RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: [EMAIL PROTECTED]
Module: rpm Date: 06-Dec-2007 02:50:49
Branch: HEAD Handle: 2007120601504800
Modified files:
rpm CHANGES
rpm/rpmio rpmgc.c rpmgc.h rpmssl.c rpmssl.h tkey.c
Log:
- jbj: flesh out rpmssl implementation. DSA seems OK, no clue RSA yet.
Summary:
Revision Changes Path
1.1944 +1 -0 rpm/CHANGES
2.3 +1 -1 rpm/rpmio/rpmgc.c
2.3 +0 -1 rpm/rpmio/rpmgc.h
2.3 +45 -8 rpm/rpmio/rpmssl.c
2.2 +9 -2 rpm/rpmio/rpmssl.h
2.24 +1 -1 rpm/rpmio/tkey.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.1943 -r1.1944 CHANGES
--- rpm/CHANGES 6 Dec 2007 00:40:32 -0000 1.1943
+++ rpm/CHANGES 6 Dec 2007 01:50:48 -0000 1.1944
@@ -1,4 +1,5 @@
5.0a4 -> 5.0b1:
+ - jbj: flesh out rpmssl implementation. DSA seems OK, no clue RSA yet.
- jbj: flesh out rpmgc implementation. stil buggy ...
- jbj: stub in rpmgc/rpmssl for gcrypt & openssl signature verification.
- rse: add XAR support to "devtool standalone"
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmgc.c
============================================================================
$ cvs diff -u -r2.2 -r2.3 rpmgc.c
--- rpm/rpmio/rpmgc.c 6 Dec 2007 00:40:32 -0000 2.2
+++ rpm/rpmio/rpmgc.c 6 Dec 2007 01:50:48 -0000 2.3
@@ -119,6 +119,7 @@
"(data (flags pkcs1) (hash %s %m))",
gcry_pk_algo_name(sigp->hash_algo), c);
gcry_mpi_release(c);
+if (_pgp_debug)
rpmgcDump("gc->hash", gc->hash);
/[EMAIL PROTECTED] =noeffectuncon @*/
@@ -130,7 +131,6 @@
signhash16[0] = (uint8_t) (nibble(s[0]) << 4) | nibble(s[1]);
signhash16[1] = (uint8_t) (nibble(s[2]) << 4) | nibble(s[3]);
/[EMAIL PROTECTED]@*/
-
return memcmp(signhash16, sigp->signhash16, sizeof(sigp->signhash16));
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmgc.h
============================================================================
$ cvs diff -u -r2.2 -r2.3 rpmgc.h
--- rpm/rpmio/rpmgc.h 6 Dec 2007 00:40:32 -0000 2.2
+++ rpm/rpmio/rpmgc.h 6 Dec 2007 01:50:48 -0000 2.3
@@ -38,7 +38,6 @@
gcry_mpi_t hm;
/* RSA parameters. */
- gcry_mpi_t md;
gcry_mpi_t n;
gcry_mpi_t e;
gcry_mpi_t c;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmssl.c
============================================================================
$ cvs diff -u -r2.2 -r2.3 rpmssl.c
--- rpm/rpmio/rpmssl.c 6 Dec 2007 00:40:32 -0000 2.2
+++ rpm/rpmio/rpmssl.c 6 Dec 2007 01:50:48 -0000 2.3
@@ -27,7 +27,7 @@
/[EMAIL PROTECTED] ctx, dig @*/
{
rpmssl ssl = dig->impl;
- unsigned int nbits = 0; /* WRONG */
+ unsigned int nbits = 0; /* WRONG WRONG WRONG */
unsigned int nb = (nbits + 7) >> 3;
const char * prefix;
const char * hexstr;
@@ -97,10 +97,13 @@
/[EMAIL PROTECTED]/
{
rpmssl ssl = dig->impl;
- int rc;
+ int rc = 0;
/* Verify RSA signature. */
/[EMAIL PROTECTED]@*/
+#if 0
+ rc = RSA_verify(type, m, m_len, sigbuf, siglen, ssl->rsa)
+#endif
/[EMAIL PROTECTED]@*/
return rc;
@@ -110,14 +113,10 @@
int rpmsslSetDSA(/[EMAIL PROTECTED]@*/ DIGEST_CTX ctx, pgpDig dig,
pgpDigParams sigp)
/[EMAIL PROTECTED] ctx, dig @*/
{
- rpmssl ssl = dig->impl;
int xx;
- xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1);
-
- /* Set DSA hash. */
-/[EMAIL PROTECTED] -noeffectuncon @*/
-/[EMAIL PROTECTED] =noeffectuncon @*/
+ /* Set DSA hash. */
+ xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0);
