rpm  5.4.14
rpmssl.c
Go to the documentation of this file.
1 
5 #include "system.h"
6 #include <rpmlog.h>
7 
8 #include <rpmiotypes.h>
9 #define _RPMPGP_INTERNAL
10 #if defined(WITH_SSL)
11 
12 #if defined(__LCLINT__) && !defined(__i386__)
13 #define __i386__
14 #endif
15 
16 #define _RPMSSL_INTERNAL
17 #include <rpmssl.h>
18 #endif
19 
20 #include "debug.h"
21 
22 #if defined(WITH_SSL)
23 
24 /*@access pgpDig @*/
25 /*@access pgpDigParams @*/
26 
27 /*@-redecl@*/
28 /*@unchecked@*/
29 extern int _pgp_debug;
30 
31 /*@unchecked@*/
32 extern int _pgp_print;
33 /*@=redecl@*/
34 
35 /*@unchecked@*/
36 static int _rpmssl_debug;
37 
38 #define SPEW(_t, _rc, _dig) \
39  { if ((_t) || _rpmssl_debug || _pgp_debug < 0) \
40  fprintf(stderr, "<-- %s(%p) %s\t%s\n", __FUNCTION__, (_dig), \
41  ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN); \
42  }
43 
44 static const char * rpmsslHashAlgo2Name(uint32_t algo)
45 {
46  return pgpValStr(pgpHashTbl, (rpmuint8_t)algo);
47 }
48 
49 static const char * rpmsslPubkeyAlgo2Name(uint32_t algo)
50 {
51  return pgpValStr(pgpPubkeyTbl, (rpmuint8_t)algo);
52 }
53 
59 static
60 unsigned char nibble(char c)
61  /*@*/
62 {
63  if (c >= '0' && c <= '9')
64  return (unsigned char) (c - '0');
65  if (c >= 'A' && c <= 'F')
66  return (unsigned char)((int)(c - 'A') + 10);
67  if (c >= 'a' && c <= 'f')
68  return (unsigned char)((int)(c - 'a') + 10);
69  return (unsigned char) '\0';
70 }
71 
72 static unsigned char * rpmsslBN2bin(const char * msg, const BIGNUM * s, size_t maxn)
73 {
74  unsigned char * t = (unsigned char *) xcalloc(1, maxn);
75 /*@-modunconnomods@*/
76  size_t nt = BN_bn2bin(s, t);
77 /*@=modunconnomods@*/
78 
79  if (nt < maxn) {
80  size_t pad = (maxn - nt);
81  memmove(t+pad, t, nt);
82  memset(t, 0, pad);
83  }
84  return t;
85 }
86 
87 static
88 int rpmsslSetRSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
89  /*@modifies dig @*/
90 {
91  rpmssl ssl = (rpmssl) dig->impl;
92  unsigned int nb = RSA_size(ssl->rsa);
93  const char * prefix = rpmDigestASN1(ctx);
94  const char * hexstr;
95  const char * s;
96  rpmuint8_t signhash16[2];
97  char * tt;
98  int rc;
99  int xx;
100 pgpDigParams pubp = pgpGetPubkey(dig);
101 dig->pubkey_algoN = rpmsslPubkeyAlgo2Name(pubp->pubkey_algo);
102 dig->hash_algoN = rpmsslHashAlgo2Name(sigp->hash_algo);
103 
104 assert(sigp->hash_algo == rpmDigestAlgo(ctx));
105 assert(prefix != NULL);
106 
107 /* XXX FIXME: do PKCS1 padding in binary not hex */
108 /* XXX FIXME: should this lazy free be done elsewhere? */
109 ssl->digest = _free(ssl->digest);
110 ssl->digestlen = 0;
111  xx = rpmDigestFinal(ctx, (void **)&ssl->digest, &ssl->digestlen, 1);
112 
