diff options
| author | Peter Jones <pjones@redhat.com> | 2007-11-02 09:25:33 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2007-11-02 09:25:33 -0400 |
| commit | bb6aaf184e0d18a2fec8f0a6a0ac1a5846a24b2b (patch) | |
| tree | d62997ac2a366aff5a365287181fd813bd51465f | |
| parent | 51f5b6caa8c432d04cb1d33d525495f2d6820b6e (diff) | |
| parent | 43b1952dc66f264cadb02cc09abce5d7b0b8a8ba (diff) | |
| download | rpm-bb6aaf184e0d18a2fec8f0a6a0ac1a5846a24b2b.tar.gz rpm-bb6aaf184e0d18a2fec8f0a6a0ac1a5846a24b2b.tar.bz2 rpm-bb6aaf184e0d18a2fec8f0a6a0ac1a5846a24b2b.zip | |
Merge
| -rw-r--r-- | INSTALL | 3 | ||||
| -rw-r--r-- | Makefile.am | 19 | ||||
| -rw-r--r-- | build/Makefile.am | 2 | ||||
| -rw-r--r-- | build/rpmfc.c | 6 | ||||
| -rw-r--r-- | build/rpmfc.h | 7 | ||||
| -rw-r--r-- | configure.ac | 36 | ||||
| -rw-r--r-- | lib/Makefile.am | 4 | ||||
| -rw-r--r-- | lib/formats.c | 25 | ||||
| -rw-r--r-- | lib/misc.c | 1 | ||||
| -rw-r--r-- | lib/package.c | 2 | ||||
| -rw-r--r-- | lib/rpmchecksig.c | 2 | ||||
| -rw-r--r-- | lib/rpmfi.c | 1 | ||||
| -rw-r--r-- | lib/rpmts.c | 4 | ||||
| -rw-r--r-- | lib/signature.c | 78 | ||||
| -rw-r--r-- | macros.in | 2 | ||||
| -rw-r--r-- | python/Makefile.am | 4 | ||||
| -rw-r--r-- | rpm.pc.in | 2 | ||||
| -rw-r--r-- | rpmdb/Makefile.am | 6 | ||||
| -rw-r--r-- | rpmio/Makefile.am | 10 | ||||
| -rw-r--r-- | rpmio/base64.c | 254 | ||||
| -rw-r--r-- | rpmio/base64.h | 29 | ||||
| -rw-r--r-- | rpmio/digest.c | 149 | ||||
| -rw-r--r-- | rpmio/macro.c | 18 | ||||
| -rw-r--r-- | rpmio/rpmio_internal.h | 47 | ||||
| -rw-r--r-- | rpmio/rpmmacro.h | 19 | ||||
| -rw-r--r-- | rpmio/rpmpgp.c | 217 | ||||
| -rw-r--r-- | rpmio/rpmpgp.h | 9 | ||||
| -rw-r--r-- | rpmio/tax.c | 45 | ||||
| -rw-r--r-- | rpmio/tinv.c | 512 | ||||
| -rw-r--r-- | rpmio/tkey.c | 62 | ||||
| -rw-r--r-- | tools/convertdb1.c | 2 | ||||
| -rw-r--r-- | tools/debugedit.c | 41 |
32 files changed, 668 insertions, 950 deletions
@@ -5,6 +5,9 @@ The zlib library for compression support. You might also need/want the zip executable for java jar dependency analysis. All available from http://www.gzip.org/zlib/ +The NSS library for encryption. This is available from + http://www.mozilla.org/projects/security/pki/nss/ + The Berkeley DB >= 4.3.x (4.5.x or newer recommended). RPM includes an internal copy which is used by default, but if you want to use an external BDB (--with-external-db) it's available at diff --git a/Makefile.am b/Makefile.am index af7e94ad4..46e22cb1b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -24,7 +24,7 @@ AM_CPPFLAGS += -I$(top_srcdir)/build AM_CPPFLAGS += -I$(top_srcdir)/lib AM_CPPFLAGS += -I$(top_builddir)/rpmdb -I$(top_srcdir)/rpmdb AM_CPPFLAGS += -I$(top_srcdir)/rpmio -AM_CPPFLAGS += @WITH_BEECRYPT_INCLUDE@ +AM_CPPFLAGS += @WITH_NSS_INCLUDE@ AM_CPPFLAGS += @WITH_POPT_INCLUDE@ AM_CPPFLAGS += -I$(top_srcdir)/misc AM_CPPFLAGS += @WITH_LIBELF_INCLUDE@ @@ -82,36 +82,36 @@ DISTCLEANFILES += find-requires rpm_SOURCES = rpmqv.c debug.h system.h rpm_CPPFLAGS = $(AM_CPPFLAGS) -DIAM_RPMDB -DIAM_RPMEIU -DIAM_RPMK -DIAM_RPMQV rpm_LDADD = build/librpmbuild.la lib/librpm.la rpmdb/librpmdb.la rpmio/librpmio.la -rpm_LDADD += @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ +rpm_LDADD += @WITH_LIBELF_LIB@ @WITH_NSS_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ rpmb_SOURCES = build.c rpmqv.c build.h debug.h system.h rpmb_CPPFLAGS = $(AM_CPPFLAGS) -DIAM_RPMBT rpmb_LDADD = build/librpmbuild.la lib/librpm.la rpmdb/librpmdb.la rpmio/librpmio.la -rpmb_LDADD += @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ +rpmb_LDADD += @WITH_LIBELF_LIB@ @WITH_NSS_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ rpmd_SOURCES = rpmqv.c debug.h system.h rpmd_CPPFLAGS = $(AM_CPPFLAGS) -DIAM_RPMDB rpmd_LDADD = lib/librpm.la rpmdb/librpmdb.la rpmio/librpmio.la -rpmd_LDADD += @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ +rpmd_LDADD += @WITH_LIBELF_LIB@ @WITH_NSS_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ rpmi_SOURCES = rpmqv.c debug.h system.h rpmi_CPPFLAGS = $(AM_CPPFLAGS) -DIAM_RPMEIU rpmi_LDADD = lib/librpm.la rpmdb/librpmdb.la rpmio/librpmio.la -rpmi_LDADD += @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ +rpmi_LDADD += @WITH_LIBELF_LIB@ @WITH_NSS_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ rpmk_SOURCES = rpmqv.c debug.h system.h rpmk_CPPFLAGS = $(AM_CPPFLAGS) -DIAM_RPMK rpmk_LDADD = lib/librpm.la rpmdb/librpmdb.la rpmio/librpmio.la -rpmk_LDADD += @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ +rpmk_LDADD += @WITH_LIBELF_LIB@ @WITH_NSS_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ rpmq_SOURCES = rpmqv.c debug.h system.h rpmq_CPPFLAGS = $(AM_CPPFLAGS) -DIAM_RPMQV rpmq_LDADD = build/librpmbuild.la lib/librpm.la rpmdb/librpmdb.la rpmio/librpmio.la -rpmq_LDADD += @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ +rpmq_LDADD += @WITH_LIBELF_LIB@ @WITH_NSS_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ rpm2cpio_SOURCES = rpm2cpio.c debug.h system.h rpm2cpio_LDADD = lib/librpm.la rpmdb/librpmdb.la rpmio/librpmio.la -rpm2cpio_LDADD += @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ +rpm2cpio_LDADD += @WITH_LIBELF_LIB@ @WITH_NSS_LIB@ @WITH_POPT_LIB@ @WITH_ZLIB_LIB@ if LIBELF @@ -120,7 +120,8 @@ rpmconfig_SCRIPTS += scripts/find-debuginfo.sh rpmlibexec_PROGRAMS += debugedit debugedit_SOURCES = tools/debugedit.c tools/hashtab.c tools/hashtab.h -debugedit_LDADD = @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ @WITH_POPT_LIB@ +debugedit_LDADD = rpmio/librpmio.la +debugedit_LDADD += @WITH_LIBELF_LIB@ @WITH_POPT_LIB@ endif endif diff --git a/build/Makefile.am b/build/Makefile.am index c770cf353..36db3774e 100644 --- a/build/Makefile.am +++ b/build/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS += -I$(top_srcdir)/build AM_CPPFLAGS += -I$(top_srcdir)/lib AM_CPPFLAGS += -I$(top_builddir)/rpmdb -I$(top_srcdir)/rpmdb AM_CPPFLAGS += -I$(top_srcdir)/rpmio -AM_CPPFLAGS += @WITH_BEECRYPT_INCLUDE@ +AM_CPPFLAGS += @WITH_NSS_INCLUDE@ AM_CPPFLAGS += @WITH_MAGIC_INCLUDE@ AM_CPPFLAGS += @WITH_POPT_INCLUDE@ AM_CPPFLAGS += @WITH_LIBELF_INCLUDE@ diff --git a/build/rpmfc.c b/build/rpmfc.c index ec6baff4c..2cf48d842 100644 --- a/build/rpmfc.c +++ b/build/rpmfc.c @@ -51,6 +51,12 @@ struct rpmfc_s { }; +/** + */ +struct rpmfcTokens_s { + const char * token; + int colors; +}; /** */ diff --git a/build/rpmfc.h b/build/rpmfc.h index c77faa95a..5a2a34389 100644 --- a/build/rpmfc.h +++ b/build/rpmfc.h @@ -62,13 +62,6 @@ typedef enum FCOLOR_e FCOLOR_t; /** */ -struct rpmfcTokens_s { - const char * token; - int colors; -}; - -/** - */ typedef struct rpmfcTokens_s * rpmfcToken; /** diff --git a/configure.ac b/configure.ac index a9423d123..d79e10a0b 100644 --- a/configure.ac +++ b/configure.ac @@ -351,22 +351,32 @@ AC_CHECK_HEADERS([dwarf.h], [ AM_CONDITIONAL(LIBDWARF,[test "$WITH_LIBDWARF" = yes]) #================= -# Check for beecrypt library. -WITH_BEECRYPT_INCLUDE= -WITH_BEECRYPT_LIB= -AC_CHECK_HEADERS([beecrypt/beecrypt.h], [ - AC_CHECK_LIB(beecrypt, mpfprintln, [ - AC_CHECK_HEADERS([beecrypt/api.h]) - WITH_BEECRYPT_INCLUDE= - WITH_BEECRYPT_LIB="-lbeecrypt" - ],[ - AC_MSG_ERROR([missing required library beecrypt]) +# Check for NSS library. +WITH_NSS_INCLUDE= +WITH_NSS_LIB= +check=`pkg-config --version 2>/dev/null` +if test -n "$check"; then + addlib=$(pkg-config --libs nss | sed 's/-lsmime3//;s/-lssl3//') + addcppflags=$(pkg-config --cflags nss) +else +# Without pkg-config, we'll kludge in some defaults + addlib="-lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" + addcppflags="-I/usr/include/nss3 -I/usr/include/nspr4" +fi +save_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$save_CPPFLAGS $addcppflags" +AC_CHECK_HEADER([nss3/nss.h], [ + AC_CHECK_LIB(nss3, NSS_NoDB_Init, [ + AC_DEFINE(HAVE_LIBNSS, 1, [Define to 1 if you have the 'NSS' library (-lnss3).]) + WITH_NSS_INCLUDE="$addcppflags" + WITH_NSS_LIB="$addlib" ]) ],[ - AC_MSG_ERROR([missing required header beecrypt/beecrypt.h]) + AC_MSG_ERROR([missing required header nss3/nss.h]) ]) -AC_SUBST(WITH_BEECRYPT_INCLUDE) -AC_SUBST(WITH_BEECRYPT_LIB) +CPPFLAGS="$save_CPPFLAGS" +AC_SUBST(WITH_NSS_INCLUDE) +AC_SUBST(WITH_NSS_LIB) #================= # Check for magic library. diff --git a/lib/Makefile.am b/lib/Makefile.am index 89b0f7b5f..0fbfcd379 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) AM_CPPFLAGS += -I$(top_srcdir)/lib AM_CPPFLAGS += -I$(top_builddir)/rpmdb -I$(top_srcdir)/rpmdb AM_CPPFLAGS += -I$(top_srcdir)/rpmio -AM_CPPFLAGS += @WITH_BEECRYPT_INCLUDE@ +AM_CPPFLAGS += @WITH_NSS_INCLUDE@ AM_CPPFLAGS += @WITH_POPT_INCLUDE@ AM_CPPFLAGS += -I$(top_srcdir)/misc AM_CPPFLAGS += -DLOCALEDIR="\"$(localedir)\"" @@ -33,7 +33,7 @@ librpm_la_LDFLAGS = -release 4.4 librpm_la_LIBADD = \ $(top_builddir)/rpmdb/librpmdb.la \ $(top_builddir)/rpmio/librpmio.la \ - @WITH_BEECRYPT_LIB@ \ + @WITH_NSS_LIB@ \ @WITH_POPT_LIB@ \ @WITH_SELINUX_LIB@ \ @LIBINTL@ diff --git