest didn't exist at all, and that's exactly how we
handle digests and signatures disabled by configuration.

One particular case is FIPS mode which globally disables the use of MD5,
which we mishandled prior to this by showing it as OK in verification
despite actually not verifying it at all.

The exact place for handling this case is a bit subtle: the "obvious"
place for checking for supported type is in rpmvsInitRange() but this
doesn't work because of rpmDigestBundleAddID() return code semantics.
The other "obvious" place would be rpmvsVerify(), but by that point
we have even more funny cases to consider. So for now, it's actually
easiest to check for this in rpmvsFiniRange() even if it's not the
most obvious place for doing so. Might want to change the
rpmDigestBundleAddID() semantics later, but this makes for a nicer
backport (we'll need this in 4.14.x too).
---
 lib/rpmvs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/rpmvs.c b/lib/rpmvs.c
index 7b5b86f8e..622e48011 100644
--- a/lib/rpmvs.c
+++ b/lib/rpmvs.c
@@ -388,6 +388,9 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range)
 
 	if (sinfo->range == range && sinfo->rc == RPMRC_OK) {
 	    sinfo->ctx = rpmDigestBundleDupCtx(sis->bundle, sinfo->id);
+	    /* Handle unsupported digests the same as disabled ones */
+	    if (sinfo->ctx == NULL)
+		sinfo->rc = RPMRC_NOTFOUND;
 	    rpmDigestBundleFinal(sis->bundle, sinfo->id, NULL, NULL, 0);
 	}
     }
-- 
2.19.2