1 files changed, 39 insertions, 0 deletions

diff --git a/backport-Avoid-unneded-MPI-reparsing.patch b/backport-Avoid-unneded-MPI-reparsing.patch
new file mode 100644
index 0000000..a3bf260
--- /dev/null
+++ b/backport-Avoid-unneded-MPI-reparsing.patch
@@ -0,0 +1,39 @@
+From 8948ec79f6c300e91319469ba72b9bd3480fe686 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sun, 27 Mar 2022 12:54:36 -0400
+Subject: [PATCH] Avoid unneded MPI reparsing
+
+Modify pgpPrtSig() to ignore the MPIs of a signature if its `tag`
+parameter is 0.  The only caller that sets `tag` to 0 is
+pgpPrtParamSubkeys() (via parseSubkeySig()), which does not actually
+check any cryptographic signatures.  The subkey binding signature has
+been checked earlier in pgpPrtParams().
+---
+ rpmio/rpmpgp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 22ac9c8..2b93661 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -637,7 +637,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 
+ 	p = ((uint8_t *)v) + sizeof(*v);
+ 	_digp->data = p;
+-	rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
++	rc = tag ? pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp) : 0;
+     }	break;
+     case 4:
+     {   pgpPktSigV4 v = (pgpPktSigV4)h;
+@@ -700,7 +700,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 	    return 1;
+ 
+ 	_digp->data = p;
+-	rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
++	rc = tag ? pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp) : 0;
+     }	break;
+     default:
+ 	rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version);
+-- 
+1.8.3.1
+