[Rpm-maint] [rpm-software-management/rpm] RFE: add SHA3 payload digest (Issue #3642)
Panu Matilainen
notifications at github.com
Mon Jun 9 09:13:40 UTC 2025
pmatilai left a comment (rpm-software-management/rpm#3642)
So it turns out the array idea does not work afterall. I had a false positive in testing because I just dup'ed the SHA256 digest to see whether the array is handled. Turns out, the problem is specifically that the verification does *try to* handle an array in order to handle multiple signatures, but fails as soon as there's a non-SHA256 digest, because the algorithm is hardcoded despite looping over it.
This means the whole idea of PAYLOADDIGEST being future extensible is bogus, we cannot touch the PAYLOADDIGEST or PAYLOADDIGESTALT tags at all lest it break verification on rpm >= 4.14. Sigh.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3642#issuecomment-2955174103
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3642/2955174103 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250609/80c34447/attachment.htm>
More information about the Rpm-maint
mailing list