RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 29-Aug-2009 19:34:00 Branch: HEAD Handle: 2009082917335802 Modified files: rpm CHANGES rpm/build files.c rpm/lib rpmcli.h rpm/rpmdb legacy.c legacy.h rpm/rpmio digest.c rpm/tools rpmdigest.c Log: - permit HMAC's to be substituted for digests in *.rpm. Summary: Revision Changes Path 1.3096 +1 -0 rpm/CHANGES 1.361 +28 -9 rpm/build/files.c 2.96 +9 -7 rpm/lib/rpmcli.h 1.43 +30 -18 rpm/rpmdb/legacy.c 1.13 +5 -5 rpm/rpmdb/legacy.h 2.90 +0 -2 rpm/rpmio/digest.c 2.17 +12 -12 rpm/tools/rpmdigest.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.3095 -r1.3096 CHANGES --- rpm/CHANGES 28 Aug 2009 19:15:10 -0000 1.3095 +++ rpm/CHANGES 29 Aug 2009 17:33:58 -0000 1.3096 @@ -1,5 +1,6 @@ 5.2b1 -> 5.3a1 + - jbj: permit HMAC's to be substituted for digests in *.rpm. - jbj: reserve a bit to mark file HMAC's. - jbj: rpmdigest: add --fips140 to verify Fedorable HMAC's. - jbj: rpmio: add fdInitHmac()/rpmHmacInit() methods for HMAC generation. @@ . patch -p0 <<'@@ .' Index: rpm/build/files.c ============================================================================ $ cvs diff -u -r1.360 -r1.361 files.c --- rpm/build/files.c 20 Aug 2009 16:28:22 -0000 1.360 +++ rpm/build/files.c 29 Aug 2009 17:33:58 -0000 1.361 @@ -137,11 +137,11 @@ int inFtw; int currentFlags; specdFlags currentSpecdFlags; - int currentVerifyFlags; + unsigned currentVerifyFlags; struct AttrRec_s cur_ar; struct AttrRec_s def_ar; specdFlags defSpecdFlags; - int defVerifyFlags; + unsigned defVerifyFlags; int nLangs; /*...@only@*/ /*...@null@*/ const char ** currentLangs; @@ -304,7 +304,7 @@ /*...@-exportlocal -exportheader...@*/ /*...@unchecked@*/ static VFA_t verifyAttrs[] = { - { "md5", 0, RPMVERIFY_MD5 }, + { "md5", 0, RPMVERIFY_FDIGEST }, /* XXX legacy syntax */ { "size", 0, RPMVERIFY_FILESIZE }, { "link", 0, RPMVERIFY_LINKTO }, { "user", 0, RPMVERIFY_USER }, @@ -312,6 +312,8 @@ { "mtime", 0, RPMVERIFY_MTIME }, { "mode", 0, RPMVERIFY_MODE }, { "rdev", 0, RPMVERIFY_RDEV }, + { "digest", 0, RPMVERIFY_FDIGEST }, + { "hmac", 0, RPMVERIFY_HMAC }, { NULL, 0, 0 } }; /*...@=exportlocal =exportheader...@*/ @@ -329,9 +331,9 @@ { char *p, *pe, *q; const char *name; - int *resultVerify; + unsigned *resultVerify; int negated; - int verifyFlags; + unsigned verifyFlags; specdFlags * specdFlags; if ((p = strstr(buf, (name = "%verify"))) != NULL) { @@ -389,6 +391,7 @@ if (strcmp(p, vfa->attribute)) /*...@innercontinue@*/ continue; verifyFlags |= vfa->flag; + verifyFlags &= ~RPMVERIFY_FDIGEST; /*...@innerbreak@*/ break; } if (vfa->attribute) @@ -405,6 +408,15 @@ } *resultVerify = negated ? ~(verifyFlags) : verifyFlags; + if (negated) { + /* Make sure "no digest" implies "no hmac" */ + if (!(*resultVerify & RPMVERIFY_FDIGEST)) + *resultVerify &= ~RPMVERIFY_HMAC; + } else { + /* Make sure "hmac" implies "no digest" */ + if (*resultVerify & RPMVERIFY_HMAC) + *resultVerify &= ~RPMVERIFY_FDIGEST; + } *specdFlags |= SPECD_VERIFY; return RPMRC_OK; @@ -1001,7 +1013,7 @@ /* XXX WATCHOUT: buf is an arg */ { /*...