RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 29-Aug-2009 19:34:00
Branch: HEAD Handle: 2009082917335802
Modified files:
rpm CHANGES
rpm/build files.c
rpm/lib rpmcli.h
rpm/rpmdb legacy.c legacy.h
rpm/rpmio digest.c
rpm/tools rpmdigest.c
Log:
- permit HMAC's to be substituted for digests in *.rpm.
Summary:
Revision Changes Path
1.3096 +1 -0 rpm/CHANGES
1.361 +28 -9 rpm/build/files.c
2.96 +9 -7 rpm/lib/rpmcli.h
1.43 +30 -18 rpm/rpmdb/legacy.c
1.13 +5 -5 rpm/rpmdb/legacy.h
2.90 +0 -2 rpm/rpmio/digest.c
2.17 +12 -12 rpm/tools/rpmdigest.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3095 -r1.3096 CHANGES
--- rpm/CHANGES 28 Aug 2009 19:15:10 -0000 1.3095
+++ rpm/CHANGES 29 Aug 2009 17:33:58 -0000 1.3096
@@ -1,5 +1,6 @@
5.2b1 -> 5.3a1
+ - jbj: permit HMAC's to be substituted for digests in *.rpm.
- jbj: reserve a bit to mark file HMAC's.
- jbj: rpmdigest: add --fips140 to verify Fedorable HMAC's.
- jbj: rpmio: add fdInitHmac()/rpmHmacInit() methods for HMAC generation.
@@ .
patch -p0 <<'@@ .'
Index: rpm/build/files.c
============================================================================
$ cvs diff -u -r1.360 -r1.361 files.c
--- rpm/build/files.c 20 Aug 2009 16:28:22 -0000 1.360
+++ rpm/build/files.c 29 Aug 2009 17:33:58 -0000 1.361
@@ -137,11 +137,11 @@
int inFtw;
int currentFlags;
specdFlags currentSpecdFlags;
- int currentVerifyFlags;
+ unsigned currentVerifyFlags;
struct AttrRec_s cur_ar;
struct AttrRec_s def_ar;
specdFlags defSpecdFlags;
- int defVerifyFlags;
+ unsigned defVerifyFlags;
int nLangs;
/*...@only@*/ /*...@null@*/
const char ** currentLangs;
@@ -304,7 +304,7 @@
/*...@-exportlocal -exportheader...@*/
/*...@unchecked@*/
static VFA_t verifyAttrs[] = {
- { "md5", 0, RPMVERIFY_MD5 },
+ { "md5", 0, RPMVERIFY_FDIGEST }, /* XXX legacy syntax */
{ "size", 0, RPMVERIFY_FILESIZE },
{ "link", 0, RPMVERIFY_LINKTO },
{ "user", 0, RPMVERIFY_USER },
@@ -312,6 +312,8 @@
{ "mtime", 0, RPMVERIFY_MTIME },
{ "mode", 0, RPMVERIFY_MODE },
{ "rdev", 0, RPMVERIFY_RDEV },
+ { "digest", 0, RPMVERIFY_FDIGEST },
+ { "hmac", 0, RPMVERIFY_HMAC },
{ NULL, 0, 0 }
};
/*...@=exportlocal =exportheader...@*/
@@ -329,9 +331,9 @@
{
char *p, *pe, *q;
const char *name;
- int *resultVerify;
+ unsigned *resultVerify;
int negated;
- int verifyFlags;
+ unsigned verifyFlags;
specdFlags * specdFlags;
if ((p = strstr(buf, (name = "%verify"))) != NULL) {
@@ -389,6 +391,7 @@
if (strcmp(p, vfa->attribute))
/*...@innercontinue@*/ continue;
verifyFlags |= vfa->flag;
+ verifyFlags &= ~RPMVERIFY_FDIGEST;
/*...@innerbreak@*/ break;
}
if (vfa->attribute)
@@ -405,6 +408,15 @@
}
*resultVerify = negated ? ~(verifyFlags) : verifyFlags;
+ if (negated) {
