Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 245451 Details for
Bug 348131
Port rpm to use NSS library for cryptography
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch against 4.2.2 branch
rpm-nss-migration.patch (text/plain), 55.25 KB, created by
Tomas Mraz
on 2007-11-01 11:03:26 UTC
(
hide
)
Description:
Patch against 4.2.2 branch
Filename:
MIME Type:
Creator:
Tomas Mraz
Created:
2007-11-01 11:03:26 UTC
Size:
55.25 KB
patch
obsolete
>diff -r ec9e6c427068 Makefile.am >--- a/Makefile.am Wed Oct 24 16:02:51 2007 +0300 >+++ b/Makefile.am Thu Nov 01 10:56:58 2007 +0100 >@@ -10,14 +10,14 @@ EXTRA_DIST = CHANGES ChangeLog CREDITS D > po/*.in po/*.po po/rpm.pot \ > rpm.magic rpmpopt-$(VERSION) rpmqv.c > >-SUBDIRS = po misc @WITH_ZLIB_SUBDIR@ @WITH_ELFUTILS_SUBDIR@ @WITH_MAGIC_SUBDIR@ @WITH_DB_SUBDIR@ @WITH_SQLITE3_SUBDIR@ @WITH_POPT_SUBDIR@ @WITH_BEECRYPT_SUBDIR@ @WITH_NEON_SUBDIR@ lua rpmio rpmdb lib build @WITH_PYTHON_SUBDIR@ tools scripts doc . >+SUBDIRS = po misc @WITH_ZLIB_SUBDIR@ @WITH_ELFUTILS_SUBDIR@ @WITH_MAGIC_SUBDIR@ @WITH_DB_SUBDIR@ @WITH_SQLITE3_SUBDIR@ @WITH_POPT_SUBDIR@ @WITH_NEON_SUBDIR@ lua rpmio rpmdb lib build @WITH_PYTHON_SUBDIR@ tools scripts doc . > > INCLUDES = \ > -I$(top_srcdir)/build \ > -I$(top_srcdir)/lib \ > -I$(top_srcdir)/rpmdb \ > -I$(top_srcdir)/rpmio \ >- @WITH_BEECRYPT_INCLUDE@ \ >+ @WITH_NSS_INCLUDE@ \ > @WITH_POPT_INCLUDE@ \ > -I$(top_srcdir)/misc \ > @WITH_LIBELF_INCLUDE@ \ >@@ -25,7 +25,7 @@ INCLUDES = \ > > staticLDFLAGS = @LDFLAGS_STATIC@ @LDFLAGS_NPTL@ > >-myLDFLAGS = @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ >+myLDFLAGS = @WITH_LIBELF_LIB@ > > myLDADD = \ > $(top_builddir)/lib/librpm.la \ >@@ -33,6 +33,7 @@ myLDADD = \ > $(top_builddir)/rpmio/librpmio.la \ > @WITH_POPT_LIB@ \ > @WITH_ZLIB_LIB@ \ >+ @WITH_NSS_LIB@ \ > @LIBMISC@ > > rpmbindir = `echo $(bindir) | sed -e s,usr/bin,bin,` >@@ -71,7 +72,7 @@ rpmd.o: $(top_srcdir)/rpmqv.c > > rpmi_SOURCES = > #rpmi_LDFLAGS = $(myLDFLAGS) $(staticLDFLAGS) >-#rpmi_LDADD = rpmi.o $(myLDADD) @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ >+#rpmi_LDADD = rpmi.o $(myLDADD) @WITH_LIBELF_LIB@ > rpmi_LDFLAGS = $(myLDFLAGS) > rpmi_LDADD = rpmi.o $(myLDADD) > rpmi.o: $(top_srcdir)/rpmqv.c >@@ -112,7 +113,6 @@ lint: > `make -s sources -C lib` \ > `make -s sources -C rpmdb` \ > `make -s sources -C rpmio` \ >- `make -s sources -C beecrypt` \ > `make -s sources -C file/src` \ > `make -s sources -C popt` > >diff -r ec9e6c427068 autogen.sh >--- a/autogen.sh Wed Oct 24 16:02:51 2007 +0300 >+++ b/autogen.sh Thu Nov 01 10:56:58 2007 +0100 >@@ -48,9 +48,6 @@ if [ -d zlib ]; then > if [ -d zlib ]; then > (echo "--- zlib"; cd zlib; ./autogen.sh --noconfigure "$@") > fi >-if [ -d beecrypt ]; then >- (echo "--- beecrypt"; cd beecrypt; ./autogen.sh --noconfigure "$@") >-fi > if [ -d elfutils ]; then > (echo "--- elfutils"; cd elfutils; ./autogen.sh --noconfigure "$@") > fi >diff -r ec9e6c427068 build/Makefile.am >--- a/build/Makefile.am Wed Oct 24 16:02:51 2007 +0300 >+++ b/build/Makefile.am Thu Nov 01 10:56:58 2007 +0100 >@@ -9,7 +9,7 @@ INCLUDES = -I. \ > -I$(top_srcdir)/lib \ > -I$(top_srcdir)/rpmdb \ > -I$(top_srcdir)/rpmio \ >- @WITH_BEECRYPT_INCLUDE@ \ >+ @WITH_NSS_INCLUDE@ \ > @WITH_MAGIC_INCLUDE@ \ > @WITH_POPT_INCLUDE@ \ > @WITH_LIBELF_INCLUDE@ \ >diff -r ec9e6c427068 configure.ac >--- a/configure.ac Wed Oct 24 16:02:51 2007 +0300 >+++ b/configure.ac Thu Nov 01 10:56:58 2007 +0100 >@@ -463,34 +463,32 @@ AC_SUBST(WITH_LIBDWARF_DEBUGEDIT) > AC_SUBST(WITH_LIBDWARF_DEBUGEDIT) > > #================= >-# Check for beecrypt library. Prefer external, otherwise internal. >-WITH_BEECRYPT_SUBDIR= >-WITH_BEECRYPT_INCLUDE= >-WITH_BEECRYPT_LIB= >-AC_CHECK_HEADER([beecrypt/beecrypt.h], [ >- AC_CHECK_LIB(beecrypt, mpfprintln, [ >- AC_DEFINE(HAVE_LIBBEECRYPT, 1, [Define to 1 if you have the 'beecrypt' library (-lbeecrypt).]) >- AC_CHECK_HEADER([beecrypt/api.h], [ >- AC_DEFINE(HAVE_BEECRYPT_API_H, 1, [Define to 1 if you have the <beecrypt/api.h> header file.]) >- ]) >- WITH_BEECRYPT_INCLUDE="-I${includedir}/beecrypt" >- WITH_BEECRYPT_LIB="-lbeecrypt" >+# Check for NSS library. >+WITH_NSS_INCLUDE= >+WITH_NSS_LIB= >+check=`pkg-config --version 2>/dev/null` >+if test -n "$check"; then >+ addlib=$(pkg-config --libs nss | sed 's/-lsmime3//;s/-lssl3//') >+ addcppflags=$(pkg-config --cflags nss) >+else >+# Without pkg-config, we'll kludge in some defaults >+ addlib="-lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" >+ addcppflags="-I/usr/include/nss3 -I/usr/include/nspr4" >+fi >+save_CPPFLAGS="$CPPFLAGS" >+CPPFLAGS="$save_CPPFLAGS $addcppflags" >+AC_CHECK_HEADER([nss3/nss.h], [ >+ AC_CHECK_LIB(nss3, NSS_NoDB_Init, [ >+ AC_DEFINE(HAVE_LIBNSS, 1, [Define to 1 if you have the 'NSS' library (-lnss3).]) >+ WITH_NSS_INCLUDE="$addcppflags" >+ WITH_NSS_LIB="$addlib" > ]) > ],[ >- if test -d beecrypt ; then >- AC_DEFINE(HAVE_LIBBEECRYPT, 1, [Define to 1 if you have the 'beecrypt' library (-lbeecrypt).]) >- WITH_BEECRYPT_SUBDIR=beecrypt >- WITH_BEECRYPT_INCLUDE="-I\${top_srcdir}/${WITH_BEECRYPT_SUBDIR}" >- WITH_BEECRYPT_LIB="\${top_builddir}/${WITH_BEECRYPT_SUBDIR}/libbeecrypt.la" >- fi >- >- if test -z "${WITH_BEECRYPT_LIB}" ; then >- AC_MSG_ERROR([rpm requires beecrypt]) >- fi >-]) >-AC_SUBST(WITH_BEECRYPT_SUBDIR) >-AC_SUBST(WITH_BEECRYPT_INCLUDE) >-AC_SUBST(WITH_BEECRYPT_LIB) >+ AC_MSG_ERROR([rpm requires NSS]) >+]) >+CPPFLAGS="$save_CPPFLAGS" >+AC_SUBST(WITH_NSS_INCLUDE) >+AC_SUBST(WITH_NSS_LIB) > > #================= > # Check for neon library. Prefer external, otherwise internal. >diff -r ec9e6c427068 lib/Makefile.am >--- a/lib/Makefile.am Wed Oct 24 16:02:51 2007 +0300 >+++ b/lib/Makefile.am Thu Nov 01 10:56:58 2007 +0100 >@@ -9,7 +9,7 @@ INCLUDES = -I. \ > -I$(top_srcdir)/build \ > -I$(top_srcdir)/rpmdb \ > -I$(top_srcdir)/rpmio \ >- @WITH_BEECRYPT_INCLUDE@ \ >+ @WITH_NSS_INCLUDE@ \ > @WITH_POPT_INCLUDE@ \ > -I$(top_srcdir)/misc \ > @INCPATH@ >diff -r ec9e6c427068 lib/formats.c >--- a/lib/formats.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/lib/formats.c Thu Nov 01 10:56:58 2007 +0100 >@@ -210,23 +210,17 @@ static /*@only@*/ char * base64Format(in > int lc; > /* XXX HACK ALERT: element field abused as no. bytes of binary data. */ > size_t ns = element; >- size_t nt = ((ns + 2) / 3) * 4; >+ size_t nt = 0; > > /*@-boundswrite@*/ >- /*@-globs@*/ >- /* Add additional bytes necessary for eol string(s). */ >- if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) { >- lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line; >- if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0) >- ++lc; >- nt += lc * strlen(b64encode_eolstr); >+ if ((enc = b64encode(data, ns, -1)) != NULL) { >+ nt = strlen(enc); > } >- /*@=globs@*/ > > val = t = xmalloc(nt + padding + 1); > > *t = '\0'; >- if ((enc = b64encode(data, ns)) != NULL) { >+ if (enc != NULL) { > t = stpcpy(t, enc); > enc = _free(enc); > } >@@ -310,16 +304,13 @@ static /*@only@*/ char * xmlFormat(int_3 > xtag = "string"; > break; > case RPM_BIN_TYPE: >- { int cpl = b64encode_chars_per_line; >-/*@-mods@*/ >- b64encode_chars_per_line = 0; >-/*@=mods@*/ >-/*@-formatconst@*/ >- s = base64Format(type, data, formatPrefix, padding, element); >-/*@=formatconst@*/ >-/*@-mods@*/ >- b64encode_chars_per_line = cpl; >-/*@=mods@*/ >+ { >+ /* XXX HACK ALERT: element field abused as no. bytes of binary data. */ >+ size_t ns = element; >+ if ((s = b64encode(data, ns, 0)) == NULL) { >+ /* XXX proper error handling would be better. */ >+ s = xcalloc(1, padding + (ns / 3) * 4 + 1); >+ } > xtag = "base64"; > } break; > case RPM_CHAR_TYPE: >diff -r ec9e6c427068 lib/package.c >--- a/lib/package.