113  hexstr = tt = (char *) xmalloc(2 * nb + 1);
114  memset(tt, (int) 'f', (2 * nb));
115  tt[0] = '0'; tt[1] = '0';
116  tt[2] = '0'; tt[3] = '1';
117  tt += (2 * nb) - strlen(prefix) - strlen((const char *)ssl->digest) - 2;
118  *tt++ = '0'; *tt++ = '0';
119  tt = stpcpy(tt, prefix);
120  tt = stpcpy(tt, (const char *)ssl->digest);
121 
122  /* Set RSA hash. */
123 /*@-moduncon -noeffectuncon @*/
124  xx = BN_hex2bn(&ssl->hm, hexstr);
125 /*@=moduncon =noeffectuncon @*/
126 
127 /*@-modfilesys@*/
128 if (_pgp_debug < 0) fprintf(stderr, "*** hm: %s\n", hexstr);
129  hexstr = _free(hexstr);
130 /*@=modfilesys@*/
131 
132  /* Compare leading 16 bits of digest for quick check. */
133  s = (const char *) ssl->digest;
134 /*@-type@*/
135  signhash16[0] = (rpmuint8_t) (nibble(s[0]) << 4) | nibble(s[1]);
136  signhash16[1] = (rpmuint8_t) (nibble(s[2]) << 4) | nibble(s[3]);
137 /*@=type@*/
138  rc = memcmp(signhash16, sigp->signhash16, sizeof(sigp->signhash16));
139 
140 SPEW(0, !rc, dig);
141  return rc;
142 }
143 
144 static
145 int rpmsslVerifyRSA(pgpDig dig)
146  /*@*/
147 {
148  rpmssl ssl = (rpmssl) dig->impl;
149 /*@-moduncon@*/
150  size_t maxn;
151  unsigned char * hm;
152  unsigned char * c;
153  size_t nb;
154 /*@=moduncon@*/
155  size_t i;
156  int rc = 0;
157  int xx;
158 
159 assert(ssl->rsa); /* XXX ensure lazy malloc with parameter set. */
160  maxn = BN_num_bytes(ssl->rsa->n);
161  hm = rpmsslBN2bin("hm", ssl->hm, maxn);
162  c = rpmsslBN2bin(" c", ssl->c, maxn);
163  nb = RSA_public_decrypt((int)maxn, c, c, ssl->rsa, RSA_PKCS1_PADDING);
164 
165 /*@=moduncon@*/
166  /* Verify RSA signature. */
167  /* XXX This is _NOT_ the correct openssl function to use:
168  * rc = RSA_verify(type, m, m_len, sigbuf, siglen, ssl->rsa)
169  *
170  * Here's what needs doing (from OpenPGP reference sources in 1999):
171  * static u32_t checkrsa(BIGNUM * a, RSA * key, u8_t * hash, int hlen)
172  * {
173  * u8_t dbuf[MAXSIGM];
174  * int j, ll;
175  *
176  * j = BN_bn2bin(a, dbuf);
177  * ll = BN_num_bytes(key->n);
178  * while (j < ll)
179  * memmove(&dbuf[1], dbuf, j++), dbuf[0] = 0;
180  * j = RSA_public_decrypt(ll, dbuf, dbuf, key, RSA_PKCS1_PADDING);
181  * RSA_free(key);
182  * return (j != hlen || memcmp(dbuf, hash, j));
183  * }
184  */
185  for (i = 2; i < maxn; i++) {
186  if (hm[i] == 0xff)
187  continue;
188  i++;
189  break;
190  }
191 
192  rc = ((maxn - i) == nb && (xx = memcmp(hm+i, c, nb)) == 0);
193 
194  c = _free(c);
195  hm = _free(hm);
196 
197 SPEW(!rc, rc, dig);
198  return rc;
199 }
200 
201 static
202 int rpmsslSignRSA(pgpDig dig)
203  /*@*/
204 {
205  rpmssl ssl = (rpmssl) dig->impl;
206  int rc = 0; /* assume failure. */