+ /* Make sure "no digest" implies "no hmac" */
+ if (!(*resultVerify & RPMVERIFY_FDIGEST))
+ *resultVerify &= ~RPMVERIFY_HMAC;
+ } else {
+ /* Make sure "hmac" implies "no digest" */
+ if (*resultVerify & RPMVERIFY_HMAC)
+ *resultVerify &= ~RPMVERIFY_FDIGEST;
+ }
*specdFlags |= SPECD_VERIFY;
return RPMRC_OK;
@@ -1001,7 +1013,7 @@
/* XXX WATCHOUT: buf is an arg */
{
/*...@only@*/
- static char *_docdir_fmt = NULL;
+ static char *_docdir_fmt = NULL; /* XXX memleak */
static int oneshot = 0;
const char *ddir, *fmt, *errstr;
if (!oneshot) {
@@ -1506,8 +1518,15 @@
he->append = 0;
buf[0] = '\0';
- if (S_ISREG(flp->fl_mode))
- (void) dodigest(dalgo, flp->diskURL, (unsigned char *)buf, 1, NULL);
+ if (S_ISREG(flp->fl_mode)) {
+ unsigned dflags = 0x01; /* asAscii */
+#define _mask (RPMVERIFY_FDIGEST|RPMVERIFY_HMAC)
+ if ((flp->verifyFlags & _mask) == RPMVERIFY_HMAC)
+ dflags |= 0x02; /* doHmac */
+#undef _mask
+ (void) dodigest(dalgo, flp->diskURL, (unsigned char *)buf,
+ dflags, NULL);
+ }
s = buf;
he->tag = RPMTAG_FILEDIGESTS;
@@ -1557,7 +1576,7 @@
he->append = 0;
if (flp->flags & RPMFILE_GHOST) {
- flp->verifyFlags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE |
+ flp->verifyFlags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE |
RPMVERIFY_LINKTO | RPMVERIFY_MTIME);
}
ui32 = flp->verifyFlags;
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmcli.h
============================================================================
$ cvs diff -u -r2.95 -r2.96 rpmcli.h
--- rpm/lib/rpmcli.h 28 Aug 2009 19:15:11 -0000 2.95
+++ rpm/lib/rpmcli.h 29 Aug 2009 17:33:59 -0000 2.96
@@ -146,8 +146,9 @@
RPMVERIFY_MTIME = (1 << 5), /*!< from %verify(mtime) */
RPMVERIFY_MODE = (1 << 6), /*!< from %verify(mode) */
RPMVERIFY_RDEV = (1 << 7), /*!< from %verify(rdev) */
- /* bits 8-13 unused, reserved for rpmVerifyAttrs */
- RPMVERIFY_HMAC = (1 << 14) | RPMVERIFY_FDIGEST,
+ RPMVERIFY_CAPS = (1 << 8), /*!< from %verify(caps) (unimplemented)
*/
+ /* bits 9-13 unused, reserved for rpmVerifyAttrs */
+ RPMVERIFY_HMAC = (1 << 14),
RPMVERIFY_CONTEXTS = (1 << 15), /*!< verify: from --nocontexts
*/
/* bits 16-22 used in rpmVerifyFlags */
/* bits 23-27 used in rpmQueryFlags */
@@ -156,7 +157,6 @@
RPMVERIFY_LSTATFAIL = (1 << 30), /*!< lstat failed */
RPMVERIFY_LGETFILECONFAIL = (1 << 31) /*!< lgetfilecon failed
*/
} rpmVerifyAttrs;
-#define RPMVERIFY_MD5 RPMVERIFY_FDIGEST
#define RPMVERIFY_ALL ~(RPMVERIFY_NONE)
#define RPMVERIFY_FAILURES \
(RPMVERIFY_LSTATFAIL|RPMVERIFY_READFAIL|RPMVERIFY_READLINKFAIL|RPMVERIFY_LGETFILECONFAIL)
@@ -176,8 +176,9 @@
QUERY_MTIME = (1 << 5), /*!< from --nomtime) */
QUERY_MODE = (1 << 6), /*!< from --nomode) */
