rpmnss.c   rpmnss.c 
skipping to change at line 93 skipping to change at line 93
return (((keyVN_t *)a)->V - ((keyVN_t *)b)->V); return (((keyVN_t *)a)->V - ((keyVN_t *)b)->V);
} }
static const char * static const char *
keyVN(keyVN_t * keys, size_t nkeys, /*@null@*/ int V) keyVN(keyVN_t * keys, size_t nkeys, /*@null@*/ int V)
{ {
const char * N = NULL; const char * N = NULL;
if (V) { if (V) {
/* XXX bsearch is overkill */ /* XXX bsearch is overkill */
keyVN_t needle = { .V = V, .N = NULL }; keyVN_t needle = {};
keyVN_t *k = (keyVN_t *) keyVN_t *k;
needle.V = V;
needle.N = NULL;
k = (keyVN_t *)
bsearch(&needle, keys, nkeys, sizeof(*keys), keyVNCmp); bsearch(&needle, keys, nkeys, sizeof(*keys), keyVNCmp);
if (k) if (k)
N = k->N; N = k->N;
} }
return N; return N;
} }
static const char * _pgpHashAlgo2Name(uint32_t algo) static const char * _pgpHashAlgo2Name(uint32_t algo)
{ {
return pgpValStr(pgpHashTbl, (rpmuint8_t)algo); return pgpValStr(pgpHashTbl, (rpmuint8_t)algo);
skipping to change at line 334 skipping to change at line 338
fprintf (stderr, "rpmnss: %s rc(%d) err(%d) %s\n", fprintf (stderr, "rpmnss: %s rc(%d) err(%d) %s\n",
msg, rc, err, rpmnssStrerror(err)); msg, rc, err, rpmnssStrerror(err));
} }
return rc; return rc;
} }
static static
int rpmnssSetRSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp) int rpmnssSetRSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
/*@modifies dig @*/ /*@modifies dig @*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc = 1; /* assume error */ int rc = 1; /* assume error */
int xx; int xx;
pgpDigParams pubp = pgpGetPubkey(dig); pgpDigParams pubp = pgpGetPubkey(dig);
dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo); dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo);
dig->hash_algoN = _pgpHashAlgo2Name(sigp->hash_algo); dig->hash_algoN = _pgpHashAlgo2Name(sigp->hash_algo);
assert(sigp->hash_algo == rpmDigestAlgo(ctx)); assert(sigp->hash_algo == rpmDigestAlgo(ctx));
nss->sigalg = SEC_OID_UNKNOWN; nss->sigalg = SEC_OID_UNKNOWN;
switch (sigp->hash_algo) { switch (sigp->hash_algo) {
case PGPHASHALGO_MD5: case PGPHASHALGO_MD5:
skipping to change at line 400 skipping to change at line 404
ctx = NULL; ctx = NULL;
} }
SPEW(0, !rc, dig); SPEW(0, !rc, dig);
return rc; return rc;
} }
static static
int rpmnssVerifyRSA(pgpDig dig) int rpmnssVerifyRSA(pgpDig dig)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc; int rc;
nss->item.type = siBuffer; nss->item.type = siBuffer;
nss->item.data = nss->digest; nss->item.data = (unsigned char *) nss->digest;
nss->item.len = (unsigned) nss->digestlen; nss->item.len = (unsigned) nss->digestlen;
rc = rpmnssErr(nss, "VFY_VerifyDigest", rc = rpmnssErr(nss, "VFY_VerifyDigest",
VFY_VerifyDigest(&nss->item, nss->pub_key, VFY_VerifyDigest(&nss->item, nss->pub_key,
nss->sig, nss->sigalg, NULL)); nss->sig, nss->sigalg, NULL));
rc = (rc == SECSuccess); rc = (rc == SECSuccess);
SPEW(0, !rc, dig); SPEW(0, !rc, dig);
return rc; return rc;
} }
static int rpmnssSignRSA(pgpDig dig) static int rpmnssSignRSA(pgpDig dig)
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
pgpDigParams sigp = pgpGetSignature(dig); pgpDigParams sigp = pgpGetSignature(dig);
