diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2007-11-15 11:08:53 +0200 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2007-11-15 11:08:53 +0200 |
| commit | 589b54af909b5ee8e98818291b955b0951b1c26c (patch) | |
| tree | e8c3dadafafb67544649897f1fb8d870274d0eb8 | |
| parent | 905ea76db4153b3e82eaac3c0291b4c7e4c597c5 (diff) | |
| download | rpm-589b54af909b5ee8e98818291b955b0951b1c26c.tar.gz rpm-589b54af909b5ee8e98818291b955b0951b1c26c.tar.bz2 rpm-589b54af909b5ee8e98818291b955b0951b1c26c.zip | |
Initialize NSS early (rhbz#382091)
- add new rpmInitCrypto() API for directly initializing any crypto
- call it from rpmReadConfig() to ensure it's always initialized early on
| -rw-r--r-- | lib/rpmrc.c | 4 | ||||
| -rw-r--r-- | rpmio/digest.c | 3 | ||||
| -rw-r--r-- | rpmio/rpmpgp.c | 14 | ||||
| -rw-r--r-- | rpmio/rpmpgp.h | 9 |
4 files changed, 26 insertions, 4 deletions
diff --git a/lib/rpmrc.c b/lib/rpmrc.c index d33c9eeb0..d4190e457 100644 --- a/lib/rpmrc.c +++ b/lib/rpmrc.c @@ -1672,6 +1672,10 @@ static int rpmReadRC(const char * rcfiles) int rpmReadConfigFiles(const char * file, const char * target) { + /* Initialize crypto engine as early as possible */ + if (rpmInitCrypto() < 0) { + return -1; + } /* Preset target macros */ /* FIX: target can be NULL */ diff --git a/rpmio/digest.c b/rpmio/digest.c index d5c4de755..1829b93df 100644 --- a/rpmio/digest.c +++ b/rpmio/digest.c @@ -75,9 +75,6 @@ rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) HASH_HashType type; DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); - if (NSS_NoDB_Init(NULL) != SECSuccess) - return NULL; - ctx->flags = flags; type = getHashType(hashalgo); diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index eb822843b..9016da076 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -12,6 +12,8 @@ static int _debug = 0; static int _print = 0; +static int _crypto_initialized = 0; + static pgpDig _dig = NULL; static pgpDigParams _digp = NULL; @@ -1021,7 +1023,6 @@ int pgpPrtPkt(const byte *pkt, unsigned int pleft) pgpDig pgpNewDig(void) { pgpDig dig = xcalloc(1, sizeof(*dig)); - NSS_NoDB_Init(NULL); return dig; } @@ -1310,3 +1311,14 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns) return val; } +int rpmInitCrypto(void) { + int rc = 0; + + if (!_crypto_initialized && NSS_NoDB_Init(NULL) != SECSuccess) { + rc = -1; + } else { + _crypto_initialized = 1; + } + + return rc; +} diff --git a/rpmio/rpmpgp.h b/rpmio/rpmpgp.h index 5d3e2ae5c..fc3b4cd3e 100644 --- a/rpmio/rpmpgp.h +++ b/rpmio/rpmpgp.h @@ -1307,6 +1307,15 @@ unsigned int pgpCRC(const byte *octets, size_t len) } /** \ingroup rpmio + * Perform cryptography initialization. + * It must be called before any cryptography can be used within rpm. + * It's not normally necessary to call it directly as it's called in + * general rpm initialization routines. + * @return 0 on success, -1 on failure + */ +int rpmInitCrypto(void); + +/** \ingroup rpmio * Duplicate a digest context. * @param octx existing digest context * @return duplicated digest context |