rpm  5.4.15
signature.c
Go to the documentation of this file.
1 
5 #include "system.h"
6 
7 #include <rpmio.h>
8 #include <rpmurl.h>
9 #include <rpmcb.h> /* XXX rpmIsVerbose() */
10 #define _RPMPGP_INTERNAL
11 #include <rpmpgp.h>
12 #include <rpmmacro.h> /* XXX for rpmGetPath() */
13 #include <rpmhkp.h>
14 #include <rpmku.h>
15 
16 #include <rpmtag.h>
17 #include "rpmdb.h"
18 #include <pkgio.h> /* XXX expects <rpmts.h> */
19 #include "legacy.h" /* XXX for dodogest() */
20 #include "signature.h"
21 
22 #include "debug.h"
23 
24 /*@access FD_t@*/ /* XXX ufdio->read arg1 is void ptr */
25 /*@access Header@*/ /* XXX compared with NULL */
26 /*@access DIGEST_CTX@*/ /* XXX compared with NULL */
27 /*@access pgpDig@*/
28 /*@access pgpDigParams@*/
29 
30 int rpmTempFile(const char * prefix, const char ** fnptr, void * fdptr)
31 {
32  const char * tpmacro = "%{?_tmppath}%{!?_tmppath:/var/tmp/}";
33  const char * tempfn = NULL;
34  const char * tfn = NULL;
35  static int _initialized = 0;
36  int temput;
37  FD_t fd = NULL;
38  unsigned int ran;
39 
40  if (!prefix) prefix = "";
41 
42  /* Create the temp directory if it doesn't already exist. */
43  if (!_initialized) {
44  _initialized = 1;
45  tempfn = rpmGenPath(prefix, tpmacro, NULL);
46  if (rpmioMkpath(tempfn, 0755, (uid_t) -1, (gid_t) -1))
47  goto errxit;
48  }
49 
50  /* XXX should probably use mkstemp here */
51  ran = (unsigned) time(NULL);
52  srand(ran);
53  ran = rand() % 100000;
54 
55  /* maybe this should use link/stat? */
56 
57  do {
58  char tfnbuf[64];
59 #ifndef NOTYET
60  sprintf(tfnbuf, "rpm-tmp.%u", ran++);
61  tempfn = _free(tempfn);
62  tempfn = rpmGenPath(prefix, tpmacro, tfnbuf);
63 #else
64  strcpy(tfnbuf, "rpm-tmp.XXXXXX");
65  tempfn = _free(tempfn);
66  tempfn = rpmGenPath(prefix, tpmacro, mktemp(tfnbuf));
67 #endif
68 
69  temput = urlPath(tempfn, &tfn);
70  if (*tfn == '\0') goto errxit;
71 
72  switch (temput) {
73  case URL_IS_DASH:
74  case URL_IS_HKP:
75  case URL_IS_MONGO: /* XXX FIXME */
76  goto errxit;
77  /*@notreached@*/ /*@switchbreak@*/ break;
78  case URL_IS_HTTPS:
79  case URL_IS_HTTP:
80  case URL_IS_FTP:
81  default:
82  /*@switchbreak@*/ break;
83  }
84 
85  fd = Fopen(tempfn, "w+x.fdio");
86  /* XXX FIXME: errno may not be correct for ufdio */
87  } while ((fd == NULL || Ferror(fd)) && errno == EEXIST);
88 
89  if (fd == NULL || Ferror(fd)) {
90  rpmlog(RPMLOG_ERR, _("error creating temporary file %s\n"), tempfn);
91  goto errxit;
92  }
93 
94  switch(temput) {
95  case URL_IS_PATH:
96  case URL_IS_UNKNOWN:
97  { struct stat sb, sb2;
98  if (!stat(tfn, &sb) && S_ISLNK(sb.st_mode)) {
99  rpmlog(RPMLOG_ERR, _("error creating temporary file %s\n"), tfn);
100  goto errxit;
101  }
102 
103  if (sb.st_nlink != 1) {
104  rpmlog(RPMLOG_ERR, _("error creating temporary file %s\n"), tfn);
105  goto errxit;
106  }
107 
108  if (fstat(Fileno(fd), &sb2) == 0) {
109  if (sb2.st_ino != sb.st_ino || sb2.st_dev != sb.st_dev) {
110  rpmlog(RPMLOG_ERR, _("error creating temporary file %s\n"), tfn);
111  goto errxit;
112  }
113  }
114  } break;
115  default:
116  break;
117  }
118 
119  if (fnptr)
120  *fnptr = tempfn;
121  else
122  tempfn = _free(tempfn);
123  if (fdptr)
124  *(FD_t *)fdptr = fd;
125 
126  return 0;
127 
128 errxit:
129  tempfn = _free(tempfn);
130  if (fnptr)
131  *fnptr = NULL;
132  /*@-usereleased@*/
133  if (fd != NULL) (void) Fclose(fd);
134  /*@=usereleased@*/
135  return 1;
136 }
137 
138 
148 static int makeGPGSignature(const char * file, rpmSigTag * sigTagp,
149  /*@out@*/ rpmuint8_t ** pktp, /*@out@*/ rpmuint32_t * pktlenp,
150  /*@null@*/ const char * passPhrase)
151  /*@globals rpmGlobalMacroContext, h_errno,
152  fileSystem, internalState @*/
153  /*@modifies *pktp, *pktlenp, *sigTagp, rpmGlobalMacroContext,
154  fileSystem, internalState @*/
155 {
156  char * sigfile = (char *) alloca(strlen(file)+sizeof(".sig"));
157  pid_t pid;
158  int status;
159  int inpipe[2];
160  FILE * fpipe;
161  struct stat st;
162  const char * cmd;
163  char *const *av;
164  pgpDig dig = NULL;
165  pgpDigParams sigp = NULL;
166  const char * pw = NULL;
167  int rc;
168 
169  (void) stpcpy( stpcpy(sigfile, file), ".sig");
170 
171  addMacro(NULL, "__plaintext_filename", NULL, file, -1);
172  addMacro(NULL, "__signature_filename", NULL, sigfile, -1);
173 
174  inpipe[0] = inpipe[1] = 0;
175  if (pipe(inpipe) < 0) {
176  rpmlog(RPMLOG_ERR, _("Couldn't create pipe for signing: %m"));
177  return 1;
178  }
179 
180  if (!(pid = fork())) {
181  const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
182 
183  (void) dup2(inpipe[0], 3);
184  (void) close(inpipe[1]);
185 
186  if (gpg_path && *gpg_path != '\0')
187  (void) setenv("GNUPGHOME", gpg_path, 1);
