RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: [EMAIL PROTECTED] Module: rpm Date: 06-Dec-2007 02:50:49 Branch: HEAD Handle: 2007120601504800 Modified files: rpm CHANGES rpm/rpmio rpmgc.c rpmgc.h rpmssl.c rpmssl.h tkey.c Log: - jbj: flesh out rpmssl implementation. DSA seems OK, no clue RSA yet. Summary: Revision Changes Path 1.1944 +1 -0 rpm/CHANGES 2.3 +1 -1 rpm/rpmio/rpmgc.c 2.3 +0 -1 rpm/rpmio/rpmgc.h 2.3 +45 -8 rpm/rpmio/rpmssl.c 2.2 +9 -2 rpm/rpmio/rpmssl.h 2.24 +1 -1 rpm/rpmio/tkey.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.1943 -r1.1944 CHANGES --- rpm/CHANGES 6 Dec 2007 00:40:32 -0000 1.1943 +++ rpm/CHANGES 6 Dec 2007 01:50:48 -0000 1.1944 @@ -1,4 +1,5 @@ 5.0a4 -> 5.0b1: + - jbj: flesh out rpmssl implementation. DSA seems OK, no clue RSA yet. - jbj: flesh out rpmgc implementation. stil buggy ... - jbj: stub in rpmgc/rpmssl for gcrypt & openssl signature verification. - rse: add XAR support to "devtool standalone" @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmgc.c ============================================================================ $ cvs diff -u -r2.2 -r2.3 rpmgc.c --- rpm/rpmio/rpmgc.c 6 Dec 2007 00:40:32 -0000 2.2 +++ rpm/rpmio/rpmgc.c 6 Dec 2007 01:50:48 -0000 2.3 @@ -119,6 +119,7 @@ "(data (flags pkcs1) (hash %s %m))", gcry_pk_algo_name(sigp->hash_algo), c); gcry_mpi_release(c); +if (_pgp_debug) rpmgcDump("gc->hash", gc->hash); /[EMAIL PROTECTED] =noeffectuncon @*/ @@ -130,7 +131,6 @@ signhash16[0] = (uint8_t) (nibble(s[0]) << 4) | nibble(s[1]); signhash16[1] = (uint8_t) (nibble(s[2]) << 4) | nibble(s[3]); /[EMAIL PROTECTED]@*/ - return memcmp(signhash16, sigp->signhash16, sizeof(sigp->signhash16)); } @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmgc.h ============================================================================ $ cvs diff -u -r2.2 -r2.3 rpmgc.h --- rpm/rpmio/rpmgc.h 6 Dec 2007 00:40:32 -0000 2.2 +++ rpm/rpmio/rpmgc.h 6 Dec 2007 01:50:48 -0000 2.3 @@ -38,7 +38,6 @@ gcry_mpi_t hm; /* RSA parameters. */ - gcry_mpi_t md; gcry_mpi_t n; gcry_mpi_t e; gcry_mpi_t c; @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmssl.c ============================================================================ $ cvs diff -u -r2.2 -r2.3 rpmssl.c --- rpm/rpmio/rpmssl.c 6 Dec 2007 00:40:32 -0000 2.2 +++ rpm/rpmio/rpmssl.c 6 Dec 2007 01:50:48 -0000 2.3 @@ -27,7 +27,7 @@ /[EMAIL PROTECTED] ctx, dig @*/ { rpmssl ssl = dig->impl; - unsigned int nbits = 0; /* WRONG */ + unsigned int nbits = 0; /* WRONG WRONG WRONG */ unsigned int nb = (nbits + 7) >> 3; const char * prefix; const char * hexstr; @@ -97,10 +97,13 @@ /[EMAIL PROTECTED]/ { rpmssl ssl = dig->impl; - int rc; + int rc = 0; /* Verify RSA signature. */ /[EMAIL PROTECTED]@*/ +#if 0 + rc = RSA_verify(type, m, m_len, sigbuf, siglen, ssl->rsa) +#endif /[EMAIL PROTECTED]@*/ return rc; @@ -110,14 +113,10 @@ int rpmsslSetDSA(/[EMAIL PROTECTED]@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp) /[EMAIL PROTECTED] ctx, dig @*/ { - rpmssl ssl = dig->impl; int xx; - xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1); - - /* Set DSA hash. */ -/[EMAIL PROTECTED] -noeffectuncon @*/ -/[EMAIL PROTECTED] =noeffectuncon @*/ + /* Set DSA hash. */ + xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0); /* Compare