9 #define _RPMPGP_INTERNAL
12 #if defined(__LCLINT__) && !defined(__i386__)
16 #define _RPMSSL_INTERNAL
36 static int _rpmssl_debug;
38 #define SPEW(_t, _rc, _dig) \
39 { if ((_t) || _rpmssl_debug || _pgp_debug < 0) \
40 fprintf(stderr, "<-- %s(%p) %s\t%s/%s\n", __FUNCTION__, (_dig), \
41 ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN, (_dig)->hash_algoN); \
50 unsigned char nibble(
char c)
53 if (c >=
'0' && c <=
'9')
54 return (
unsigned char) (c -
'0');
55 if (c >=
'A' && c <=
'F')
56 return (
unsigned char)((int)(c -
'A') + 10);
57 if (c >=
'a' && c <=
'f')
58 return (
unsigned char)((int)(c -
'a') + 10);
59 return (
unsigned char)
'\0';
62 static unsigned char * rpmsslBN2bin(
const char * msg,
const BIGNUM * s,
size_t maxn)
64 unsigned char * t = (
unsigned char *)
xcalloc(1, maxn);
66 size_t nt = BN_bn2bin(s, t);
70 size_t pad = (maxn - nt);
71 memmove(t+pad, t, nt);
78 static const EVP_MD * mapHash(
unsigned hash_algo)
80 const EVP_MD * md = NULL;
83 #ifndef OPENSSL_NO_MD2
86 #ifndef OPENSSL_NO_MD4
89 #ifndef OPENSSL_NO_MD5
92 #ifndef OPENSSL_NO_RIPEMD
95 #ifndef OPENSSL_NO_SHA
98 #ifndef OPENSSL_NO_SHA256
102 #ifndef OPENSSL_NO_SHA512
135 ssl->md = mapHash(sigp->hash_algo);
138 ssl->digest =
_free(ssl->digest);
140 rc =
rpmDigestFinal(ctx, (
void **)&ssl->digest, &ssl->digestlen, 0);
144 { RSA * rsa = EVP_PKEY_get0(ssl->pkey);
150 t = te = (uint8_t *)
xmalloc(nb);
151 memset(te, 0xff, nb);
154 te += nb - strlen(
prefix)/2 - ssl->digestlen - 1;
157 for (s =
prefix; *s; s += 2)
159 memcpy(te, ssl->digest, ssl->digestlen);
167 ssl->hm = BN_bin2bn(t, nb, NULL);
172 rc = memcmp(ssl->digest, sigp->signhash16,
sizeof(sigp->signhash16));
175 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
196 ssl->md = mapHash(sigp->hash_algo);
200 ssl->digest =
_free(ssl->digest);
202 xx =
rpmDigestFinal(ctx, (
void **)&ssl->digest, &ssl->digestlen, 0);
205 rc = memcmp(ssl->digest, sigp->signhash16,
sizeof(sigp->signhash16));
208 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
226 ssl->digest =
_free(ssl->digest);
228 xx =
rpmDigestFinal(ctx, (
void **)&ssl->digest, &ssl->digestlen, 0);
231 rc = memcmp(ssl->digest, sigp->signhash16,
sizeof(sigp->signhash16));
234 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
254 ssl->md = mapHash(sigp->hash_algo);
257 ssl->digest =
_free(ssl->digest);
262 rc = memcmp(ssl->digest, sigp->signhash16,
sizeof(sigp->signhash16));
265 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
272 static int rpmsslErrChk(
pgpDig dig,
const char * msg,