188 
189  unsetenv("MALLOC_CHECK_");
190  cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
191  rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
192  if (!rc)
193  rc = execve(av[0], av+1, environ);
194 
195  rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
196  strerror(errno));
197  _exit(EXIT_FAILURE);
198  }
199 
200  delMacro(NULL, "__plaintext_filename");
201  delMacro(NULL, "__signature_filename");
202 
203  pw = rpmkuPassPhrase(passPhrase);
204  if (pw == NULL) {
205  rpmlog(RPMLOG_ERR, _("Failed rpmkuPassPhrase(passPhrase): %s\n"),
206  strerror(errno));
207  return 1;
208  }
209 
210  fpipe = fdopen(inpipe[1], "w");
211  (void) close(inpipe[0]);
212  if (fpipe) {
213  fprintf(fpipe, "%s\n", (pw ? pw : ""));
214  (void) fclose(fpipe);
215  }
216 
217  if (pw != NULL) {
218  (void) memset((void *)pw, 0, strlen(pw));
219  pw = _free(pw);
220  }
221 
222 /*@+longunsignedintegral@*/
223  (void) waitpid(pid, &status, 0);
224 /*@=longunsignedintegral@*/
225  if (!WIFEXITED(status) || WEXITSTATUS(status)) {
226  rpmlog(RPMLOG_ERR, _("gpg exec failed (%d)\n"), WEXITSTATUS(status));
227  return 1;
228  }
229 
230  if (Stat(sigfile, &st)) {
231  /* GPG failed to write signature */
232  if (sigfile) (void) Unlink(sigfile); /* Just in case */
233  rpmlog(RPMLOG_ERR, _("gpg failed to write signature\n"));
234  return 1;
235  }
236 
237  *pktlenp = (rpmuint32_t)st.st_size;
238  rpmlog(RPMLOG_DEBUG, D_("GPG sig size: %u\n"), (unsigned)*pktlenp);
239  *pktp = (rpmuint8_t *) xmalloc(*pktlenp);
240 
241  { FD_t fd;
242 
243  rc = 0;
244  fd = Fopen(sigfile, "r.ufdio");
245  if (fd != NULL && !Ferror(fd)) {
246  rc = (int) Fread(*pktp, sizeof((*pktp)[0]), *pktlenp, fd);
247  if (sigfile) (void) Unlink(sigfile);
248  (void) Fclose(fd);
249  }
250  if ((rpmuint32_t)rc != *pktlenp) {
251  *pktp = _free(*pktp);
252  rpmlog(RPMLOG_ERR, _("unable to read the signature\n"));
253  return 1;
254  }
255  }
256 
257  rpmlog(RPMLOG_DEBUG, D_("Got %u bytes of GPG sig\n"), (unsigned)*pktlenp);
258 
259  /* Parse the signature, change signature tag as appropriate. */
261 
262  (void) pgpPrtPkts(*pktp, *pktlenp, dig, 0);
263  sigp = pgpGetSignature(dig);
264 
265  /* Identify the type of signature being returned. */
266  /* XXX FIXME: RPMSIGTAG{DSA,RSA} are interchangeable. */
267  switch (*sigTagp) {
268  default:
269 assert(0); /* XXX never happens. */
270  /*@notreached@*/ break;
271  case RPMSIGTAG_SIZE:
272  case RPMSIGTAG_MD5:
273  case RPMSIGTAG_SHA1:
274  break;
275  case RPMSIGTAG_RSA:
276  if (sigp->pubkey_algo == (rpmuint8_t)PGPPUBKEYALGO_DSA)
277  *sigTagp = RPMSIGTAG_DSA;
278  break;
279  case RPMSIGTAG_DSA:
280  /* XXX check hash algorithm too? */
281  if (sigp->pubkey_algo == (rpmuint8_t)PGPPUBKEYALGO_RSA)
282  *sigTagp = RPMSIGTAG_RSA;
283  break;
284  case RPMSIGTAG_ECDSA:
285  break;
286  }
287 
288  dig = pgpDigFree(dig);
289 
290  return 0;
291 }
292 
301 /*@-mustmod@*/ /* sigh is modified */
302 static int makeHDRSignature(Header sigh, const char * file, rpmSigTag sigTag,
303  /*@null@*/ const char * passPhrase)
304  /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
305  /*@modifies sigh, sigTag, rpmGlobalMacroContext, fileSystem, internalState @*/
306 {
307  HE_t he = (HE_t) memset(alloca(sizeof(*he)), 0, sizeof(*he));
308  Header h = NULL;
309  FD_t fd = NULL;
310  rpmuint8_t * pkt;
311  rpmuint32_t pktlen;
312  const char * fn = NULL;
313  const char * msg;
314  rpmRC rc;
315  int ret = -1; /* assume failure. */
316  int xx;
317 
318  switch (sigTag) {
319  default:
320 assert(0); /* XXX never happens. */
321  /*@notreached@*/ break;
322  case RPMSIGTAG_SIZE:
323  case RPMSIGTAG_MD5:
324  case RPMSIGTAG_PGP5: /* XXX legacy */
325  case RPMSIGTAG_PGP:
326  case RPMSIGTAG_GPG:
327  goto exit;
328  /*@notreached@*/ break;
329  case RPMSIGTAG_SHA1:
330  { const char * SHA1 = NULL;
331  fd = Fopen(file, "r.fdio");
332  if (fd == NULL || Ferror(fd))
333  goto exit;
334  { const char item[] = "Header";
335  msg = NULL;
336  rc = rpmpkgRead(item, fd, &h, &msg);
337  if (rc != RPMRC_OK) {
338  rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
339  msg = _free(msg);
340  goto exit;
341  }
342  msg = _free(msg);
343  }
344  (void) Fclose(fd); fd = NULL;
345 
347  unsigned char * hmagic = NULL;
348  size_t nmagic = 0;
349  DIGEST_CTX ctx;
350 
352  if (!headerGet(h, he, 0) || he->p.ptr == NULL)
353  {
354  (void)headerFree(h);
355  h = NULL;
356  goto exit;
357  }
358  (void) headerGetMagic(NULL, &hmagic, &nmagic);
360  if (hmagic && nmagic > 0)
361  (void) rpmDigestUpdate(ctx, hmagic, nmagic);
362  (void) rpmDigestUpdate(ctx, he->p.ptr, he->c);
363  (void) rpmDigestFinal(ctx, &SHA1, NULL, 1);
364  he->p.ptr = _free(he->p.ptr);