207  unsigned char * c = NULL;
208  unsigned char * hm = NULL;
209  size_t maxn;
210 int xx;
211 
212 #ifdef DYING
213 assert(ssl->rsa); /* XXX ensure lazy malloc with parameter set. */
214 #else
215 if (ssl->rsa == NULL) return rc;
216 #endif
217 
218  maxn = RSA_size(ssl->rsa);
219 assert(ssl->hm);
220  hm = rpmsslBN2bin("hm", ssl->hm, maxn);
221 
222  c = (unsigned char *) xmalloc(maxn);
223  xx = RSA_private_encrypt((int)maxn, hm, c, ssl->rsa, RSA_NO_PADDING);
224  ssl->c = BN_bin2bn(c, maxn, NULL);
225 
226  c = _free(c);
227  hm = _free(hm);
228 
229  rc = (ssl->c != NULL);
230 
231 SPEW(!rc, rc, dig);
232 
233  return rc;
234 }
235 
236 static
237 int rpmsslGenerateRSA(pgpDig dig)
238  /*@*/
239 {
240  rpmssl ssl = (rpmssl) dig->impl;
241  int rc = 0; /* assume failure. */
242 static unsigned long _e = 0x10001;
243 
244 if (ssl->nbits == 0) ssl->nbits = 1024; /* XXX FIXME */
245 assert(ssl->nbits);
246 
247 #if defined(HAVE_RSA_GENERATE_KEY_EX)
248  { BIGNUM * bn = BN_new();
249 assert(bn);
250  if ((ssl->rsa = RSA_new()) != NULL
251  && BN_set_word(bn, _e)
252  && RSA_generate_key_ex(ssl->rsa, ssl->nbits, bn, NULL))
253  rc = 1;
254  if (bn) BN_free(bn);
255  }
256 #else
257  /* XXX older & deprecated API in openssl-0.97a (Centos4/s390x) */
258  if ((ssl->rsa = RSA_generate_key(ssl->nbits, _e, NULL, NULL)) != NULL)
259  rc = 1;
260 #endif
261 
262  if (!rc && ssl->rsa) {
263  RSA_free(ssl->rsa);
264  ssl->rsa = NULL;
265  }
266 
267 SPEW(!rc, rc, dig);
268 
269  return rc;
270 }
271 
272 static
273 int rpmsslSetDSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
274  /*@modifies dig @*/
275 {
276  rpmssl ssl = (rpmssl) dig->impl;
277  int rc;
278  int xx;
279 pgpDigParams pubp = pgpGetPubkey(dig);
280 dig->pubkey_algoN = rpmsslPubkeyAlgo2Name(pubp->pubkey_algo);
281 dig->hash_algoN = rpmsslHashAlgo2Name(sigp->hash_algo);
282 
283 assert(sigp->hash_algo == rpmDigestAlgo(ctx));
284  /* Set DSA hash. */
285 /* XXX FIXME: should this lazy free be done elsewhere? */
286 ssl->digest = _free(ssl->digest);
287 ssl->digestlen = 0;
288  xx = rpmDigestFinal(ctx, (void **)&ssl->digest, &ssl->digestlen, 0);
289 
290  /* Compare leading 16 bits of digest for quick check. */
291  rc = memcmp(ssl->digest, sigp->signhash16, sizeof(sigp->signhash16));
292 SPEW(0, !rc, dig);
293  return rc;
294 }
295 
296 static
297 int rpmsslVerifyDSA(pgpDig dig)
298  /*@*/
299 {
300  rpmssl ssl = (rpmssl) dig->impl;
301  int rc;
302 
303 assert(ssl->dsa); /* XXX ensure lazy malloc with parameter set. */
304  /* Verify DSA signature. */
305  rc = DSA_do_verify((const unsigned char *)ssl->digest, (int)ssl->digestlen, ssl->dsasig, ssl->dsa);