QUERY_RDEV = (1 << 7), /*!< from --nodev */
- /* bits 8-13 unused, reserved for rpmVerifyAttrs */
- QUERY_HMAC = (1 << 14) | QUERY_FDIGEST,
+ QUERY_CAPS = (1 << 8), /*!< (unimplemented) */
+ /* bits 9-13 unused, reserved for rpmVerifyAttrs */
+ QUERY_HMAC = (1 << 14),
QUERY_CONTEXTS = (1 << 15), /*!< verify: from --nocontexts */
QUERY_FILES = (1 << 16), /*!< verify: from --nofiles */
QUERY_DEPS = (1 << 17), /*!< verify: from --nodeps */
@@ -220,8 +221,9 @@
VERIFY_MTIME = (1 << 5), /*!< from --nomtime */
VERIFY_MODE = (1 << 6), /*!< from --nomode */
VERIFY_RDEV = (1 << 7), /*!< from --nodev */
- /* bits 8-13 unused, reserved for rpmVerifyAttrs */
- VERIFY_HMAC = (1 << 14) | VERIFY_FDIGEST,
+ VERIFY_CAPS = (1 << 8), /*!< (unimplemented) */
+ /* bits 9-13 unused, reserved for rpmVerifyAttrs */
+ VERIFY_HMAC = (1 << 14),
VERIFY_CONTEXTS = (1 << 15), /*!< verify: from --nocontexts */
VERIFY_FILES = (1 << 16), /*!< verify: from --nofiles */
VERIFY_DEPS = (1 << 17), /*!< verify: from --nodeps */
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/legacy.c
============================================================================
$ cvs diff -u -r1.42 -r1.43 legacy.c
--- rpm/rpmdb/legacy.c 27 Mar 2009 17:42:00 -0000 1.42
+++ rpm/rpmdb/legacy.c 29 Aug 2009 17:33:59 -0000 1.43
@@ -51,16 +51,8 @@
/*...@modifies *pidp, *fsizep, rpmGlobalMacroContext,
fileSystem, internalState @*/
{
-/*...@only@*/
- static const char * cmd = NULL;
- static int oneshot = 0;
int fdno;
- if (!oneshot) {
- cmd = rpmExpand("%{?__prelink_undo_cmd}", NULL);
- oneshot++;
- }
-
if (pidp) *pidp = 0;
if (fsizep) {
@@ -72,10 +64,7 @@
fdno = open(path, O_RDONLY);
if (fdno < 0)
- return fdno;
-
- if (!(cmd && *cmd))
- return fdno;
+ goto exit;
#if defined(HAVE_GELF_H) && defined(HAVE_LIBELF)
{ Elf *elf = NULL;
@@ -85,6 +74,18 @@
GElf_Shdr shdr;
GElf_Dyn dyn;
int bingo;
+ static const char * cmd = NULL; /* XXX memleak */
+ static yarnLock oneshot = NULL; /* XXX memleak */
+
+ if (oneshot == NULL) {
+ cmd = rpmExpand("%{?__prelink_undo_cmd}", NULL);
+ VALGRIND_HG_CLEAN_MEMORY(cmd, sizeof(cmd));
+ oneshot = yarnNewLock(0);
+ VALGRIND_HG_CLEAN_MEMORY(oneshot, sizeof(oneshot));
+ }
+ yarnPossess(oneshot);
+ if (!(cmd && *cmd))
+ goto elfexit;
(void) elf_version(EV_CURRENT);
@@ -93,7 +94,7 @@
|| elf_kind(elf) != ELF_K_ELF
|| gelf_getehdr(elf, &ehdr) == NULL
|| !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC))
- goto exit;
+ goto elfexit;
/*...@=evalorder@*/
bingo = 0;
@@ -144,17 +145,24 @@
xx = close(pipes[1]);
}
-exit:
+elfexit:
if (elf) (void) elf_end(elf);
+ yarnRelease(oneshot);
}
#endif
+exit:
return fdno;
}
/*...@=compdef =moduncon =noeffectuncon @*/