int rc,
unsigned expected)
275 rpmgc gc = dig->impl;
277 rc = (gcry_err_code(gc->err) != expected);
279 fail(
"%s failed: %s\n", msg, gpg_strerror(gc->err));
287 static int rpmsslAvailableCipher(
pgpDig dig,
int algo)
291 rc = rpmgsslvailable(dig->impl, algo,
297 static int rpmsslAvailableDigest(
pgpDig dig,
int algo)
301 rc = rpmgsslvailable(dig->impl, algo,
307 static int rpmsslAvailablePubkey(
pgpDig dig,
int algo)
311 rc = rpmsslAvailable(dig->impl, algo, gcry_pk_test_algo(algo));
316 static int rpmsslVerify(
pgpDig dig)
319 unsigned char * t = ssl->digest;
320 size_t nt = ssl->digestlen;
321 unsigned char * hm = NULL;
322 EVP_PKEY_CTX *ctx = NULL;
326 assert(ssl->sig != NULL && ssl->siglen > 0);
328 if ((ctx = EVP_PKEY_CTX_new(ssl->pkey, NULL)) == NULL
329 || EVP_PKEY_verify_init(ctx) != 1)
332 switch (pubp->pubkey_algo) {
337 { RSA * rsa = EVP_PKEY_get0(ssl->pkey);
338 size_t maxn = RSA_size(rsa);
343 hm = rpmsslBN2bin(
"hm", ssl->hm, maxn);
344 for (i = 2; i < maxn; i++) {
354 if (!EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING))
359 if (!EVP_PKEY_CTX_set_signature_md(ctx, ssl->md))
364 rc = rpmsslVerifyELG(dig);
369 #if !defined(OPENSSL_NO_ECDSA)
370 if (!EVP_PKEY_CTX_set_signature_md(ctx, ssl->md))
376 if (EVP_PKEY_verify(ctx, ssl->sig, ssl->siglen, t, nt) == 1)
383 EVP_PKEY_CTX_free(ctx);
388 static int rpmsslSign(
pgpDig dig)
391 unsigned char * t = ssl->digest;
392 size_t nt = ssl->digestlen;
393 unsigned char * hm = NULL;
394 EVP_PKEY_CTX *ctx = NULL;
399 ssl->sig =
_free(ssl->sig);
402 if ((ctx = EVP_PKEY_CTX_new(ssl->pkey, NULL)) == NULL
403 || EVP_PKEY_sign_init(ctx) != 1)
406 switch (pubp->pubkey_algo) {
411 { RSA * rsa = EVP_PKEY_get0(ssl->pkey);
412 size_t maxn = RSA_size(rsa);
417 hm = rpmsslBN2bin(
"hm", ssl->hm, maxn);
418 for (i = 2; i < maxn; i++) {
428 if (!EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING))
433 if (!EVP_PKEY_CTX_set_signature_md(ctx, ssl->md))
438 rc = rpmsslSignELG(dig);
443 #if !defined(OPENSSL_NO_ECDSA)
444 if (!EVP_PKEY_CTX_set_signature_md(ctx, ssl->md))
446 { EC_KEY * ec = EVP_PKEY_get0(ssl->pkey);
450 if (EC_KEY_get0_private_key(ec) == NULL && ssl->priv != NULL) {
451 xx = EC_KEY_set_private_key(ec, ssl->priv);
460 if (EVP_PKEY_sign(ctx, NULL, &ssl->siglen, t, nt) == 1
461 && (ssl->sig =
xmalloc(ssl->siglen)) != NULL
462 && EVP_PKEY_sign(ctx, ssl->sig, &ssl->siglen, t, nt) == 1)
467 ssl->sig =
_free(ssl->sig);
473 EVP_PKEY_CTX_free(ctx);
478 static int rpmsslGenerate(
pgpDig dig)
481 EVP_PKEY_CTX * ctx = NULL;