306  rc = (rc == 1);
307 
308 SPEW(!rc, rc, dig);
309  return rc;
310 }
311 
312 static
313 int rpmsslSignDSA(pgpDig dig)
314  /*@*/
315 {
316  rpmssl ssl = (rpmssl) dig->impl;
317  int rc = 0; /* assume failure */
318 
319 #ifdef DYING
320 assert(ssl->dsa); /* XXX ensure lazy malloc with parameter set. */
321 #else
322 if (ssl->dsa == NULL) return rc;
323 #endif
324 
325  ssl->dsasig = DSA_do_sign((const unsigned char *)ssl->digest, ssl->digestlen, ssl->dsa);
326  rc = (ssl->dsasig != NULL);
327 
328 SPEW(!rc, rc, dig);
329 
330  return rc;
331 }
332 
333 static
334 int rpmsslGenerateDSA(pgpDig dig)
335  /*@*/
336 {
337  rpmssl ssl = (rpmssl) dig->impl;
338  int rc = 0; /* assume failure. */
339 
340 if (ssl->nbits == 0) ssl->nbits = 1024; /* XXX FIXME */
341 assert(ssl->nbits);
342 
343 #if defined(HAVE_DSA_GENERATE_PARAMETERS_EX)
344  if ((ssl->dsa = DSA_new()) != NULL
345  && DSA_generate_parameters_ex(ssl->dsa, ssl->nbits,
346  NULL, 0, NULL, NULL, NULL)
347  && DSA_generate_key(ssl->dsa))
348  rc = 1;
349 #else
350  /* XXX older & deprecated API in openssl-0.97a (Centos4/s390x) */
351  if ((ssl->dsa = DSA_generate_parameters(ssl->nbits,
352  NULL, 0, NULL, NULL, NULL, NULL)) != NULL
353  && DSA_generate_key(ssl->dsa))
354  rc = 1;
355 #endif
356 
357  if (!rc && ssl->dsa) {
358  DSA_free(ssl->dsa);
359  ssl->dsa = NULL;
360  }
361 
362 SPEW(!rc, rc, dig);
363 
364  return rc;
365 }
366 
367 static
368 int rpmsslSetELG(/*@only@*/ DIGEST_CTX ctx, /*@unused@*/pgpDig dig, pgpDigParams sigp)
369  /*@*/
370 {
371  rpmssl ssl = (rpmssl) dig->impl;
372  int rc = 1; /* XXX always fail. */
373  int xx;
374 
375 assert(sigp->hash_algo == rpmDigestAlgo(ctx));
376 
377 /* XXX FIXME: should this lazy free be done elsewhere? */
378 ssl->digest = _free(ssl->digest);
379 ssl->digestlen = 0;
380  xx = rpmDigestFinal(ctx, (void **)&ssl->digest, &ssl->digestlen, 0);
381 
382  /* Compare leading 16 bits of digest for quick check. */
383 rc = 0;
384 
385 SPEW(rc, !rc, dig);
386  return rc;
387 }
388 
389 static
390 int rpmsslSetECDSA(/*@only@*/ DIGEST_CTX ctx, /*@unused@*/pgpDig dig, pgpDigParams sigp)
391  /*@*/
392 {
393  rpmssl ssl = (rpmssl) dig->impl;
394  int rc = 1; /* assume failure. */
395  int xx;
396 
397 assert(sigp->hash_algo == rpmDigestAlgo(ctx));
398 
399 /* XXX FIXME: should this lazy free be done elsewhere? */
400 ssl->digest = _free(ssl->digest);
401 ssl->digestlen = 0;
402  xx = rpmDigestFinal(ctx, &ssl->digest, &ssl->digestlen, 0);
403 
404  /* Compare leading 16 bits of digest for quick check. */
405 rc = 0;
406 
407 SPEW(rc, !rc, dig);
408  return rc;
409 }
410 
411 static
412 int rpmsslVerifyECDSA(pgpDig dig)