-int dodigest(int digestalgo, const char * fn, unsigned char * digest, int
asAscii, size_t *fsizep)
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+int dodigest(int dalgo, const char * fn, unsigned char * digest,
+ unsigned dflags, size_t *fsizep)
{
+ int asAscii = dflags & 0x01;
+ int doHmac = dflags & 0x02;
const char * path;
urltype ut = urlPath(fn, &path);
unsigned char * dsum = NULL;
@@ -202,7 +210,9 @@
#endif
}
- ctx = rpmDigestInit(digestalgo, RPMDIGEST_NONE);
+ ctx = rpmDigestInit(dalgo, RPMDIGEST_NONE);
+ if (doHmac)
+ rpmHmacInit(ctx, hmackey, 0);
if (fsize)
xx = rpmDigestUpdate(ctx, mapped, fsize);
xx = rpmDigestFinal(ctx, &dsum, &dlen, asAscii);
@@ -228,11 +238,13 @@
break;
}
- fdInitDigest(fd, digestalgo, 0);
+ fdInitDigest(fd, dalgo, 0);
+ if (doHmac)
+ fdInitHmac(fd, hmackey, 0);
fsize = 0;
while ((rc = (int) Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0)
fsize += rc;
- fdFiniDigest(fd, digestalgo, &dsum, &dlen, asAscii);
+ fdFiniDigest(fd, dalgo, &dsum, &dlen, asAscii);
if (Ferror(fd))
rc = 1;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/legacy.h
============================================================================
$ cvs diff -u -r1.12 -r1.13 legacy.h
--- rpm/rpmdb/legacy.h 27 May 2008 18:52:22 -0000 1.12
+++ rpm/rpmdb/legacy.h 29 Aug 2009 17:33:59 -0000 1.13
@@ -19,15 +19,15 @@
/**
* Return digest and size of a file.
- * @param digestalgo digest algorithm to use
+ * @param dalgo digest algorithm to use
* @param fn file name
- * @retval digest address of md5sum
- * @param asAscii return md5sum as ascii string?
+ * @retval *digest file digest
+ * @param dflags 0x1 = return ASCII 0x2 = do HMAC
* @retval *fsizep file size pointer (or NULL)
* @return 0 on success, 1 on error
*/
-int dodigest(int digestalgo, const char * fn, /*...@out@*/ unsigned char *
digest,
- int asAscii, /*...@null@*/ /*...@out@*/ size_t *fsizep)
+int dodigest(int dalgo, const char * fn, /*...@out@*/ unsigned char * digest,
+ unsigned dflags, /*...@null@*/ /*...@out@*/ size_t *fsizep)
/*...@globals h_errno, fileSystem, internalState @*/
/*...@modifies digest, *fsizep, fileSystem, internalState @*/;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/digest.c
============================================================================
$ cvs diff -u -r2.89 -r2.90 digest.c
--- rpm/rpmio/digest.c 28 Aug 2009 19:11:21 -0000 2.89
+++ rpm/rpmio/digest.c 29 Aug 2009 17:33:59 -0000 2.90
@@ -237,8 +237,6 @@
return md6_update(param, (unsigned char *) _data, (rpmuint64_t)(8 *
_len));
}
-static const char fips140key[] = "orboDeJITITejsirpADONivirpUkvarP";
-
DIGEST_CTX
rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
{
@@ .
patch -p0 <<'@@ .'