365  }
366  (void)headerFree(h);
367  h = NULL;
368 
369  if (SHA1 == NULL)
370  goto exit;
371  he->tag = (rpmTag) RPMSIGTAG_SHA1;
372  he->t = RPM_STRING_TYPE;
373  he->p.str = SHA1;
374  he->c = 1;
375  xx = headerPut(sigh, he, 0);
376  SHA1 = _free(SHA1);
377  if (!xx)
378  goto exit;
379  ret = 0;
380  } break;
381  case RPMSIGTAG_DSA:
382  fd = Fopen(file, "r.fdio");
383  if (fd == NULL || Ferror(fd))
384  goto exit;
385  { const char item[] = "Header";
386  msg = NULL;
387  rc = rpmpkgRead(item, fd, &h, &msg);
388  if (rc != RPMRC_OK) {
389  rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
390  msg = _free(msg);
391  goto exit;
392  }
393  msg = _free(msg);
394  }
395  (void) Fclose(fd); fd = NULL;
396 
397  if (rpmTempFile(NULL, &fn, &fd))
398  goto exit;
399  { const char item[] = "Header";
400  msg = NULL;
401  rc = rpmpkgWrite(item, fd, h, &msg);
402  if (rc != RPMRC_OK) {
403  rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
404  msg = _free(msg);
405  goto exit;
406  }
407  msg = _free(msg);
408  }
409  (void) Fclose(fd); fd = NULL;
410 
411  if (makeGPGSignature(fn, &sigTag, &pkt, &pktlen, passPhrase))
412  goto exit;
413  he->tag = (rpmTag) sigTag;
414  he->t = RPM_BIN_TYPE;
415  he->p.ptr = pkt;
416  he->c = pktlen;
417  xx = headerPut(sigh, he, 0);
418  if (!xx)
419  goto exit;
420  ret = 0;
421  break;
422  case RPMSIGTAG_ECDSA: /* XXX necessary when gnupg2 supports ECDSA */
423  fd = Fopen(file, "r.fdio");
424  if (fd == NULL || Ferror(fd))
425  goto exit;
426  { const char item[] = "Header";
427  msg = NULL;
428  rc = rpmpkgRead(item, fd, &h, &msg);
429  if (rc != RPMRC_OK) {
430  rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
431  msg = _free(msg);
432  goto exit;
433  }
434  msg = _free(msg);
435  }
436  (void) Fclose(fd); fd = NULL;
437 
438  if (rpmTempFile(NULL, &fn, &fd))
439  goto exit;
440  { const char item[] = "Header";
441  msg = NULL;
442  rc = rpmpkgWrite(item, fd, h, &msg);
443  if (rc != RPMRC_OK) {
444  rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
445  msg = _free(msg);
446  goto exit;
447  }
448  msg = _free(msg);
449  }
450  (void) Fclose(fd); fd = NULL;
451 
452  if (makeGPGSignature(fn, &sigTag, &pkt, &pktlen, passPhrase))
453  goto exit;
454  he->tag = (rpmTag) sigTag;
455  he->t = RPM_BIN_TYPE;
456  he->p.ptr = pkt;
457  he->c = pktlen;
458  xx = headerPut(sigh, he, 0);
459  if (!xx)
460  goto exit;
461  ret = 0;
462  break;
463  }
464 
465 exit:
466  if (fn) {
467  (void) Unlink(fn);
468  fn = _free(fn);
469  }
470  (void)headerFree(h);
471  h = NULL;
472  if (fd != NULL) (void) Fclose(fd);
473  return ret;
474 }
475 /*@=mustmod@*/
476 
477 int rpmAddSignature(Header sigh, const char * file, rpmSigTag sigTag,
478  const char * passPhrase)
479 {
480  HE_t he = (HE_t) memset(alloca(sizeof(*he)), 0, sizeof(*he));
481  struct stat st;
482  rpmuint8_t * pkt;
483  rpmuint32_t pktlen;
484  int ret = -1; /* assume failure. */
485  int xx;
486 
487  switch (sigTag) {
488  default:
489 assert(0); /* XXX never happens. */
490  /*@notreached@*/ break;
491  case RPMSIGTAG_SIZE:
492  if (Stat(file, &st) != 0)
493  break;
494  pktlen = (rpmuint32_t)st.st_size;
495  he->tag = (rpmTag) sigTag;
496  he->t = RPM_UINT32_TYPE;
497  he->p.ui32p = &pktlen;
498  he->c = 1;
499 /*@-compmempass@*/
500  xx = headerPut(sigh, he, 0);
501 /*@=compmempass@*/
502  if (!xx)
503  break;
504  ret = 0;
505  break;
506  case RPMSIGTAG_MD5:
507  pktlen = 128/8;
508  pkt = (rpmuint8_t *) memset(alloca(pktlen), 0, pktlen);
509  if (dodigest(PGPHASHALGO_MD5, file, (unsigned char *)pkt, 0, NULL))
510  break;
511  he->tag = (rpmTag) sigTag;
512  he->t = RPM_BIN_TYPE;
513  he->p.ptr = pkt;
514  he->c = pktlen;
515  xx = headerPut(sigh, he, 0);
516  if (!xx)
517  break;
518  ret = 0;
519  break;
520  case RPMSIGTAG_GPG:
521  ret = makeHDRSignature(sigh, file, RPMSIGTAG_DSA, passPhrase);
522  break;
523  case RPMSIGTAG_SHA1:
524  case RPMSIGTAG_RSA:
525  case RPMSIGTAG_DSA:
526  case RPMSIGTAG_ECDSA:
527  ret = makeHDRSignature(sigh, file, sigTag, passPhrase);
528  break;
529  }
530 
531  return ret;
532 }
533 
534 int rpmCheckPassPhrase(const char * passPhrase)
535 {
536  const char *pw;
537  int p[2];
538  pid_t pid;
539  int status;
540  int rc;
541  int xx;
542 
543  if (!(passPhrase && passPhrase[0]))
544  return 0;
545 
546  p[0] = p[1] = 0;
547  xx = pipe(p);
548 
549  if (!(pid = fork())) {
550  const char * cmd;
551  char *const *av;
552  int fdno;
553 
554  xx = close(STDIN_FILENO);
555  xx = close(STDOUT_FILENO);
556  xx = close(p[1]);
557  if (!rpmIsVerbose())
558  xx = close(STDERR_FILENO);
559  if ((fdno = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
560  xx = dup2(fdno, STDIN_FILENO);