413  /*@*/
414 {
415  int rc = 0; /* assume failure. */
416 
417 #if !defined(OPENSSL_NO_ECDSA)
418  rpmssl ssl = dig->impl;
419  rc = ECDSA_do_verify(ssl->digest, ssl->digestlen, ssl->ecdsasig, ssl->ecdsakey);
420 #endif
421  rc = (rc == 1);
422 
423 SPEW(!rc, rc, dig);
424  return rc;
425 }
426 
427 static
428 int rpmsslSignECDSA(pgpDig dig)
429  /*@*/
430 {
431  int rc = 0; /* assume failure. */
432 
433 #if !defined(OPENSSL_NO_ECDSA)
434  rpmssl ssl = dig->impl;
435  ssl->ecdsasig = ECDSA_do_sign(ssl->digest, ssl->digestlen, ssl->ecdsakey);
436  rc = (ssl->ecdsasig != NULL);
437 #endif
438 
439 SPEW(!rc, rc, dig);
440  return rc;
441 }
442 
443 static
444 int rpmsslGenerateECDSA(pgpDig dig)
445  /*@*/
446 {
447  int rc = 0; /* assume failure. */
448 
449 #if !defined(OPENSSL_NO_ECDSA)
450  rpmssl ssl = dig->impl;
451 
452 if (ssl->nid == 0) { /* XXX FIXME */
453 ssl->nid = NID_X9_62_prime256v1;
454 ssl->nbits = 256;
455 }
456 
457  if ((ssl->ecdsakey = EC_KEY_new_by_curve_name(ssl->nid)) != NULL
458  && EC_KEY_generate_key(ssl->ecdsakey))
459  rc = 1;
460 #endif
461 
462 SPEW(!rc, rc, dig);
463  return rc;
464 }
465 
466 static int rpmsslErrChk(pgpDig dig, const char * msg, int rc, unsigned expected)
467 {
468 #ifdef NOTYET
469 rpmgc gc = dig->impl;
470  /* Was the return code the expected result? */
471  rc = (gcry_err_code(gc->err) != expected);
472  if (rc)
473  fail("%s failed: %s\n", msg, gpg_strerror(gc->err));
474 /* XXX FIXME: rpmsslStrerror */
475 #else
476  rc = (rc == 0); /* XXX impedance match 1 -> 0 on success */
477 #endif
478  return rc; /* XXX 0 on success */
479 }
480 
481 static int rpmsslAvailableCipher(pgpDig dig, int algo)
482 {
483  int rc = 0; /* assume available */
484 #ifdef NOTYET
485  rc = rpmgsslvailable(dig->impl, algo,
486  (gcry_md_test_algo(algo) || algo == PGPHASHALGO_MD5));
487 #endif /* _RPMGC_INTERNAL */
488  return rc;
489 }
490 
491 static int rpmsslAvailableDigest(pgpDig dig, int algo)
492 {
493  int rc = 0; /* assume available */
494 #ifdef NOTYET
495  rc = rpmgsslvailable(dig->impl, algo,
496  (gcry_md_test_algo(algo) || algo == PGPHASHALGO_MD5));
497 #endif /* _RPMGC_INTERNAL */
498  return rc;
499 }
500 
501 static int rpmsslAvailablePubkey(pgpDig dig, int algo)
502 {
503  int rc = 0; /* assume available */
504 #ifdef NOTYET
505  rc = rpmsslAvailable(dig->impl, algo, gcry_pk_test_algo(algo));
506 #endif /* _RPMGC_INTERNAL */
507  return rc;
508 }
509 
510 static int rpmsslVerify(pgpDig dig)
511 {
512  int rc = 0; /* assume failure */
513 pgpDigParams pubp = pgpGetPubkey(dig);
514 pgpDigParams sigp = pgpGetSignature(dig);
515 dig->pubkey_algoN = rpmsslPubkeyAlgo2Name(pubp->pubkey_algo);
