Merge branch 'bc/signed-objects-with-both-hashes'

Signed commits and tags now allow verification of objects, whose
two object names (one in SHA-1, the other in SHA-256) are both
signed.

* bc/signed-objects-with-both-hashes:
  gpg-interface: remove other signature headers before verifying
  ref-filter: hoist signature parsing
  commit: allow parsing arbitrary buffers with headers
  gpg-interface: improve interface for parsing tags
  commit: ignore additional signatures when parsing signed commits
  ref-filter: switch some uses of unsigned long to size_t
This commit is contained in:
Junio C Hamano
2021-02-22 16:12:42 -08:00
12 changed files with 226 additions and 75 deletions

View File

@ -502,7 +502,7 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
struct signature_check sigc = { 0 };
int status;
if (parse_signed_commit(commit, &payload, &signature) <= 0)
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
status = check_signature(payload.buf, payload.len, signature.buf,
@ -548,7 +548,8 @@ static int show_one_mergetag(struct commit *commit,
struct strbuf verify_message;
struct signature_check sigc = { 0 };
int status, nth;
size_t payload_size;
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
hash_object_file(the_hash_algo, extra->value, extra->len,
type_name(OBJ_TAG), &oid);
@ -571,13 +572,11 @@ static int show_one_mergetag(struct commit *commit,
strbuf_addf(&verify_message,
"parent #%d, tagged '%s'\n", nth + 1, tag->tag);
payload_size = parse_signature(extra->value, extra->len);
status = -1;
if (extra->len > payload_size) {
if (parse_signature(extra->value, extra->len, &payload, &signature)) {
/* could have a good signature */
status = check_signature(extra->value, payload_size,
extra->value + payload_size,
extra->len - payload_size, &sigc);
status = check_signature(payload.buf, payload.len,
signature.buf, signature.len, &sigc);
if (sigc.gpg_output)
strbuf_addstr(&verify_message, sigc.gpg_output);
else
@ -588,6 +587,8 @@ static int show_one_mergetag(struct commit *commit,
show_sig_lines(opt, status, verify_message.buf);
strbuf_release(&verify_message);
strbuf_release(&payload);
strbuf_release(&signature);
return 0;
}