482 EVP_PKEY * param = NULL;
484 static unsigned long _e = 0x10001;
488 assert(pubp->pubkey_algo);
489 assert(sigp->hash_algo);
491 assert(dig->pubkey_algoN);
492 assert(dig->hash_algoN);
494 assert(ssl->pkey == NULL);
496 switch (pubp->pubkey_algo) {
500 if (ssl->nbits == 0) ssl->nbits = 2048;
502 if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) != NULL
503 && EVP_PKEY_keygen_init(ctx) == 1
504 && (bn = BN_new()) != NULL
505 && BN_set_word(bn, _e) == 1
506 && EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, bn) == 1
507 && EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, ssl->nbits) == 1
508 && EVP_PKEY_keygen(ctx, &ssl->pkey) == 1)
514 switch (sigp->hash_algo) {
531 switch (ssl->qbits) {
533 case 160: ssl->nbits = 1024;
break;
534 case 224: ssl->nbits = 2048;
break;
536 case 256: ssl->nbits = 3072;
break;
537 case 384: ssl->nbits = 7680;
break;
538 case 512: ssl->nbits = 15360;
break;
540 case 256: ssl->nbits = 2048;
break;
541 case 384: ssl->nbits = 2048; ssl->qbits = 256;
break;
542 case 512: ssl->nbits = 2048; ssl->qbits = 256;
break;
547 if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL)) == NULL
548 || EVP_PKEY_paramgen_init(ctx) != 1
549 || EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, ssl->nbits) != 1
550 || EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
551 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, ssl->qbits, NULL) != 1
552 || EVP_PKEY_paramgen(ctx, ¶m) != 1)
554 EVP_PKEY_CTX_free(ctx);
555 if ((ctx = EVP_PKEY_CTX_new(param, NULL)) != NULL
556 && EVP_PKEY_keygen_init(ctx) == 1
557 && EVP_PKEY_keygen(ctx, &ssl->pkey) == 1)
562 rc = rpmsslGenerateELG(dig);
566 #if !defined(OPENSSL_NO_ECDSA)
569 switch (sigp->hash_algo) {
581 if (ssl->curveN == NULL)
582 switch (ssl->nbits) {
583 default:
goto exit;
break;
585 ssl->curveN =
xstrdup(
"nistp192"); ssl->nid = 711;
588 ssl->curveN =
xstrdup(
"nistp224"); ssl->nid = NID_secp224r1;
591 ssl->curveN =
xstrdup(
"nistp256"); ssl->nid = NID_X9_62_prime256v1;
594 ssl->curveN =
xstrdup(
"nistp384"); ssl->nid = NID_secp384r1;
598 ssl->curveN =
xstrdup(
"nistp521"); ssl->nid = NID_secp521r1;
603 if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL
604 || EVP_PKEY_paramgen_init(ctx) != 1
605 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, ssl->nid) != 1
606 || EVP_PKEY_paramgen(ctx, ¶m) != 1)
608 EVP_PKEY_CTX_free(ctx);
609 if ((ctx = EVP_PKEY_CTX_new(param, NULL)) != NULL
610 && EVP_PKEY_keygen_init(ctx) == 1
611 && EVP_PKEY_keygen(ctx, &ssl->pkey) == 1)