int rc = 0; /* assume failure. */ int rc = 0; /* assume failure. */
SECOidTag sigalg = SEC_OID_UNKNOWN; SECOidTag sigalg = SEC_OID_UNKNOWN;
switch (sigp->hash_algo) { switch (sigp->hash_algo) {
case PGPHASHALGO_MD5: case PGPHASHALGO_MD5:
sigalg = SEC_OID_MD5; sigalg = SEC_OID_MD5;
break; break;
case PGPHASHALGO_SHA1: case PGPHASHALGO_SHA1:
sigalg = SEC_OID_SHA1; sigalg = SEC_OID_SHA1;
skipping to change at line 460 skipping to change at line 464
break; break;
case PGPHASHALGO_SHA224: case PGPHASHALGO_SHA224:
break; break;
default: default:
break; break;
} }
if (sigalg == SEC_OID_UNKNOWN) if (sigalg == SEC_OID_UNKNOWN)
goto exit; goto exit;
nss->item.type = siBuffer; nss->item.type = siBuffer;
nss->item.data = nss->digest; nss->item.data = (unsigned char *) nss->digest;
nss->item.len = (unsigned) nss->digestlen; nss->item.len = (unsigned) nss->digestlen;
if (nss->sig != NULL) { if (nss->sig != NULL) {
SECITEM_ZfreeItem(nss->sig, PR_TRUE); SECITEM_ZfreeItem(nss->sig, PR_TRUE);
nss->sig = NULL; nss->sig = NULL;
} }
nss->sig = SECITEM_AllocItem(NULL, NULL, 0); nss->sig = SECITEM_AllocItem(NULL, NULL, 0);
nss->sig->type = siBuffer; nss->sig->type = siBuffer;
rc = rpmnssErr(nss, "SGN_Digest", rc = rpmnssErr(nss, "SGN_Digest",
SGN_Digest(nss->sec_key, sigalg, nss->sig, &nss->item)); SGN_Digest(nss->sec_key, sigalg, nss->sig, &nss->item));
rc = (rc == SECSuccess); rc = (rc == SECSuccess);
exit: exit:
SPEW(!rc, rc, dig); SPEW(!rc, rc, dig);
return rc; return rc;
} }
static int rpmnssGenerateRSA(pgpDig dig) static int rpmnssGenerateRSA(pgpDig dig)
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc = 0; /* assume failure */ int rc = 0; /* assume failure */
if (nss->nbits == 0) nss->nbits = 1024; /* XXX FIXME */ if (nss->nbits == 0) nss->nbits = 1024; /* XXX FIXME */
assert(nss->nbits); assert(nss->nbits);
{ CK_MECHANISM_TYPE _type = CKM_RSA_PKCS_KEY_PAIR_GEN; { CK_MECHANISM_TYPE _type = CKM_RSA_PKCS_KEY_PAIR_GEN;
PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL); PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL);
int _isPerm = PR_FALSE; int _isPerm = PR_FALSE;
int _isSensitive = PR_TRUE; int _isSensitive = PR_TRUE;
void * _cx = NULL; void * _cx = NULL;
if (_slot) { if (_slot) {
static unsigned _pe = 0x10001; /* XXX FIXME: pass in e */ static unsigned _pe = 0x10001; /* XXX FIXME: pass in e */
PK11RSAGenParams rsaparams = PK11RSAGenParams rsaparams = {};
{ .keySizeInBits = nss->nbits, .pe = _pe };
void * params = &rsaparams; void * params = &rsaparams;
rsaparams.keySizeInBits = nss->nbits;
rsaparams.pe = _pe;
nss->sec_key = PK11_GenerateKeyPair(_slot, _type, params, nss->sec_key = PK11_GenerateKeyPair(_slot, _type, params,
&nss->pub_key, _isPerm, _isSensitive, _cx); &nss->pub_key, _isPerm, _isSensitive, _cx);
PK11_FreeSlot(_slot); PK11_FreeSlot(_slot);
} }
} }
rc = (nss->sec_key && nss->pub_key); rc = (nss->sec_key && nss->pub_key);
SPEW(!rc, rc, dig); SPEW(!rc, rc, dig);
return rc; return rc;
} }
static static
int rpmnssSetDSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp) int rpmnssSetDSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
/*@modifies dig @*/ /*@modifies dig @*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc; int rc;