561  xx = close(fdno);
562  }
563  if ((fdno = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
564  xx = dup2(fdno, STDOUT_FILENO);
565  xx = close(fdno);
566  }
567  xx = dup2(p[0], 3);
568 
569  unsetenv("MALLOC_CHECK_");
570  { const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
571 
572  if (gpg_path && *gpg_path != '\0')
573  (void) setenv("GNUPGHOME", gpg_path, 1);
574 
575  cmd = rpmExpand("%{?__gpg_check_password_cmd}", NULL);
576  rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
577  if (!rc)
578  rc = execve(av[0], av+1, environ);
579 
580  rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
581  strerror(errno));
582  }
583  }
584 
585  pw = rpmkuPassPhrase(passPhrase);
586  if (pw == NULL) {
587  rpmlog(RPMLOG_ERR, _("Failed rpmkuPassPhrase(passPhrase): %s\n"),
588  strerror(errno));
589  return 1;
590  }
591 
592  xx = close(p[0]);
593  xx = (int) write(p[1], pw, strlen(pw));
594  xx = (int) write(p[1], "\n", 1);
595  xx = close(p[1]);
596 
597  if (pw != NULL) {
598  (void) memset((void *)pw, 0, strlen(pw));
599  pw = _free(pw);
600  }
601 
602 /*@+longunsignedintegral@*/
603  (void) waitpid(pid, &status, 0);
604 /*@=longunsignedintegral@*/
605 
606  return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
607 }
608 
609 static /*@observer@*/ const char * rpmSigString(rpmRC res)
610  /*@*/
611 {
612  const char * str;
613  switch (res) {
614  case RPMRC_OK: str = "OK"; break;
615  default:
616  case RPMRC_NOTFOUND: str = "UNKNOWN"; break;
617  case RPMRC_FAIL: str = "BAD"; break;
618  case RPMRC_NOTTRUSTED: str = "NOTTRUSTED"; break;
619  case RPMRC_NOKEY: str = "NOKEY"; break;
620  case RPMRC_NOSIG: str = "NOSIG"; break;
621  }
622  return str;
623 }
624 
625 static rpmRC
626 verifySize(const pgpDig dig, /*@out@*/ char * t)
627  /*@modifies *t @*/
628 {
629  const void * sig = pgpGetSig(dig);
630  rpmRC res;
631  rpmuint32_t size = 0xffffffff;
632 
633  *t = '\0';
634  t = stpcpy(t, _("Header+Payload size: "));
635 
636  if (sig == NULL || dig == NULL || dig->nbytes == 0) {
637  res = RPMRC_NOKEY;
638  t = stpcpy(t, rpmSigString(res));
639  goto exit;
640  }
641 
642  memcpy(&size, sig, sizeof(size));
643 
644  if (size !=(rpmuint32_t) dig->nbytes) {
645  res = RPMRC_FAIL;
646  t = stpcpy(t, rpmSigString(res));
647  sprintf(t, " Expected(%u) != (%u)\n", (unsigned)size, (unsigned)dig->nbytes);
648  } else {
649  res = RPMRC_OK;
650  t = stpcpy(t, rpmSigString(res));
651  sprintf(t, " (%u)", (unsigned)dig->nbytes);
652  }
653 
654 exit:
655  return res;
656 }
657 
658 static rpmRC
659 verifyMD5(pgpDig dig, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX md5ctx)
660  /*@globals internalState @*/
661  /*@modifies *t, internalState @*/
662 {
663  const void * sig = pgpGetSig(dig);
664  rpmuint32_t siglen = pgpGetSiglen(dig);
665  rpmRC res;
666  rpmuint8_t * md5sum = NULL;
667  size_t md5len = 0;
668 
669 assert(dig != NULL);
670 assert(md5ctx != NULL);
671 assert(sig != NULL);
672 
673  *t = '\0';
674 
675  /* Identify the hash. */
676  t = stpcpy(t, rpmDigestName(md5ctx));
677  t = stpcpy(t, _(" digest: "));
678 
679  if (sig == NULL) { /* XXX can't happen, DYING */
680  res = RPMRC_NOKEY;
681  t = stpcpy(t, rpmSigString(res));
682  goto exit;
683  }
684 
685  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
686  (void) rpmswEnter(op, 0);
687  (void) rpmDigestFinal(rpmDigestDup(md5ctx), &md5sum, &md5len, 0);
688  (void) rpmswExit(op, 0);
689  if (op != NULL) op->count--; /* XXX one too many */
690  }
691 
692  if (md5len != siglen || memcmp(md5sum, sig, md5len)) {
693  res = RPMRC_FAIL;
694  t = stpcpy(t, rpmSigString(res));
695  t = stpcpy(t, " Expected(");
696  (void) pgpHexCvt(t, (rpmuint8_t *)sig, siglen);
697  t += strlen(t);
698  t = stpcpy(t, ") != (");
699  } else {
700  res = RPMRC_OK;
701  t = stpcpy(t, rpmSigString(res));
702  t = stpcpy(t, " (");
703  }
704  (void) pgpHexCvt(t, md5sum, md5len);
705  t += strlen(t);
706  t = stpcpy(t, ")");
707 
708 exit:
709  md5sum = _free(md5sum);
710  return res;
711 }
712 
720 static rpmRC
721 verifySHA1(pgpDig dig, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX shactx)
722  /*@globals internalState @*/
723  /*@modifies *t, internalState @*/
724 {
725  const void * sig = pgpGetSig(dig);
726 #ifdef NOTYET
727  rpmuint32_t siglen = pgpGetSiglen(dig);
728 #endif
729  rpmRC res;
730  const char * SHA1 = NULL;
731 
732 assert(dig != NULL);
733 assert(shactx != NULL);
734 assert(sig != NULL);
735 
736  *t = '\0';
737  t = stpcpy(t, _("Header "));
738 
739  /* Identify the hash. */
740  t = stpcpy(t, rpmDigestName(shactx));
741  t = stpcpy(t, _(" digest: "));
742 
743  if (sig == NULL) { /* XXX can't happen, DYING */
