RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 19-Jul-2014 18:50:18 Branch: rpm-5_4 Handle: 2014071916501104 Modified files: (Branch: rpm-5_4) rpm CHANGES rpm/rpmio rpmssl.c Log: - ssl: fix: resurrect rsa signature leading zero bytes. Summary: Revision Changes Path 1.3501.2.402+1 -0 rpm/CHANGES 2.42.2.13 +42 -2 rpm/rpmio/rpmssl.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.3501.2.401 -r1.3501.2.402 CHANGES --- rpm/CHANGES 19 Jul 2014 16:48:26 -0000 1.3501.2.401 +++ rpm/CHANGES 19 Jul 2014 16:50:15 -0000 1.3501.2.402 @@ -1,4 +1,5 @@ 5.4.14 -> 5.4.15: + - jbj: ssl: fix: resurrect rsa signature leading zero bytes. - jbj: ltc: fix: resurrect rsa signature leading zero bytes. - jbj: pgp: add #ifdef's for optional crypto libs (Mark Hatle). - jbj: rpmlog: export rpmlogRecPriority and rpmlogRecMessage (Jacob Bogusz). @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmssl.c ============================================================================ $ cvs diff -u -r2.42.2.12 -r2.42.2.13 rpmssl.c --- rpm/rpmio/rpmssl.c 14 May 2014 23:12:29 -0000 2.42.2.12 +++ rpm/rpmio/rpmssl.c 19 Jul 2014 16:50:11 -0000 2.42.2.13 @@ -509,11 +509,46 @@ rc = 1; break; case PGPPUBKEYALGO_DSA: -if (ssl->nbits == 0) ssl->nbits = 1024; /* XXX FIXME */ + /* XXX Set the no. of qbits based on the digest being used. */ + if (ssl->qbits == 0) + switch (sigp->hash_algo) { + default: /* XXX default */ + case PGPHASHALGO_SHA1: ssl->qbits = 160; break; + case PGPHASHALGO_SHA224: ssl->qbits = 224; break; + case PGPHASHALGO_SHA256: ssl->qbits = 256; break; +#ifdef PAINFUL /* XXX openssl-1.0.1e-16 permits only {160,224,256} */ + case PGPHASHALGO_SHA384: ssl->qbits = 384; break; + case PGPHASHALGO_SHA512: ssl->qbits = 512; break; +#else + case PGPHASHALGO_SHA384: ssl->qbits = 256; break; + case PGPHASHALGO_SHA512: ssl->qbits = 256; break; +#endif + } +assert(ssl->qbits); + + /* XXX Set the no. of nbits for non-truncated digest in use. */ + if (ssl->nbits == 0) + switch (ssl->qbits) { + default: /* XXX default */ + case 160: ssl->nbits = 1024; break; + case 224: ssl->nbits = 2048; break; +#ifdef PAINFUL + case 256: ssl->nbits = 3072; break; + case 384: ssl->nbits = 7680; break; + case 512: ssl->nbits = 15360; break; +#else + case 256: ssl->nbits = 2048; break; + case 384: ssl->nbits = 2048; ssl->qbits = 256; break; + case 512: ssl->nbits = 2048; ssl->qbits = 256; break; +#endif + } assert(ssl->nbits); + if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL)) == NULL || EVP_PKEY_paramgen_init(ctx) != 1 || EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, ssl->nbits) != 1 + || EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, ssl->qbits, NULL) != 1 || EVP_PKEY_paramgen(ctx, ¶m) != 1) goto exit; EVP_PKEY_CTX_free(ctx); @@ -619,6 +654,7 @@ unsigned int nb = (pend >= p ? (pend - p) : 0); unsigned int mbits = (((8 * (nb - 2)) + 0x1f) & ~0x1f); unsigned char * q; + unsigned int nz; int rc = 0; int xx; @@ -631,7 +667,11 @@ assert(ssl->sig == NULL); ssl->nbits = mbits; ssl->siglen = mbits/8; - ssl->sig = memcpy(xmalloc(nb-2), p+2, nb-2); + ssl->sig = xmalloc(ssl->siglen); + nz = ssl->siglen - (nb - 2); + if (nz) /* XXX resurrect leading zero bytes. */ + memset(ssl->sig, 0, nz); + memcpy(ssl->sig+nz, p+2, nb-2); break; case 20: /* DSA r */ assert(ssl->dsasig == NULL); @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org