int xx; int xx;
pgpDigParams pubp = pgpGetPubkey(dig); pgpDigParams pubp = pgpGetPubkey(dig);
dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo); dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo);
dig->hash_algoN = _pgpHashAlgo2Name(sigp->hash_algo); dig->hash_algoN = _pgpHashAlgo2Name(sigp->hash_algo);
assert(sigp->hash_algo == rpmDigestAlgo(ctx)); assert(sigp->hash_algo == rpmDigestAlgo(ctx));
nss->digest = _free(nss->digest); nss->digest = _free(nss->digest);
nss->digestlen = 0; nss->digestlen = 0;
xx = rpmDigestFinal(ctx, (void **)&nss->digest, &nss->digestlen, 0); xx = rpmDigestFinal(ctx, (void **)&nss->digest, &nss->digestlen, 0);
skipping to change at line 540 skipping to change at line 546
/* Compare leading 16 bits of digest for quick check. */ /* Compare leading 16 bits of digest for quick check. */
rc = memcmp(nss->digest, sigp->signhash16, sizeof(sigp->signhash16)); rc = memcmp(nss->digest, sigp->signhash16, sizeof(sigp->signhash16));
SPEW(0, !rc, dig); SPEW(0, !rc, dig);
return rc; return rc;
} }
static static
int rpmnssVerifyDSA(pgpDig dig) int rpmnssVerifyDSA(pgpDig dig)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc; int rc;
nss->item.type = siBuffer; nss->item.type = siBuffer;
nss->item.data = nss->digest; nss->item.data = (unsigned char *) nss->digest;
nss->item.len = (unsigned) nss->digestlen; nss->item.len = (unsigned) nss->digestlen;
rc = rpmnssErr(nss, "VFY_VerifyDigest", rc = rpmnssErr(nss, "VFY_VerifyDigest",
VFY_VerifyDigest(&nss->item, nss->pub_key, VFY_VerifyDigest(&nss->item, nss->pub_key,
nss->sig, nss->sigalg, NULL)); nss->sig, nss->sigalg, NULL));
rc = (rc == SECSuccess); rc = (rc == SECSuccess);
SPEW(0, rc, dig); SPEW(0, rc, dig);
return rc; return rc;
} }
static int rpmnssSignDSA(pgpDig dig) static int rpmnssSignDSA(pgpDig dig)
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
pgpDigParams sigp = pgpGetSignature(dig); pgpDigParams sigp = pgpGetSignature(dig);
int rc = 0; /* assume failure. */ int rc = 0; /* assume failure. */
SECItem sig = { .type = siBuffer, .len = 0, .data = NULL };
SECOidTag sigalg = SEC_OID_UNKNOWN; SECOidTag sigalg = SEC_OID_UNKNOWN;
SECItem sig = {};
sig.type = siBuffer;
sig.len = 0;
sig.data = NULL;
switch (sigp->hash_algo) { switch (sigp->hash_algo) {
case PGPHASHALGO_MD5: case PGPHASHALGO_MD5:
break; break;
case PGPHASHALGO_SHA1: case PGPHASHALGO_SHA1:
sigalg = SEC_OID_SHA1; sigalg = SEC_OID_SHA1;
break; break;
case PGPHASHALGO_RIPEMD160: case PGPHASHALGO_RIPEMD160:
break; break;
case PGPHASHALGO_MD2: case PGPHASHALGO_MD2:
break; break;
skipping to change at line 595 skipping to change at line 605
break; break;
case PGPHASHALGO_SHA224: case PGPHASHALGO_SHA224:
break; break;
default: default:
break; break;
} }
if (sigalg == SEC_OID_UNKNOWN) if (sigalg == SEC_OID_UNKNOWN)
goto exit; goto exit;
nss->item.type = siBuffer; nss->item.type = siBuffer;
nss->item.data = nss->digest; nss->item.data = (unsigned char *) nss->digest;
nss->item.len = (unsigned) nss->digestlen; nss->item.len = (unsigned) nss->digestlen;
if (nss->sig != NULL) { if (nss->sig != NULL) {
SECITEM_ZfreeItem(nss->sig, PR_TRUE); SECITEM_ZfreeItem(nss->sig, PR_TRUE);