744  res = RPMRC_NOKEY;
745  t = stpcpy(t, rpmSigString(res));
746  goto exit;
747  }
748 
749  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
750  (void) rpmswEnter(op, 0);
751  (void) rpmDigestFinal(rpmDigestDup(shactx), &SHA1, NULL, 1);
752  (void) rpmswExit(op, 0);
753  }
754 
755  if (SHA1 == NULL
756  || strlen(SHA1) != strlen((char *)sig)
757  || strcmp(SHA1, (char *)sig))
758  {
759  res = RPMRC_FAIL;
760  t = stpcpy(t, rpmSigString(res));
761  t = stpcpy(t, " Expected(");
762  t = stpcpy(t, (char *)sig);
763  t = stpcpy(t, ") != (");
764  } else {
765  res = RPMRC_OK;
766  t = stpcpy(t, rpmSigString(res));
767  t = stpcpy(t, " (");
768  }
769  if (SHA1)
770  t = stpcpy(t, SHA1);
771  t = stpcpy(t, ")");
772 
773 exit:
774  SHA1 = _free(SHA1);
775  return res;
776 }
777 
785 static rpmRC
786 verifyRSA(pgpDig dig, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX hrsa)
787  /*@globals internalState @*/
788  /*@modifies dig, *t, internalState */
789 {
790  const void * sig = pgpGetSig(dig);
791 #ifdef NOTYET
792  rpmuint32_t siglen = pgpGetSiglen(dig);
793 #endif
794  pgpDigParams sigp = pgpGetSignature(dig);
795  rpmRC res = RPMRC_OK;
796  int xx;
797 
798 if (_rpmhkp_debug)
799 fprintf(stderr, "--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, hrsa, sig, sigp);
800 
801 assert(dig != NULL);
802 assert(hrsa != NULL);
803 assert(sigp != NULL);
804 assert(sigp->pubkey_algo == (rpmuint8_t)PGPPUBKEYALGO_RSA);
805 assert(sigp->hash_algo == (rpmuint8_t)rpmDigestAlgo(hrsa));
806 assert(pgpGetSigtag(dig) == RPMSIGTAG_RSA);
807 assert(sig != NULL);
808 
809  /* Retrieve the matching public key. */
810  /* XXX FIXME: this needs to be done early for SetRSA() PKCS1 generation. */
811  res = (rpmRC) pgpFindPubkey(dig);
812  if (res != RPMRC_OK)
813  goto exit;
814 
815  *t = '\0';
816  if (dig->hrsa == hrsa)
817  t = stpcpy(t, _("Header "));
818 
819  /* Identify the signature version. */
820  *t++ = 'V';
821  switch (sigp->version) {
822  case 3: *t++ = '3'; break;
823  case 4: *t++ = '4'; break;
824  }
825 
826  /* Identify the RSA/hash. */
827  { const char * hashname = rpmDigestName(hrsa);
828  t = stpcpy(t, " RSA");
829  if (strcmp(hashname, "UNKNOWN")) {
830  *t++ = '/';
831  t = stpcpy(t, hashname);
832  }
833  }
834  t = stpcpy(t, _(" signature: "));
835 
836  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
837  DIGEST_CTX ctx = rpmDigestDup(hrsa);
838 
839  (void) rpmswEnter(op, 0);
840  if (sigp->hash != NULL)
841  xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
842 
843  if (sigp->version == (rpmuint8_t) 4) {
844  rpmuint8_t trailer[6];
845  trailer[0] = sigp->version;
846  trailer[1] = (rpmuint8_t)0xff;
847  trailer[2] = (sigp->hashlen >> 24);
848  trailer[3] = (sigp->hashlen >> 16);
849  trailer[4] = (sigp->hashlen >> 8);
850  trailer[5] = (sigp->hashlen );
851  xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
852  }
853  (void) rpmswExit(op, sigp->hashlen);
854  if (op != NULL) op->count--; /* XXX one too many */
855 
856  if ((xx = pgpImplSetRSA(ctx, dig, sigp)) != 0) {
857  res = RPMRC_FAIL;
858  goto exit;
859  }
860  }
861 
862  /* Verify the RSA signature. */
863  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 11); /* RPMTS_OP_SIGNATURE */
864  (void) rpmswEnter(op, 0);
865  xx = pgpImplVerify(dig);
866  (void) rpmswExit(op, 0);
867  res = (xx ? RPMRC_OK : RPMRC_FAIL);
868  }
869 
870 exit:
871  /* Identify the pubkey fingerprint. */
872  t = stpcpy(t, rpmSigString(res));
873  if (sigp != NULL) {
874  t = stpcpy(t, ", key ID ");
875  (void) pgpHexCvt(t, sigp->signid+4, sizeof(sigp->signid)-4);
876  t += strlen(t);
877  }
878  return res;
879 }
880 
888 static rpmRC
889 verifyDSA(pgpDig dig, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX hdsa)
890  /*@globals internalState @*/
891  /*@modifies dig, *t, internalState */
892 {
893  const void * sig = pgpGetSig(dig);
894 #ifdef NOTYET
895  rpmuint32_t siglen = pgpGetSiglen(dig);
896 #endif
897  pgpDigParams sigp = pgpGetSignature(dig);
898  rpmRC res;
899  int xx;
900 
901 if (_rpmhkp_debug)
902 fprintf(stderr, "--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, hdsa, sig, sigp);
903 
904 assert(dig != NULL);
905 assert(hdsa != NULL);
906 assert(sigp != NULL);
907 assert(sigp->pubkey_algo == (rpmuint8_t)PGPPUBKEYALGO_DSA);
908 assert(sigp->hash_algo == (rpmuint8_t)rpmDigestAlgo(hdsa));
909 assert(pgpGetSigtag(dig) == RPMSIGTAG_DSA);
910 assert(sig != NULL);
911 
912  *t = '\0';
913  if (dig != NULL && dig->hdsa == hdsa)
914  t = stpcpy(t, _("Header "));
915 
916  /* Identify the signature version. */
917  *t++ = 'V';
918  switch (sigp->version) {
919  case 3: *t++ = '3'; break;
920  case 4: *t++ = '4'; break;
921  }
922 