a/lib/formats.c b/lib/formats.c index 76594cf95..3f93dfebe 100644 --- a/lib/formats.c +++ b/lib/formats.c @@ -190,20 +190,16 @@ static char * base64Format(int32_t type, const void * data, int lc; /* XXX HACK ALERT: element field abused as no. bytes of binary data. */ size_t ns = element; - size_t nt = ((ns + 2) / 3) * 4; - - /* Add additional bytes necessary for eol string(s). */ - if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) { - lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line; - if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0) - ++lc; - nt += lc * strlen(b64encode_eolstr); + size_t nt = 0; + + if ((enc = b64encode(data, ns, -1)) != NULL) { + nt = strlen(enc); } val = t = xmalloc(nt + padding + 1); *t = '\0'; - if ((enc = b64encode(data, ns)) != NULL) { + if (enc != NULL) { t = stpcpy(t, enc); enc = _free(enc); } @@ -277,10 +273,13 @@ static char * xmlFormat(int32_t type, const void * data, xtag = "string"; break; case RPM_BIN_TYPE: - { int cpl = b64encode_chars_per_line; - b64encode_chars_per_line = 0; - s = base64Format(type, data, formatPrefix, padding, element); - b64encode_chars_per_line = cpl; + { + /* XXX HACK ALERT: element field abused as no. bytes of binary data. */ + size_t ns = element; + if ((s = b64encode(data, ns, 0)) == NULL) { + /* XXX proper error handling would be better. */ + s = xcalloc(1, padding + (ns / 3) * 4 + 1); + } xtag = "base64"; } break; case RPM_CHAR_TYPE: diff --git a/lib/misc.c b/lib/misc.c index 4e7d4ff13..8a59a56f1 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -11,7 +11,6 @@ const char * RPMVERSION = VERSION; #include "rpmmacro.h" /* XXX for rpmGetPath */ #include "rpmlib.h" #include "rpmerr.h" -#include "legacy.h" #include "misc.h" #include "debug.h" diff --git a/lib/package.c b/lib/package.c index 9deeb80bc..525c5d7a5 100644 --- a/lib/package.c +++ b/lib/package.c @@ -929,11 +929,9 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) fddig->hashctx = NULL; break; case PGPHASHALGO_SHA1: -#if HAVE_BEECRYPT_API_H case PGPHASHALGO_SHA256: case PGPHASHALGO_SHA384: case PGPHASHALGO_SHA512: -#endif dig->sha1ctx = fddig->hashctx; fddig->hashctx = NULL; break; diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index 46abd8297..57b2440b9 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -518,11 +518,9 @@ assert(dig->md5ctx == NULL); fddig->hashctx = NULL; break; case PGPHASHALGO_SHA1: -#if HAVE_BEECRYPT_API_H case PGPHASHALGO_SHA256: case PGPHASHALGO_SHA384: case PGPHASHALGO_SHA512: -#endif assert(dig->sha1ctx == NULL); dig->sha1ctx = fddig->hashctx; fddig->hashctx = NULL; diff --git a/lib/rpmfi.c b/lib/rpmfi.c index 5c105b440..267c56a1d 100644 --- a/lib/rpmfi.c +++ b/lib/rpmfi.c @@ -22,7 +22,6 @@ #include "legacy.h" /* XXX domd5 */ #include "misc.h" /* XXX stripTrailingChar */ #include "rpmmacro.h" /* XXX rpmCleanPath */ -#include "legacy.h" #include "debug.h" diff --git a/lib/rpmts.c b/lib/rpmts.c index 13a7626b9..31ad5b534 100644 --- a/lib/rpmts.c +++ b/lib/rpmts.c @@ -4,7 +4,7 @@ */ #include "system.h" -#include "rpmio_internal.h" /* XXX for pgp and beecrypt */ +#include "rpmio_internal.h" /* XXX for pgp */ #include "rpmlib.h" #include "rpmmacro.h" /* XXX rpmtsOpenDB() needs rpmGetPath */ @@ -483,7 +483,7 @@ rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, ssize_t pktle if (rpmtsOpenDB(ts, (O_RDWR|O_CREAT))) return RPMRC_FAIL; - if ((enc = b64encode(pkt, pktlen)) == NULL) + if ((enc = b64encode(pkt, pktlen, -1)) == NULL) goto exit; dig = pgpNewDig(); diff --git a/lib/signature.c b/lib/signature.c index 9644dcc9e..a839232a1 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -1093,9 +1093,10 @@ verifyRSASignature(rpmts ts, char * t, int32_t sigtag = rpmtsSigtag(ts); pgpDig dig = rpmtsDig(ts); pgpDigParams sigp = rpmtsSignature(ts); - const char * prefix = NULL; + SECOidTag sigalg; rpmRC res = RPMRC_OK; int xx; + SECItem digest; *t = '\0'; if (dig != NULL && dig->hdrmd5ctx == md5ctx) @@ -1125,43 +1126,40 @@ verifyRSASignature(rpmts ts, char * t, switch (sigp->hash_algo) { case PGPHASHALGO_MD5: t = stpcpy(t, " RSA/MD5"); - prefix = "3020300c06082a864886f70d020505000410"; + sigalg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break; case PGPHASHALGO_SHA1: t = stpcpy(t, " RSA/SHA1"); - prefix = "3021300906052b0e03021a05000414"; + sigalg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break; case PGPHASHALGO_RIPEMD160: res = RPMRC_NOKEY; - prefix = NULL; break; case PGPHASHALGO_MD2: t = stpcpy(t, " RSA/MD2"); - prefix = "3020300c06082a864886f70d020205000410"; + sigalg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; break; case PGPHASHALGO_TIGER192: res = RPMRC_NOKEY; - prefix = NULL; break; case PGPHASHALGO_HAVAL_5_160: res = RPMRC_NOKEY; - prefix = NULL; break; case PGPHASHALGO_SHA256: t = stpcpy(t, " RSA/SHA256"); - prefix = "3031300d060960864801650304020105000420"; + sigalg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; case PGPHASHALGO_SHA384: t = stpcpy(t, " RSA/SHA384"); - prefix = "3041300d060960864801650304020205000430"; + sigalg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; break; case PGPHASHALGO_SHA512: t = stpcpy(t, " RSA/SHA512"); - prefix = "3051300d060960864801650304020305000440"; + sigalg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; break; default: res = RPMRC_NOKEY; - prefix = NULL; + sigalg = SEC_OID_UNKNOWN; break; } @@ -1172,8 +1170,6 @@ verifyRSASignature(rpmts ts, char * t, (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); { DIGEST_CTX ctx = rpmDigestDup(md5ctx); - byte signhash16[2]; - const char * s; if (sigp->hash != NULL) xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); @@ -1190,40 +1186,18 @@ verifyRSASignature(rpmts ts, char * t, } #endif - xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 1); + xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 0); (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen); rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */ /* Compare leading 16 bits of digest for quick check. */ - s = dig->md5; - signhash16[0] = (nibble(s[0]) << 4) | nibble(s[1]); - signhash16[1] = (nibble(s[2]) << 4) | nibble(s[3]); - if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { + if (memcmp(dig->md5, sigp->signhash16, 2)) { res = RPMRC_FAIL; goto exit; } - } - - /* Generate RSA modulus parameter. */ - { unsigned int nbits = MP_WORDS_TO_BITS(dig->c.size); - unsigned int nb = (nbits + 7) >> 3; - const char * hexstr; - char * tt; - -assert(prefix != NULL); - hexstr = tt = xmalloc(2 * nb + 1); - memset(tt, 'f', (2 * nb)); - tt[0] = '0'; tt[1] = '0'; - tt[2] = '0'; tt[3] = '1'; - tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2; - *tt++ = '0'; *tt++ = '0'; - tt = stpcpy(tt, prefix); - tt = stpcpy(tt, dig->md5); - - mpnzero(&dig->rsahm); (void) mpnsethex(&dig->rsahm, hexstr); - - hexstr = _free(hexstr); - + digest.type = siBuffer; + digest.data = dig->md5; + digest.len = dig->md5len; } /* Retrieve the matching public key. */ @@ -1232,12 +1206,7 @@ assert(prefix != NULL); goto exit; (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0); -#if HAVE_BEECRYPT_API_H - xx = rsavrfy(&dig->rsa_pk.n, &dig->rsa_pk.e, &dig->c, &dig->rsahm); -#else - xx = rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c); -#endif - if (xx) + if (VFY_VerifyDigest(&digest, dig->rsa, dig->rsasig, sigalg, NULL) == SECSuccess) res = RPMRC_OK; else res = RPMRC_FAIL; @@ -1274,6 +1243,7 @@ verifyDSASignature(rpmts ts, char * t, pgpDigParams sigp = rpmtsSignature(ts); rpmRC res; int xx; + SECItem digest; *t = '\0'; if (dig != NULL && dig->hdrsha1ctx == sha1ctx) @@ -1301,7 +1271,6 @@ verifyDSASignature(rpmts ts, char * t, (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); { DIGEST_CTX ctx = rpmDigestDup(sha1ctx); - byte signhash16[2]; if (sigp->hash != NULL) xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); @@ -1315,19 +1284,18 @@ verifyDSASignature(rpmts ts, char * t, memcpy(trailer+2, &nb, sizeof(nb)); xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer)); } - xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1); + xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0); (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen); rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */ - mpnzero(&dig->hm); (void) mpnsethex(&dig->hm, dig->sha1); - /* Compare leading 16 bits of digest for quick check. */ - signhash16[0] = (*dig->hm.data >> 24) & 0xff; - signhash16[1] = (*dig->hm.data >> 16) & 0xff; - if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { + if (memcmp(dig->sha1, sigp->signhash16, 2)) { res = RPMRC_FAIL; goto exit; } + digest.type = siBuffer; + digest.data = dig->sha1; + digest.len = dig->sha1len; } /* Retrieve the matching public key. */ @@ -1336,8 +1304,8 @@ verifyDSASignature(rpmts ts, char * t, goto exit; (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0); - if (dsavrfy(&dig->p, &dig->q, &dig->g, - &dig->hm, &dig->y, &dig->r, &dig->s)) + if (VFY_VerifyDigest(&digest, dig->dsa, dig->dsasig, + SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, NULL) == SECSuccess) res = RPMRC_OK; else res = RPMRC_FAIL; @@ -651,7 +651,7 @@ print (t)\ pgps +batchmode=on +verbose=0 +armor=off \ "+myname=%{_pgp_name}" -b %{__plaintext_filename} -o %{__signature_filename} -# XXX rpm-4.1 verifies signatures using beecrypt. +# XXX rpm >= 4.1 verifies signatures internally #%__gpg_verify_cmd %{__gpg} \ # gpg --batch --no-verbose --verify --no-secmem-warning \ # %{__signature_filename} %{__plaintext_filename} diff --git a/python/Makefile.am b/python/Makefile.am index 137f0f613..9c3715590 100644 --- a/python/Makefile.am +++ b/python/Makefile.am @@ -10,7 +10,7 @@ AM_CPPFLAGS += -I$(top_srcdir)/lib AM_CPPFLAGS += -I$(top_srcdir)/rpmdb AM_CPPFLAGS += -I$(top_srcdir)/rpmio AM_CPPFLAGS += @WITH_LIBELF_INCLUDE@ -AM_CPPFLAGS += @WITH_BEECRYPT_INCLUDE@ +AM_CPPFLAGS += @WITH_NSS_INCLUDE@ AM_CPPFLAGS += @WITH_POPT_INCLUDE@ AM_CPPFLAGS += -I$(top_srcdir)/misc AM_CPPFLAGS += -I@WITH_PYTHON_INCLUDE@ @@ -24,7 +24,7 @@ _rpmmodule_la_LIBADD = \ $(top_builddir)/lib/librpm.la \ $(top_builddir)/rpmdb/librpmdb.la \ $(top_builddir)/rpmio/librpmio.la \ - @WITH_BEECRYPT_LIB@ \ + @WITH_NSS_LIB@ \ @WITH_POPT_LIB@ \ @WITH_LIBELF_LIB@ \ @WITH_PYTHON_LIB@ @@ -12,4 +12,4 @@ URL: http://rpm.org # Conflicts: Cflags: -I${includedir}/rpm Libs: -L${libdir} -lrpmbuild -lrpm -lrpmdb -lrpmio -lrpmmisc -Libs.private: -lpopt -lmagic -lbeecrypt -lrt -lpthread @WITH_SELINUX_LIB@ @WITH_SQLITE3_LIB@ @WITH_DB_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ +Libs.private: -lpopt -lmagic -lrt -lpthread @WITH_SELINUX_LIB@ @WITH_SQLITE3_LIB@ @WITH_DB_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @WITH_NSS_LIB@ diff --git a/rpmdb/Makefile.am b/rpmdb/Makefile.am index 587363763..1ac822d74 100644 --- a/rpmdb/Makefile.am +++ b/rpmdb/Makefile.am @@ -7,7 +7,7 @@ AM_CPPFLAGS += -I$(top_builddir)/rpmdb -I$(top_srcdir)/rpmdb AM_CPPFLAGS += -I$(top_srcdir)/build AM_CPPFLAGS += -I$(top_srcdir)/lib AM_CPPFLAGS += -I$(top_srcdir)/rpmio -AM_CPPFLAGS += @WITH_BEECRYPT_INCLUDE@ +AM_CPPFLAGS += @WITH_NSS_INCLUDE@ AM_CPPFLAGS += @WITH_POPT_INCLUDE@ AM_CPPFLAGS += -I$(top_srcdir)/misc AM_CPPFLAGS += @WITH_SQLITE3_INCLUDE@ @@ -34,7 +34,7 @@ endif librpmdb_la_LDFLAGS = -release 4.4 librpmdb_la_LIBADD = \ $(top_builddir)/rpmio/librpmio.la \ - @WITH_BEECRYPT_LIB@ \ + @WITH_NSS_LIB@ \ @WITH_POPT_LIB@ \ @WITH_SQLITE3_LIB@ \ @WITH_LIBELF_LIB@ @@ -177,4 +177,4 @@ tdbi_LDADD = librpmdb.la check_PROGRAMS += tjfn tjfn_SOURCES = tjfn.c -tjfn_LDADD = librpmdb.la @WITH_BEECRYPT_LIB@ +tjfn_LDADD = librpmdb.la @WITH_NSS_LIB@ diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am index a4770496f..8878e7bde 100644 --- a/rpmio/Makefile.am +++ b/rpmio/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) AM_CPPFLAGS += -I$(top_srcdir)/rpmio -AM_CPPFLAGS += @WITH_BEECRYPT_INCLUDE@ +AM_CPPFLAGS += @WITH_NSS_INCLUDE@ AM_CPPFLAGS += @WITH_LUA_INCLUDE@ AM_CPPFLAGS += @WITH_POPT_INCLUDE@ AM_CPPFLAGS += -I$(top_srcdir)/misc @@ -11,14 +11,14 @@ AM_CPPFLAGS += -DRPMCONFIGDIR="\"@RPMCONFIGDIR@\"" usrlibdir = $(libdir) usrlib_LTLIBRARIES = librpmio.la librpmio_la_SOURCES = \ - argv.c digest.c fts.c macro.c \ + argv.c base64.c digest.c fts.c macro.c \ rpmhook.c rpmio.c rpmlog.c rpmlua.c rpmmalloc.c \ rpmpgp.c rpmrpc.c rpmsq.c rpmsw.c strcasecmp.c url.c ugid.c \ rpmio_internal.h rpmlua.h rpmhook.h ugid.h fts.h rpmerr.h librpmio_la_LDFLAGS = -release 4.4 librpmio_la_LIBADD = \ ../misc/libmisc.la \ - @WITH_BEECRYPT_LIB@ \ + @WITH_NSS_LIB@ \ @WITH_LUA_LIB@ \ @WITH_MAGIC_LIB@ \ @WITH_BZ2_LIB@ \ @@ -51,10 +51,6 @@ check_PROGRAMS += tglob tglob_SOURCES = tglob.c rpmio_internal.h tglob_LDADD = librpmio.la @WITH_POPT_LIB@ -check_PROGRAMS += tinv -tinv_SOURCES = tinv.c -tinv_LDADD = librpmio.la @WITH_POPT_LIB@ - check_PROGRAMS += tkey tkey_SOURCES = tkey.c rpmio_internal.h tkey_LDADD = librpmio.la @WITH_POPT_LIB@ diff --git a/rpmio/base64.c b/rpmio/base64.c new file mode 100644 index 000000000..c9b689555 --- /dev/null +++ b/rpmio/base64.c @@ -0,0 +1,254 @@ +/* base64 encoder/decoder based on public domain implementation + * by Chris Venter */ + +#include <arpa/inet.h> +#include <stdlib.h> +#include "base64.h" + +static char base64_encode_value(char value_in) +{ + static const char encoding[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + if (value_in > 63) return '='; + return encoding[(int)value_in]; +} + +static char *base64_encode_block(const char *plaintext_in, int length_in, char *codechar) +{ + const char *plainchar = plaintext_in; + const char *const plaintextend = plaintext_in + length_in; + char result; + char fragment; + + while (1) { + if (plainchar == plaintextend) { + return codechar; + } + fragment = *plainchar++; + result = (fragment & 0x0fc) >> 2; + *codechar++ = base64_encode_value(result); + result = (fragment & 0x003) << 4; + if (plainchar == plaintextend) + { + *codechar++ = base64_encode_value(result); + *codechar++ = '='; + *codechar++ = '='; + return codechar; + } + fragment = *plainchar++; + result |= (fragment & 0x0f0) >> 4; + *codechar++ = base64_encode_value(result); + result = (fragment & 0x00f) << 2; + if (plainchar == plaintextend) + { + *codechar++ = base64_encode_value(result); + *codechar++ = '='; + return codechar; + } + fragment = *plainchar++; + result |= (fragment & 0x0c0) >> 6; + *codechar++ = base64_encode_value(result); + result = (fragment & 0x03f) >> 0; + *codechar++ = base64_encode_value(result); + } + /* control should not reach here */ + return codechar; +} + +#define BASE64_DEFAULT_LINE_LENGTH 64 + +char *b64encode(const void *data, size_t len, int linelen) +{ + size_t encodedlen; + const char *dataptr = data; + char *output; + char *outptr; + + if (data == NULL) + return NULL; + + if (linelen < 0) + linelen = BASE64_DEFAULT_LINE_LENGTH; + + linelen /= 4; + encodedlen = ((len + 2) / 3) * 4; + if (linelen > 0) { + encodedlen += encodedlen/(linelen * 4) + 1; + } + ++encodedlen; /* for zero termination */ + + output = malloc(encodedlen); + if (output == NULL) + return NULL; + + outptr = output; + while (len > 0) { + if (linelen > 0 && len > linelen * 3) { + outptr = base64_encode_block(dataptr, linelen * 3, outptr); + len -= linelen * 3; + dataptr += linelen * 3; + } else { + outptr = base64_encode_block(dataptr, len, outptr); + len = 0; + } + if (linelen > 0) { + *outptr++ = '\n'; + } + } + *outptr = '\0'; + return output; +} + +static int base64_decode_value(char value_in) +{ + static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51}; + static const char decoding_size = sizeof(decoding); + value_in -= 43; + if (value_in < 0 || value_in > decoding_size) + return -1; + return decoding[(int)value_in]; +} + +static size_t base64_decode_block(const char *code_in, const size_t length_in, char *plaintext_out) +{ + const char *codechar = code_in; + char *plainchar = plaintext_out; + char fragment; + + *plainchar = 0; + + while (1) + { + do { + if (codechar == code_in+length_in) + { + return plainchar - plaintext_out; + } + fragment = (char)base64_decode_value(*codechar++); + } while (fragment < 0); + *plainchar = (fragment & 0x03f) << 2; + + do { + if (codechar == code_in+length_in) + { + return plainchar - plaintext_out; + } + fragment = (char)base64_decode_value(*codechar++); + } while (fragment < 0); + *plainchar++ |= (fragment & 0x030) >> 4; + *plainchar = (fragment & 0x00f) << 4; + + do { + if (codechar == code_in+length_in) + { + return plainchar - plaintext_out; + } + fragment = (char)base64_decode_value(*codechar++); + } while (fragment < 0); + *plainchar++ |= (fragment & 0x03c) >> 2; + *plainchar = (fragment & 0x003) << 6; + + do { + if (codechar == code_in+length_in) + { + return plainchar - plaintext_out; + } + fragment = (char)base64_decode_value(*codechar++); + } while (fragment < 0); + *plainchar++ |= (fragment & 0x03f); + } + /* control should not reach here */ + return plainchar - plaintext_out; +} + +int b64decode(const char *in, void **out, size_t *outlen) +{ + size_t outcnt = 0; + const char *inptr = in; + + *out = NULL; + + if (in == NULL) { + return 1; + } + + while (*inptr != '\0') { + /* assume all ASCII control chars as whitespace */ + if (*inptr > 32) { + if (base64_decode_value(*inptr) != -1) { + ++outcnt; + } else { + return 3; + } + } + ++inptr; + } + + if (outcnt % 4 != 0) + return 2; + + outcnt = (outcnt / 4) * 3; + + *out = malloc(outcnt + 1); /* base64_decode_block can write one extra character */ + + if (*out == NULL) + return 4; + + *outlen = base64_decode_block(in, inptr - in, *out); + + return 0; +} + +#define CRC24_INIT 0xb704ce +#define CRC24_POLY 0x1864cfb + +char *b64crc(const unsigned char *data, size_t len) +{ + uint32_t crc = CRC24_INIT; + int i; + + while (len--) { + crc ^= (*data++) << 16; + for (i = 0; i < 8; i++) { + crc <<= 1; + if (crc & 0x1000000) + crc ^= CRC24_POLY; + } + } + crc = htonl(crc & 0xffffff); + data = (unsigned char *)&crc; + ++data; + return b64encode(data, 3, 0); +} + +#ifdef BASE64_TEST +#include <stdio.h> +#include <string.h> + +int main(int argc, char *argv[]) +{ + static char tst[]="wtrt8122čLýáj\x20s ~ýhž\t4\x02šjjmBvž^%$RTš#á.