nss->sig = NULL; nss->sig = NULL;
} }
nss->sig = SECITEM_AllocItem(NULL, NULL, 0); nss->sig = SECITEM_AllocItem(NULL, NULL, 0);
nss->sig->type = siBuffer; nss->sig->type = siBuffer;
skipping to change at line 624 skipping to change at line 634
rc = (rc == SECSuccess); rc = (rc == SECSuccess);
exit: exit:
SPEW(!rc, rc, dig); SPEW(!rc, rc, dig);
return rc; return rc;
} }
static int rpmnssGenerateDSA(pgpDig dig) static int rpmnssGenerateDSA(pgpDig dig)
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc = 0; /* assume failure */ int rc = 0; /* assume failure */
if (nss->nbits == 0) nss->nbits = 1024; /* XXX FIXME */ if (nss->nbits == 0) nss->nbits = 1024; /* XXX FIXME */
assert(nss->nbits); assert(nss->nbits);
{ CK_MECHANISM_TYPE _type = CKM_DSA_KEY_PAIR_GEN; { CK_MECHANISM_TYPE _type = CKM_DSA_KEY_PAIR_GEN;
PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL); PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL);
int _isPerm = PR_FALSE; int _isPerm = PR_FALSE;
int _isSensitive = PR_TRUE; int _isSensitive = PR_TRUE;
void * _cx = NULL; void * _cx = NULL;
skipping to change at line 669 skipping to change at line 679
exit: exit:
SPEW(!rc, rc, dig); SPEW(!rc, rc, dig);
return rc; return rc;
} }
static static
int rpmnssSetELG(/*@only@*/ DIGEST_CTX ctx, /*@unused@*/pgpDig dig, pgpDigP arams sigp) int rpmnssSetELG(/*@only@*/ DIGEST_CTX ctx, /*@unused@*/pgpDig dig, pgpDigP arams sigp)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc = 1; /* XXX always fail. */ int rc = 1; /* XXX always fail. */
int xx; int xx;
assert(sigp->hash_algo == rpmDigestAlgo(ctx)); assert(sigp->hash_algo == rpmDigestAlgo(ctx));
nss->digest = _free(nss->digest); nss->digest = _free(nss->digest);
nss->digestlen = 0; nss->digestlen = 0;
xx = rpmDigestFinal(ctx, (void **)&nss->digest, &nss->digestlen, 0); xx = rpmDigestFinal(ctx, (void **)&nss->digest, &nss->digestlen, 0);
/* Compare leading 16 bits of digest for quick check. */ /* Compare leading 16 bits of digest for quick check. */
return rc; return rc;
} }
static static
int rpmnssSetECDSA(/*@only@*/ DIGEST_CTX ctx, /*@unused@*/pgpDig dig, pgpDi gParams sigp) int rpmnssSetECDSA(/*@only@*/ DIGEST_CTX ctx, /*@unused@*/pgpDig dig, pgpDi gParams sigp)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int xx; int xx;
assert(sigp->hash_algo == rpmDigestAlgo(ctx)); assert(sigp->hash_algo == rpmDigestAlgo(ctx));
nss->sigalg = SEC_OID_UNKNOWN; nss->sigalg = SEC_OID_UNKNOWN;
switch (sigp->hash_algo) { switch (sigp->hash_algo) {
case PGPHASHALGO_SHA1: case PGPHASHALGO_SHA1:
nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
break; break;
case PGPHASHALGO_SHA224: case PGPHASHALGO_SHA224:
nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE;
skipping to change at line 726 skipping to change at line 736
xx = rpmDigestFinal(ctx, (void **)&nss->digest, &nss->digestlen, 0); xx = rpmDigestFinal(ctx, (void **)&nss->digest, &nss->digestlen, 0);
/* Compare leading 16 bits of digest for quick check. */ /* Compare leading 16 bits of digest for quick check. */
return memcmp(nss->digest, sigp->signhash16, sizeof(sigp->signhash16)); return memcmp(nss->digest, sigp->signhash16, sizeof(sigp->signhash16));
} }
static static