@only@*/ - static char *_docdir_fmt = NULL; + static char *_docdir_fmt = NULL; /* XXX memleak */ static int oneshot = 0; const char *ddir, *fmt, *errstr; if (!oneshot) { @@ -1506,8 +1518,15 @@ he->append = 0; buf[0] = '\0'; - if (S_ISREG(flp->fl_mode)) - (void) dodigest(dalgo, flp->diskURL, (unsigned char *)buf, 1, NULL); + if (S_ISREG(flp->fl_mode)) { + unsigned dflags = 0x01; /* asAscii */ +#define _mask (RPMVERIFY_FDIGEST|RPMVERIFY_HMAC) + if ((flp->verifyFlags & _mask) == RPMVERIFY_HMAC) + dflags |= 0x02; /* doHmac */ +#undef _mask + (void) dodigest(dalgo, flp->diskURL, (unsigned char *)buf, + dflags, NULL); + } s = buf; he->tag = RPMTAG_FILEDIGESTS; @@ -1557,7 +1576,7 @@ he->append = 0; if (flp->flags & RPMFILE_GHOST) { - flp->verifyFlags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | + flp->verifyFlags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE | RPMVERIFY_LINKTO | RPMVERIFY_MTIME); } ui32 = flp->verifyFlags; @@ . patch -p0 <<'@@ .' Index: rpm/lib/rpmcli.h ============================================================================ $ cvs diff -u -r2.95 -r2.96 rpmcli.h --- rpm/lib/rpmcli.h 28 Aug 2009 19:15:11 -0000 2.95 +++ rpm/lib/rpmcli.h 29 Aug 2009 17:33:59 -0000 2.96 @@ -146,8 +146,9 @@ RPMVERIFY_MTIME = (1 << 5), /*!< from %verify(mtime) */ RPMVERIFY_MODE = (1 << 6), /*!< from %verify(mode) */ RPMVERIFY_RDEV = (1 << 7), /*!< from %verify(rdev) */ - /* bits 8-13 unused, reserved for rpmVerifyAttrs */ - RPMVERIFY_HMAC = (1 << 14) | RPMVERIFY_FDIGEST, + RPMVERIFY_CAPS = (1 << 8), /*!< from %verify(caps) (unimplemented) */ + /* bits 9-13 unused, reserved for rpmVerifyAttrs */ + RPMVERIFY_HMAC = (1 << 14), RPMVERIFY_CONTEXTS = (1 << 15), /*!< verify: from --nocontexts */ /* bits 16-22 used in rpmVerifyFlags */ /* bits 23-27 used in rpmQueryFlags */ @@ -156,7 +157,6 @@ RPMVERIFY_LSTATFAIL = (1 << 30), /*!< lstat failed */ RPMVERIFY_LGETFILECONFAIL = (1 << 31) /*!< lgetfilecon failed */ } rpmVerifyAttrs; -#define RPMVERIFY_MD5 RPMVERIFY_FDIGEST #define RPMVERIFY_ALL ~(RPMVERIFY_NONE) #define RPMVERIFY_FAILURES \ (RPMVERIFY_LSTATFAIL|RPMVERIFY_READFAIL|RPMVERIFY_READLINKFAIL|RPMVERIFY_LGETFILECONFAIL) @@ -176,8 +176,9 @@ QUERY_MTIME = (1 << 5), /*!< from --nomtime) */ QUERY_MODE = (1 << 6), /*!< from --nomode) */ QUERY_RDEV = (1 << 7), /*!< from --nodev */ - /* bits 8-13 unused, reserved for rpmVerifyAttrs */ - QUERY_HMAC = (1 << 14) | QUERY_FDIGEST, + QUERY_CAPS = (1 << 8), /*!< (unimplemented) */ + /* bits 9-13 unused, reserved for rpmVerifyAttrs */ + QUERY_HMAC = (1 << 14), QUERY_CONTEXTS = (1 << 15), /*!< verify: from --nocontexts */ QUERY_FILES = (1 << 16), /*!< verify: from --nofiles */ QUERY_DEPS = (1 << 17), /*!< verify: from --nodeps */ @@ -220,8 +221,9 @@ VERIFY_MTIME = (1 << 5), /*!< from --nomtime */ VERIFY_MODE = (1 << 6), /*!< from --nomode */ VERIFY_RDEV = (1 << 7), /*!< from --nodev */ - /* bits 8-13 unused, reserved for rpmVerifyAttrs */ - VERIFY_HMAC = (1 << 14) | VERIFY_FDIGEST, + VERIFY_CAPS = (1 << 8), /*!< (unimplemented) */ + /* bits 9-13 unused, reserved for rpmVerifyAttrs */ + VERIFY_HMAC = (1 << 14), VERIFY_CONTEXTS = (1 << 15), /*!< verify: from --nocontexts */ VERIFY_FILES = (1 << 16), /*!< verify: from --nofiles */ VERIFY_DEPS = (1 << 17), /*!< verify: from --nodeps */ @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/legacy.c ============================================================================ $ cvs diff -u -r1.42 -r1.43 legacy.c --- rpm/rpmdb/legacy.c 27 Mar 2009 17:42:00 -0000 1.42 +++ rpm/rpmdb/legacy.c 29 Aug 2009 17:33:59 -0000 1.43 @@ -51,16 +51,8 @@ /*...