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/lib/package.c Thu Nov 01 10:56:58 2007 +0100 >@@ -1008,11 +1008,9 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t > fddig->hashctx = NULL; > /*@switchbreak@*/ break; > case PGPHASHALGO_SHA1: >-#if HAVE_BEECRYPT_API_H > case PGPHASHALGO_SHA256: > case PGPHASHALGO_SHA384: > case PGPHASHALGO_SHA512: >-#endif > dig->sha1ctx = fddig->hashctx; > fddig->hashctx = NULL; > /*@switchbreak@*/ break; >diff -r ec9e6c427068 lib/rpmchecksig.c >--- a/lib/rpmchecksig.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/lib/rpmchecksig.c Thu Nov 01 10:56:58 2007 +0100 >@@ -447,7 +447,7 @@ rpmRC rpmcliImportPubkey(const rpmts ts, > if (rpmtsOpenDB(ts, (O_RDWR|O_CREAT))) > return RPMRC_FAIL; > >- if ((enc = b64encode(pkt, pktlen)) == NULL) >+ if ((enc = b64encode(pkt, pktlen, -1)) == NULL) > goto exit; > > dig = pgpNewDig(); >@@ -698,11 +698,9 @@ assert(dig->md5ctx == NULL); > fddig->hashctx = NULL; > /*@switchbreak@*/ break; > case PGPHASHALGO_SHA1: >-#if HAVE_BEECRYPT_API_H > case PGPHASHALGO_SHA256: > case PGPHASHALGO_SHA384: > case PGPHASHALGO_SHA512: >-#endif > assert(dig->sha1ctx == NULL); > dig->sha1ctx = fddig->hashctx; > fddig->hashctx = NULL; >diff -r ec9e6c427068 lib/rpmts.c >--- a/lib/rpmts.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/lib/rpmts.c Thu Nov 01 10:56:58 2007 +0100 >@@ -4,7 +4,7 @@ > */ > #include "system.h" > >-#include "rpmio_internal.h" /* XXX for pgp and beecrypt */ >+#include "rpmio_internal.h" /* XXX for pgp */ > #include <rpmlib.h> > #include <rpmmacro.h> /* XXX rpmtsOpenDB() needs rpmGetPath */ > >diff -r ec9e6c427068 lib/signature.c >--- a/lib/signature.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/lib/signature.c Thu Nov 01 10:56:58 2007 +0100 >@@ -1215,9 +1215,10 @@ verifyRSASignature(rpmts ts, /*@out@*/ c > int_32 sigtag = rpmtsSigtag(ts); > pgpDig dig = rpmtsDig(ts); > pgpDigParams sigp = rpmtsSignature(ts); >- const char * prefix = NULL; >+ SECOidTag sigalg; > rpmRC res = RPMRC_OK; > int xx; >+ SECItem digest; > > *t = '\0'; > if (dig != NULL && dig->hdrmd5ctx == md5ctx) >@@ -1248,43 +1249,40 @@ verifyRSASignature(rpmts ts, /*@out@*/ c > switch (sigp->hash_algo) { > case PGPHASHALGO_MD5: > t = stpcpy(t, " RSA/MD5"); >- prefix = "3020300c06082a864886f70d020505000410"; >+ sigalg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; > break; > case PGPHASHALGO_SHA1: > t = stpcpy(t, " RSA/SHA1"); >- prefix = "3021300906052b0e03021a05000414"; >+ sigalg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; > break; > case PGPHASHALGO_RIPEMD160: > res = RPMRC_NOKEY; >- prefix = NULL; > break; > case PGPHASHALGO_MD2: > t = stpcpy(t, " RSA/MD2"); >- prefix = "3020300c06082a864886f70d020205000410"; >+ sigalg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; > break; > case PGPHASHALGO_TIGER192: > res = RPMRC_NOKEY; >- prefix = NULL; > break; > case PGPHASHALGO_HAVAL_5_160: > res = RPMRC_NOKEY; >- prefix = NULL; > break; > case PGPHASHALGO_SHA256: > t = stpcpy(t, " RSA/SHA256"); >- prefix = "3031300d060960864801650304020105000420"; >+ sigalg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; > break; > case PGPHASHALGO_SHA384: > t = stpcpy(t, " RSA/SHA384"); >- prefix = "3041300d060960864801650304020205000430"; >+ sigalg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; > break; > case PGPHASHALGO_SHA512: > t = stpcpy(t, " RSA/SHA512"); >- prefix = "3051300d060960864801650304020305000440"; >+ sigalg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; > break; > default: > res = RPMRC_NOKEY; >- prefix = NULL; >+ sigalg = SEC_OID_UNKNOWN; > break; > } > >@@ -1295,8 +1293,6 @@ verifyRSASignature(rpmts ts, /*@out@*/ c > > (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); > { DIGEST_CTX ctx = rpmDigestDup(md5ctx); >- byte signhash16[2]; >- const char * s; > > if (sigp->hash != NULL) > xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); >@@ -1313,40 +1309,18 @@ verifyRSASignature(rpmts ts, /*@out@*/ c > } > #endif > >- xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 1); >+ xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 0); > (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen); > rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */ > > /* Compare leading 16 bits of digest for quick check. */ >- s = dig->md5; >- signhash16[0] = (nibble(s[0]) << 4) | nibble(s[1]); >- signhash16[1] = (nibble(s[2]) << 4) | nibble(s[3]); >- if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { >+ if (memcmp(dig->md5, sigp->signhash16, 2)) { > res = RPMRC_FAIL; > goto exit; > } >- } >- >- /* Generate RSA modulus parameter. */ >- { unsigned int nbits = MP_WORDS_TO_BITS(dig->c.size); >- unsigned int nb = (nbits + 7) >> 3; >- const char * hexstr; >- char * tt; >- >-assert(prefix != NULL); >- hexstr = tt = xmalloc(2 * nb + 1); >- memset(tt, 'f', (2 * nb)); >- tt[0] = '0'; tt[1] = '0'; >- tt[2] = '0'; tt[3] = '1'; >- tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2; >- *tt++ = '0'; *tt++ = '0'; >- tt = stpcpy(tt, prefix); >- tt = stpcpy(tt, dig->md5); >- >- mpnzero(&dig->rsahm); (void) mpnsethex(&dig->rsahm, hexstr); >- >- hexstr = _free(hexstr); >- >+ digest.type = siBuffer; >+ digest.data = dig->md5; >+ digest.len = dig->md5len; > } > > /* Retrieve the matching public key. */ >@@ -1355,12 +1329,7 @@ assert(prefix != NULL); > goto exit; > > (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0); >-#if HAVE_BEECRYPT_API_H >- xx = rsavrfy(&dig->rsa_pk.n, &dig->rsa_pk.e, &dig->c, &dig->rsahm); >-#else >- xx = rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c); >-#endif >- if (xx) >+ if (VFY_VerifyDigest(&digest, dig->rsa, dig->rsasig, sigalg, NULL) == SECSuccess) > res = RPMRC_OK; > else > res = RPMRC_FAIL; >@@ -1401,6 +1370,7 @@ verifyDSASignature(rpmts ts, /*@out@*/ c > pgpDigParams sigp = rpmtsSignature(ts); > rpmRC res; > int xx; >+ SECItem digest; > > *t = '\0'; > if (dig != NULL && dig->hdrsha1ctx == sha1ctx) >@@ -1428,7 +1398,6 @@ verifyDSASignature(rpmts ts, /*@out@*/ c > > (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); > { DIGEST_CTX ctx = rpmDigestDup(sha1ctx); >- byte signhash16[2]; > > if (sigp->hash != NULL) > xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); >@@ -1442,19 +1411,18 @@ verifyDSASignature(rpmts ts, /*@out@*/ c > memcpy(trailer+2, &nb, sizeof(nb)); > xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer)); > } >- xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1); >+ xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0); > (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen); > rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */ > >- mpnzero(&dig->hm); (void) mpnsethex(&dig->hm, dig->sha1); >- > /* Compare leading 16 bits of digest for quick check. */ >- signhash16[0] = (*dig->hm.data >> 24) & 0xff; >- signhash16[1] = (*dig->hm.data >> 16) & 0xff; >- if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { >+ if (memcmp(dig->sha1, sigp->signhash16, 2)) { > res = RPMRC_FAIL; > goto exit; > } >+ digest.type = siBuffer; >+ digest.data = dig->sha1; >+ digest.len = dig->sha1len; > } > > /* Retrieve the matching public key. */ >@@ -1463,8 +1431,8 @@ verifyDSASignature(rpmts ts, /*@out@*/ c > goto exit; > > (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0); >- if (dsavrfy(&dig->p, &dig->q, &dig->g, >- &dig->hm, &dig->y, &dig->r, &dig->s)) >+ if (VFY_VerifyDigest(&digest, dig->dsa, dig->dsasig, >+ SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, NULL) == SECSuccess) > res = RPMRC_OK; > else > res = RPMRC_FAIL; >diff -r ec9e6c427068 python/Makefile.am >--- a/python/Makefile.am Wed Oct 24 16:02:51 2007 +0300 >+++ b/python/Makefile.am Thu Nov 01 10:56:58 2007 +0100 >@@ -17,7 +17,7 @@ INCLUDES = -I. \ > -I$(top_srcdir)/rpmdb \ > -I$(top_srcdir)/rpmio \ > @WITH_LIBELF_INCLUDE@ \ >- @WITH_BEECRYPT_INCLUDE@ \ >+ @WITH_NSS_INCLUDE@ \ > @WITH_POPT_INCLUDE@ \ > -I$(top_srcdir)/misc \ > -I$(pyincdir) \ >@@ -42,7 +42,7 @@ rpm_LTLIBRARIES = _rpmmodule.la > rpm_LTLIBRARIES = _rpmmodule.la > > _rpmmodule_la_LDFLAGS = $(mylibs) $(LIBS) -module -avoid-version >-_rpmmodule_la_LIBADD = @WITH_BEECRYPT_LIB@ >+_rpmmodule_la_LIBADD = @WITH_NSS_LIB@ > > _rpmmodule_la_SOURCES = rpmmodule.c header-py.c \ > rpmal-py.c rpmds-py.c rpmdb-py.c rpmfd-py.c rpmfts-py.c \ >diff -r ec9e6c427068 rpmdb/Makefile.am >--- a/rpmdb/Makefile.am Wed Oct 24 16:02:51 2007 +0300 >+++ b/rpmdb/Makefile.am Thu Nov 01 10:56:58 2007 +0100 >@@ -9,7 +9,7 @@ INCLUDES = -I. \ > -I$(top_srcdir)/build \ > -I$(top_srcdir)/lib \ > -I$(top_srcdir)/rpmio \ >- @WITH_BEECRYPT_INCLUDE@ \ >+ @WITH_NSS_INCLUDE@ \ > @WITH_POPT_INCLUDE@ \ > -I$(top_srcdir)/misc \ > @WITH_SQLITE3_INCLUDE@ \ >diff -r ec9e6c427068 rpmio/Makefile.am >--- a/rpmio/Makefile.am Wed Oct 24 16:02:51 2007 +0300 >+++ b/rpmio/Makefile.am Thu Nov 01 10:56:58 2007 +0100 >@@ -10,7 +10,7 @@ EXTRA_PROGRAMS = tax tdigest tdir tfts t > > INCLUDES = -I. \ > -I$(top_srcdir) \ >- @WITH_BEECRYPT_INCLUDE@ \ >+ @WITH_NSS_INCLUDE@ \ > @WITH_NEON_INCLUDE@ \ > @WITH_LUA_INCLUDE@ \ > @WITH_POPT_INCLUDE@ \ >@@ -19,23 +19,21 @@ INCLUDES = -I. \ > > pkgincdir = $(pkgincludedir) > pkginc_HEADERS = \ >- argv.h fts.h rpmdav.h \ >+ argv.h base64.h fts.h rpmdav.h \ > rpmio.h rpmurl.h rpmmacro.h rpmlog.h rpmmessages.h rpmerr.h rpmpgp.h \ > rpmsq.h rpmsw.h ugid.h > noinst_HEADERS = rpmio_internal.h rpmlua.h rpmhook.h >- >-BEECRYPTLOBJS = $(shell test X"@WITH_BEECRYPT_SUBDIR@" != X && cat $(top_builddir)/@WITH_BEECTYPT_SUBDIR@/listobjs) > > LDFLAGS = -L$(RPM_BUILD_ROOT)$(usrlibdir) -L$(DESTDIR)$(usrlibdir) > > usrlibdir = $(libdir)@MARK64@ > usrlib_LTLIBRARIES = librpmio.la > librpmio_la_SOURCES = \ >- argv.c digest.c fts.c macro.c rpmdav.c \ >+ argv.c base64.c digest.c fts.c macro.c rpmdav.c \ > rpmhook.c rpmio.c rpmlog.c rpmlua.c rpmmalloc.c \ > rpmpgp.c rpmrpc.c rpmsq.c rpmsw.c strcasecmp.c stubs.c url.c ugid.c > librpmio_la_LDFLAGS = -release 4.4 $(LDFLAGS) \ >- @WITH_BEECRYPT_LIB@ \ >+ @WITH_NSS_LIB@ \ > @WITH_NEON_LIB@ \ > @WITH_LUA_LIB@ \ > @WITH_MAGIC_LIB@ \ >@@ -44,22 +42,10 @@ librpmio_la_LIBADD = # $(BEECRYPTLOBJS) > librpmio_la_LIBADD = # $(BEECRYPTLOBJS) > librpmio_la_DEPENDENCIES = # .created > >-.created: >- if test X"@WITH_BEECRYPT_SUBDIR@" != X; then \ >- ${MAKE} -C $(top_builddir)/@WITH_BEECRYPT_SUBDIR@ listobjs ; \ >- for lo in $(BEECRYPTLOBJS); do \ >- [ -f $$lo ] || $(LN_S) $(top_builddir)/@WITH_BEECRYPT_SUBDIR@/$$lo $$lo ; \ >- done \ >- fi >- touch $@ >- >-clean-local: >- rm -f $(BEECRYPTLOBJS) *.o .created >- > #BUILT_SOURCES = rpmio.lcd > > rpmio.lcd: Makefile.am ${librpmio_la_SOURCES} ${pkginc_HEADERS} ${noinst_HEADERS} >- -lclint -load ../beecrypt/beecrypt.lcd $(DEFS) $(INCLUDES) $(librpmio_la_SOURCES) -dump $@ 2>/dev/null >+ -lclint -load $(DEFS) $(INCLUDES) $(librpmio_la_SOURCES) -dump $@ 2>/dev/null > > .PHONY: sources > sources: >@@ -105,7 +91,6 @@ tinv_LDADD = librpmio.la $(top_builddir) > tinv_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la > > tkey_SOURCES = tkey.c >-tkey_LDFLAGS = @LDFLAGS_STATIC@ > tkey_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la > > tring_SOURCES = tring.c >diff -r ec9e6c427068 rpmio/base64.c >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/rpmio/base64.c Thu Nov 01 10:56:58 2007 +0100 >@@ -0,0 +1,254 @@ >+/* base64 encoder/decoder based on public domain implementation >+ * by Chris Venter */ >+ >+#include <arpa/inet.h> >+#include <stdlib.h> >+#include "base64.h" >+ >+static char base64_encode_value(char value_in) >+{ >+ static const char encoding[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; >+ if (value_in > 63) return '='; >+ return encoding[(int)value_in]; >+} >+ >+static char *base64_encode_block(const char *plaintext_in, int length_in, char *codechar) >+{ >+ const char *plainchar = plaintext_in; >+ const char *const plaintextend = plaintext_in + length_in; >+ char result; >+ char fragment; >+ >+ while (1) { >+ if (plainchar == plaintextend) { >+ return codechar; >+ } >+ fragment = *plainchar++; >+ result = (fragment & 0x0fc) >> 2; >+ *codechar++ = base64_encode_value(result); >+ result = (fragment & 0x003) << 4; >+ if (plainchar == plaintextend) >+ { >+ *codechar++ = base64_encode_value(result); >+ *codechar++ = '='; >+ *codechar++ = '='; >+ return codechar; >+ } >+ fragment = *plainchar++; >+ result |= (fragment & 0x0f0) >> 4; >+ *codechar++ = base64_encode_value(result); >+ result = (fragment & 0x00f) << 2; >+ if (plainchar == plaintextend) >+ { >+ *codechar++ = base64_encode_value(result); >+ *codechar++ = '='; >+ return codechar; >+ } >+ fragment = *plainchar++; >+ result |= (fragment & 0x0c0) >> 6; >+ *codechar++ = base64_encode_value(result); >+ result = (fragment & 0x03f) >> 0; >+ *codechar++ = base64_encode_value(result); >+ } >+ /* control should not reach here */ >+ return codechar; >+} >+ >+#define BASE64_DEFAULT_LINE_LENGTH 64 >+ >+char *b64encode(const void *data, size_t len, int linelen) >+{ >+ size_t encodedlen; >+ const char *dataptr = data; >+ char *output; >+ char *outptr; >+ >+ if (data == NULL) >+ return NULL; >+ >+ if (linelen < 0) >+ linelen = BASE64_DEFAULT_LINE_LENGTH; >+ >+ linelen /= 4; >+ encodedlen = ((len + 2) / 3) * 4; >+ if (linelen > 0) { >+ encodedlen += encodedlen/(linelen * 4) + 1; >+ } >+ ++encodedlen; /* for zero termination */ >+ >+ output = malloc(encodedlen); >+ if (output == NULL) >+ return NULL; >+ >+ outptr = output; >+ while (len > 0) { >+ if (linelen > 0 && len > linelen * 3) { >+ outptr = base64_encode_block(dataptr, linelen * 3, outptr); >+ len -= linelen * 