int rpmnssVerifyECDSA(/*@unused@*/pgpDig dig) int rpmnssVerifyECDSA(/*@unused@*/pgpDig dig)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc; int rc;
nss->item.type = siBuffer; nss->item.type = siBuffer;
nss->item.data = nss->digest; nss->item.data = (unsigned char *) nss->digest;
nss->item.len = (unsigned) nss->digestlen; nss->item.len = (unsigned) nss->digestlen;
rc = VFY_VerifyDigest(&nss->item, nss->pub_key, nss->sig, nss->sigalg, NULL); rc = VFY_VerifyDigest(&nss->item, nss->pub_key, nss->sig, nss->sigalg, NULL);
rc = (rc == SECSuccess); rc = (rc == SECSuccess);
SPEW(!rc, rc, dig); SPEW(!rc, rc, dig);
return rc; return rc;
} }
static static
int rpmnssSignECDSA(/*@unused@*/pgpDig dig) int rpmnssSignECDSA(/*@unused@*/pgpDig dig)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
pgpDigParams sigp = pgpGetSignature(dig); pgpDigParams sigp = pgpGetSignature(dig);
int rc = 0; /* assume failure. */ int rc = 0; /* assume failure. */
SECOidTag sigalg = SEC_OID_UNKNOWN; SECOidTag sigalg = SEC_OID_UNKNOWN;
switch (sigp->hash_algo) { switch (sigp->hash_algo) {
case PGPHASHALGO_MD5: case PGPHASHALGO_MD5:
break; break;
case PGPHASHALGO_SHA1: case PGPHASHALGO_SHA1:
sigalg = SEC_OID_SHA1; sigalg = SEC_OID_SHA1;
break; break;
skipping to change at line 803 skipping to change at line 813
exit: exit:
SPEW(!rc, rc, dig); SPEW(!rc, rc, dig);
return rc; return rc;
} }
static static
int rpmnssGenerateECDSA(/*@unused@*/pgpDig dig) int rpmnssGenerateECDSA(/*@unused@*/pgpDig dig)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc = 0; /* assume failure. */ int rc = 0; /* assume failure. */
{ CK_MECHANISM_TYPE _type = CKM_EC_KEY_PAIR_GEN; { CK_MECHANISM_TYPE _type = CKM_EC_KEY_PAIR_GEN;
PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL); PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL);
int _isPerm = PR_FALSE; int _isPerm = PR_FALSE;
int _isSensitive = PR_FALSE; int _isSensitive = PR_FALSE;
void * _cx = NULL; void * _cx = NULL;
if (_slot) { if (_slot) {
skipping to change at line 874 skipping to change at line 884
{ {
int rc = 0; /* assume available */ int rc = 0; /* assume available */
#ifdef NOTYET #ifdef NOTYET
rc = rpmnssAvailable(dig->impl, algo, gcry_pk_test_algo(algo)); rc = rpmnssAvailable(dig->impl, algo, gcry_pk_test_algo(algo));
#endif #endif
return rc; return rc;
} }
static int rpmnssVerify(pgpDig dig) static int rpmnssVerify(pgpDig dig)
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc = 0; /* assume failure */ int rc = 0; /* assume failure */
pgpDigParams pubp = pgpGetPubkey(dig); pgpDigParams pubp = pgpGetPubkey(dig);
pgpDigParams sigp = pgpGetSignature(dig); pgpDigParams sigp = pgpGetSignature(dig);
dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo); dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo);
dig->hash_algoN = _pgpHashAlgo2Name(sigp->hash_algo); dig->hash_algoN = _pgpHashAlgo2Name(sigp->hash_algo);
switch (pubp->pubkey_algo) { switch (pubp->pubkey_algo) {
default: default:
break; break;
case PGPPUBKEYALGO_RSA: case PGPPUBKEYALGO_RSA:
skipping to change at line 906 skipping to change at line 916
if (nss->sigalg != SEC_OID_UNKNOWN) if (nss->sigalg != SEC_OID_UNKNOWN)
rc = rpmnssVerifyECDSA(dig); rc = rpmnssVerifyECDSA(dig);