/* Compare leading 16 bits of digest for quick check. */
return memcmp(dig->sha1, sigp->signhash16, sizeof(sigp->signhash16));
@@ -132,6 +131,7 @@
/* Verify DSA signature. */
/[EMAIL PROTECTED]@*/
+ rc = (DSA_do_verify(dig->sha1, dig->sha1len, ssl->dsasig, ssl->dsa) ==
1);
/[EMAIL PROTECTED]@*/
return rc;
@@ -144,31 +144,51 @@
/[EMAIL PROTECTED] dig, fileSystem @*/
{
rpmssl ssl = dig->impl;
+ unsigned int nb = ((pgpMpiBits(p) + 7) >> 3);
int rc = 0;
+/[EMAIL PROTECTED]@*/
switch (itemno) {
default:
assert(0);
break;
case 10: /* RSA m**d */
+ ssl->c = BN_bin2bn(p+2, nb, ssl->c);
break;
case 20: /* DSA r */
+ if (ssl->dsasig == NULL) ssl->dsasig = DSA_SIG_new();
+ ssl->dsasig->r = BN_bin2bn(p+2, nb, ssl->dsasig->r);
break;
case 21: /* DSA s */
+ if (ssl->dsasig == NULL) ssl->dsasig = DSA_SIG_new();
+ ssl->dsasig->s = BN_bin2bn(p+2, nb, ssl->dsasig->s);
break;
case 30: /* RSA n */
+ if (ssl->rsa == NULL) ssl->rsa = RSA_new();
+ ssl->rsa->n = BN_bin2bn(p+2, nb, ssl->rsa->n);
break;
case 31: /* RSA e */
+ if (ssl->rsa == NULL) ssl->rsa = RSA_new();
+ ssl->rsa->e = BN_bin2bn(p+2, nb, ssl->rsa->e);
break;
case 40: /* DSA p */
+ if (ssl->dsa == NULL) ssl->dsa = DSA_new();
+ ssl->dsa->p = BN_bin2bn(p+2, nb, ssl->dsa->p);
break;
case 41: /* DSA q */
+ if (ssl->dsa == NULL) ssl->dsa = DSA_new();
+ ssl->dsa->q = BN_bin2bn(p+2, nb, ssl->dsa->q);
break;
case 42: /* DSA g */
+ if (ssl->dsa == NULL) ssl->dsa = DSA_new();
+ ssl->dsa->g = BN_bin2bn(p+2, nb, ssl->dsa->g);
break;
case 43: /* DSA y */
+ if (ssl->dsa == NULL) ssl->dsa = DSA_new();
+ ssl->dsa->pub_key = BN_bin2bn(p+2, nb, ssl->dsa->pub_key);
break;
}
+/[EMAIL PROTECTED]@*/
return rc;
}
@@ -178,6 +198,22 @@
{
rpmssl ssl = impl;
if (ssl != NULL) {
+ if (ssl->dsa) {
+ DSA_free(ssl->dsa);
+ ssl->dsa = NULL;
+ }
+ if (ssl->dsasig) {
+ DSA_SIG_free(ssl->dsasig);
+ ssl->dsasig = NULL;
+ }
+ if (ssl->rsa) {
+ RSA_free(ssl->rsa);
+ ssl->rsa = NULL;
+ }
+ if (ssl->c) {
+ BN_free(ssl->c);
+ ssl->c = NULL;
+ }
}
}
@@ -197,6 +233,7 @@
/[EMAIL PROTECTED]/
{
rpmssl ssl = xcalloc(1, sizeof(*ssl));
+ ERR_load_crypto_strings();
return (void *) ssl;
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmssl.h
============================================================================
$ cvs diff -u -r2.1 -r2.2 rpmssl.h
--- rpm/rpmio/rpmssl.h 5 Dec 2007 17:55:36 -0000 2.1
+++ rpm/rpmio/rpmssl.h 6 Dec 2007 01:50:48 -0000 2.2
@@ -10,6 +10,10 @@
/* Implementation specific includes. */
#if defined(_RPMSSL_INTERNAL)
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
#endif
/**
@@ -21,11 +25,14 @@
*/
#if defined(_RPMSSL_INTERNAL)
struct rpmssl_s {
- int foo;
-
/* DSA parameters. */
+ DSA * dsa;
+ DSA_SIG * dsasig;
/* RSA parameters. */
+ RSA * rsa;
+
+ BIGNUM * c;
};
#endif
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/tkey.c
============================================================================
$ cvs diff -u -r2.23 -r2.24 tkey.c
--- rpm/rpmio/tkey.c 6 Dec 2007 00:40:32 -0000 2.23
+++ rpm/rpmio/tkey.c 6 Dec 2007 01:50:48 -0000 2.24
@@ -142,7 +142,7 @@
dig = pgpDigFree(dig);
- pgpImplVecs = &rpmgcImplVecs;
+ pgpImplVecs = &rpmsslImplVecs;
dig = pgpDigNew(0);
_pgp_debug = 1;
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