leading 16 bits of digest for quick check. */ return memcmp(dig->sha1, sigp->signhash16, sizeof(sigp->signhash16)); @@ -132,6 +131,7 @@ /* Verify DSA signature. */ /[EMAIL PROTECTED]@*/ + rc = (DSA_do_verify(dig->sha1, dig->sha1len, ssl->dsasig, ssl->dsa) == 1); /[EMAIL PROTECTED]@*/ return rc; @@ -144,31 +144,51 @@ /[EMAIL PROTECTED] dig, fileSystem @*/ { rpmssl ssl = dig->impl; + unsigned int nb = ((pgpMpiBits(p) + 7) >> 3); int rc = 0; +/[EMAIL PROTECTED]@*/ switch (itemno) { default: assert(0); break; case 10: /* RSA m**d */ + ssl->c = BN_bin2bn(p+2, nb, ssl->c); break; case 20: /* DSA r */ + if (ssl->dsasig == NULL) ssl->dsasig = DSA_SIG_new(); + ssl->dsasig->r = BN_bin2bn(p+2, nb, ssl->dsasig->r); break; case 21: /* DSA s */ + if (ssl->dsasig == NULL) ssl->dsasig = DSA_SIG_new(); + ssl->dsasig->s = BN_bin2bn(p+2, nb, ssl->dsasig->s); break; case 30: /* RSA n */ + if (ssl->rsa == NULL) ssl->rsa = RSA_new(); + ssl->rsa->n = BN_bin2bn(p+2, nb, ssl->rsa->n); break; case 31: /* RSA e */ + if (ssl->rsa == NULL) ssl->rsa = RSA_new(); + ssl->rsa->e = BN_bin2bn(p+2, nb, ssl->rsa->e); break; case 40: /* DSA p */ + if (ssl->dsa == NULL) ssl->dsa = DSA_new(); + ssl->dsa->p = BN_bin2bn(p+2, nb, ssl->dsa->p); break; case 41: /* DSA q */ + if (ssl->dsa == NULL) ssl->dsa = DSA_new(); + ssl->dsa->q = BN_bin2bn(p+2, nb, ssl->dsa->q); break; case 42: /* DSA g */ + if (ssl->dsa == NULL) ssl->dsa = DSA_new(); + ssl->dsa->g = BN_bin2bn(p+2, nb, ssl->dsa->g); break; case 43: /* DSA y */ + if (ssl->dsa == NULL) ssl->dsa = DSA_new(); + ssl->dsa->pub_key = BN_bin2bn(p+2, nb, ssl->dsa->pub_key); break; } +/[EMAIL PROTECTED]@*/ return rc; } @@ -178,6 +198,22 @@ { rpmssl ssl = impl; if (ssl != NULL) { + if (ssl->dsa) { + DSA_free(ssl->dsa); + ssl->dsa = NULL; + } + if (ssl->dsasig) { + DSA_SIG_free(ssl->dsasig); + ssl->dsasig = NULL; + } + if (ssl->rsa) { + RSA_free(ssl->rsa); + ssl->rsa = NULL; + } + if (ssl->c) { + BN_free(ssl->c); + ssl->c = NULL; + } } } @@ -197,6 +233,7 @@ /[EMAIL PROTECTED]/ { rpmssl ssl = xcalloc(1, sizeof(*ssl)); + ERR_load_crypto_strings(); return (void *) ssl; } @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmssl.h ============================================================================ $ cvs diff -u -r2.1 -r2.2 rpmssl.h --- rpm/rpmio/rpmssl.h 5 Dec 2007 17:55:36 -0000 2.1 +++ rpm/rpmio/rpmssl.h 6 Dec 2007 01:50:48 -0000 2.2 @@ -10,6 +10,10 @@ /* Implementation specific includes. */ #if defined(_RPMSSL_INTERNAL) +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rsa.h> +#include <openssl/engine.h> #endif /** @@ -21,11 +25,14 @@ */ #if defined(_RPMSSL_INTERNAL) struct rpmssl_s { - int foo; - /* DSA parameters. */ + DSA * dsa; + DSA_SIG * dsasig; /* RSA parameters. */ + RSA * rsa; + + BIGNUM * c; }; #endif @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/tkey.c ============================================================================ $ cvs diff -u -r2.23 -r2.24 tkey.c --- rpm/rpmio/tkey.c 6 Dec 2007 00:40:32 -0000 2.23 +++ rpm/rpmio/tkey.c 6 Dec 2007 01:50:48 -0000 2.24 @@ -142,7 +142,7 @@ dig = pgpDigFree(dig); - pgpImplVecs = &rpmgcImplVecs; + pgpImplVecs = &rpmsslImplVecs; dig = pgpDigNew(0); _pgp_debug = 1; @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org