923  /* Identify the DSA/hash. */
924  { const char * hashname = rpmDigestName(hdsa);
925  t = stpcpy(t, " DSA");
926  if (strcmp(hashname, "UNKNOWN") && strcmp(hashname, "SHA1")) {
927  *t++ = '/';
928  t = stpcpy(t, hashname);
929  }
930  }
931  t = stpcpy(t, _(" signature: "));
932 
933  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
934  DIGEST_CTX ctx = rpmDigestDup(hdsa);
935 
936  (void) rpmswEnter(op, 0);
937  if (sigp->hash != NULL)
938  xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
939 
940  if (sigp->version == (rpmuint8_t) 4) {
941  rpmuint8_t trailer[6];
942  trailer[0] = sigp->version;
943  trailer[1] = (rpmuint8_t)0xff;
944  trailer[2] = (sigp->hashlen >> 24);
945  trailer[3] = (sigp->hashlen >> 16);
946  trailer[4] = (sigp->hashlen >> 8);
947  trailer[5] = (sigp->hashlen );
948  xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
949  }
950  (void) rpmswExit(op, sigp->hashlen);
951  if (op != NULL) op->count--; /* XXX one too many */
952 
953  if (pgpImplSetDSA(ctx, dig, sigp)) {
954  res = RPMRC_FAIL;
955  goto exit;
956  }
957  }
958 
959  /* Retrieve the matching public key. */
960  res = (rpmRC) pgpFindPubkey(dig);
961  if (res != RPMRC_OK)
962  goto exit;
963 
964  /* Verify the DSA signature. */
965  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 11); /* RPMTS_OP_SIGNATURE */
966  (void) rpmswEnter(op, 0);
967  xx = pgpImplVerify(dig);
968  res = (xx ? RPMRC_OK : RPMRC_FAIL);
969  (void) rpmswExit(op, 0);
970  }
971 
972 exit:
973  /* Identify the pubkey fingerprint. */
974  t = stpcpy(t, rpmSigString(res));
975  if (sigp != NULL) {
976  t = stpcpy(t, ", key ID ");
977  (void) pgpHexCvt(t, sigp->signid+4, sizeof(sigp->signid)-4);
978  t += strlen(t);
979  }
980 
981 if (_rpmhkp_debug)
982 fprintf(stderr, "<-- %s(%p,%p,%p) res %d %s\n", __FUNCTION__, dig, t, hdsa, res, t);
983 
984  return res;
985 }
986 
994 static rpmRC
995 verifyECDSA(pgpDig dig, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX hecdsa)
996  /*@globals internalState @*/
997  /*@modifies dig, *t, internalState */
998 {
999  const void * sig = pgpGetSig(dig);
1000 #ifdef NOTYET
1001  rpmuint32_t siglen = pgpGetSiglen(dig);
1002 #endif
1003  pgpDigParams sigp = pgpGetSignature(dig);
1004  rpmRC res;
1005  int xx;
1006 
1007 if (_rpmhkp_debug)
1008 fprintf(stderr, "--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, hecdsa, sig, sigp);
1009 
1010 assert(dig != NULL);
1011 assert(hecdsa != NULL);
1012 assert(sigp != NULL);
1013 assert(sigp->pubkey_algo == (rpmuint8_t)PGPPUBKEYALGO_ECDSA);
1014 assert(sigp->hash_algo == (rpmuint8_t)rpmDigestAlgo(hecdsa));
1015 assert(pgpGetSigtag(dig) == RPMSIGTAG_ECDSA);
1016 assert(sig != NULL);
1017 
1018  *t = '\0';
1019  if (dig != NULL && dig->hecdsa == hecdsa)
1020  t = stpcpy(t, _("Header "));
1021 
1022  /* Identify the signature version. */
1023  *t++ = 'V';
1024  switch (sigp->version) {
1025  case 3: *t++ = '3'; break;
1026  case 4: *t++ = '4'; break;
1027  }
1028 
1029  /* Identify the ECDSA/hash. */
1030  { const char * hashname = rpmDigestName(hecdsa);
1031  t = stpcpy(t, " ECDSA");
1032  if (strcmp(hashname, "UNKNOWN") && strcmp(hashname, "SHA1")) {
1033  *t++ = '/';
1034  t = stpcpy(t, hashname);
1035  }
1036  }
1037  t = stpcpy(t, _(" signature: "));
1038 
1039  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
1040  DIGEST_CTX ctx = rpmDigestDup(hecdsa);
1041 
1042  (void) rpmswEnter(op, 0);
1043  if (sigp->hash != NULL)
1044  xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
1045 
1046  if (sigp->version == (rpmuint8_t) 4) {
1047  rpmuint8_t trailer[6];
1048  trailer[0] = sigp->version;
1049  trailer[1] = (rpmuint8_t)0xff;
1050  trailer[2] = (sigp->hashlen >> 24);
1051  trailer[3] = (sigp->hashlen >> 16);
1052  trailer[4] = (sigp->hashlen >> 8);
1053  trailer[5] = (sigp->hashlen );
1054  xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
1055  }
1056  (void) rpmswExit(op, sigp->hashlen);
1057  if (op != NULL) op->count--; /* XXX one too many */
1058 
1059  if (pgpImplSetECDSA(ctx, dig, sigp)) {
1060  res = RPMRC_FAIL;
1061  goto exit;
1062  }
1063  }
1064 
1065  /* Retrieve the matching public key. */
1066  res = (rpmRC) pgpFindPubkey(dig);
1067  if (res != RPMRC_OK)
1068  goto exit;
1069 
1070  /* Verify the ECDSA signature. */
1071  { rpmop op = (rpmop)pgpStatsAccumulator(dig, 11); /* RPMTS_OP_SIGNATURE */
1072  (void) rpmswEnter(op, 0);
1073  xx = pgpImplVerify(dig);
1074  res = (xx ? RPMRC_OK : RPMRC_FAIL);
1075  (void) rpmswExit(op, 0);
1076  }
1077 
1078 exit:
1079  /* Identify the pubkey fingerprint. */
1080  t = stpcpy(t, rpmSigString(res));
1081  if (sigp != NULL) {
1082  t = stpcpy(t, ", key ID ");
1083  (void) pgpHexCvt(t, sigp->signid+4, sizeof(sigp->signid)-4);