615 EC_KEY * ec = EVP_PKEY_get0(ssl->pkey);
619 ssl->priv = BN_dup(EC_KEY_get0_private_key(ec));
628 if (EVP_PKEY_type(ssl->pkey->type) == EVP_PKEY_EC) {
629 EC_KEY * ec = EVP_PKEY_get1_EC_KEY(ssl->pkey);
630 EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
635 EVP_PKEY_free(ssl->pkey);
639 EVP_PKEY_free(param);
641 EVP_PKEY_CTX_free(ctx);
648 int rpmsslMpiItem(
const char * pre,
pgpDig dig,
int itemno,
654 unsigned int nb = (pend >= p ? (pend - p) : 0);
655 unsigned int mbits = (((8 * (nb - 2)) + 0x1f) & ~0x1f);
667 assert(ssl->sig == NULL);
669 ssl->siglen = mbits/8;
670 ssl->sig =
xmalloc(ssl->siglen);
671 nz = ssl->siglen - (nb - 2);
673 memset(ssl->sig, 0, nz);
674 memcpy(ssl->sig+nz, p+2, nb-2);
677 assert(ssl->dsasig == NULL);
679 ssl->dsasig = DSA_SIG_new();
680 ssl->dsasig->r = BN_bin2bn(p+2, nb-2, ssl->dsasig->r);
683 assert(ssl->dsasig != NULL);
684 assert(mbits == ssl->qbits);
685 ssl->dsasig->s = BN_bin2bn(p+2, nb-2, ssl->dsasig->s);
686 ssl->siglen = i2d_DSA_SIG(ssl->dsasig, NULL);
687 ssl->sig =
xmalloc(ssl->siglen);
689 xx = i2d_DSA_SIG(ssl->dsasig, &q);
690 assert(xx == (
int)ssl->siglen);
691 DSA_SIG_free(ssl->dsasig);
695 assert(ssl->rsa == NULL);
697 ssl->rsa = RSA_new();
698 ssl->rsa->n = BN_bin2bn(p+2, nb-2, ssl->rsa->n);
701 assert(ssl->rsa != NULL);
702 ssl->rsa->e = BN_bin2bn(p+2, nb-2, ssl->rsa->e);
703 assert(ssl->pkey == NULL);
704 ssl->pkey = EVP_PKEY_new();
705 xx = EVP_PKEY_assign_RSA(ssl->pkey, ssl->rsa);
710 assert(ssl->dsa == NULL);
712 ssl->dsa = DSA_new();
713 ssl->dsa->p = BN_bin2bn(p+2, nb-2, ssl->dsa->p);
716 assert(ssl->dsa != NULL);
718 ssl->dsa->q = BN_bin2bn(p+2, nb-2, ssl->dsa->q);
721 assert(ssl->dsa != NULL);
722 assert(mbits == ssl->nbits);
723 ssl->dsa->g = BN_bin2bn(p+2, nb-2, ssl->dsa->g);
726 assert(ssl->dsa != NULL);
727 assert(mbits == ssl->nbits);
728 ssl->dsa->pub_key = BN_bin2bn(p+2, nb-2, ssl->dsa->pub_key);
729 assert(ssl->pkey == NULL);
730 ssl->pkey = EVP_PKEY_new();
731 xx = EVP_PKEY_assign_DSA(ssl->pkey, ssl->dsa);
736 assert(ssl->ecdsasig == NULL);
738 ssl->ecdsasig = ECDSA_SIG_new();
739 ssl->ecdsasig->r = BN_bin2bn(p+2, nb-2, ssl->ecdsasig->r);
742 #if !defined(OPENSSL_NO_ECDSA)
743 assert(ssl->ecdsasig != NULL);
744 assert(mbits == ssl->qbits);
745 ssl->ecdsasig->s = BN_bin2bn(p+2, nb-2, ssl->ecdsasig->s);
746 ssl->siglen = i2d_ECDSA_SIG(ssl->ecdsasig, NULL);
747 ssl->sig =
xmalloc(ssl->siglen);
749 xx = i2d_ECDSA_SIG(ssl->ecdsasig, &q);
750 ECDSA_SIG_free(ssl->ecdsasig);
751 ssl->ecdsasig = NULL;
755 #if !defined(OPENSSL_NO_ECDSA)