516 dig->hash_algoN = rpmsslHashAlgo2Name(sigp->hash_algo);
517 
518  switch (pubp->pubkey_algo) {
519  default:
520  break;
521  case PGPPUBKEYALGO_RSA:
522  rc = rpmsslVerifyRSA(dig);
523  break;
524  case PGPPUBKEYALGO_DSA:
525  rc = rpmsslVerifyDSA(dig);
526  break;
528 #ifdef NOTYET
529  rc = rpmsslVerifyELG(dig);
530 #endif
531  break;
532  case PGPPUBKEYALGO_ECDSA:
533  rc = rpmsslVerifyECDSA(dig);
534  break;
535  }
536 SPEW(!rc, rc, dig);
537  return rc;
538 }
539 
540 static int rpmsslSign(pgpDig dig)
541 {
542  int rc = 0; /* assume failure */
543 pgpDigParams pubp = pgpGetPubkey(dig);
544 dig->pubkey_algoN = rpmsslPubkeyAlgo2Name(pubp->pubkey_algo);
545 
546  switch (pubp->pubkey_algo) {
547  default:
548  break;
549  case PGPPUBKEYALGO_RSA:
550  rc = rpmsslSignRSA(dig);
551  break;
552  case PGPPUBKEYALGO_DSA:
553  rc = rpmsslSignDSA(dig);
554  break;
556 #ifdef NOTYET
557  rc = rpmsslSignELG(dig);
558 #endif
559  break;
560  case PGPPUBKEYALGO_ECDSA:
561  rc = rpmsslSignECDSA(dig);
562  break;
563  }
564 SPEW(!rc, rc, dig);
565  return rc;
566 }
567 
568 static int rpmsslGenerate(pgpDig dig)
569 {
570  int rc = 0; /* assume failure */
571 pgpDigParams pubp = pgpGetPubkey(dig);
572 dig->pubkey_algoN = rpmsslPubkeyAlgo2Name(pubp->pubkey_algo);
573 
574  switch (pubp->pubkey_algo) {
575  default:
576  break;
577  case PGPPUBKEYALGO_RSA:
578  rc = rpmsslGenerateRSA(dig);
579  break;
580  case PGPPUBKEYALGO_DSA:
581  rc = rpmsslGenerateDSA(dig);
582  break;
584 #ifdef NOTYET
585  rc = rpmsslGenerateELG(dig);
586 #endif
587  break;
588  case PGPPUBKEYALGO_ECDSA:
589  rc = rpmsslGenerateECDSA(dig);
590  break;
591  }
592 SPEW(!rc, rc, dig);
593  return rc;
594 }
595 
596 static
597 int rpmsslMpiItem(/*@unused@*/ const char * pre, pgpDig dig, int itemno,
598  const rpmuint8_t * p,
599  /*@unused@*/ /*@null@*/ const rpmuint8_t * pend)
600  /*@*/
601 {
602  rpmssl ssl = (rpmssl) dig->impl;
603  unsigned int nb = ((pgpMpiBits(p) + 7) >> 3);
604  int rc = 0;
605 
606 /*@-moduncon@*/
607  switch (itemno) {
608  default:
609 assert(0);
610  case 50: /* ECDSA r */
611  case 51: /* ECDSA s */
612  case 60: /* ECDSA curve OID */
613  case 61: /* ECDSA Q */
614  break;
615  case 10: /* RSA m**d */
616  ssl->c = BN_bin2bn(p+2, nb, ssl->c);
617  break;
618  case 20: /* DSA r */
619  if (ssl->dsasig == NULL) ssl->dsasig = DSA_SIG_new();
620  ssl->dsasig->r = BN_bin2bn(p+2, nb, ssl->dsasig->r);
621  break;
622  case 21: /* DSA s */
623  if (ssl->dsasig == NULL) ssl->dsasig = DSA_SIG_new();
624  ssl->dsasig->s = BN_bin2bn(p+2, nb, ssl->dsasig->s);
625  break;
626  case 30: /* RSA n */
627  if (ssl->rsa == NULL) ssl->rsa = RSA_new();