3; >+ dataptr += linelen * 3; >+ } else { >+ outptr = base64_encode_block(dataptr, len, outptr); >+ len = 0; >+ } >+ if (linelen > 0) { >+ *outptr++ = '\n'; >+ } >+ } >+ *outptr = '\0'; >+ return output; >+} >+ >+static int base64_decode_value(char value_in) >+{ >+ static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51}; >+ static const char decoding_size = sizeof(decoding); >+ value_in -= 43; >+ if (value_in < 0 || value_in > decoding_size) >+ return -1; >+ return decoding[(int)value_in]; >+} >+ >+static size_t base64_decode_block(const char *code_in, const size_t length_in, char *plaintext_out) >+{ >+ const char *codechar = code_in; >+ char *plainchar = plaintext_out; >+ char fragment; >+ >+ *plainchar = 0; >+ >+ while (1) >+ { >+ do { >+ if (codechar == code_in+length_in) >+ { >+ return plainchar - plaintext_out; >+ } >+ fragment = (char)base64_decode_value(*codechar++); >+ } while (fragment < 0); >+ *plainchar = (fragment & 0x03f) << 2; >+ >+ do { >+ if (codechar == code_in+length_in) >+ { >+ return plainchar - plaintext_out; >+ } >+ fragment = (char)base64_decode_value(*codechar++); >+ } while (fragment < 0); >+ *plainchar++ |= (fragment & 0x030) >> 4; >+ *plainchar = (fragment & 0x00f) << 4; >+ >+ do { >+ if (codechar == code_in+length_in) >+ { >+ return plainchar - plaintext_out; >+ } >+ fragment = (char)base64_decode_value(*codechar++); >+ } while (fragment < 0); >+ *plainchar++ |= (fragment & 0x03c) >> 2; >+ *plainchar = (fragment & 0x003) << 6; >+ >+ do { >+ if (codechar == code_in+length_in) >+ { >+ return plainchar - plaintext_out; >+ } >+ fragment = (char)base64_decode_value(*codechar++); >+ } while (fragment < 0); >+ *plainchar++ |= (fragment & 0x03f); >+ } >+ /* control should not reach here */ >+ return plainchar - plaintext_out; >+} >+ >+int b64decode(const char *in, void **out, size_t *outlen) >+{ >+ size_t outcnt = 0; >+ const char *inptr = in; >+ >+ *out = NULL; >+ >+ if (in == NULL) { >+ return 1; >+ } >+ >+ while (*inptr != '\0') { >+ /* assume all ASCII control chars as whitespace */ >+ if (*inptr > 32) { >+ if (base64_decode_value(*inptr) != -1) { >+ ++outcnt; >+ } else { >+ return 3; >+ } >+ } >+ ++inptr; >+ } >+ >+ if (outcnt % 4 != 0) >+ return 2; >+ >+ outcnt = (outcnt / 4) * 3; >+ >+ *out = malloc(outcnt + 1); /* base64_decode_block can write one extra character */ >+ >+ if (*out == NULL) >+ return 4; >+ >+ *outlen = base64_decode_block(in, inptr - in, *out); >+ >+ return 0; >+} >+ >+#define CRC24_INIT 0xb704ce >+#define CRC24_POLY 0x1864cfb >+ >+char *b64crc(const unsigned char *data, size_t len) >+{ >+ uint32_t crc = CRC24_INIT; >+ int i; >+ >+ while (len--) { >+ crc ^= (*data++) << 16; >+ for (i = 0; i < 8; i++) { >+ crc <<= 1; >+ if (crc & 0x1000000) >+ crc ^= CRC24_POLY; >+ } >+ } >+ crc = htonl(crc & 0xffffff); >+ data = (unsigned char *)&crc; >+ ++data; >+ return b64encode(data, 3, 0); >+} >+ >+#ifdef BASE64_TEST >+#include <stdio.h> >+#include <string.h> >+ >+int main(int argc, char *argv[]) >+{ >+ static char tst[]="wtrt8122ÄLýáj\x20s ~ýhž\t4\x02Å¡jjmBvž^%$RTÅ¡#á.ÃÄj\x1hÄýÄŤc+"; >+ char *encoded; >+ void *decoded; >+ size_t size; >+ int err; >+ printf("Original: %lu\n%s\n", sizeof(tst)-1, tst); >+ encoded = b64encode(tst, sizeof(tst)-1, 64); >+ printf("Encoded: %lu\n%s\n", strlen(encoded), encoded); >+ if ((err = b64decode(encoded, &decoded, &size)) != 0) { >+ fprintf(stderr, "Error in decode: %d\n", err); >+ return 1; >+ } >+ printf("Decoded:\n%.*s\n", (int)size, (char *)decoded); >+ if (size != sizeof(tst)-1) { >+ fprintf(stderr, "Size differs orig: %lu new: %lu\n", sizeof(tst)-1, size); >+ return 1; >+ } >+ if (memcmp(tst, decoded, size) != 0) { >+ fprintf(stderr, "Decoded data differs.\n"); >+ return 1; >+ } >+ fprintf(stderr, "OK\n"); >+ return 0; >+} >+#endif >+ >diff -r ec9e6c427068 rpmio/base64.h >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/rpmio/base64.h Thu Nov 01 10:56:58 2007 +0100 >@@ -0,0 +1,29 @@ >+/* base64 encoder/decoder based on public domain implementation >+ * by Chris Venter */ >+ >+#include <sys/types.h> >+ >+/* returns malloced base64 encoded string >+ * lines are split with \n characters to be nearest lower multiple of linelen >+ * if linelen/4 == 0 lines are not split >+ * if linelen < 0 default line length (64) is used >+ * the returned string is empty when len == 0 >+ * returns NULL on failures >+ */ >+char *b64encode(const void *data, size_t len, int linelen); >+ >+/* decodes from zero terminated base64 encoded string to a newly malloced buffer >+ * ignores whitespace characters in the input string >+ * return values: >+ * 0 - OK >+ * 1 - input is NULL >+ * 2 - invalid length >+ * 3 - invalid characters on input >+ * 4 - malloc failed >+ */ >+int b64decode(const char *in, void **out, size_t *outlen); >+ >+/* counts CRC24 and base64 encodes it in a malloced string >+ * returns NULL on failures >+ */ >+char *b64crc(const unsigned char *data, size_t len); >diff -r ec9e6c427068 rpmio/digest.c >--- a/rpmio/digest.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/rpmio/digest.c Thu Nov 01 10:56:58 2007 +0100 >@@ -19,16 +19,7 @@ > */ > struct DIGEST_CTX_s { > rpmDigestFlags flags; /*!< Bit(s) to control digest operation. */ >- uint32_t datalen; /*!< No. bytes in block of plaintext data. */ >- uint32_t paramlen; /*!< No. bytes of digest parameters. */ >- uint32_t digestlen; /*!< No. bytes of digest. */ >- void * param; /*!< Digest parameters. */ >- int (*Reset) (void * param) >- /*@modifies param @*/; /*!< Digest initialize. */ >- int (*Update) (void * param, const byte * data, size_t size) >- /*@modifies param @*/; /*!< Digest transform. */ >- int (*Digest) (void * param, /*@out@*/ byte * digest) >- /*@modifies param, digest @*/; /*!< Digest finish. */ >+ HASHContext *hashctx; /*!< Internal NSS hash context. */ > }; > > /*@-boundsread@*/ >@@ -37,115 +28,101 @@ rpmDigestDup(DIGEST_CTX octx) > { > DIGEST_CTX nctx; > nctx = memcpy(xcalloc(1, sizeof(*nctx)), octx, sizeof(*nctx)); >- nctx->param = memcpy(xcalloc(1, nctx->paramlen), octx->param, nctx->paramlen); >+ nctx->hashctx = HASH_Clone(octx->hashctx); >+ if (nctx->hashctx == NULL) { >+ fprintf(stderr, "HASH_Clone failed\n"); >+ exit(EXIT_FAILURE); /* FIX: callers do not bother checking error return */ >+ } > return nctx; > } > /*@=boundsread@*/ > >-DIGEST_CTX >-rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) >+static HASH_HashType >+getHashType(pgpHashAlgo hashalgo) > { >- DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); >- int xx; >- >- ctx->flags = flags; >- > switch (hashalgo) { > case PGPHASHALGO_MD5: >- ctx->digestlen = 16; >- ctx->datalen = 64; >-/*@-sizeoftype@*/ /* FIX: union, not void pointer */ >- ctx->paramlen = sizeof(md5Param); >-/*@=sizeoftype@*/ >- ctx->param = xcalloc(1, ctx->paramlen); >-/*@-type@*/ /* FIX: cast? */ >- ctx->Reset = (void *) md5Reset; >- ctx->Update = (void *) md5Update; >- ctx->Digest = (void *) md5Digest; >-/*@=type@*/ >+ return HASH_AlgMD5; > break; > case PGPHASHALGO_SHA1: >- ctx->digestlen = 20; >- ctx->datalen = 64; >-/*@-sizeoftype@*/ /* FIX: union, not void pointer */ >- ctx->paramlen = sizeof(sha1Param); >-/*@=sizeoftype@*/ >- ctx->param = xcalloc(1, ctx->paramlen); >-/*@-type@*/ /* FIX: cast? */ >- ctx->Reset = (void *) sha1Reset; >- ctx->Update = (void *) sha1Update; >- ctx->Digest = (void *) sha1Digest; >-/*@=type@*/ >+ return HASH_AlgSHA1; > break; >-#if HAVE_BEECRYPT_API_H > case PGPHASHALGO_SHA256: >- ctx->digestlen = 32; >- ctx->datalen = 64; >-/*@-sizeoftype@*/ /* FIX: union, not void pointer */ >- ctx->paramlen = sizeof(sha256Param); >-/*@=sizeoftype@*/ >- ctx->param = xcalloc(1, ctx->paramlen); >-/*@-type@*/ /* FIX: cast? */ >- ctx->Reset = (void *) sha256Reset; >- ctx->Update = (void *) sha256Update; >- ctx->Digest = (void *) sha256Digest; >-/*@=type@*/ >+ return HASH_AlgSHA256; > break; > case PGPHASHALGO_SHA384: >- ctx->digestlen = 48; >- ctx->datalen = 128; >-/*@-sizeoftype@*/ /* FIX: union, not void pointer */ >- ctx->paramlen = sizeof(sha384Param); >-/*@=sizeoftype@*/ >- ctx->param = xcalloc(1, ctx->paramlen); >-/*@-type@*/ /* FIX: cast? */ >- ctx->Reset = (void *) sha384Reset; >- ctx->Update = (void *) sha384Update; >- ctx->Digest = (void *) sha384Digest; >-/*@=type@*/ >+ return HASH_AlgSHA384; > break; > case PGPHASHALGO_SHA512: >- ctx->digestlen = 64; >- ctx->datalen = 128; >-/*@-sizeoftype@*/ /* FIX: union, not void pointer */ >- ctx->paramlen = sizeof(sha512Param); >-/*@=sizeoftype@*/ >- ctx->param = xcalloc(1, ctx->paramlen); >-/*@-type@*/ /* FIX: cast? */ >- ctx->Reset = (void *) sha512Reset; >- ctx->Update = (void *) sha512Update; >- ctx->Digest = (void *) sha512Digest; >-/*@=type@*/ >+ return HASH_AlgSHA512; > break; >-#endif > case PGPHASHALGO_RIPEMD160: > case PGPHASHALGO_MD2: > case PGPHASHALGO_TIGER192: > case PGPHASHALGO_HAVAL_5_160: > default: >+ return HASH_AlgNULL; >+ /*@notreached@*/ break; >+ } >+} >+ >+size_t >+rpmDigestLength(pgpHashAlgo hashalgo) >+{ >+ return HASH_ResultLen(getHashType(hashalgo)); >+} >+ >+DIGEST_CTX >+rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) >+{ >+ HASH_HashType type; >+ DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); >+ >+ if (NSS_NoDB_Init(NULL) != SECSuccess) >+ return NULL; >+ >+ ctx->flags = flags; >+ >+ type = getHashType(hashalgo); >+ if (type == HASH_AlgNULL) { > free(ctx); > return NULL; >- /*@notreached@*/ break; > } > >-/*@-boundsread@*/ >- xx = (*ctx->Reset) (ctx->param); >-/*@=boundsread@*/ >+ ctx->hashctx = HASH_Create(type); >+ if (ctx->hashctx == NULL) { >+ free(ctx); >+ return NULL; >+ } > >-DPRINTF((stderr, "*** Init(%x) ctx %p param %p\n", flags, ctx, ctx->param)); >+ HASH_Begin(ctx->hashctx); >+ >+DPRINTF((stderr, "*** Init(%x) ctx %p hashctx %p\n", flags, ctx, ctx->hashctx)); > return ctx; > } > >-/*@-mustmod@*/ /* LCL: ctx->param may be modified, but ctx is abstract @*/ >+/*@-mustmod@*/ /* LCL: ctx->hashctx may be modified, but ctx is abstract @*/ > int > rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len) > { >+ unsigned int partlen; >+ const unsigned char *ptr = data; >+ > if (ctx == NULL) > return -1; > >-DPRINTF((stderr, "*** Update(%p,%p,%d) param %p \"%s\"\n", ctx, data, len, ctx->param, ((char *)data))); >+DPRINTF((stderr, "*** Update(%p,%p,%d) hashctx %p \"%s\"\n", ctx, data, len, ctx->hashctx, ((char *)data))); > /*@-boundsread@*/ >- return (*ctx->Update) (ctx->param, data, len); >+ partlen = ~(unsigned int)0xFF; >+ while (len > 0) { >+ if (len < partlen) { >+ partlen = (unsigned int)len; >+ } >+ HASH_Update(ctx->hashctx, ptr, partlen); >+ ptr += partlen; >+ len -= partlen; >+ } >+ return 0; > /*@=boundsread@*/ > } > /*@=mustmod@*/ >@@ -154,35 +131,37 @@ int > int > rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii) > { >- byte * digest; >+ unsigned char * digest; > char * t; > int i; >+ unsigned int digestlen; > > if (ctx == NULL) > return -1; >- digest = xmalloc(ctx->digestlen); >+ digestlen = HASH_ResultLenContext(ctx->hashctx); >+ digest = xmalloc(digestlen); > >-DPRINTF((stderr, "*** Final(%p,%p,%p,%d) param %p digest %p\n", ctx, datap, lenp, asAscii, ctx->param, digest)); >-/*@-noeffectuncon@*/ /* FIX: check rc */ >- (void) (*ctx->Digest) (ctx->param, digest); >+DPRINTF((stderr, "*** Final(%p,%p,%p,%d) hashctx %p digest %p\n", ctx, datap, lenp, asAscii, ctx->hashctx, digest)); >+/*@-noeffectuncon@*/ >+ HASH_End(ctx->hashctx, digest, &digestlen, digestlen); > /*@=noeffectuncon@*/ > > /* Return final digest. */ > /*@-branchstate@*/ > if (!asAscii) { >- if (lenp) *lenp = ctx->digestlen; >+ if (lenp) *lenp = digestlen; > if (datap) { > *datap = digest; > digest = NULL; > } > } else { >- if (lenp) *lenp = (2*ctx->digestlen) + 1; >+ if (lenp) *lenp = (2*digestlen) + 1; > if (datap) { > const byte * s = (const byte *) digest; > static const char hex[] = "0123456789abcdef"; > >- *datap = t = xmalloc((2*ctx->digestlen) + 1); >- for (i = 0 ; i < ctx->digestlen; i++) { >+ *datap = t = xmalloc((2*digestlen) + 1); >+ for (i = 0 ; i < digestlen; i++) { > *t++ = hex[ (unsigned)((*s >> 4) & 0x0f) ]; > *t++ = hex[ (unsigned)((*s++ ) & 0x0f) ]; > } >@@ -191,11 +170,10 @@ DPRINTF((stderr, "*** Final(%p,%p,%p,%d) > } > /*@=branchstate@*/ > if (digest) { >- memset(digest, 0, ctx->digestlen); /* In case it's sensitive */ >+ memset(digest, 0, digestlen); /* In case it's sensitive */ > free(digest); > } >- memset(ctx->param, 0, ctx->paramlen); /* In case it's sensitive */ >- free(ctx->param); >+ HASH_Destroy(ctx->hashctx); > memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ > free(ctx); > return 0; >diff -r ec9e6c427068 rpmio/rpmio_internal.h >--- a/rpmio/rpmio_internal.h Wed Oct 24 16:02:51 2007 +0300 >+++ b/rpmio/rpmio_internal.h Thu Nov 01 10:56:58 2007 +0100 >@@ -9,30 +9,14 @@ > #include <rpmio.h> > #include <rpmurl.h> > >-#if HAVE_BEECRYPT_API_H >-#include <api.h> >-#else >-#include <beecrypt.api.h> >-#endif >- > #include <rpmpgp.h> > #include <rpmsw.h> >- >-/* Drag in the beecrypt includes. */ >-#include <beecrypt.h> > #include <base64.h> >-#include <dsa.h> >-#include <endianness.h> >-#include <md5.h> >-#include <mp.h> >-#include <rsa.h> >-#include <rsapk.h> >-#include <sha1.h> >-#if HAVE_BEECRYPT_API_H >-#include <sha256.h> >-#include <sha384.h> >-#include <sha512.h> >-#endif >+ >+#include "nss.h" >+#include "sechash.h" >+#include "keyhi.h" >+#include "cryptohi.h" > > /** \ingroup rpmio > * Values parsed from OpenPGP signature/pubkey packet(s). >@@ -85,20 +69,13 @@ struct pgpDig_s { > void * md5; /*!< (rsa) V3 signature hash. */ > size_t md5len; /*!< (rsa) V3 signature hash length. */ > >- /* DSA parameters. */ >- mpbarrett p; >- mpbarrett q; >- mpnumber g; >- mpnumber y; >- mpnumber hm; >- mpnumber r; >- mpnumber s; >- >- /* RSA parameters. */ >- rsapk rsa_pk; >- mpnumber m; >- mpnumber c; >- mpnumber rsahm; >+ /* DSA parameters */ >+ SECKEYPublicKey *dsa; >+ SECItem *dsasig; >+ >+ /* RSA parameters */ >+ SECKEYPublicKey *rsa; >+ SECItem *rsasig; > }; > > /** \ingroup rpmio >diff -r ec9e6c427068 rpmio/rpmpgp.c >--- a/rpmio/rpmpgp.