757 {
size_t nc = EC_get_builtin_curves(NULL, 100);
758 EC_builtin_curve * c =
alloca(nc *
sizeof(*c));
760 (void) EC_get_builtin_curves(c, nc);
761 for (i = 0; i < nc; i++) {
762 ASN1_OBJECT * o = OBJ_nid2obj(c[i].nid);
763 if (nb != (
unsigned)o->length)
765 if (memcmp(p, o->data, nb))
772 case NID_X9_62_prime192v1:
779 ssl->curveN =
_free(ssl->curveN);
780 ssl->curveN =
xstrdup(
"nistp256");
781 ssl->nid = NID_X9_62_prime256v1;
784 case NID_X9_62_prime256v1:
796 fprintf(stderr,
" OID[%4u]: %s\n", nb,
pgpHexStr(p, nb));
803 #if !defined(OPENSSL_NO_ECDSA)
805 { EC_KEY * ec = EC_KEY_new_by_curve_name(ssl->nid);
806 const unsigned char *q;
810 ec = o2i_ECPublicKey(&ec, &q, nb-2);
815 EVP_PKEY_free(ssl->pkey);
818 assert(ssl->pkey == NULL);
819 ssl->pkey = EVP_PKEY_new();
820 xx = EVP_PKEY_assign_EC_KEY(ssl->pkey, ec);
823 fprintf(stderr,
" Q[%4u]: %s\n", mbits,
pgpHexStr(p+2, nb-2));
834 void rpmsslClean(
void * impl)
844 ssl->digest =
_free(ssl->digest);
847 ssl->sig =
_free(ssl->sig);
854 DSA_SIG_free(ssl->dsasig);
864 ssl->curveN =
_free(ssl->curveN);
867 ECDSA_SIG_free(ssl->ecdsasig);
868 ssl->ecdsasig = NULL;
874 EVP_PKEY_free(ssl->pkey);
884 static int rpmssl_initialized;
887 void * rpmsslFree(
void * impl)
892 if (--rpmssl_initialized == 0) {
894 CONF_modules_unload(1);
898 CRYPTO_cleanup_all_ex_data();
899 ERR_remove_thread_state(NULL);
911 #include <openssl/evp.h>
912 #include <openssl/crypto.h>
913 #include <openssl/bn.h>
914 # include <openssl/md2.h>
915 # include <openssl/rc4.h>
916 # include <openssl/des.h>
917 # include <openssl/idea.h>
918 # include <openssl/blowfish.h>
919 #include <openssl/engine.h>
922 static const char *rpmsslEngines(
char *te)
927 for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
934 static void rpmsslVersionLog(
void)
936 static int oneshot = 0;
943 rpmlog(msglvl,
"---------- openssl %s configuration:\n",
944 SSLeay_version(SSLEAY_VERSION));
947 if (SSLeay() == SSLEAY_VERSION_NUMBER)
948 rpmlog(msglvl,
"%s\n", SSLeay_version(SSLEAY_VERSION));
950 rpmlog(msglvl,
"%s (Library: %s)\n",
951 OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
954 rpmlog(msglvl,
" %s\n", SSLeay_version(SSLEAY_BUILT_ON));
955 rpmlog(msglvl,
" %s\n", SSLeay_version(SSLEAY_PLATFORM));
956 rpmlog(msglvl,
" options: %s\n", BN_options());
957 rpmlog(msglvl,
" %s\n", SSLeay_version(SSLEAY_CFLAGS));
958 rpmlog(msglvl,
"%s\n", SSLeay_version(SSLEAY_DIR));
959 rpmlog(msglvl,
" engines:%s\n", rpmsslEngines(b));
960 rpmlog(msglvl,
" FIPS: %s\n",
961 (FIPS_mode() ?