íěj\x1hčýčŤc+"; + char *encoded; + void *decoded; + size_t size; + int err; + printf("Original: %lu\n%s\n", sizeof(tst)-1, tst); + encoded = b64encode(tst, sizeof(tst)-1, 64); + printf("Encoded: %lu\n%s\n", strlen(encoded), encoded); + if ((err = b64decode(encoded, &decoded, &size)) != 0) { + fprintf(stderr, "Error in decode: %d\n", err); + return 1; + } + printf("Decoded:\n%.*s\n", (int)size, (char *)decoded); + if (size != sizeof(tst)-1) { + fprintf(stderr, "Size differs orig: %lu new: %lu\n", sizeof(tst)-1, size); + return 1; + } + if (memcmp(tst, decoded, size) != 0) { + fprintf(stderr, "Decoded data differs.\n"); + return 1; + } + fprintf(stderr, "OK\n"); + return 0; +} +#endif + diff --git a/rpmio/base64.h b/rpmio/base64.h new file mode 100644 index 000000000..79ae0b649 --- /dev/null +++ b/rpmio/base64.h @@ -0,0 +1,29 @@ +/* base64 encoder/decoder based on public domain implementation + * by Chris Venter */ + +#include <sys/types.h> + +/* returns malloced base64 encoded string + * lines are split with \n characters to be nearest lower multiple of linelen + * if linelen/4 == 0 lines are not split + * if linelen < 0 default line length (64) is used + * the returned string is empty when len == 0 + * returns NULL on failures + */ +char *b64encode(const void *data, size_t len, int linelen); + +/* decodes from zero terminated base64 encoded string to a newly malloced buffer + * ignores whitespace characters in the input string + * return values: + * 0 - OK + * 1 - input is NULL + * 2 - invalid length + * 3 - invalid characters on input + * 4 - malloc failed + */ +int b64decode(const char *in, void **out, size_t *outlen); + +/* counts CRC24 and base64 encodes it in a malloced string + * returns NULL on failures + */ +char *b64crc(const unsigned char *data, size_t len); diff --git a/rpmio/digest.c b/rpmio/digest.c index c846fd942..d5c4de755 100644 --- a/rpmio/digest.c +++ b/rpmio/digest.c @@ -18,13 +18,7 @@ */ struct DIGEST_CTX_s { rpmDigestFlags flags; /*!< Bit(s) to control digest operation. */ - uint32_t datalen; /*!< No. bytes in block of plaintext data. */ - uint32_t paramlen; /*!< No. bytes of digest parameters. */ - uint32_t digestlen; /*!< No. bytes of digest. */ - void * param; /*!< Digest parameters. */ - int (*Reset) (void * param); /*!< Digest initialize. */ - int (*Update) (void * param, const byte * data, size_t size); /*!< Digest transform. */ - int (*Digest) (void * param, byte * digest); /*!< Digest finish. */ + HASHContext *hashctx; /*!< Internal NSS hash context. */ }; DIGEST_CTX @@ -32,132 +26,132 @@ rpmDigestDup(DIGEST_CTX octx) { DIGEST_CTX nctx; nctx = memcpy(xcalloc(1, sizeof(*nctx)), octx, sizeof(*nctx)); - nctx->param = memcpy(xcalloc(1, nctx->paramlen), octx->param, nctx->paramlen); + nctx->hashctx = HASH_Clone(octx->hashctx); + if (nctx->hashctx == NULL) { + fprintf(stderr, "HASH_Clone failed\n"); + exit(EXIT_FAILURE); /* FIX: callers do not bother checking error return */ + } return nctx; } -DIGEST_CTX -rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) +static HASH_HashType +getHashType(pgpHashAlgo hashalgo) { - DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); - int xx; - - ctx->flags = flags; - switch (hashalgo) { case PGPHASHALGO_MD5: - ctx->digestlen = 16; - ctx->datalen = 64; -/* FIX: union, not void pointer */ - ctx->paramlen = sizeof(md5Param); - ctx->param = xcalloc(1, ctx->paramlen); -/* FIX: cast? */ - ctx->Reset = (void *) md5Reset; - ctx->Update = (void *) md5Update; - ctx->Digest = (void *) md5Digest; + return HASH_AlgMD5; break; case PGPHASHALGO_SHA1: - ctx->digestlen = 20; - ctx->datalen = 64; -/* FIX: union, not void pointer */ - ctx->paramlen = sizeof(sha1Param); - ctx->param = xcalloc(1, ctx->paramlen); -/* FIX: cast? */ - ctx->Reset = (void *) sha1Reset; - ctx->Update = (void *) sha1Update; - ctx->Digest = (void *) sha1Digest; + return HASH_AlgSHA1; break; -#if HAVE_BEECRYPT_API_H case PGPHASHALGO_SHA256: - ctx->digestlen = 32; - ctx->datalen = 64; -/* FIX: union, not void pointer */ - ctx->paramlen = sizeof(sha256Param); - ctx->param = xcalloc(1, ctx->paramlen); -/* FIX: cast? */ - ctx->Reset = (void *) sha256Reset; - ctx->Update = (void *) sha256Update; - ctx->Digest = (void *) sha256Digest; + return HASH_AlgSHA256; break; case PGPHASHALGO_SHA384: - ctx->digestlen = 48; - ctx->datalen = 128; -/* FIX: union, not void pointer */ - ctx->paramlen = sizeof(sha384Param); - ctx->param = xcalloc(1, ctx->paramlen); -/* FIX: cast? */ - ctx->Reset = (void *) sha384Reset; - ctx->Update = (void *) sha384Update; - ctx->Digest = (void *) sha384Digest; + return HASH_AlgSHA384; break; case PGPHASHALGO_SHA512: - ctx->digestlen = 64; - ctx->datalen = 128; -/* FIX: union, not void pointer */ - ctx->paramlen = sizeof(sha512Param); - ctx->param = xcalloc(1, ctx->paramlen); -/* FIX: cast? */ - ctx->Reset = (void *) sha512Reset; - ctx->Update = (void *) sha512Update; - ctx->Digest = (void *) sha512Digest; + return HASH_AlgSHA512; break; -#endif case PGPHASHALGO_RIPEMD160: case PGPHASHALGO_MD2: case PGPHASHALGO_TIGER192: case PGPHASHALGO_HAVAL_5_160: default: + return HASH_AlgNULL; + break; + } +} + +size_t +rpmDigestLength(pgpHashAlgo hashalgo) +{ + return HASH_ResultLen(getHashType(hashalgo)); +} + +DIGEST_CTX +rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) +{ + HASH_HashType type; + DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); + + if (NSS_NoDB_Init(NULL) != SECSuccess) + return NULL; + + ctx->flags = flags; + + type = getHashType(hashalgo); + if (type == HASH_AlgNULL) { free(ctx); return NULL; - break; } - xx = (*ctx->Reset) (ctx->param); + ctx->hashctx = HASH_Create(type); + if (ctx->hashctx == NULL) { + free(ctx); + return NULL; + } -DPRINTF((stderr, "*** Init(%x) ctx %p param %p\n", flags, ctx, ctx->param)); + HASH_Begin(ctx->hashctx); + +DPRINTF((stderr, "*** Init(%x) ctx %p hashctx %p\n", flags, ctx, ctx->hashctx)); return ctx; } int rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len) { + unsigned int partlen; + const unsigned char *ptr = data; + if (ctx == NULL) return -1; -DPRINTF((stderr, "*** Update(%p,%p,%d) param %p \"%s\"\n", ctx, data, len, ctx->param, ((char *)data))); - return (*ctx->Update) (ctx->param, data, len); +DPRINTF((stderr, "*** Update(%p,%p,%d) hashctx %p \"%s\"\n", ctx, data, len, ctx->hashctx, ((char *)data))); + partlen = ~(unsigned int)0xFF; + while (len > 0) { + if (len < partlen) { + partlen = (unsigned int)len; + } + HASH_Update(ctx->hashctx, ptr, partlen); + ptr += partlen; + len -= partlen; + } + return 0; } int rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii) { - byte * digest; + unsigned char * digest; char * t; int i; + unsigned int digestlen; if (ctx == NULL) return -1; - digest = xmalloc(ctx->digestlen); + digestlen = HASH_ResultLenContext(ctx->hashctx); + digest = xmalloc(digestlen); -DPRINTF((stderr, "*** Final(%p,%p,%p,%d) param %p digest %p\n", ctx, datap, lenp, asAscii, ctx->param, digest)); +DPRINTF((stderr, "*** Final(%p,%p,%p,%d) hashctx %p digest %p\n", ctx, datap, lenp, asAscii, ctx->hashctx, digest)); /* FIX: check rc */ - (void) (*ctx->Digest) (ctx->param, digest); + HASH_End(ctx->hashctx, digest, &digestlen, digestlen); /* Return final digest. */ if (!asAscii) { - if (lenp) *lenp = ctx->digestlen; + if (lenp) *lenp = digestlen; if (datap) { *datap = digest; digest = NULL; } } else { - if (lenp) *lenp = (2*ctx->digestlen) + 1; + if (lenp) *lenp = (2*digestlen) + 1; if (datap) { const byte * s = (const byte *) digest; static const char hex[] = "0123456789abcdef"; - *datap = t = xmalloc((2*ctx->digestlen) + 1); - for (i = 0 ; i < ctx->digestlen; i++) { + *datap = t = xmalloc((2*digestlen) + 1); + for (i = 0 ; i < digestlen; i++) { *t++ = hex[ (unsigned)((*s >> 4) & 0x0f) ]; *t++ = hex[ (unsigned)((*s++ ) & 0x0f) ]; } @@ -165,11 +159,10 @@ DPRINTF((stderr, "*** Final(%p,%p,%p,%d) param %p digest %p\n", ctx, datap, lenp } } if (digest) { - memset(digest, 0, ctx->digestlen); /* In case it's sensitive */ + memset(digest, 0, digestlen); /* In case it's sensitive */ free(digest); } - memset(ctx->param, 0, ctx->paramlen); /* In case it's sensitive */ - free(ctx->param); + HASH_Destroy(ctx->hashctx); memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ free(ctx); return 0; diff --git a/rpmio/macro.c b/rpmio/macro.c index 8497b98ef..fc31367aa 100644 --- a/rpmio/macro.c +++ b/rpmio/macro.c @@ -25,6 +25,24 @@ #include "debug.h" +/*! The structure used to store a macro. */ +struct rpmMacroEntry_s { + struct rpmMacroEntry_s *prev;/*!< Macro entry stack. */ + const char *name; /*!< Macro name. */ + const char *opts; /*!< Macro parameters (a la getopt) */ + const char *body; /*!< Macro body. */ + int used; /*!< No. of expansions. */ + int level; /*!