628  ssl->rsa->n = BN_bin2bn(p+2, nb, ssl->rsa->n);
629  break;
630  case 31: /* RSA e */
631  if (ssl->rsa == NULL) ssl->rsa = RSA_new();
632  ssl->rsa->e = BN_bin2bn(p+2, nb, ssl->rsa->e);
633  break;
634  case 40: /* DSA p */
635  if (ssl->dsa == NULL) ssl->dsa = DSA_new();
636  ssl->dsa->p = BN_bin2bn(p+2, nb, ssl->dsa->p);
637  break;
638  case 41: /* DSA q */
639  if (ssl->dsa == NULL) ssl->dsa = DSA_new();
640  ssl->dsa->q = BN_bin2bn(p+2, nb, ssl->dsa->q);
641  break;
642  case 42: /* DSA g */
643  if (ssl->dsa == NULL) ssl->dsa = DSA_new();
644  ssl->dsa->g = BN_bin2bn(p+2, nb, ssl->dsa->g);
645  break;
646  case 43: /* DSA y */
647  if (ssl->dsa == NULL) ssl->dsa = DSA_new();
648  ssl->dsa->pub_key = BN_bin2bn(p+2, nb, ssl->dsa->pub_key);
649  break;
650  }
651 /*@=moduncon@*/
652  return rc;
653 }
654 
655 /*@-mustmod@*/
656 static
657 void rpmsslClean(void * impl)
658  /*@modifies impl @*/
659 {
660  rpmssl ssl = (rpmssl) impl;
661 /*@-moduncon@*/
662  if (ssl != NULL) {
663  ssl->nbits = 0;
664  ssl->err = 0;
665  ssl->badok = 0;
666  ssl->digest = _free(ssl->digest);
667  ssl->digestlen = 0;
668 
669  if (ssl->dsa)
670  DSA_free(ssl->dsa);
671  ssl->dsa = NULL;
672  if (ssl->dsasig)
673  DSA_SIG_free(ssl->dsasig);
674  ssl->dsasig = NULL;
675 
676  if (ssl->rsa)
677  RSA_free(ssl->rsa);
678  ssl->rsa = NULL;
679  if (ssl->hm)
680  BN_free(ssl->hm);
681  ssl->hm = NULL;
682  if (ssl->c)
683  BN_free(ssl->c);
684  ssl->c = NULL;
685 
686 #if !defined(OPENSSL_NO_ECDSA)
687  if (ssl->ecdsakey)
688  EC_KEY_free(ssl->ecdsakey);
689  ssl->ecdsakey = NULL;
690  if (ssl->ecdsasig)
691  ECDSA_SIG_free(ssl->ecdsasig);
692  ssl->ecdsasig = NULL;
693 
694  if (ssl->ecdsakey_bad)
695  EC_KEY_free(ssl->ecdsakey_bad);
696  ssl->ecdsakey_bad = NULL;
697 #endif
698 
699  }
700 /*@=moduncon@*/
701 }
702 /*@=mustmod@*/
703 
704 static /*@null@*/
705 void * rpmsslFree(/*@only@*/ void * impl)
706  /*@modifies impl @*/
707 {
708  rpmsslClean(impl);
709  impl = _free(impl);
710  return NULL;
711 }
712 
713 static
714 void * rpmsslInit(void)
715  /*@*/
716 {
717  rpmssl ssl = (rpmssl) xcalloc(1, sizeof(*ssl));
718 /*@-moduncon@*/
719  ERR_load_crypto_strings();
720 /*@=moduncon@*/
721  return (void *) ssl;
722 }
723 
724 struct pgpImplVecs_s rpmsslImplVecs = {
725  rpmsslSetRSA,
726  rpmsslSetDSA,
727  rpmsslSetELG,
728  rpmsslSetECDSA,
729 
730  rpmsslErrChk,
731  rpmsslAvailableCipher, rpmsslAvailableDigest, rpmsslAvailablePubkey,
732  rpmsslVerify, rpmsslSign, rpmsslGenerate,
733 
734  rpmsslMpiItem, rpmsslClean,
735  rpmsslFree, rpmsslInit
736 };
737 
738 #endif
739 
static unsigned int pgpMpiBits(const rpmuint8_t *p)
Return no.