"enabled" :
"disabled"));
964 { ASN1_OBJECT * o = OBJ_nid2obj(ssl->nid);
965 fprintf(stderr,
" sn: %s\n", o->sn);
966 fprintf(stderr,
" ln: %s\n", o->ln);
967 fprintf(stderr,
" nid: %d\n", o->nid);
968 fprintf(stderr,
" data: %p[%u] %s\n", o->data, o->length,
pgpHexStr(o->data, o->length));
969 fprintf(stderr,
"flags: %08X\n", o->flags);
973 {
size_t nc = EC_get_builtin_curves(NULL, 100);
974 EC_builtin_curve * c =
alloca(nc *
sizeof(*c));
976 (void) EC_get_builtin_curves(c, nc);
977 for (i = 0; i < nc; i++) {
978 ASN1_OBJECT * o = OBJ_nid2obj(c[i].nid);
981 rpmlog(msglvl,
" EC curves:\n");
982 rpmlog(msglvl,
" %s\n", c[i].comment);
983 rpmlog(msglvl,
" %12s%5d %s\t%s\n",
984 o->sn, c[i].nid,
pgpHexStr(o->data, o->length), o->ln);
988 rpmlog(msglvl,
"----------\n");
992 void * rpmsslInit(
void)
997 if (rpmssl_initialized++ == 0) {
1002 CRYPTO_malloc_init();
1004 ERR_load_crypto_strings();
1005 OpenSSL_add_all_algorithms();
1006 ENGINE_load_builtin_engines();
1008 xx = FIPS_mode_set(1);
1016 return (
void *) ssl;
1020 OPENSSL_VERSION_TEXT,
1027 rpmsslAvailableCipher, rpmsslAvailableDigest, rpmsslAvailablePubkey,
1028 rpmsslVerify, rpmsslSign, rpmsslGenerate,
1030 rpmsslMpiItem, rpmsslClean,
1031 rpmsslFree, rpmsslInit
1039 time_t now =
time(NULL);
1055 *be++ = pubp->pubkey_algo;
1058 switch (pubp->pubkey_algo) {
1064 RSA * rsa = EVP_PKEY_get0(ssl->pkey);
1066 bn = BN_num_bits(rsa->n);
1067 *be++ = (bn >> 8); *be++ = (bn );
1069 xx = BN_bn2bin(rsa->n, be);
1072 bn = BN_num_bits(rsa->e);
1073 *be++ = (bn >> 8); *be++ = (bn );
1075 xx = BN_bn2bin(rsa->e, be);
1080 DSA * dsa = EVP_PKEY_get0(ssl->pkey);
1082 bn = BN_num_bits(dsa->p);
1083 *be++ = (bn >> 8); *be++ = (bn );
1085 xx = BN_bn2bin(dsa->p, be);
1088 bn = BN_num_bits(dsa->q);
1089 *be++ = (bn >> 8); *be++ = (bn );
1091 xx = BN_bn2bin(dsa->q, be);
1094 bn = BN_num_bits(dsa->g);
1095 *be++ = (bn >> 8); *be++ = (bn );
1097 xx = BN_bn2bin(dsa->g, be);
1100 bn = BN_num_bits(dsa->pub_key);
1101 *be++ = (bn >> 8); *be++ = (bn );
1103 xx = BN_bn2bin(dsa->pub_key, be);
1108 EC_KEY * ec = EVP_PKEY_get0(ssl->pkey);
1109 ASN1_OBJECT * o = OBJ_nid2obj(ssl->nid);
1114 memcpy(be, o->data, o->length);
1120 bn = 8 * i2o_ECPublicKey(ec, &q) - 5;
1121 *be++ = (bn >> 8); *be++ = (bn );
1129 pktlen = (be - pkt);
1136 dig->pub = memcpy(
xmalloc(pktlen), pkt, pktlen);
1137 dig->publen = pktlen;
1146 const unsigned char * q;
1151 time_t now =
time(NULL);
1161 *be++ = 0x80 | (sigp->tag << 2) | 0x01;
1165 *be++ = sigp->version = 0x04;
1167 *be++ = sigp->pubkey_algo = pubp->pubkey_algo;
1168 *be++ = sigp->hash_algo;
1176 *be++ = sigp->time[0] = (bt >> 24);
1177 *be++ = sigp->time[1] = (bt >> 16);
1178 *be++ = sigp->time[2] = (bt >> 8);
1179 *be++ = sigp->time[3] = (bt );
1183 bt = 30 * 24 * 60 * 60;
1184 *be++ = sigp->expire[0] = (bt >> 24);
1185 *be++ = sigp->expire[1] = (bt >> 16);
1186 *be++ = sigp->expire[2] = (bt >> 8);
1187 *be++ = sigp->expire[3] = (bt );
1201 sigp->hashlen = (be - h);
1202 h[-2] = (sigp->hashlen >> 8);
1203 h[-1] = (sigp->hashlen );
1206 if (sigp->hash != NULL)
1211 trailer[0] = sigp->version;