< Scoping level. */ +}; + +/*! The structure used to store the set of macros in a context. */ +struct rpmMacroContext_s { + rpmMacroEntry *macroTable; /*!< Macro entry table for context. */ + int macrosAllocated;/*!< No. of allocated macros. */ + int firstFree; /*!< No. of macros. */ +}; + + static struct rpmMacroContext_s rpmGlobalMacroContext_s; rpmMacroContext rpmGlobalMacroContext = &rpmGlobalMacroContext_s; diff --git a/rpmio/rpmio_internal.h b/rpmio/rpmio_internal.h index 315144027..2ddff69af 100644 --- a/rpmio/rpmio_internal.h +++ b/rpmio/rpmio_internal.h @@ -10,30 +10,14 @@ #include "rpmio.h" #include "rpmurl.h" -#if HAVE_BEECRYPT_API_H -#include <beecrypt/api.h> -#else -#include <beecrypt/beecrypt.api.h> -#endif - +#include "base64.h" #include "rpmpgp.h" #include "rpmsw.h" -/* Drag in the beecrypt includes. */ -#include <beecrypt/beecrypt.h> -#include <beecrypt/base64.h> -#include <beecrypt/dsa.h> -#include <beecrypt/endianness.h> -#include <beecrypt/md5.h> -#include <beecrypt/mp.h> -#include <beecrypt/rsa.h> -#include <beecrypt/rsapk.h> -#include <beecrypt/sha1.h> -#if HAVE_BEECRYPT_API_H -#include <beecrypt/sha256.h> -#include <beecrypt/sha384.h> -#include <beecrypt/sha512.h> -#endif +#include <nss.h> +#include <sechash.h> +#include <keyhi.h> +#include <cryptohi.h> /** \ingroup rpmio * Values parsed from OpenPGP signature/pubkey packet(s). @@ -78,20 +62,13 @@ struct pgpDig_s { void * md5; /*!< (rsa) V3 signature hash. */ size_t md5len; /*!< (rsa) V3 signature hash length. */ - /* DSA parameters. */ - mpbarrett p; - mpbarrett q; - mpnumber g; - mpnumber y; - mpnumber hm; - mpnumber r; - mpnumber s; - - /* RSA parameters. */ - rsapk rsa_pk; - mpnumber m; - mpnumber c; - mpnumber rsahm; + /* DSA parameters */ + SECKEYPublicKey *dsa; + SECItem *dsasig; + + /* RSA parameters */ + SECKEYPublicKey *rsa; + SECItem *rsasig; }; /** \ingroup rpmio diff --git a/rpmio/rpmmacro.h b/rpmio/rpmmacro.h index 171cdd7e7..9325cb35a 100644 --- a/rpmio/rpmmacro.h +++ b/rpmio/rpmmacro.h @@ -9,22 +9,9 @@ extern "C" { #endif -/*! The structure used to store a macro. */ -typedef struct rpmMacroEntry_s { - struct rpmMacroEntry_s *prev;/*!< Macro entry stack. */ - const char *name; /*!< Macro name. */ - const char *opts; /*!< Macro parameters (a la getopt) */ - const char *body; /*!< Macro body. */ - int used; /*!< No. of expansions. */ - int level; /*!< Scoping level. */ -} * rpmMacroEntry; - -/*! The structure used to store the set of macros in a context. */ -typedef struct rpmMacroContext_s { - rpmMacroEntry *macroTable; /*!< Macro entry table for context. */ - int macrosAllocated;/*!< No. of allocated macros. */ - int firstFree; /*!< No. of macros. */ -} * rpmMacroContext; +typedef struct rpmMacroEntry_s * rpmMacroEntry; + +typedef struct rpmMacroContext_s * rpmMacroContext; extern rpmMacroContext rpmGlobalMacroContext; diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index 1335d31cb..eb822843b 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -225,36 +225,97 @@ const char * pgpMpiHex(const byte *p) /** * @return 0 on success */ -static int pgpHexSet(const char * pre, int lbits, - mpnumber * mpn, const byte * p, const byte * pend) +static int pgpMpiSet(const char * pre, int lbits, + void *dest, const byte * p, const byte * pend) { unsigned int mbits = pgpMpiBits(p); unsigned int nbits; unsigned int nbytes; - char * t; + char *t = dest; unsigned int ix; if ((p + ((mbits+7) >> 3)) > pend) return 1; + if (mbits > lbits) + return 1; + nbits = (lbits > mbits ? lbits : mbits); nbytes = ((nbits + 7) >> 3); - t = xmalloc(2*nbytes+1); - ix = 2 * ((nbits - mbits) >> 3); + ix = (nbits - mbits) >> 3; if (_debug) -fprintf(stderr, "*** mbits %u nbits %u nbytes %u t %p[%d] ix %u\n", mbits, nbits, nbytes, t, (2*nbytes+1), ix); - if (ix > 0) memset(t, (int)'0', ix); - strcpy(t+ix, pgpMpiHex(p)); +fprintf(stderr, "*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits, nbytes, ix); + if (ix > 0) memset(t, '\0', ix); + memcpy(t+ix, p+2, nbytes-ix); if (_debug) -fprintf(stderr, "*** %s %s\n", pre, t); - (void) mpnsethex(mpn, t); - t = _free(t); -if (_debug && _print) -fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, mpn->size, mpn->data); +fprintf(stderr, "*** %s %s\n", pre, pgpHexStr(dest, nbytes)); + return 0; } +/** + * @return NULL on error + */ +static SECItem *pgpMpiItem(PRArenaPool *arena, SECItem *item, const byte *p) +{ + unsigned int nbytes = pgpMpiLen(p)-2; + + if (item == NULL) { + if ((item=SECITEM_AllocItem(arena, item, nbytes)) == NULL) + return item; + } else { + if (arena != NULL) + item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes); + else + item->data = PORT_Realloc(item->data, nbytes); + + if (item->data == NULL) { + if (arena == NULL) + SECITEM_FreeItem(item, PR_TRUE); + return NULL; + } + } + + memcpy(item->data, p+2, nbytes); + item->len = nbytes; + return item; +} +/*@=boundswrite@*/ + +static SECKEYPublicKey *pgpNewPublicKey(KeyType type) +{ + PRArenaPool *arena; + SECKEYPublicKey *key; + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) + return NULL; + + key = PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); + + if (key == NULL) { + PORT_FreeArena(arena, PR_FALSE); + return NULL; + } + + key->keyType = type; + key->pkcs11ID = CK_INVALID_HANDLE; + key->pkcs11Slot = NULL; + key->arena = arena; + return key; +} + +static SECKEYPublicKey *pgpNewRSAKey(void) +{ + return pgpNewPublicKey(rsaKey); +} + +static SECKEYPublicKey *pgpNewDSAKey(void) +{ + return pgpNewPublicKey(dsaKey); +} + int pgpPrtSubType(const byte *h, unsigned int hlen, pgpSigType sigtype) { const byte *p = h; @@ -359,12 +420,22 @@ static const char * pgpSigDSA[] = { NULL, }; +#ifndef DSA_SUBPRIME_LEN +#define DSA_SUBPRIME_LEN 20 +#endif + static int pgpPrtSigParams(pgpTag tag, byte pubkey_algo, byte sigtype, const byte *p, const byte *h, unsigned int hlen) { const byte * pend = h + hlen; int i; + SECItem dsaraw; + unsigned char dsabuf[2*DSA_SUBPRIME_LEN]; + dsaraw.type = 0; + dsaraw.data = dsabuf; + dsaraw.len = sizeof(dsabuf); + for (i = 0; p < pend; i++, p += pgpMpiLen(p)) { if (pubkey_algo == PGPPUBKEYALGO_RSA) { if (i >= 1) break; @@ -373,9 +444,9 @@ static int pgpPrtSigParams(pgpTag tag, byte pubkey_algo, byte sigtype, { switch (i) { case 0: /* m**d */ - (void) mpnsethex(&_dig->c, pgpMpiHex(p)); -if (_debug && _print) -fprintf(stderr, "\t m**d = "), mpfprintln(stderr, _dig->c.size, _dig->c.data); + _dig->rsasig = pgpMpiItem(NULL, _dig->rsasig, p); + if (_dig->rsasig == NULL) + return 1; break; default: break; @@ -390,11 +461,21 @@ fprintf(stderr, "\t m**d = "), mpfprintln(stderr, _dig->c.size, _dig->c.data); int xx; xx = 0; switch (i) { - case 0: /* r */ - xx = pgpHexSet(pgpSigDSA[i], 160, &_dig->r, p, pend); + case 0: + memset(dsaraw.data, '\0', 2*DSA_SUBPRIME_LEN); + /* r */ + xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data, p, pend); break; case 1: /* s */ - xx = pgpHexSet(pgpSigDSA[i], 160, &_dig->s, p, pend); + xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data + DSA_SUBPRIME_LEN, p, pend); + if (_dig->dsasig != NULL) + SECITEM_FreeItem(_dig->dsasig, PR_FALSE); + else if ((_dig->dsasig=SECITEM_AllocItem(NULL, NULL, 0)) == NULL) { + xx = 1; + break; + } + if (DSAU_EncodeDerSig(_dig->dsasig, &dsaraw) != SECSuccess) + xx = 1; break; default: xx = 1; @@ -573,16 +654,17 @@ static const byte * pgpPrtPubkeyParams(byte pubkey_algo, if (pubkey_algo == PGPPUBKEYALGO_RSA) { if (i >= 2) break; if (_dig) { + if (_dig->rsa == NULL) { + _dig->rsa = pgpNewRSAKey(); + if (_dig->rsa == NULL) + break; /* error abort? */ + } switch (i) { case 0: /* n */ - (void) mpbsethex(&_dig->rsa_pk.n, pgpMpiHex(p)); -if (_debug && _print) -fprintf(stderr, "\t n = "), mpfprintln(stderr, _dig->rsa_pk.n.size, _dig->rsa_pk.n.modl); + pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.modulus, p); break; case 1: /* e */ - (void) mpnsethex(&_dig->rsa_pk.e, pgpMpiHex(p)); -if (_debug && _print) -fprintf(stderr, "\t e = "), mpfprintln(stderr, _dig->rsa_pk.e.size, _dig->rsa_pk.e.data); + pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.publicExponent, p); break; default: break; @@ -592,26 +674,23 @@ fprintf(stderr, "\t e = "), mpfprintln(stderr, _dig->rsa_pk.e.size, _dig->r } else if (pubkey_algo == PGPPUBKEYALGO_DSA) { if (i >= 4) break; if (_dig) { + if (_dig->dsa == NULL) { + _dig->dsa = pgpNewDSAKey(); + if (_dig->dsa == NULL) + break; /* error abort? */ + } switch (i) { case 0: /* p */ - (void) mpbsethex(&_dig->p, pgpMpiHex(p)); -if (_debug && _print) -fprintf(stderr, "\t p = "), mpfprintln(stderr, _dig->p.size, _dig->p.modl); + pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.prime, p); break; case 1: /* q */ - (void) mpbsethex(&_dig->q, pgpMpiHex(p)); -if (_debug && _print) -fprintf(stderr, "\t q = "), mpfprintln(stderr, _dig->q.size, _dig->q.modl); + pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.subPrime, p); break; case 2: /* g */ - (void) mpnsethex(&_dig->g, pgpMpiHex(p)); -if (_debug && _print) -fprintf(stderr, "\t g = "), mpfprintln(stderr, _dig->g.size, _dig->g.data); + pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.base, p); break; case 3: /* y */ - (void) mpnsethex(&_dig->y, pgpMpiHex(p)); -if (_debug && _print) -fprintf(stderr, "\t y = "), mpfprintln(stderr, _dig->y.size, _dig->y.data); + pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.publicValue, p); break; default: break; @@ -942,6 +1021,8 @@ int pgpPrtPkt(const byte *pkt, unsigned int pleft) pgpDig pgpNewDig(void) { pgpDig dig = xcalloc(1, sizeof(*dig)); + NSS_NoDB_Init(NULL); + return dig; } @@ -964,14 +1045,27 @@ void pgpCleanDig(pgpDig dig) dig->md5 = _free(dig->md5); dig->sha1 = _free(dig->sha1); - mpnfree(&dig->hm); - mpnfree(&dig->r); - mpnfree(&dig->s); - - (void) rsapkFree(&dig->rsa_pk); - mpnfree(&dig->m); - mpnfree(&dig->c); - mpnfree(&dig->rsahm); + + if (dig->dsa != NULL) { + SECKEY_DestroyPublicKey(dig->dsa); + dig->dsa = NULL; + } + + if (dig->dsasig != NULL) { + SECITEM_ZfreeItem(dig->dsasig, PR_TRUE); + dig->dsasig = NULL; + } + + if (dig->rsa != NULL) { + SECKEY_DestroyPublicKey(dig->rsa); + dig->rsa = NULL; + } + + if (dig->rsasig != NULL) { + SECITEM_ZfreeItem(dig->rsasig, PR_TRUE); + dig->rsasig = NULL; + } + } return; } @@ -991,14 +1085,6 @@ pgpDig pgpFreeDig(pgpDig dig) (void) rpmDigestFinal(dig->sha1ctx, NULL, NULL, 0); dig->sha1ctx = NULL; - mpbfree(&dig->p); - mpbfree(&dig->q); - mpnfree(&dig->g); - mpnfree(&dig->y); - mpnfree(&dig->hm); - mpnfree(&dig->r); - mpnfree(&dig->s); - #ifdef NOTYET if (dig->hdrmd5ctx != NULL) (void) rpmDigestFinal(dig->hdrmd5ctx, NULL, NULL, 0); @@ -1009,12 +1095,6 @@ pgpDig pgpFreeDig(pgpDig dig) (void) rpmDigestFinal(dig->md5ctx, NULL, NULL, 0); dig->md5ctx = NULL; - mpbfree(&dig->rsa_pk.n); - mpnfree(&dig->rsa_pk.e); - mpnfree(&dig->m); - mpnfree(&dig->c); - mpnfree(&dig->hm); - dig = _free(dig); } return dig; @@ -1196,17 +1276,12 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns) { const char * enc; char * t; - size_t nt; + size_t nt = 0; char * val; - int lc; - - nt = ((ns + 2) / 3) * 4; - /* Add additional bytes necessary for eol string(s). */ - if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) { - lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line; - if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0) - ++lc; - nt += lc * strlen(b64encode_eolstr); + + enc = b64encode(s, ns, -1); + if (enc != NULL) { + nt = strlen(enc); } nt += 512; /* XXX slop for armor and crc */ @@ -1216,9 +1291,9 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns) t = stpcpy(t, "-----BEGIN PGP "); t = stpcpy(t, pgpValStr(pgpArmorTbl, atype)); t = stpcpy( stpcpy(t, "-----\nVersion: rpm-"), VERSION); - t = stpcpy(t, " (beecrypt-4.1.2)\n\n"); + t = stpcpy(t, " (NSS-3)\n\n"); - if ((enc = b64encode(s, ns)) != NULL) { + if (enc != NULL) { t = stpcpy(t, enc); enc = _free(enc); if ((enc = b64crc(s, ns)) != NULL) { diff --git a/rpmio/rpmpgp.h b/rpmio/rpmpgp.h index d4a65d267..5d3e2ae5c 100644 --- a/rpmio/rpmpgp.h +++ b/rpmio/rpmpgp.h @@ -18,9 +18,7 @@ extern "C" { #endif -#if !defined(_BEECRYPT_API_H) typedef unsigned char byte; -#endif /* _BEECRYPT_API_H */ /** */ @@ -1316,6 +1314,13 @@ unsigned int pgpCRC(const byte *octets, size_t len) DIGEST_CTX rpmDigestDup(DIGEST_CTX octx); /** \ingroup rpmio + * Obtain digest length in bytes. + * @param hashalgo type of digest + * @return digest length + */ +size_t rpmDigestLength(pgpHashAlgo hashalgo); + +/** \ingroup rpmio * Initialize digest. * Set bit count to 0 and buffer to mysterious initialization constants. * @param hashalgo type of digest diff --git a/rpmio/tax.c b/rpmio/tax.c index 9c2f5a9bb..5c55957b8 100644 --- a/rpmio/tax.c +++ b/rpmio/tax.c @@ -1,8 +1,7 @@ #include "system.h" -#include <beecrypt/base64.h> -#include <beecrypt/mpbarrett.h> -#include <beecrypt/mp.h> +#include "rpmpgp.h" +#include "base64.h" #include <popt.h> #include "debug.h" @@ -33,43 +32,6 @@ AjjDx3lJnQBXUDmxM484YXLXZjWFXCiY8GJt6whjf7/2c3rIoT3Z7PQpEvPmM\ 1MXU9cv4NL59Y/q0OAVQ38foOz7eGAhfvjOsCnHU25aik7/7ToIYt1tyVtap/kA==\ "; -/** - * Convert to hex. - * @param t target buffer (returned) - * @param s source bytes - * @param nbytes no. of bytes - * @return target buffer - */ -static inline -char * pgpHexCvt(char *t, const byte *s, int nbytes) -{ - static char hex[] = "0123456789abcdef"; - while (nbytes-- > 0) { - unsigned int i; - i = *s++; - *t++ = hex[ (i >> 4) & 0xf ]; - *t++ = hex[ (i ) & 0xf ]; - } - *t = '\0'; - return t; -} - -/** - * Return hex formatted representation of bytes. - * @todo Remove static buffer. - * @param p bytes - * @param plen no. of bytes - * @return hex formatted string - */ -static inline -char * pgpHexStr(const byte *p, unsigned int plen) -{ - static char prbuf[2048]; - char *t = prbuf; - t = pgpHexCvt(t, p, plen); - return prbuf; -} - static int doit(const char * msg, const char * sig) { unsigned char * dec; @@ -81,7 +43,7 @@ static int doit(const char * msg, const char * sig) return rc; } - fprintf(stderr, "*** %p[%d] %s\n", dec, declen, msg); + fprintf(stderr, "*** %p[%zd] %s\n", dec, declen, msg); if (declen == 256) { fprintf(stderr, "%s\n", pgpHexStr(dec, declen/2)); fprintf(stderr, "%s\n", pgpHexStr(dec+declen/2, declen/2)); @@ -101,4 +63,5 @@ main (int argc, char *argv[]) doit("rsaaeskey", rsaaeskey); doit("aesiv", aesiv); doit("appleresponse", appleresponse); + return 0; } diff --git a/rpmio/tinv.c b/rpmio/tinv.c deleted file mode 100644 index 8e1723920..000000000 --- a/rpmio/tinv.c +++ /dev/null @@ -1,512 +0,0 @@ -#include "system.h" -#include <beecrypt/mpbarrett.h> -#include <beecrypt/mp.h> -#include <popt.h> -#include "debug.h" - -static int _debug = 0; - -static int Zmpbinv_w(const mpbarrett* b, size_t xsize, const mpw* xdata, mpw* result, mpw* wksp) -{ - size_t ysize = b->size+1; - size_t ubits, vbits; - int k = 0; - - mpw* u = wksp; - mpw* v = u+ysize; - mpw* A = v+ysize; - mpw* B = A+ysize; - mpw* C = B+ysize; - mpw* D = C+ysize; - - mpsetx(ysize, u, xsize, xdata); - mpsetx(ysize, v, b->size, b->modl); - mpsetw(ysize, A, 1); - mpzero(ysize, B); - mpzero(ysize, C); - mpsetw(ysize, D, 1); - - for (k = 0; mpeven(ysize, u) && mpeven(ysize, v); k++) { - mpdivtwo(ysize, u); - mpdivtwo(ysize, v); - } - - if (mpeven(ysize, u)) - (void) mpadd(ysize, u, v); - -if (_debug < 0) -fprintf(stderr, " u: "), mpfprintln(stderr, ysize, u); -if (_debug < 0) -fprintf(stderr, " v: "), mpfprintln(stderr, ysize, v); -if (_debug < 0) -fprintf(stderr, " A: "), mpfprintln(stderr, ysize, A); -if (_debug < 0) -fprintf(stderr, " B: "), mpfprintln(stderr, ysize, B); -if (_debug < 0) -fprintf(stderr, " C: "), mpfprintln(stderr, ysize, C); -if (_debug < 0) -fprintf(stderr, " D: "), mpfprintln(stderr, ysize, D); - - ubits = vbits = MP_WORDS_TO_BITS(ysize); - - do { - while (mpeven(ysize, v)) { - mpsdivtwo(ysize, v); - vbits -= 1; - if (mpodd(ysize, C)) { - (void) mpaddx(ysize, C, b->size, b->modl); - (void) mpsubx(ysize, D, xsize, xdata); - } - mpsdivtwo(ysize, C); - mpsdivtwo(ysize, D); -if (_debug < 0) -fprintf(stderr, "-->> v: "), mpfprintln(stderr, ysize, v); - } - - if (ubits >= vbits) { - mpw* swapu; - size_t swapi; - -if (_debug < 0) -fprintf(stderr, "--> (swap u <-> v)\n"); - swapu = u; u = v; v = swapu; - swapi = ubits; ubits = vbits; vbits = swapi; - swapu = A; A = C; C = swapu; - swapu = B; B = D; D = swapu; - } - - if (!((u[ysize-1] + v[ysize-1]) & 0x3)) { -if (_debug < 0) -fprintf(stderr, "--> (even parity)\n"); - mpadd(ysize, v, u); - mpadd(ysize, C, A); - mpadd(ysize, D, B); - } else { -if (_debug < 0) -fprintf(stderr, "--> (odd parity)\n"); - mpsub(ysize, v, u); - mpsub(ysize, C, A); - mpsub(ysize, D, B); - } -if (_debug < 0) -fprintf(stderr, " v: "), mpfprintln(stderr, ysize, v); -if (_debug < 0) -fprintf(stderr, " C: "), mpfprintln(stderr, ysize, C); -if (_debug < 0) -fprintf(stderr, " D: "), mpfprintln(stderr, ysize, D); - vbits++; - } while (mpnz(ysize, v)); - -#ifdef NOTYET - if (!mpisone(ysize, u)) - return 0; -#endif - - if (result) { - mpsetx(b->size, result, ysize, A); - if (*A & 0x80000000) - (void) mpneg(b->size, result); - while (--k > 0) - mpadd(b->size, result, result); - } - -fprintf(stderr, "=== EXIT: "), mpfprintln(stderr, b->size, result); -fprintf(stderr, " u: "), mpfprintln(stderr, ysize, u); -fprintf(stderr, " v: "), mpfprintln(stderr, ysize, v); -fprintf(stderr, " A: "), mpfprintln(stderr, ysize, A); -fprintf(stderr, " B: "), mpfprintln(stderr, ysize, B); -fprintf(stderr, " C: "), mpfprintln(stderr, ysize, C); -fprintf(stderr, " D: "), mpfprintln(stderr, ysize, D); - - return 1; -} - -static int Ympbinv_w(const mpbarrett* b, size_t xsize, const mpw* xdata, mpw* result, mpw* wksp) -{ - size_t ysize = b->size+1; - int k; - mpw* u1 = wksp; - mpw* u2 = u1+ysize; - mpw* u3 = u2+ysize; - mpw* v1 = u3+ysize; - mpw* v2 = v1+ysize; - mpw* v3 = v2+ysize; - mpw* t1 = v3+ysize; - mpw* t2 = t1+ysize; - mpw* t3 = t2+ysize; - mpw* u = t3+ysize; - mpw* v = u+ysize; - - mpsetx(ysize, u, xsize, xdata); - mpsetx(ysize, v, b->size, b->modl); - - /* Y1. Find power of 2. */ - for (k = 0; mpeven(ysize, u) && mpeven(ysize, v); k++) { - mpdivtwo(ysize, u); - mpdivtwo(ysize, v); - } - -if (_debug < 0) -fprintf(stderr, " u: "), mpfprintln(stderr, ysize, u); -if (_debug < 0) -fprintf(stderr, " v: "), mpfprintln(stderr, ysize, v); - - /* Y2. Initialize. */ - mpsetw(ysize, u1, 1); -if (_debug < 0) -fprintf(stderr, " u1: "), mpfprintln(stderr, ysize, u1); - mpzero(ysize, u2); -if (_debug < 0) -fprintf(stderr, " u2: "), mpfprintln(stderr, ysize, u2); - mpsetx(ysize, u3, ysize, u); -if (_debug < 0) -fprintf(stderr, " u3: "), mpfprintln(stderr, ysize, u3); - - mpsetx(ysize, v1, ysize, v); -if (_debug < 0) -fprintf(stderr, " v1: "), mpfprintln(stderr, ysize, v1); - mpsetw(ysize, v2, 1); - (void) mpsub(ysize, v2, u); -if (_debug < 0) -fprintf(stderr, " v2: "), mpfprintln(stderr, ysize, v2); - mpsetx(ysize, v3, ysize, v); -if (_debug < 0) -fprintf(stderr, " v3: "), mpfprintln(stderr, ysize, v3); - - if (mpodd(ysize, u)) { - mpzero(ysize, t1); -if (_debug < 0) -fprintf(stderr, " t1: "), mpfprintln(stderr, ysize, t1); - mpzero(ysize, t2); - mpsubw(ysize, t2, 1); -if (_debug < 0) -fprintf(stderr, " t2: "), mpfprintln(stderr, ysize, t2); - mpzero(ysize, t3); - mpsub(ysize, t3, v); -if (_debug < 0) -fprintf(stderr, " t3: "), mpfprintln(stderr, ysize, t3); - goto Y4; - } else { - mpsetw(ysize, t1, 1); -if (_debug < 0) -fprintf(stderr, " t1: "), mpfprintln(stderr, ysize, t1); - mpzero(ysize, t2); -if (_debug < 0) -fprintf(stderr, " t2: "), mpfprintln(stderr, ysize, t2); - mpsetx(ysize, t3, ysize, u); -if (_debug < 0) -fprintf(stderr, " t3: "), mpfprintln(stderr, ysize, t3); - } - - do { - do { - if (mpodd(ysize, t1) || mpodd(ysize, t2)) { - mpadd(ysize, t1, v); - mpsub(ysize, t2, u); - } - mpsdivtwo(ysize, t1); - mpsdivtwo(ysize, t2); - mpsdivtwo(ysize, t3); -Y4: -if (_debug < 0) -fprintf(stderr, " Y4 t3: "), mpfprintln(stderr, ysize, t3); - } while (mpeven(ysize, t3)); - - /* Y5. Reset max(u3,v3). */ - if (!(*t3 & 0x80000000)) { -if (_debug < 0) -fprintf(stderr, "--> Y5 (t3 > 0)\n"); - mpsetx(ysize, u1, ysize, t1); -if (_debug < 0) -fprintf(stderr, " u1: "), mpfprintln(stderr, ysize, u1); - mpsetx(ysize, u2, ysize, t2); -if (_debug < 0) -fprintf(stderr, " u2: "), mpfprintln(stderr, ysize, u2); - mpsetx(ysize, u3, ysize, t3); -if (_debug < 0) -fprintf(stderr, " u3: "), mpfprintln(stderr, ysize, u3); - } else { -if (_debug < 0) -fprintf(stderr, "--> Y5 (t3 <= 0)\n"); - mpsetx(ysize, v1, ysize, v); - mpsub(ysize, v1, t1); -if (_debug < 0) -fprintf(stderr, " v1: "), mpfprintln(stderr, ysize, v1); - mpsetx(ysize, v2, ysize, u); - mpneg(ysize, v2); - mpsub(ysize, v2, t2); -if (_debug < 0) -fprintf(stderr, " v2: "), mpfprintln(stderr, ysize, v2); - mpzero(ysize, v3); - mpsub(ysize, v3, t3); -if (_debug < 0) -fprintf(stderr, " v3: "), mpfprintln(stderr, ysize, v3); - } - - /* Y6. Subtract. */ - mpsetx(ysize, t1, ysize, u1); - mpsub(ysize, t1, v1); - mpsetx(ysize, t2, ysize, u2); - mpsub(ysize, t2, v2); - mpsetx(ysize, t3, ysize, u3); - mpsub(ysize, t3, v3); - - if (*t1 & 0x80000000) { - mpadd(ysize, t1, v); - mpsub(ysize, t2, u); - } - -if (_debug < 0) -fprintf(stderr, "-->Y6 t1: "), mpfprintln(stderr, ysize, t1); -if (_debug < 0) -fprintf(stderr, " t2: "), mpfprintln(stderr, ysize, t2); -if (_debug < 0) -fprintf(stderr, " t3: "), mpfprintln(stderr, ysize, t3); - - } while (mpnz(ysize, t3)); - - if (!(mpisone(ysize, u3) && mpisone(ysize, v3))) - return 0; - - if (result) { - while (--k > 0) - mpadd(ysize, u1, u1); - mpsetx(b->size, result, ysize, u1); - } - -fprintf(stderr, "=== EXIT: "), mpfprintln(stderr, b->size, result); -fprintf(stderr, " u1: "), mpfprintln(stderr, ysize, u1); -fprintf(stderr, " u2: "), mpfprintln(stderr, ysize, u2); -fprintf(stderr, " u3: "), mpfprintln(stderr, ysize, u3); -fprintf(stderr, " v1: "), mpfprintln(stderr, ysize, v1); -fprintf(stderr, " v2: "), mpfprintln(stderr, ysize, v2); -fprintf(stderr, " v3: "), mpfprintln(stderr, ysize, v3); -fprintf(stderr, " t1: "), mpfprintln(stderr, ysize, t1); -fprintf(stderr, " t2: "), mpfprintln(stderr, ysize, t2); -fprintf(stderr, " t3: "), mpfprintln(stderr, ysize, t3); - - return 1; -} - -/** - * Computes the inverse (modulo b) of x, and returns 1 if x was invertible. - * needs workspace of (6*size+6) words - * @note xdata and result cannot point to the same area - */ -static int Xmpbinv_w(const mpbarrett* b, size_t xsize, const mpw* xdata, mpw* result, mpw* wksp) -{ - /* - * Fact: if a element of Zn, then a is invertible if and only if gcd(a,n) = 1 - * Hence: if b->modl is even, then x must be odd, otherwise the gcd(x,n) >= 2 - * - * The calling routine must guarantee this condition. - */ - - size_t ysize = b->size+1; - - mpw* u = wksp; - mpw* v = u+ysize; - mpw* A = v+ysize; - mpw* B = A+ysize; - mpw* C = B+ysize; - mpw* D = C+ysize; - - mpsetx(ysize, u, b->size, b->modl); - mpsetx(ysize, v, xsize, xdata); - mpsetw(ysize, A, 1); - mpzero(ysize, B); - mpzero(ysize, C); - mpsetw(ysize, D, 1); - -if (_debug < 0) -fprintf(stderr, " u: "), mpfprintln(stderr, ysize, u); -if (_debug < 0) -fprintf(stderr, " v: "), mpfprintln(stderr, ysize, v); -if (_debug < 0) -fprintf(stderr, " A: "), mpfprintln(stderr, ysize, A); -if (_debug < 0) -fprintf(stderr, " B: "), mpfprintln(stderr, ysize, B); -if (_debug < 0) -fprintf(stderr, " C: "), mpfprintln(stderr, ysize, C); -if (_debug < 0) -fprintf(stderr, " D: "), mpfprintln(stderr, ysize, D); - - do { - while (mpeven(ysize, u)) - { - mpdivtwo(ysize, u); - - if (mpodd(ysize, A) || mpodd(ysize, B)) - { - (void) mpaddx(ysize, A, xsize, xdata); - (void) mpsubx(ysize, B, b->size, b->modl); - } - - mpsdivtwo(ysize, A); - mpsdivtwo(ysize, B); - } - while (mpeven(ysize, v)) - { - mpdivtwo(ysize, v); - - if (mpodd(ysize, C) || mpodd(ysize, D)) - { - (void) mpaddx(ysize, C, xsize, xdata); - (void) mpsubx(ysize, D, b->size, b->modl); - } - - mpsdivtwo(ysize, C); - mpsdivtwo(ysize, D); - } - if (mpge(ysize, u, v)) - { -if (_debug < 0) -fprintf(stderr, "--> 5 (u >= v)\n"); - (void) mpsub(ysize, u, v); - (void) mpsub(ysize, A, C); - (void) mpsub(ysize, B, D); -if (_debug < 0) -fprintf(stderr, " u: "), mpfprintln(stderr, ysize, u); -if (_debug < 0) -fprintf(stderr, " A: "), mpfprintln(stderr, ysize, A); -if (_debug < 0) -fprintf(stderr, " B: "), mpfprintln(stderr, ysize, B); - } - else - { -if (_debug < 0) -fprintf(stderr, "--> 5 (u < v)\n"); - (void) mpsub(ysize, v, u); - (void) mpsub(ysize, C, A); - (void) mpsub(ysize, D, B); -if (_debug < 0) -fprintf(stderr, " v: "), mpfprintln(stderr, ysize, v); -if (_debug < 0) -fprintf(stderr, " C: "), mpfprintln(stderr, ysize, C); -if (_debug < 0) -fprintf(stderr, " D: "), mpfprintln(stderr, ysize, D); - } - - } while (mpnz(ysize, u)); - - if (!mpisone(ysize, v)) - return 0; - - if (result) - { - mpsetx(b->size, result, ysize, D); - if (*D & 0x80000000) - (void) mpadd(b->size, result, b->modl); - } - -fprintf(stderr, "=== EXIT: "), mpfprintln(stderr, b->size, result); -fprintf(stderr, " u: "), mpfprintln(stderr, ysize, u); -fprintf(stderr, " v: "), mpfprintln(stderr, ysize, v); -fprintf(stderr, " A: "), mpfprintln(stderr, ysize, A); -fprintf(stderr, " B: "), mpfprintln(stderr, ysize, B); -fprintf(stderr, " C: "), mpfprintln(stderr, ysize, C); -fprintf(stderr, " D: "), mpfprintln(stderr, ysize, D); - return 1; -} - -static const char * dsa_q = "a1b35510319a59825c721e73e41d687ffe351bc9"; -static const char * dsa_s[] = { - "22e917d8a47462c09748e00aebbab5fd93793495", /* samba-2.2.1a-4.i386.rpm */ - "0476b30eb86899c6785fad4f7a62e43d59481273", /* gtkhtml-devel-0.9.2-9.i386.rpm */ - "8adbca132a0e6a2d2ee5bb2cd837b350c9f8db42", /* lha-1.00-17.i386.rpm */ - - "026efa7a5a60d29921ec93f503b5c483d131d8c4", /* jed-0.99.14-2.i386.rpm */ - "2e4ec3c986b5a1f8f77b0b9f911d4e1b0ed8d869", /* ttfonts-zh_TW-2.11-5.noarch.rpm */ - - "259e4859e65c2528d3c35eaf2717d8963c834e94", /* libxml2-2.4.2-1.i386.rpm */ - "45462b3534c2ff7a13f232a4e6e4460c61b2e232", /* slang-1.4.4-4.i386.rpm */ - "0a73e678141aea7b4e5195afb7db3e9ec00f9f85", /* time-1.7-14.i386.rpm */ - NULL -}; - -static const char * dsa_w_good[]= { - "8b2eeda5fd34067c248bc3262e28f5668e64500b", /* samba-2.2.1a-4.i386.rpm */ - "98f6a05c5cc17c2e48faad178d2c21c0bcca694b", /* gtkhtml-devel-0.9.2-9.i386.rpm */ - "8ec91350f3237ee249ea009143f692d4cc2f8d2e", /* lha-1.00-17.i386.rpm */ - - "7db9e81c6f60fdd29243f67b70af7d1d14c9c703", /* jed-0.99.14-2.i386.rpm */ - "6bdc316aef981e45c47dabab904a31747d349eec", /* ttfonts-zh_TW-2.11-5.noarch.rpm */ - - "6d1eaa6c78ad945a1de7bc369f7992e9df3735d9", /* libxml2-2.4.2-1.i386.rpm */ - "79dc6adee7817e7dc248cfeb4b358e933af6de01", /* slang-1.4.4-4.i386.rpm */ - "2659140a40cb05e85c536a299327addb0a762b8a", /* time-1.7-14.i386.rpm */ - NULL -}; - -static const char * dsa_w_bad[] = { - "e97b9895cb99acf9c819a4b24a0b8ce6902f3442", /* samba-2.2.1a-4.i386.rpm */ - "f7434b4c2b2722abec888ea3a90eb940be954d82", /* gtkhtml-devel-0.9.2-9.i386.rpm */ - "ed15be40c189255fed77e21d5fd92a54cdfa7165", /* lha-1.00-17.i386.rpm */ - - "dc06930c3dc6a45035d1d8078c92149d1694ab3a", /* jed-0.99.14-2.i386.rpm */ - "ca28dc5abdfdc4c3680b8d37ac2cc8f47eff8323", /* ttfonts-zh_TW-2.11-5.noarch.rpm */ - - "cb6b555c47133ad7c1759dc2bb5c2a69e1021a10", /* libxml2-2.4.2-1.i386.rpm */ - "d82915ceb5e724fb65d6b177671826133cc1c238", /* slang-1.4.4-4.i386.rpm */ - "2659140a40cb05e85c536a299327addb0a762b8a", /* time-1.7-14.i386.rpm */ - NULL -}; - -static struct poptOption optionsTable[] = { - { "debug", 'd', POPT_ARG_VAL, &_debug, -1, NULL, NULL }, - POPT_AUTOHELP - POPT_TABLEEND -}; - -int -main(int argc, char *argv[]) -{ - poptContext optCon = poptGetContext(argv[0], argc, argv, optionsTable, 0); - mpbarrett q; - mpnumber s; - size_t qsize; - mpw* qtemp; - mpw* qwksp; - int rc; - int i; - - while ((rc = poptGetNextOpt(optCon)) > 0) { - switch (rc) { - default: - break; - } - } - - mpbzero(&q); mpbsethex(&q, dsa_q); - qsize = q.size; - qtemp = malloc((13*qsize+13) * sizeof(*qtemp)); - qwksp = qtemp+2*qsize; - - for (i = 0; i < 9; i++) { - if (dsa_s[i] == NULL) break; -fprintf(stderr, "================================================== %d\n", i); - fprintf(stderr, " s: %s\n", dsa_s[i]); - mpnzero(&s); mpnsethex(&s, dsa_s[i]); - -fprintf(stderr, "-------------------------------------------------- %d\n", i); - rc = Xmpbinv_w(&q, s.size, s.data, qtemp, qwksp); - fprintf(stderr, "beecrypt: "); mpfprintln(stderr, qsize, qtemp); - -fprintf(stderr, "-------------------------------------------------- %d\n", i); - rc = Ympbinv_w(&q, s.size, s.data, qtemp, qwksp); - fprintf(stderr, " Knuth: "); mpfprintln(stderr, qsize, qtemp); - -fprintf(stderr, "-------------------------------------------------- %d\n", i); - rc = Zmpbinv_w(&q, s.size, s.data, qtemp, qwksp); - fprintf(stderr, " Brent: "); mpfprintln(stderr, qsize, qtemp); - -fprintf(stderr, "-------------------------------------------------- %d\n", i); - fprintf(stderr, " q: %s\n", dsa_q); - fprintf(stderr, " s: %s\n", dsa_s[i]); - fprintf(stderr, " GOOD: %s\n", dsa_w_good[i]); - fprintf(stderr, " BAD: %s\n", dsa_w_bad[i]); - } - - return 0; - -} diff --git a/rpmio/tkey.c b/rpmio/tkey.c index 83152e252..d142066b4 100644 --- a/rpmio/tkey.c +++ b/rpmio/tkey.c @@ -31,7 +31,7 @@ fprintf(stderr, "*** sig is\n%s\n", sig); return rc; } - if ((enc = b64encode(dec, declen)) == NULL) { + if ((enc = b64encode(dec, declen, -1)) == NULL) { fprintf(stderr, "*** b64encode failed\n"); return rc; } @@ -51,18 +51,6 @@ fprintf(stderr, "??? %5d %02x != %02x '%c' != '%c'\n", i, (*s & 0xff), (*t & 0xf return rc; } -/* FIPS-186 test vectors. */ -static const char * fips_p = "8df2a494492276aa3d25759bb06869cbeac0d83afb8d0cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec0736ee31c80291"; -static const char * fips_q = "c773218c737ec8ee993b4f2ded30f48edace915f"; -static const char * fips_g = "626d027839ea0a13413163a55b4cb500299d5522956cefcb3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9cc42e9f6f464b088cc572af53e6d78802"; - -static const char * fips_hm = "a9993e364706816aba3e25717850c26c9cd0d89d"; - -static const char * fips_y = "19131871d75b1612a819f29d78d1b0d7346f7aa77bb62a859bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74858fba33f44c06699630a76b030ee333"; - -static const char * fips_r = "8bac1ab66410435cb7181f95b16ab97c92b341c0"; -static const char * fips_s = "41e2345f1f56df2458f426d155b4ba2db6dcd8c8"; - /* Secret key */ static const char * jbjSecretDSA = "lQFvBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR" @@ -108,28 +96,6 @@ main (int argc, char *argv[]) dig = pgpNewDig(); - mpbzero(&dig->p); mpbsethex(&dig->p, fips_p); - mpbzero(&dig->q); mpbsethex(&dig->q, fips_q); - mpnzero(&dig->g); mpnsethex(&dig->g, fips_g); - mpnzero(&dig->y); mpnsethex(&dig->y, fips_y); - mpnzero(&dig->r); mpnsethex(&dig->r, fips_r); - mpnzero(&dig->s); mpnsethex(&dig->s, fips_s); - mpnzero(&dig->hm); mpnsethex(&dig->hm, fips_hm); - - rc = dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, - &dig->y, &dig->r, &dig->s); - -fprintf(stderr, "=============================== DSA FIPS-186-1: rc %d\n", rc); - - mpbfree(&dig->p); - mpbfree(&dig->q); - mpnfree(&dig->g); - mpnfree(&dig->y); - - mpnfree(&dig->hm); - mpnfree(&dig->r); - mpnfree(&dig->s); - fprintf(stderr, "=============================== GPG Secret Key\n"); if ((rc = doit(jbjSecretDSA, dig, printing)) != 0) fprintf(stderr, "==> FAILED: rc %d\n", rc); @@ -144,39 +110,33 @@ fprintf(stderr, "=============================== GPG Signature of \"abc\"\n"); { DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); struct pgpDigParams_s * dsig = &dig->signature; - const char * digest = NULL; + void *digest = NULL; size_t digestlen = 0; const char * txt = "abc"; + SECItem digitem; rpmDigestUpdate(ctx, txt, strlen(txt)); rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen); - rpmDigestFinal(ctx, (void **)&digest, &digestlen, 1); + rpmDigestFinal(ctx, &digest, &digestlen, 0); - mpnzero(&dig->hm); mpnsethex(&dig->hm, digest); +fprintf(stderr, "\n hm = [ 160]: %s\n\n", pgpHexStr(digest, digestlen)); + digitem.type = siBuffer; + digitem.data = digest; + digitem.len = digestlen; -fprintf(stderr, "\n hm = [ 160]: %s\n\n", digest); + rc = VFY_VerifyDigest(&digitem, dig->dsa, dig->dsasig, SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, NULL); if (digest) { - free((void *)digest); + free(digest); digest = NULL; } } - rc = dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, - &dig->y, &dig->r, &dig->s); fprintf(stderr, "=============================== DSA verify: rc %d\n", rc); - mpbfree(&dig->p); - mpbfree(&dig->q); - mpnfree(&dig->g); - mpnfree(&dig->y); - - mpnfree(&dig->hm); - mpnfree(&dig->r); - mpnfree(&dig->s); - dig = pgpFreeDig(dig); return rc; } + diff --git a/tools/convertdb1.c b/tools/convertdb1.c index e5db95f56..15a24a857 100644 --- a/tools/convertdb1.c +++ b/tools/convertdb1.c @@ -11,7 +11,7 @@ const char *__progname; #include "rpmdb.h" #include "rpmio.h" #include "rpmmacro.h" -#include <rpmdb/legacy.h> +#include "legacy.h" #define FA_MAGIC 0x02050920 diff --git a/tools/debugedit.c b/tools/debugedit.c index e65f921af..cea532ecc 100644 --- a/tools/debugedit.c +++ b/tools/debugedit.c @@ -37,8 +37,8 @@ #include <gelf.h> #include <dwarf.h> -#include <beecrypt/beecrypt.h> - +#include <rpmio.h> +#include <rpmpgp.h> #include "hashtab.h" #define DW_TAG_partial_unit 0x3c @@ -1301,22 +1301,27 @@ error_out: return NULL; } +static const pgpHashAlgo algorithms[] = { PGPHASHALGO_MD5, + PGPHASHALGO_SHA1, PGPHASHALGO_SHA256, PGPHASHALGO_SHA384, PGPHASHALGO_SHA512 }; + /* Compute a fresh build ID bit-string from the editted file contents. */ static void handle_build_id (DSO *dso, Elf_Data *build_id, size_t build_id_offset, size_t build_id_size) { - hashFunctionContext ctx; - const hashFunction *hf = NULL; - int i = hashFunctionCount (); + DIGEST_CTX ctx; + pgpHashAlgo algorithm; + int i = sizeof(algorithms)/sizeof(algorithms[0]); + void *digest = NULL; + size_t len; while (i-- > 0) { - hf = hashFunctionGet (i); - if (hf != NULL && hf->digestsize == build_id_size) + algorithm = algorithms[i]; + if (rpmDigestLength(algorithm) == build_id_size) break; } - if (hf == NULL) + if (i < 0) { fprintf (stderr, "Cannot handle %Zu-byte build ID\n", build_id_size); exit (1); @@ -1332,7 +1337,7 @@ handle_build_id (DSO *dso, Elf_Data *build_id, /* Clear the old bits so they do not affect the new hash. */ memset ((char *) build_id->d_buf + build_id_offset, 0, build_id_size); - hashFunctionContextInit (&ctx, hf); + ctx = rpmDigestInit(algorithm, 0); /* Slurp the relevant header bits and section contents and feed them into the hash function. The only bits we ignore are the offset @@ -1346,8 +1351,7 @@ handle_build_id (DSO *dso, Elf_Data *build_id, inline void process (const void *data, size_t size); inline void process (const void *data, size_t size) { - memchunk chunk = { .data = (void *) data, .size = size }; - hashFunctionContextUpdateMC (&ctx, &chunk); + rpmDigestUpdate(ctx, data, size); } union @@ -1402,22 +1406,17 @@ handle_build_id (DSO *dso, Elf_Data *build_id, } } - hashFunctionContextDigest (&ctx, (byte *) build_id->d_buf + build_id_offset); - hashFunctionContextFree (&ctx); + rpmDigestFinal(ctx, &digest, &len, 0); + memcpy((unsigned char *)build_id->d_buf + build_id_offset, digest, build_id_size); + free(digest); elf_flagdata (build_id, ELF_C_SET, ELF_F_DIRTY); /* Now format the build ID bits in hex to print out. */ { - const unsigned char * id = (unsigned char *) build_id->d_buf + build_id_offset; + const byte * id = (byte *)build_id->d_buf + build_id_offset; char hex[build_id_size * 2 + 1]; - int n = snprintf (hex, 3, "%02" PRIx8, id[0]); - assert (n == 2); - for (i = 1; i < build_id_size; ++i) - { - n = snprintf (&hex[i * 2], 3, "%02" PRIx8, id[i]); - assert (n == 2); - } + pgpHexCvt(hex, id, build_id_size); puts (hex); } } |