@modifies *pidp, *fsizep, rpmGlobalMacroContext, fileSystem, internalState @*/ { -/*...@only@*/ - static const char * cmd = NULL; - static int oneshot = 0; int fdno; - if (!oneshot) { - cmd = rpmExpand("%{?__prelink_undo_cmd}", NULL); - oneshot++; - } - if (pidp) *pidp = 0; if (fsizep) { @@ -72,10 +64,7 @@ fdno = open(path, O_RDONLY); if (fdno < 0) - return fdno; - - if (!(cmd && *cmd)) - return fdno; + goto exit; #if defined(HAVE_GELF_H) && defined(HAVE_LIBELF) { Elf *elf = NULL; @@ -85,6 +74,18 @@ GElf_Shdr shdr; GElf_Dyn dyn; int bingo; + static const char * cmd = NULL; /* XXX memleak */ + static yarnLock oneshot = NULL; /* XXX memleak */ + + if (oneshot == NULL) { + cmd = rpmExpand("%{?__prelink_undo_cmd}", NULL); + VALGRIND_HG_CLEAN_MEMORY(cmd, sizeof(cmd)); + oneshot = yarnNewLock(0); + VALGRIND_HG_CLEAN_MEMORY(oneshot, sizeof(oneshot)); + } + yarnPossess(oneshot); + if (!(cmd && *cmd)) + goto elfexit; (void) elf_version(EV_CURRENT); @@ -93,7 +94,7 @@ || elf_kind(elf) != ELF_K_ELF || gelf_getehdr(elf, &ehdr) == NULL || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC)) - goto exit; + goto elfexit; /*...@=evalorder@*/ bingo = 0; @@ -144,17 +145,24 @@ xx = close(pipes[1]); } -exit: +elfexit: if (elf) (void) elf_end(elf); + yarnRelease(oneshot); } #endif +exit: return fdno; } /*...@=compdef =moduncon =noeffectuncon @*/ -int dodigest(int digestalgo, const char * fn, unsigned char * digest, int asAscii, size_t *fsizep) +static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP"; + +int dodigest(int dalgo, const char * fn, unsigned char * digest, + unsigned dflags, size_t *fsizep) { + int asAscii = dflags & 0x01; + int doHmac = dflags & 0x02; const char * path; urltype ut = urlPath(fn, &path); unsigned char * dsum = NULL; @@ -202,7 +210,9 @@ #endif } - ctx = rpmDigestInit(digestalgo, RPMDIGEST_NONE); + ctx = rpmDigestInit(dalgo, RPMDIGEST_NONE); + if (doHmac) + rpmHmacInit(ctx, hmackey, 0); if (fsize) xx = rpmDigestUpdate(ctx, mapped, fsize); xx = rpmDigestFinal(ctx, &dsum, &dlen, asAscii); @@ -228,11 +238,13 @@ break; } - fdInitDigest(fd, digestalgo, 0); + fdInitDigest(fd, dalgo, 0); + if (doHmac) + fdInitHmac(fd, hmackey, 0); fsize = 0; while ((rc = (int) Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0) fsize += rc; - fdFiniDigest(fd, digestalgo, &dsum, &dlen, asAscii); + fdFiniDigest(fd, dalgo, &dsum, &dlen, asAscii); if (Ferror(fd)) rc = 1; @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/legacy.h ============================================================================ $ cvs diff -u -r1.12 -r1.13 legacy.h --- rpm/rpmdb/legacy.h 27 May 2008 18:52:22 -0000 1.12 +++ rpm/rpmdb/legacy.h 29 Aug 2009 17:33:59 -0000 1.13 @@ -19,15 +19,15 @@ /** * Return digest and size of a file. - * @param digestalgo digest algorithm to use + * @param dalgo digest algorithm to use * @param fn file name - * @retval digest address of md5sum - * @param asAscii return md5sum as ascii string? + * @retval *digest file digest + * @param dflags 0x1 = return ASCII 0x2 = do HMAC * @retval *fsizep file size pointer (or NULL) * @return 0 on success, 1 on error */ -int dodigest(int digestalgo, const char * fn, /*...@out@*/ unsigned char * digest, - int asAscii, /*...@null@*/ /*...@out@*/ size_t *fsizep) +int dodigest(int dalgo, const char * fn, /*...