1213 trailer[2] = (sigp->hashlen >> 24);
1214 trailer[3] = (sigp->hashlen >> 16);
1215 trailer[4] = (sigp->hashlen >> 8);
1216 trailer[5] = (sigp->hashlen );
1220 sigp->signhash16[0] = 0x00;
1221 sigp->signhash16[1] = 0x00;
1222 switch (pubp->pubkey_algo) {
1236 h = (uint8_t *) ssl->digest;
1237 sigp->signhash16[0] = h[0];
1238 sigp->signhash16[1] = h[1];
1249 *be++ = pubp->signid[0];
1250 *be++ = pubp->signid[1];
1251 *be++ = pubp->signid[2];
1252 *be++ = pubp->signid[3];
1253 *be++ = pubp->signid[4];
1254 *be++ = pubp->signid[5];
1255 *be++ = pubp->signid[6];
1256 *be++ = pubp->signid[7];
1262 *be++ = sigp->signhash16[0];
1263 *be++ = sigp->signhash16[1];
1265 switch (pubp->pubkey_algo) {
1270 { BIGNUM * md = BN_bin2bn(ssl->sig, ssl->siglen, BN_new());
1271 bn = BN_num_bits(md);
1275 xx = BN_bn2bin(md, be);
1280 assert(ssl->dsasig == NULL);
1282 ssl->dsasig = d2i_DSA_SIG(NULL, &q, ssl->siglen);
1284 bn = BN_num_bits(ssl->dsasig->r);
1288 xx = BN_bn2bin(ssl->dsasig->r, be);
1291 bn = BN_num_bits(ssl->dsasig->s);
1295 xx = BN_bn2bin(ssl->dsasig->s, be);
1298 DSA_SIG_free(ssl->dsasig);
1302 assert(ssl->ecdsasig == NULL);
1304 ssl->ecdsasig = d2i_ECDSA_SIG(NULL, &q, ssl->siglen);
1306 bn = BN_num_bits(ssl->ecdsasig->r);
1310 xx = BN_bn2bin(ssl->ecdsasig->r, be);
1313 bn = BN_num_bits(ssl->ecdsasig->s);
1317 xx = BN_bn2bin(ssl->ecdsasig->s, be);
1320 ECDSA_SIG_free(ssl->ecdsasig);
1321 ssl->ecdsasig = NULL;
1325 pktlen = (be - pkt);
1330 dig->sig = memcpy(
xmalloc(pktlen), pkt, pktlen);
1331 dig->siglen = pktlen;
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
char * xstrdup(const char *str)
struct pgpDigParams_s * pgpDigParams
static unsigned char nibble(char c)
Convert hex to binary nibble.
static void rpmlog(int code, const char *fmt,...)
static int pgpImplSign(pgpDig dig)
const char * pgpPubkeyAlgo2Name(uint32_t algo)
static int pgpImplSetDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
Yet Another syslog(3) API clone.
void * xcalloc(size_t nmemb, size_t size)
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
static unsigned int pgpMpiBits(const rpmuint8_t *p)
Return no.
pgpHashAlgo rpmDigestAlgo(DIGEST_CTX ctx)
Return digest algorithm identifier.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
int rpmsslExportSignature(pgpDig dig, DIGEST_CTX ctx)
pgpImplVecs_t rpmsslImplVecs
Implementation specific parameter storage.
static int pgpImplSetECDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
static int pgpImplSetRSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
static unsigned int pgpMpiLen(const rpmuint8_t *p)
Return no.
static const char * prefix[]
Tables for prefixing and suffixing patterns, according to the -w, -x, and -F options.
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
char * stpcpy(char *dest, const char *src)
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
int rpmsslExportPubkey(pgpDig dig)
const char * rpmDigestASN1(DIGEST_CTX ctx)
Return digest ASN1 oid string.
const char * pgpHashAlgo2Name(uint32_t algo)
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.