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/rpmio/rpmpgp.c Thu Nov 01 10:56:58 2007 +0100 >@@ -260,38 +260,100 @@ const char * pgpMpiHex(const byte *p) > /** > * @return 0 on success > */ >-static int pgpHexSet(const char * pre, int lbits, >- /*@out@*/ mpnumber * mpn, const byte * p, const byte * pend) >+static int pgpMpiSet(const char * pre, int lbits, >+ /*@out@*/ void *dest, const byte * p, const byte * pend) > /*@globals fileSystem @*/ >- /*@modifies mpn, fileSystem @*/ >+ /*@modifies dest, fileSystem @*/ > { > unsigned int mbits = pgpMpiBits(p); > unsigned int nbits; > unsigned int nbytes; >- char * t; >+ char *t = dest; > unsigned int ix; > > if ((p + ((mbits+7) >> 3)) > pend) > return 1; > >+ if (mbits > lbits) >+ return 1; >+ > nbits = (lbits > mbits ? lbits : mbits); > nbytes = ((nbits + 7) >> 3); >- t = xmalloc(2*nbytes+1); >- ix = 2 * ((nbits - mbits) >> 3); >+ ix = (nbits - mbits) >> 3; > > if (_debug) >-fprintf(stderr, "*** mbits %u nbits %u nbytes %u t %p[%d] ix %u\n", mbits, nbits, nbytes, t, (2*nbytes+1), ix); >- if (ix > 0) memset(t, (int)'0', ix); >- strcpy(t+ix, pgpMpiHex(p)); >+fprintf(stderr, "*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits, nbytes, ix); >+ if (ix > 0) memset(t, '\0', ix); >+ memcpy(t+ix, p+2, nbytes-ix); > if (_debug) >-fprintf(stderr, "*** %s %s\n", pre, t); >- (void) mpnsethex(mpn, t); >- t = _free(t); >-if (_debug && _print) >-fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, mpn->size, mpn->data); >+fprintf(stderr, "*** %s %s\n", pre, pgpHexStr(dest, nbytes)); >+ > return 0; > } >+ >+/** >+ * @return NULL on error >+ */ >+static SECItem *pgpMpiItem(PRArenaPool *arena, /*@out@*/ SECItem *item, const byte *p) >+ /*@globals fileSystem @*/ >+ /*@modifies dest, fileSystem @*/ >+{ >+ unsigned int nbytes = pgpMpiLen(p)-2; >+ >+ if (item == NULL) { >+ if ((item=SECITEM_AllocItem(arena, item, nbytes)) == NULL) >+ return item; >+ } else { >+ if (arena != NULL) >+ item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes); >+ else >+ item->data = PORT_Realloc(item->data, nbytes); >+ >+ if (item->data == NULL) { >+ if (arena == NULL) >+ SECITEM_FreeItem(item, PR_TRUE); >+ return NULL; >+ } >+ } >+ >+ memcpy(item->data, p+2, nbytes); >+ item->len = nbytes; >+ return item; >+} > /*@=boundswrite@*/ >+ >+static SECKEYPublicKey *pgpNewPublicKey(KeyType type) >+{ >+ PRArenaPool *arena; >+ SECKEYPublicKey *key; >+ >+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); >+ if (arena == NULL) >+ return NULL; >+ >+ key = PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); >+ >+ if (key == NULL) { >+ PORT_FreeArena(arena, PR_FALSE); >+ return NULL; >+ } >+ >+ key->keyType = type; >+ key->pkcs11ID = CK_INVALID_HANDLE; >+ key->pkcs11Slot = NULL; >+ key->arena = arena; >+ return key; >+} >+ >+static SECKEYPublicKey *pgpNewRSAKey(void) >+{ >+ return pgpNewPublicKey(rsaKey); >+} >+ >+static SECKEYPublicKey *pgpNewDSAKey(void) >+{ >+ return pgpNewPublicKey(dsaKey); >+} > > int pgpPrtSubType(const byte *h, unsigned int hlen, pgpSigType sigtype) > { >@@ -407,6 +469,10 @@ static const char * pgpSigDSA[] = { > }; > /*@=varuse =readonlytrans @*/ > >+#ifndef DSA_SUBPRIME_LEN >+#define DSA_SUBPRIME_LEN 20 >+#endif >+ > static int pgpPrtSigParams(/*@unused@*/ pgpTag tag, byte pubkey_algo, byte sigtype, > const byte *p, const byte *h, unsigned int hlen) > /*@globals fileSystem @*/ >@@ -414,7 +480,13 @@ static int pgpPrtSigParams(/*@unused@*/ > { > const byte * pend = h + hlen; > int i; >- >+ SECItem dsaraw; >+ unsigned char dsabuf[2*DSA_SUBPRIME_LEN]; >+ >+ dsaraw.type = 0; >+ dsaraw.data = dsabuf; >+ dsaraw.len = sizeof(dsabuf); >+ > for (i = 0; p < pend; i++, p += pgpMpiLen(p)) { > if (pubkey_algo == PGPPUBKEYALGO_RSA) { > if (i >= 1) break; >@@ -423,9 +495,9 @@ static int pgpPrtSigParams(/*@unused@*/ > { > switch (i) { > case 0: /* m**d */ >- (void) mpnsethex(&_dig->c, pgpMpiHex(p)); >-if (_debug && _print) >-fprintf(stderr, "\t m**d = "), mpfprintln(stderr, _dig->c.size, _dig->c.data); >+ _dig->rsasig = pgpMpiItem(NULL, _dig->rsasig, p); >+ if (_dig->rsasig == NULL) >+ return 1; > /*@switchbreak@*/ break; > default: > /*@switchbreak@*/ break; >@@ -440,11 +512,21 @@ fprintf(stderr, "\t m**d = "), mpfprin > int xx; > xx = 0; > switch (i) { >- case 0: /* r */ >- xx = pgpHexSet(pgpSigDSA[i], 160, &_dig->r, p, pend); >+ case 0: >+ memset(dsaraw.data, '\0', 2*DSA_SUBPRIME_LEN); >+ /* r */ >+ xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data, p, pend); > /*@switchbreak@*/ break; > case 1: /* s */ >- xx = pgpHexSet(pgpSigDSA[i], 160, &_dig->s, p, pend); >+ xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data + DSA_SUBPRIME_LEN, p, pend); >+ if (_dig->dsasig != NULL) >+ SECITEM_FreeItem(_dig->dsasig, PR_FALSE); >+ else if ((_dig->dsasig=SECITEM_AllocItem(NULL, NULL, 0)) == NULL) { >+ xx = 1; >+ /*@switchbreak@*/ break; >+ } >+ if (DSAU_EncodeDerSig(_dig->dsasig, &dsaraw) != SECSuccess) >+ xx = 1; > /*@switchbreak@*/ break; > default: > xx = 1; >@@ -629,16 +711,17 @@ static const byte * pgpPrtPubkeyParams(b > if (pubkey_algo == PGPPUBKEYALGO_RSA) { > if (i >= 2) break; > if (_dig) { >+ if (_dig->rsa == NULL) { >+ _dig->rsa = pgpNewRSAKey(); >+ if (_dig->rsa == NULL) >+ break; /* error abort? */ >+ } > switch (i) { > case 0: /* n */ >- (void) mpbsethex(&_dig->rsa_pk.n, pgpMpiHex(p)); >-if (_debug && _print) >-fprintf(stderr, "\t n = "), mpfprintln(stderr, _dig->rsa_pk.n.size, _dig->rsa_pk.n.modl); >+ pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.modulus, p); > /*@switchbreak@*/ break; > case 1: /* e */ >- (void) mpnsethex(&_dig->rsa_pk.e, pgpMpiHex(p)); >-if (_debug && _print) >-fprintf(stderr, "\t e = "), mpfprintln(stderr, _dig->rsa_pk.e.size, _dig->rsa_pk.e.data); >+ pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.publicExponent, p); > /*@switchbreak@*/ break; > default: > /*@switchbreak@*/ break; >@@ -648,26 +731,23 @@ fprintf(stderr, "\t e = "), mpfprin > } else if (pubkey_algo == PGPPUBKEYALGO_DSA) { > if (i >= 4) break; > if (_dig) { >+ if (_dig->dsa == NULL) { >+ _dig->dsa = pgpNewDSAKey(); >+ if (_dig->dsa == NULL) >+ break; /* error abort? */ >+ } > switch (i) { > case 0: /* p */ >- (void) mpbsethex(&_dig->p, pgpMpiHex(p)); >-if (_debug && _print) >-fprintf(stderr, "\t p = "), mpfprintln(stderr, _dig->p.size, _dig->p.modl); >+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.prime, p); > /*@switchbreak@*/ break; > case 1: /* q */ >- (void) mpbsethex(&_dig->q, pgpMpiHex(p)); >-if (_debug && _print) >-fprintf(stderr, "\t q = "), mpfprintln(stderr, _dig->q.size, _dig->q.modl); >+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.subPrime, p); > /*@switchbreak@*/ break; > case 2: /* g */ >- (void) mpnsethex(&_dig->g, pgpMpiHex(p)); >-if (_debug && _print) >-fprintf(stderr, "\t g = "), mpfprintln(stderr, _dig->g.size, _dig->g.data); >+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.base, p); > /*@switchbreak@*/ break; > case 3: /* y */ >- (void) mpnsethex(&_dig->y, pgpMpiHex(p)); >-if (_debug && _print) >-fprintf(stderr, "\t y = "), mpfprintln(stderr, _dig->y.size, _dig->y.data); >+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.publicValue, p); > /*@switchbreak@*/ break; > default: > /*@switchbreak@*/ break; >@@ -1014,6 +1094,8 @@ pgpDig pgpNewDig(void) > pgpDig pgpNewDig(void) > { > pgpDig dig = xcalloc(1, sizeof(*dig)); >+ NSS_NoDB_Init(NULL); >+ > return dig; > } > >@@ -1038,14 +1120,27 @@ void pgpCleanDig(pgpDig dig) > > dig->md5 = _free(dig->md5); > dig->sha1 = _free(dig->sha1); >- mpnfree(&dig->hm); >- mpnfree(&dig->r); >- mpnfree(&dig->s); >- >- (void) rsapkFree(&dig->rsa_pk); >- mpnfree(&dig->m); >- mpnfree(&dig->c); >- mpnfree(&dig->rsahm); >+ >+ if (dig->dsa != NULL) { >+ SECKEY_DestroyPublicKey(dig->dsa); >+ dig->dsa = NULL; >+ } >+ >+ if (dig->dsasig != NULL) { >+ SECITEM_ZfreeItem(dig->dsasig, PR_TRUE); >+ dig->dsasig = NULL; >+ } >+ >+ if (dig->rsa != NULL) { >+ SECKEY_DestroyPublicKey(dig->rsa); >+ dig->rsa = NULL; >+ } >+ >+ if (dig->rsasig != NULL) { >+ SECITEM_ZfreeItem(dig->rsasig, PR_TRUE); >+ dig->rsasig = NULL; >+ } >+ > } > /*@-nullstate@*/ > return; >@@ -1072,14 +1167,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ > (void) rpmDigestFinal(dig->sha1ctx, NULL, NULL, 0); > /*@=branchstate@*/ > dig->sha1ctx = NULL; >- >- mpbfree(&dig->p); >- mpbfree(&dig->q); >- mpnfree(&dig->g); >- mpnfree(&dig->y); >- mpnfree(&dig->hm); >- mpnfree(&dig->r); >- mpnfree(&dig->s); > > #ifdef NOTYET > /*@-branchstate@*/ >@@ -1094,12 +1181,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ > (void) rpmDigestFinal(dig->md5ctx, NULL, NULL, 0); > /*@=branchstate@*/ > dig->md5ctx = NULL; >- >- mpbfree(&dig->rsa_pk.n); >- mpnfree(&dig->rsa_pk.e); >- mpnfree(&dig->m); >- mpnfree(&dig->c); >- mpnfree(&dig->hm); > > dig = _free(dig); > } >@@ -1286,20 +1367,13 @@ char * pgpArmorWrap(int atype, const uns > { > const char * enc; > char * t; >- size_t nt; >+ size_t nt = 0; > char * val; >- int lc; >- >- nt = ((ns + 2) / 3) * 4; >- /*@-globs@*/ >- /* Add additional bytes necessary for eol string(s). */ >- if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) { >- lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line; >- if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0) >- ++lc; >- nt += lc * strlen(b64encode_eolstr); >- } >- /*@=globs@*/ >+ >+ enc = b64encode(s, ns, -1); >+ if (enc != NULL) { >+ nt = strlen(enc); >+ } > > nt += 512; /* XXX slop for armor and crc */ > >@@ -1311,9 +1385,9 @@ char * pgpArmorWrap(int atype, const uns > /*@-globs@*/ > t = stpcpy( stpcpy(t, "-----\nVersion: rpm-"), VERSION); > /*@=globs@*/ >- t = stpcpy(t, " (beecrypt-4.1.2)\n\n"); >- >- if ((enc = b64encode(s, ns)) != NULL) { >+ t = stpcpy(t, " (NSS-3)\n\n"); >+ >+ if (enc != NULL) { > t = stpcpy(t, enc); > enc = _free(enc); > if ((enc = b64crc(s, ns)) != NULL) { >diff -r ec9e6c427068 rpmio/rpmpgp.h >--- a/rpmio/rpmpgp.h Wed Oct 24 16:02:51 2007 +0300 >+++ b/rpmio/rpmpgp.h Thu Nov 01 10:56:58 2007 +0100 >@@ -12,11 +12,7 @@ > > #include <string.h> > >-#if !defined(_BEECRYPT_API_H) >-/*@-redef@*/ > typedef unsigned char byte; >-/*@=redef@*/ >-#endif /* _BEECRYPT_API_H */ > > /** > */ >@@ -1393,6 +1389,15 @@ DIGEST_CTX rpmDigestDup(DIGEST_CTX octx) > /*@*/; > > /** \ingroup rpmio >+ * Obtain digest length in bytes. >+ * @param hashalgo type of digest >+ * @return digest length >+ */ >+/*@only@*/ /*@null@*/ >+size_t rpmDigestLength(pgpHashAlgo hashalgo) >+ /*@*/; >+ >+/** \ingroup rpmio > * Initialize digest. > * Set bit count to 0 and buffer to mysterious initialization constants. > * @param hashalgo type of digest >diff -r ec9e6c427068 rpmio/tkey.c >--- a/rpmio/tkey.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/rpmio/tkey.c Thu Nov 01 10:56:58 2007 +0100 >@@ -31,7 +31,7 @@ fprintf(stderr, "*** sig is\n%s\n", sig) > return rc; > } > >- if ((enc = b64encode(dec, declen)) == NULL) { >+ if ((enc = b64encode(dec, declen, -1)) == NULL) { > fprintf(stderr, "*** b64encode failed\n"); > return rc; > } >@@ -51,52 +51,40 @@ fprintf(stderr, "??? %5d %02x != %02x '% > return rc; > } > >-/* FIPS-186 test vectors. */ >-static const char * fips_p = "8df2a494492276aa3d25759bb06869cbeac0d83afb8d0cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec0736ee31c80291"; >-static const char * fips_q = "c773218c737ec8ee993b4f2ded30f48edace915f"; >-static const char * fips_g = "626d027839ea0a13413163a55b4cb500299d5522956cefcb3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9cc42e9f6f464b088cc572af53e6d78802"; >- >-static const char * fips_hm = "a9993e364706816aba3e25717850c26c9cd0d89d"; >- >-static const char * fips_y = "19131871d75b1612a819f29d78d1b0d7346f7aa77bb62a859bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74858fba33f44c06699630a76b030ee333"; >- >-static const char * fips_r = "8bac1ab66410435cb7181f95b16ab97c92b341c0"; >-static const char * fips_s = "41e2345f1f56df2458f426d155b4ba2db6dcd8c8"; >- > /* Secret key */ >-static const char * jbjSecretDSA = " >-lQFvBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR >-zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy >-AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm >-qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv >-Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT >-2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh >-1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL/8DAwJUAllw1pdZ >-WmBIoAvRiv7kE6hWfeCvZzdBVgrHYrp8ceUa3OdulGfYw/0sIzpEU0FfZmFjdG9y >-OgAA30gJ4JMFKVfthnDCHHL+O8lNxykKBmrgVPLClue0KUplZmYgSm9obnNvbiAo >-QVJTIE4zTlBRKSA8amJqQHJlZGhhdC5jb20+iFcEExECABcFAju6XHwFCwcKAwQD >-FQMCAxYCAQIXgAAKCRCB0qVW2I6DmQU6AJ490bVWZuM4yCOh8MWj6qApCr1/gwCf >-f3+QgXFXAeTyPtMmReyWxThABtE= >+static const char * jbjSecretDSA = "\n\ >+lQFvBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR\n\ >+zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy\n\ >+AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm\n\ >+qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv\n\ >+Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT\n\ >+2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh\n\ >+1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL/8DAwJUAllw1pdZ\n\ >+WmBIoAvRiv7kE6hWfeCvZzdBVgrHYrp8ceUa3OdulGfYw/0sIzpEU0FfZmFjdG9y\n\ >+OgAA30gJ4JMFKVfthnDCHHL+O8lNxykKBmrgVPLClue0KUplZmYgSm9obnNvbiAo\n\ >+QVJTIE4zTlBRKSA8amJqQHJlZGhhdC5jb20+iFcEExECABcFAju6XHwFCwcKAwQD\n\ >+FQMCAxYCAQIXgAAKCRCB0qVW2I6DmQU6AJ490bVWZuM4yCOh8MWj6qApCr1/gwCf\n\ >+f3+QgXFXAeTyPtMmReyWxThABtE=\n\ > "; > > /* Public key */ >-static const char * jbjPublicDSA = " >-mQFCBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR >-zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy >-AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm >-qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv >-Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT >-2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh >-1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL7QpSmVmZiBKb2hu >-c29uIChBUlMgTjNOUFEpIDxqYmpAcmVkaGF0LmNvbT6IVwQTEQIAFwUCO7pcfAUL >-BwoDBAMVAwIDFgIBAheAAAoJEIHSpVbYjoOZBToAn3TXaAI+bhg51EeyaiFip/6W >-OVwBAJ44rTtNsgZBQxXISjB64CWxl4VaWQ== >+static const char * jbjPublicDSA = "\n\ >+mQFCBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR\n\ >+zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy\n\ >+AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm\n\ >+qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv\n\ >+Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT\n\ >+2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh\n\ >+1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL7QpSmVmZiBKb2hu\n\ >+c29uIChBUlMgTjNOUFEpIDxqYmpAcmVkaGF0LmNvbT6IVwQTEQIAFwUCO7pcfAUL\n\ >+BwoDBAMVAwIDFgIBAheAAAoJEIHSpVbYjoOZBToAn3TXaAI+bhg51EeyaiFip/6W\n\ >+OVwBAJ44rTtNsgZBQxXISjB64CWxl4VaWQ==\n\ > "; > > /* Signature */ >-static const char * abcSignatureDSA = " >-iD8DBQA7vII+gdKlVtiOg5kRAvg4AJ0fV3gDBADobAnK2HOkV88bfmFMEgCeNysO >-nP3dWWJnp0Pnbor7pIob4Dk= >+static const char * abcSignatureDSA = "\n\ >+iD8DBQA7vII+gdKlVtiOg5kRAvg4AJ0fV3gDBADobAnK2HOkV88bfmFMEgCeNysO\n\ >+nP3dWWJnp0Pnbor7pIob4Dk=\n\ > "; > > int >@@ -107,28 +95,6 @@ main (int argc, char *argv[]) > int rc; > > dig = pgpNewDig(); >- >- mpbzero(&dig->p); mpbsethex(&dig->p, fips_p); >- mpbzero(&dig->q); mpbsethex(&dig->q, fips_q); >- mpnzero(&dig->g); mpnsethex(&dig->g, fips_g); >- mpnzero(&dig->y); mpnsethex(&dig->y, fips_y); >- mpnzero(&dig->r); mpnsethex(&dig->r, fips_r); >- mpnzero(&dig->s); mpnsethex(&dig->s, fips_s); >- mpnzero(&dig->hm); mpnsethex(&dig->hm, fips_hm); >- >- rc = dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, >- &dig->y, &dig->r, &dig->s); >- >-fprintf(stderr, "=============================== DSA FIPS-186-1: rc %d\n", rc); >- >- mpbfree(&dig->p); >- mpbfree(&dig->q); >- mpnfree(&dig->g); >- mpnfree(&dig->y); >- >- mpnfree(&dig->hm); >- mpnfree(&dig->r); >- mpnfree(&dig->s); > > fprintf(stderr, "=============================== GPG Secret Key\n"); > if ((rc = doit(jbjSecretDSA, dig, printing)) != 0) >@@ -144,39 +110,33 @@ fprintf(stderr, "======================= > > { DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); > struct pgpDigParams_s * dsig = &dig->signature; >- const char * digest = NULL; >+ void *digest = NULL; > size_t digestlen = 0; > const char * txt = "abc"; >+ SECItem digitem; > > rpmDigestUpdate(ctx, txt, strlen(txt)); > rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen); >- rpmDigestFinal(ctx, (void **)&digest, &digestlen, 1); >+ rpmDigestFinal(ctx, &digest, &digestlen, 0); > >- mpnzero(&dig->hm); mpnsethex(&dig->hm, digest); >+fprintf(stderr, "\n hm = [ 160]: %s\n\n", pgpHexStr(digest, digestlen)); >+ digitem.type = siBuffer; >+ digitem.data = digest; >+ digitem.len = digestlen; > >-fprintf(stderr, "\n hm = [ 160]: %s\n\n", digest); >+ rc = VFY_VerifyDigest(&digitem, dig->dsa, dig->dsasig, SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, NULL); > > if (digest) { >- free((void *)digest); >+ free(digest); > digest = NULL; > } > } > >- rc = dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, >- &dig->y, &dig->r, &dig->s); > > fprintf(stderr, "=============================== DSA verify: rc %d\n", rc); >- >- mpbfree(&dig->p); >- mpbfree(&dig->q); >- mpnfree(&dig->g); >- mpnfree(&dig->y); >- >- mpnfree(&dig->hm); >- mpnfree(&dig->r); >- mpnfree(&dig->s); > > dig = pgpFreeDig(dig); > > return rc; > } >+ >diff -r ec9e6c427068 tools/Makefile.am >--- a/tools/Makefile.am Wed Oct 24 16:02:51 2007 +0300 >+++ b/tools/Makefile.am Thu Nov 01 10:56:58 2007 +0100 >@@ -8,7 +8,7 @@ INCLUDES = -I. \ > -I$(top_srcdir)/lib \ > -I$(top_srcdir)/rpmdb \ > -I$(top_srcdir)/rpmio \ >- @WITH_BEECRYPT_INCLUDE@ \ >+ @WITH_NSS_INCLUDE@ \ > @WITH_POPT_INCLUDE@ \ > @WITH_LIBELF_INCLUDE@ \ > @WITH_LIBDWARF_INCLUDE@ \ >@@ -36,10 +36,10 @@ convertdb1_SOURCES = convertdb1.c > convertdb1_SOURCES = convertdb1.c > > debugedit_SOURCES = debugedit.c hashtab.c >-#debugedit_LDADD = @LDFLAGS_STATIC@ \ >-debugedit_LDADD = \ >+debugedit_CFLAGS = $(INCLUDES) >+#debugedit_LDFLAGS = $(staticLDFLAGS) >+debugedit_LDADD = $(top_builddir)/rpmio/librpmio.la \ > @WITH_LIBELF_LIB@ \ >- @WITH_BEECRYPT_LIB@ \ > @WITH_POPT_LIB@ > > javadeps_SOURCES = javadeps.c >diff -r ec9e6c427068 tools/debugedit.c >--- a/tools/debugedit.c Wed Oct 24 16:02:51 2007 +0300 >+++ b/tools/debugedit.c Thu Nov 01 10:56:58 2007 +0100 >@@ -36,8 +36,8 @@ > #include <gelf.h> > #include <dwarf.h> > >-#include <beecrypt/beecrypt.h> >- >+#include <rpmio.h> >+#include <rpmpgp.h> > #include "hashtab.h" > > #define DW_TAG_partial_unit 0x3c >@@ -1304,22 +1304,27 @@ error_out: > return NULL; > } > >+static const pgpHashAlgo algorithms[] = { PGPHASHALGO_MD5, >+ PGPHASHALGO_SHA1, PGPHASHALGO_SHA256, PGPHASHALGO_SHA384, PGPHASHALGO_SHA512 }; >+ > /* Compute a fresh build ID bit-string from the editted file contents. */ > static void > handle_build_id (DSO *dso, Elf_Data *build_id, > size_t build_id_offset, size_t build_id_size) > { >- hashFunctionContext ctx; >- const hashFunction *hf = NULL; >- int i = hashFunctionCount (); >+ DIGEST_CTX ctx; >+ pgpHashAlgo algorithm; >+ int i = sizeof(algorithms)/sizeof(algorithms[0]); >+ void *digest = NULL; >+ size_t len; > > while (i-- > 0) > { >- hf = hashFunctionGet (i); >- if (hf != NULL && hf->digestsize == build_id_size) >+ algorithm = algorithms[i]; >+ if (rpmDigestLength(algorithm) == build_id_size) > break; > } >- if (hf == NULL) >+ if (i < 0) > { > fprintf (stderr, "Cannot handle %Zu-byte build ID\n", build_id_size); > exit (1); >@@ -1335,7 +1340,7 @@ handle_build_id (DSO *dso, Elf_Data *bui > /* Clear the old bits so they do not affect the new hash. */ > memset ((char *) build_id->d_buf + build_id_offset, 0, build_id_size); > >- hashFunctionContextInit (&ctx, hf); >+ ctx = rpmDigestInit(algorithm, 0); > > /* Slurp the relevant header bits and section contents and feed them > into the hash function. The only bits we ignore are the offset >@@ -1349,8 +1354,7 @@ handle_build_id (DSO *dso, Elf_Data *bui > inline void process (const void *data, size_t size); > inline void process (const void *data, size_t size) > { >- memchunk chunk = { .data = (void *) data, .size = size }; >- hashFunctionContextUpdateMC (&ctx, &chunk); >+ rpmDigestUpdate(ctx, data, size); > } > > union >@@ -1405,22 +1409,17 @@ handle_build_id (DSO *dso, Elf_Data *bui > } > } > >- hashFunctionContextDigest (&ctx, (byte *) build_id->d_buf + build_id_offset); >- hashFunctionContextFree (&ctx); >+ rpmDigestFinal(ctx, &digest, &len, 0); >+ memcpy((unsigned char *)build_id->d_buf + build_id_offset, digest, build_id_size); >+ free(digest); > > elf_flagdata (build_id, ELF_C_SET, ELF_F_DIRTY); > > /* Now format the build ID bits in hex to print out. */ > { >- const unsigned char * id = build_id->d_buf + build_id_offset; >+ const byte * id = (byte *)build_id->d_buf + build_id_offset; > char hex[build_id_size * 2 + 1]; >- int n = snprintf (hex, 3, "%02" PRIx8, id[0]); >- assert (n == 2); >- for (i = 1; i < build_id_size; ++i) >- { >- n = snprintf (&hex[i * 2], 3, "%02" PRIx8, id[i]); >- assert (n == 2); >- } >+ pgpHexCvt(hex, id, build_id_size); > puts (hex); > } > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=245451">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 348131
: 245451 |
245941