break; break;
} }
SPEW(0, rc, dig); SPEW(0, rc, dig);
return rc; return rc;
} }
static int rpmnssSign(pgpDig dig) static int rpmnssSign(pgpDig dig)
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
int rc = 0; /* assume failure */ int rc = 0; /* assume failure */
pgpDigParams pubp = pgpGetPubkey(dig); pgpDigParams pubp = pgpGetPubkey(dig);
dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo); dig->pubkey_algoN = _pgpPubkeyAlgo2Name(pubp->pubkey_algo);
switch (pubp->pubkey_algo) { switch (pubp->pubkey_algo) {
default: default:
break; break;
case PGPPUBKEYALGO_RSA: case PGPPUBKEYALGO_RSA:
rc = rpmnssSignRSA(dig); rc = rpmnssSignRSA(dig);
break; break;
case PGPPUBKEYALGO_DSA: case PGPPUBKEYALGO_DSA:
skipping to change at line 935 skipping to change at line 945
if (nss->sigalg != SEC_OID_UNKNOWN) if (nss->sigalg != SEC_OID_UNKNOWN)
rc = rpmnssSignECDSA(dig); rc = rpmnssSignECDSA(dig);
break; break;
} }
SPEW(!rc, rc, dig); SPEW(!rc, rc, dig);
return rc; return rc;
} }
static int rpmnssLoadParams(pgpDig dig, const char * name) static int rpmnssLoadParams(pgpDig dig, const char * name)
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
#ifdef NOTYET #ifdef NOTYET
SECOidTag curveOidTag = curve2oid(name); SECOidTag curveOidTag = curve2oid(name);
#else #else
SECOidTag curveOidTag = !strcmp(name, "nistp256") SECOidTag curveOidTag = !strcmp(name, "nistp256")
? SEC_OID_SECG_EC_SECP256R1 : SEC_OID_UNKNOWN; ? SEC_OID_SECG_EC_SECP256R1 : SEC_OID_UNKNOWN;
#endif #endif
SECOidData * oidData = SECOID_FindOIDByTag(curveOidTag); SECOidData * oidData = SECOID_FindOIDByTag(curveOidTag);
int rc = 1; /* assume failure. */ int rc = 1; /* assume failure. */
if (curveOidTag == SEC_OID_UNKNOWN || oidData == NULL) { if (curveOidTag == SEC_OID_UNKNOWN || oidData == NULL) {
skipping to change at line 1006 skipping to change at line 1016
*/ */
static static
int rpmnssMpiSet(const char * pre, unsigned int lbits, int rpmnssMpiSet(const char * pre, unsigned int lbits,
/*@out@*/ void * dest, const rpmuint8_t * p, /*@out@*/ void * dest, const rpmuint8_t * p,
/*@null@*/ const rpmuint8_t * pend) /*@null@*/ const rpmuint8_t * pend)
/*@modifies *dest @*/ /*@modifies *dest @*/
{ {
unsigned int mbits = pgpMpiBits(p); unsigned int mbits = pgpMpiBits(p);
unsigned int nbits; unsigned int nbits;
unsigned int nbytes; unsigned int nbytes;
char * t = dest; char * t = (char *) dest;
unsigned int ix; unsigned int ix;
if (pend != NULL && (p + ((mbits+7) >> 3)) > pend) if (pend != NULL && (p + ((mbits+7) >> 3)) > pend)
return 1; return 1;
if (mbits > lbits) if (mbits > lbits)
return 1; return 1;
nbits = (lbits > mbits ? lbits : mbits); nbits = (lbits > mbits ? lbits : mbits);
nbytes = ((nbits + 7) >> 3); nbytes = ((nbits + 7) >> 3);
ix = ((nbits - mbits) >> 3); ix = ((nbits - mbits) >> 3);
/*@-modfilesystem @*/ /*@-modfilesystem @*/
if (_pgp_debug) if (_pgp_debug)
fprintf(stderr, "*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits, nb ytes, ix); fprintf(stderr, "*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits, nb ytes, ix);
if (ix > 0) memset(t, (int)'\0', ix); if (ix > 0) memset(t, (int)'\0', ix);
memcpy(t+ix, p+2, nbytes-ix); memcpy(t+ix, p+2, nbytes-ix);