1084  t += strlen(t);
1085  }
1086 
1087 if (_rpmhkp_debug)
1088 fprintf(stderr, "<-- %s(%p,%p,%p) res %d %s\n", __FUNCTION__, dig, t, hecdsa, res, t);
1089 
1090  return res;
1091 }
1092 
1093 rpmRC
1094 rpmVerifySignature(void * _dig, char * result)
1095 {
1096  pgpDig dig = (pgpDig) _dig;
1097  const void * sig = pgpGetSig(dig);
1098  rpmuint32_t siglen = pgpGetSiglen(dig);
1099  rpmSigTag sigtag = (rpmSigTag) pgpGetSigtag(dig);
1100  rpmRC res;
1101 pgpDigParams pubp = NULL;
1102 pgpDigParams sigp = NULL;
1103 
1104 if (_rpmhkp_debug)
1105 fprintf(stderr, "--> %s(%p,%p) sig %p[%u]\n", __FUNCTION__, _dig, result, sig, siglen);
1106 
1107  if (dig == NULL || sig == NULL || siglen == 0) {
1108  sprintf(result, _("Verify signature: BAD PARAMETERS\n"));
1109  res = RPMRC_NOTFOUND;
1110  goto exit;
1111  }
1112 
1113 pubp = pgpGetPubkey(dig);
1114 sigp = pgpGetSignature(dig);
1115  switch (sigtag) {
1116  case RPMSIGTAG_SIZE:
1117  res = verifySize(dig, result);
1118  break;
1119  case RPMSIGTAG_MD5:
1120  res = verifyMD5(dig, result, dig->md5ctx);
1121  break;
1122  case RPMSIGTAG_SHA1:
1123  /* XXX dig->hsha? */
1124  res = verifySHA1(dig, result, dig->hdsa);
1125  break;
1126  case RPMSIGTAG_RSA:
1127 pubp->pubkey_algo = PGPPUBKEYALGO_RSA;
1128 sigp->pubkey_algo = PGPPUBKEYALGO_RSA;
1129  res = verifyRSA(dig, result, dig->hrsa);
1130  break;
1131  case RPMSIGTAG_DSA:
1132 pubp->pubkey_algo = PGPPUBKEYALGO_DSA;
1133 sigp->pubkey_algo = PGPPUBKEYALGO_DSA;
1134  res = verifyDSA(dig, result, dig->hdsa);
1135  break;
1136  case RPMSIGTAG_ECDSA:
1137 pubp->pubkey_algo = PGPPUBKEYALGO_ECDSA;
1138 sigp->pubkey_algo = PGPPUBKEYALGO_ECDSA;
1139  res = verifyECDSA(dig, result, dig->hecdsa);
1140  break;
1141  default:
1142  sprintf(result, _("Signature: UNKNOWN (%u)\n"), (unsigned)sigtag);
1143  res = RPMRC_NOTFOUND;
1144  break;
1145  }
1146 
1147 exit:
1148 if (_rpmhkp_debug)
1149 fprintf(stderr, "<-- %s(%p,%p) res %d %s\n", __FUNCTION__, _dig, result, res, result);
1150 
1151  return res;
1152 }
rpmTagType t
Definition: rpmtag.h:504
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
Definition: rpmpgp.c:1397
const char * str
Definition: rpmtag.h:73
rpmTag tag
Definition: rpmtag.h:503
static int makeGPGSignature(const char *file, rpmSigTag *sigTagp, rpmuint8_t **pktp, rpmuint32_t *pktlenp, const char *passPhrase)
Generate GPG signature(s) for a header+payload file.
Definition: signature.c:148
static rpmRC verifySHA1(pgpDig dig, char *t, DIGEST_CTX shactx)
Verify header immutable region SHA-1 digest.
Definition: signature.c:721
int rpmAddSignature(Header sigh, const char *file, rpmSigTag sigTag, const char *passPhrase)
Generate signature(s) from a header+payload file, save in signature header.
Definition: signature.c:477
rpmtime_t rpmswExit(rpmop op, ssize_t rc)
Exit timed operation.
Definition: rpmsw.c:264
int headerIsEntry(Header h, rpmTag tag)
Check if tag is in header.
Definition: header.c:1439
pgpDig pgpDigFree(pgpDig dig)
Destroy a container for parsed OpenPGP packates.
rpmuint32_t pgpGetSiglen(pgpDig dig)
Get signature tag data length, i.e.
Definition: rpmpgp.c:1417
OpenPGP constants and structures from RFC-2440.
const char const char * cmd
Definition: mongo.h:777
rpmRC rpmpkgWrite(const char *fn, FD_t fd, void *ptr, const char **msg)
Write item onto file descriptor.
Definition: pkgio.c:1692
const void * pgpGetSig(pgpDig dig)
Get signature tag data, i.e.
Definition: rpmpgp.c:1412
#define EXIT_FAILURE
enum rpmSigTag_e rpmSigTag
Definition: rpmtag.h:474
int rpmCheckPassPhrase(const char *passPhrase)
Check for valid pass phrase by invoking a helper.
Definition: signature.c:534
rpmuint32_t * ui32p
Definition: rpmtag.h:70
FD_t Fopen(const char *path, const char *_fmode)
fopen(3) clone.
Definition: rpmio.c:2833
struct pgpDigParams_s * pgpDigParams
Definition: rpmiotypes.h:101
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest context.
Definition: digest.c:247
int headerGet(Header h, HE_t he, unsigned int flags)
Retrieve extension or tag value from a header.
Definition: header.c:2231
int headerPut(Header h, HE_t he, unsigned int flags)
Add or append tag container to header.
Definition: header.c:2294
const char int time
Definition: bson.h:1005
The Header data structure.
int rpmioMkpath(const char *path, mode_t mode, uid_t uid, gid_t gid)
Insure that directories in path exist, creating as needed.
Definition: rpmio.c:3017
int setenv(const char *name, const char *value, int replace)
int Stat(const char *path, struct stat *st)
stat(2) clone.
Definition: rpmrpc.c:1361
#define S_ISLNK(mode)
Definition: system.h:651
char ** environ
static rpmRC verifyECDSA(pgpDig dig, char *t, DIGEST_CTX hecdsa)
Verify ECDSA signature.