Definition: rpmpgp.h:1114
int xx
Definition: spec.c:744
DIGEST_CTX ctx
Definition: signature.c:785
struct rpmgc_s * rpmgc
Definition: rpmgc.h:22
struct rpmssl_s * rpmssl
Definition: rpmssl.h:28
static char *size_t nb
fgets(3) analogue that reads \ continuations.
Definition: macro.c:409
int rc
Definition: poptALL.c:670
static unsigned char nibble(char c)
Convert hex to binary nibble.
Definition: pack.c:628
struct pgpDig_s * pgpDig
Definition: rpmiotypes.h:86
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
Definition: rpmiotypes.h:26
Yet Another syslog(3) API clone.
memset(_r, 0, sizeof(*_r))
void * xcalloc(size_t nmemb, size_t size)
Definition: rpmmalloc.c:300
assert(key->size==sizeof(hdrNum))
struct pgpValTbl_s pgpHashTbl[]
Hash (string, value) pairs.
Definition: rpmpgp.c:143
char * p
Definition: macro.c:413
fprintf(stderr,"--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, rsactx, sig, sigp)
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
Definition: rpmpgp.c:1226
Digest private data.
Definition: digest.c:127
pgpHashAlgo rpmDigestAlgo(DIGEST_CTX ctx)
Return digest algorithm identifier.
Definition: digest.c:188
pgpImplVecs_t rpmsslImplVecs
Implementation specific parameter storage.
static const char *char c
Return text between pl and matching pr characters.
Definition: macro.c:470
const char * s
Definition: poptALL.c:734
char * t
Definition: rpmds.c:2716
static const char * prefix[]
Tables for prefixing and suffixing patterns, according to the -w, -x, and -F options.
Definition: rpmgrep.c:183
char * stpcpy(char *dest, const char *src)
if(__progname==NULL)
Definition: poptALL.c:683
const char * msg
Definition: rpmts-py.c:976
#define SPEW(_t, _rc, _dig)
Definition: rpmbc.c:25
struct pgpDigParams_s * pgpDigParams
Definition: rpmiotypes.h:90
return NULL
Definition: poptALL.c:613
static const char * pgpValStr(pgpValTbl vs, rpmuint8_t val)
Return string representation of am OpenPGP value.
Definition: rpmpgp.h:1199
int
Save source and expand field into target.
Definition: rpmds.c:2709
#define xmalloc
Definition: system.h:32
void rpmDigestFinal(rpmDigestDup(md5ctx),&md5sum,&md5len, 0)
int _pgp_print
Definition: rpmpgp.c:32
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Definition: rpmiotypes.h:647
pgpDigParams sigp
Definition: signature.c:748
int i
Definition: spec.c:743
pgpDig dig
Definition: rpmts-py.c:979
const char * rpmDigestASN1(DIGEST_CTX ctx)
Return digest ASN1 oid string.
Definition: digest.c:203
int _pgp_debug
Definition: rpmpgp.c:29
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
Definition: rpmpgp.c:1231
struct pgpValTbl_s pgpPubkeyTbl[]
Definition: rpmpgp.c:103