Index: rpm/tools/rpmdigest.c
============================================================================
$ cvs diff -u -r2.16 -r2.17 rpmdigest.c
--- rpm/tools/rpmdigest.c 28 Aug 2009 19:13:18 -0000 2.16
+++ rpm/tools/rpmdigest.c 29 Aug 2009 17:34:00 -0000 2.17
@@ -31,7 +31,7 @@
RPMDC_FLAGS_BINARY = _DFB(14), /*!< -b,--binary ... */
RPMDC_FLAGS_STATUS = _DFB(15), /*!< --status ... */
RPMDC_FLAGS_0INSTALL = _DFB(16), /*!< -0,--0install ... */
- RPMDC_FLAGS_FIPS140 = _DFB(17), /*!< --fips140 ... */
+ RPMDC_FLAGS_HMAC = _DFB(17), /*!< --hmac ... */
/* 18-31 unused */
};
@@ -90,7 +90,7 @@
*/
static rpmdc dc = &_dc;
-static const char fips140key[] = "orboDeJITITejsirpADONivirpUkvarP";
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
/*==============================================================*/
static uint32_t rpmdcName2Algo(const char * dname)
@@ -351,8 +351,8 @@
/* Verify the manifest digest. */
{ DIGEST_CTX ctx = rpmDigestInit(dc->dalgo, 0);
- if (F_ISSET(dc, FIPS140))
- (void) rpmHmacInit(ctx, fips140key, 0);
+ if (F_ISSET(dc, HMAC))
+ (void) rpmHmacInit(ctx, hmackey, 0);
(void) rpmDigestUpdate(ctx, (char *)iob->b, (be - (char *)iob->b));
digest = NULL;
@@ -652,8 +652,8 @@
/* XXX TODO: instantiate verify digests for all identical paths. */
dc->dalgo = dc->algo;
fdInitDigest(dc->fd, dc->dalgo, 0);
- if (F_ISSET(dc, FIPS140))
- fdInitHmac(dc->fd, fips140key, 0);
+ if (F_ISSET(dc, HMAC))
+ fdInitHmac(dc->fd, hmackey, 0);
break;
case 256: /* --all digests requested. */
{ struct poptOption * opt = rpmioDigestPoptTable;
@@ -667,8 +667,8 @@
dc->dalgo = opt->val;
dc->dalgoName = opt->longName;
fdInitDigest(dc->fd, dc->dalgo, 0);
- if (F_ISSET(dc, FIPS140))
- fdInitHmac(dc->fd, fips140key, 0);
+ if (F_ISSET(dc, HMAC))
+ fdInitHmac(dc->fd, hmackey, 0);
}
} break;
}
@@ -870,8 +870,8 @@
{ "text", 't', POPT_BIT_CLR, &_dc.flags, RPMDC_FLAGS_BINARY,
N_("read in text mode (default)"), NULL },
- { "fips140", '\0', POPT_BIT_SET, &_dc.flags, RPMDC_FLAGS_FIPS140,
- N_("generate FIPS-140 HMAC's"), NULL },
+ { "hmac", '\0', POPT_BIT_SET, &_dc.flags, RPMDC_FLAGS_HMAC,
+ N_("generate HMAC's instead"), NULL },
#ifdef NOTYET /* XXX todo for popt-1.15 */
{ NULL, -1, POPT_ARG_INCLUDE_TABLE, NULL, 0,
@@ -946,8 +946,8 @@
dc->ofd = Fopen(dc->ofn, "w.ufdio");
if (F_ISSET(dc, 0INSTALL)) {
fdInitDigest(dc->ofd, dc->oalgo, 0);
- if (F_ISSET(dc, FIPS140))
- fdInitHmac(dc->ofd, fips140key, 0);
+ if (F_ISSET(dc, HMAC))
+ fdInitHmac(dc->ofd, hmackey, 0);
}
av = poptGetArgs(optCon);
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