@out@*/ unsigned char * digest, + unsigned dflags, /*...@null@*/ /*...@out@*/ size_t *fsizep) /*...@globals h_errno, fileSystem, internalState @*/ /*...@modifies digest, *fsizep, fileSystem, internalState @*/; @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/digest.c ============================================================================ $ cvs diff -u -r2.89 -r2.90 digest.c --- rpm/rpmio/digest.c 28 Aug 2009 19:11:21 -0000 2.89 +++ rpm/rpmio/digest.c 29 Aug 2009 17:33:59 -0000 2.90 @@ -237,8 +237,6 @@ return md6_update(param, (unsigned char *) _data, (rpmuint64_t)(8 * _len)); } -static const char fips140key[] = "orboDeJITITejsirpADONivirpUkvarP"; - DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) { @@ . patch -p0 <<'@@ .' Index: rpm/tools/rpmdigest.c ============================================================================ $ cvs diff -u -r2.16 -r2.17 rpmdigest.c --- rpm/tools/rpmdigest.c 28 Aug 2009 19:13:18 -0000 2.16 +++ rpm/tools/rpmdigest.c 29 Aug 2009 17:34:00 -0000 2.17 @@ -31,7 +31,7 @@ RPMDC_FLAGS_BINARY = _DFB(14), /*!< -b,--binary ... */ RPMDC_FLAGS_STATUS = _DFB(15), /*!< --status ... */ RPMDC_FLAGS_0INSTALL = _DFB(16), /*!< -0,--0install ... */ - RPMDC_FLAGS_FIPS140 = _DFB(17), /*!< --fips140 ... */ + RPMDC_FLAGS_HMAC = _DFB(17), /*!< --hmac ... */ /* 18-31 unused */ }; @@ -90,7 +90,7 @@ */ static rpmdc dc = &_dc; -static const char fips140key[] = "orboDeJITITejsirpADONivirpUkvarP"; +static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP"; /*==============================================================*/ static uint32_t rpmdcName2Algo(const char * dname) @@ -351,8 +351,8 @@ /* Verify the manifest digest. */ { DIGEST_CTX ctx = rpmDigestInit(dc->dalgo, 0); - if (F_ISSET(dc, FIPS140)) - (void) rpmHmacInit(ctx, fips140key, 0); + if (F_ISSET(dc, HMAC)) + (void) rpmHmacInit(ctx, hmackey, 0); (void) rpmDigestUpdate(ctx, (char *)iob->b, (be - (char *)iob->b)); digest = NULL; @@ -652,8 +652,8 @@ /* XXX TODO: instantiate verify digests for all identical paths. */ dc->dalgo = dc->algo; fdInitDigest(dc->fd, dc->dalgo, 0); - if (F_ISSET(dc, FIPS140)) - fdInitHmac(dc->fd, fips140key, 0); + if (F_ISSET(dc, HMAC)) + fdInitHmac(dc->fd, hmackey, 0); break; case 256: /* --all digests requested. */ { struct poptOption * opt = rpmioDigestPoptTable; @@ -667,8 +667,8 @@ dc->dalgo = opt->val; dc->dalgoName = opt->longName; fdInitDigest(dc->fd, dc->dalgo, 0); - if (F_ISSET(dc, FIPS140)) - fdInitHmac(dc->fd, fips140key, 0); + if (F_ISSET(dc, HMAC)) + fdInitHmac(dc->fd, hmackey, 0); } } break; } @@ -870,8 +870,8 @@ { "text", 't', POPT_BIT_CLR, &_dc.flags, RPMDC_FLAGS_BINARY, N_("read in text mode (default)"), NULL }, - { "fips140", '\0', POPT_BIT_SET, &_dc.flags, RPMDC_FLAGS_FIPS140, - N_("generate FIPS-140 HMAC's"), NULL }, + { "hmac", '\0', POPT_BIT_SET, &_dc.flags, RPMDC_FLAGS_HMAC, + N_("generate HMAC's instead"), NULL }, #ifdef NOTYET /* XXX todo for popt-1.15 */ { NULL, -1, POPT_ARG_INCLUDE_TABLE, NULL, 0, @@ -946,8 +946,8 @@ dc->ofd = Fopen(dc->ofn, "w.ufdio"); if (F_ISSET(dc, 0INSTALL)) { fdInitDigest(dc->ofd, dc->oalgo, 0); - if (F_ISSET(dc, FIPS140)) - fdInitHmac(dc->ofd, fips140key, 0); + if (F_ISSET(dc, HMAC)) + fdInitHmac(dc->ofd, hmackey, 0); } av = poptGetArgs(optCon); @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org