Definition: signature.c:995
int errno
void addMacro(MacroContext mc, const char *n, const char *o, const char *b, int level)
Add macro to context.
Definition: macro.c:2782
int dodigest(int dalgo, const char *fn, unsigned char *digest, unsigned dflags, size_t *fsizep)
Return digest and size of a file.
Definition: legacy.c:178
static void rpmlog(int code, const char *fmt,...)
Definition: rpmlog.h:299
static int pgpImplSetDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
Definition: rpmpgp.h:1785
char * alloca()
const char * str
Definition: bson.h:593
unsigned int rpmuint32_t
Definition: rpmiotypes.h:28
struct _HE_s * HE_t
Definition: rpmtag.h:59
void delMacro(MacroContext mc, const char *n)
Delete macro from context.
Definition: macro.c:2821
void * ptr
Definition: rpmtag.h:67
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
Definition: digest.c:986
int count
Definition: rpmsw.h:41
int pgpFindPubkey(pgpDig dig)
Call find pubkey vector.
Definition: rpmpgp.c:1464
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
Definition: rpmiotypes.h:26
static int makeHDRSignature(Header sigh, const char *file, rpmSigTag sigTag, const char *passPhrase)
Generate header only signature(s) from a header+payload file.
Definition: signature.c:302
int rpmTempFile(const char *prefix, const char **fnptr, void *fdptr)
Return file handle for a temporaray file.
Definition: signature.c:30
rpmTagData p
Definition: rpmtag.h:506
pgpHashAlgo rpmDigestAlgo(DIGEST_CTX ctx)
Return digest algorithm identifier.
Definition: digest.c:191
static char * pgpHexCvt(char *t, const rpmuint8_t *s, size_t nbytes)
Convert to hex.
Definition: rpmpgp.h:1102
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
Definition: rpmpgp.c:1392
static const char * file
Definition: parseFiles.c:20
rpmuint32_t pgpGetSigtag(pgpDig dig)
Get signature tag.
Definition: rpmpgp.c:1402
Digest private data.
Definition: digest.c:130
The FD_t File Handle data structure.
const char * rpmGenPath(const char *urlroot, const char *urlmdir, const char *urlfile)
Merge 3 args into path, any or all of which may be a url.
Definition: macro.c:3477
struct pgpDig_s * pgpDig
Definition: rpmiotypes.h:97
static int pgpImplSetECDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
Definition: rpmpgp.h:1803
rpmTagCount c
Definition: rpmtag.h:507
Generate and verify rpm package signatures.
static rpmRC verifyRSA(pgpDig dig, char *t, DIGEST_CTX hrsa)
Verify RSA signature.
Definition: signature.c:786
Header headerFree(Header h)
Dereference a header instance.
int headerGetMagic(Header h, unsigned char **magicp, size_t *nmagicp)
Return header magic.
Definition: header.c:1162
rpmRC rpmVerifySignature(void *_dig, char *result)
Verify a signature from a package.
Definition: signature.c:1094
int rpmswEnter(rpmop op, ssize_t rc)
Enter timed operation.
Definition: rpmsw.c:248
const char const bson const bson * op
Definition: mongo.h:505
struct rpmop_s * rpmop
Definition: rpmsw.h:24
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
Definition: macro.c:3238
size_t Fread(void *buf, size_t size, size_t nmemb, FD_t fd)
fread(3) clone.
Definition: rpmio.c:2412
void unsetenv(const char *name)
static const char * rpmSigString(rpmRC res)
Definition: signature.c:609
int Fclose(FD_t fd)
fclose(3) clone.
Definition: rpmio.c:2534
Cumulative statistics for an operation.
Definition: rpmsw.h:39
static rpmRC verifySize(const pgpDig dig, char *t)
Definition: signature.c:626
static int pgpImplSetRSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
Definition: rpmpgp.h:1776
enum pgpPubkeyAlgo_e pgpPubkeyAlgo
9.1.
int _rpmhkp_debug
Definition: rpmhkp.c:19
enum rpmRC_e rpmRC
RPM return codes.
pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
Create a container for parsed OpenPGP packates.
Definition: rpmpgp.c:1314
int Ferror(FD_t fd)
ferror(3) clone.
Definition: rpmio.c:2944
Definition: rpmtag.h:502
urltype urlPath(const char *url, const char **pathp)
Return path component of URL.
Definition: url.c:430
static const char * prefix[]
Tables for prefixing and suffixing patterns, according to the -w, -x, and -F options.
Definition: rpmgrep.c:183
Methods to handle package elements.
char * stpcpy(char *dest, const char *src)
const char const char size_t size
Definition: bson.h:895
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Definition: rpmiotypes.h:756
const char * rpmDigestName(DIGEST_CTX ctx)
Return digest name.
Definition: digest.c:201
static int pgpImplVerify(pgpDig dig)
Definition: rpmpgp.h:1856
#define rpmIsVerbose()
Definition: rpmcb.h:21
int pgpPrtPkts(const rpmuint8_t *pkts, size_t pktlen, pgpDig dig, int printing)
Print/parse a OpenPGP packet(s).
Definition: rpmpgp.c:1518
int Fileno(FD_t fd)
fileno(3) clone.
Definition: rpmio.c:2991
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
Definition: digest.c:1000
#define _(Text)
Definition: system.h:29
#define xmalloc
Definition: system.h:32
static rpmRC verifyMD5(pgpDig dig, char *t, DIGEST_CTX md5ctx)
Definition: signature.c:659
rpmRC rpmpkgRead(const char *fn, FD_t fd, void *ptr, const char **msg)
Read item from file descriptor.
Definition: pkgio.c:1674
Access RPM indices using Berkeley DB interface(s).
enum rpmTag_e rpmTag
Definition: rpmtag.h:470
#define D_(Text)
Definition: system.h:526
static rpmRC verifyDSA(pgpDig dig, char *t, DIGEST_CTX hdsa)
Verify DSA signature.
Definition: signature.c:889
void * pgpStatsAccumulator(pgpDig dig, int opx)
Return pgpDig container accumulator structure.
Definition: rpmpgp.c:1436
const char * rpmkuPassPhrase(const char *passPhrase)
Return pass phrase from keyutils keyring.
Definition: rpmku.c:227
DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
Duplicate a digest context.
Definition: digest.c:212
int Unlink(const char *path)
unlink(2) clone.
Definition: rpmrpc.c:397