40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From 90811cc0df4f32fbf9e5389cca15813e2f6395cb Mon Sep 17 00:00:00 2001
|
|
From: Sergio Correia <scorreia@redhat.com>
|
|
Date: Fri, 3 Jun 2022 22:01:15 -0300
|
|
Subject: [PATCH 1/5] Improve error handling when doing signature verification
|
|
|
|
This makes verify_signature_from_file() more consistent in that it will
|
|
always raise an exception informing the signature verification failed,
|
|
when this situation happens.
|
|
|
|
As it is, verify_signature() can raise a few different exceptions, and
|
|
those were not handled by verify_signature_from_file().
|
|
|
|
Signed-off-by: Sergio Correia <scorreia@redhat.com>
|
|
---
|
|
keylime/signing.py | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/keylime/signing.py b/keylime/signing.py
|
|
index 71f8be0..1353c1e 100644
|
|
--- a/keylime/signing.py
|
|
+++ b/keylime/signing.py
|
|
@@ -30,7 +30,13 @@ def verify_signature_from_file(key_file, filename, sig_file, file_description):
|
|
with open(filename, "rb") as file_f:
|
|
file = file_f.read()
|
|
|
|
- if verify_signature(key, sig, file):
|
|
+ verified = False
|
|
+ try:
|
|
+ verified = verify_signature(key, sig, file)
|
|
+ except Exception as e:
|
|
+ logger.warning("Unable to verify signature: %s", e)
|
|
+
|
|
+ if verified:
|
|
logger.debug("%s passed signature verification", file_description.capitalize())
|
|
else:
|
|
raise Exception(
|
|
--
|
|
2.35.1
|
|
|