if (_pgp_debug && _pgp_print) if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s %s\n", pre, pgpHexStr(dest, nbytes)); fprintf(stderr, "\t %s %s\n", pre, pgpHexStr((rpmuint8_t *)dest, nbytes));
/*@=modfilesystem @*/ /*@=modfilesystem @*/
return 0; return 0;
} }
/** /**
* @return NULL on error * @return NULL on error
*/ */
static static
/*@only@*/ /*@null@*/ /*@only@*/ /*@null@*/
SECItem * rpmnssMpiCopy(PRArenaPool * arena, /*@returned@*/ SECItem * item, SECItem * rpmnssMpiCopy(PRArenaPool * arena, /*@returned@*/ SECItem * item,
skipping to change at line 1047 skipping to change at line 1057
/*@modifies item @*/ /*@modifies item @*/
{ {
unsigned int nbytes = pgpMpiLen(p)-2; unsigned int nbytes = pgpMpiLen(p)-2;
/*@-moduncon@*/ /*@-moduncon@*/
if (item == NULL) { if (item == NULL) {
if ((item = SECITEM_AllocItem(arena, item, nbytes)) == NULL) if ((item = SECITEM_AllocItem(arena, item, nbytes)) == NULL)
return item; return item;
} else { } else {
if (arena != NULL) if (arena != NULL)
item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes ); item->data = (unsigned char *) PORT_ArenaGrow(arena, item->data, item->len, nbytes);
else else
item->data = PORT_Realloc(item->data, nbytes); item->data = (unsigned char *) PORT_Realloc(item->data, nbytes);
if (item->data == NULL) { if (item->data == NULL) {
if (arena == NULL) if (arena == NULL)
SECITEM_FreeItem(item, PR_TRUE); SECITEM_FreeItem(item, PR_TRUE);
return NULL; return NULL;
} }
} }
/*@=moduncon@*/ /*@=moduncon@*/
memcpy(item->data, p+2, nbytes); memcpy(item->data, p+2, nbytes);
skipping to change at line 1078 skipping to change at line 1088
/*@*/ /*@*/
{ {
PRArenaPool *arena; PRArenaPool *arena;
SECKEYPublicKey *key; SECKEYPublicKey *key;
/*@-moduncon@*/ /*@-moduncon@*/
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) if (arena == NULL)
return NULL; return NULL;
key = PORT_ArenaZAlloc(arena, sizeof(*key)); key = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(*key));
if (key == NULL) { if (key == NULL) {
PORT_FreeArena(arena, PR_FALSE); PORT_FreeArena(arena, PR_FALSE);
return NULL; return NULL;
} }
/*@=moduncon@*/ /*@=moduncon@*/
key->keyType = type; key->keyType = type;
key->pkcs11ID = CK_INVALID_HANDLE; key->pkcs11ID = CK_INVALID_HANDLE;
key->pkcs11Slot = NULL; key->pkcs11Slot = NULL;
skipping to change at line 1100 skipping to change at line 1110
/*@-nullret@*/ /* key->pkcs11Slot can be NULL */ /*@-nullret@*/ /* key->pkcs11Slot can be NULL */
return key; return key;
/*@=nullret@*/ /*@=nullret@*/
} }
static static
int rpmnssMpiItem(const char * pre, pgpDig dig, int itemno, int rpmnssMpiItem(const char * pre, pgpDig dig, int itemno,
const rpmuint8_t * p, /*@null@*/ const rpmuint8_t * pend) const rpmuint8_t * p, /*@null@*/ const rpmuint8_t * pend)
/*@*/ /*@*/
{ {
rpmnss nss = dig->impl; rpmnss nss = (rpmnss) dig->impl;
unsigned int hbits; unsigned int hbits;
size_t nb = (pend >= p ? (pend - p) : 0); size_t nb = (pend >= p ? (pend - p) : 0);
int rc = 0; int rc = 0;
/*@-moduncon@*/ /*@-moduncon@*/
switch (itemno) { switch (itemno) {
default: default:
assert(0); assert(0);
break; break;
case 10: /* RSA m**d */ case 10: /* RSA m**d */
nss->sig = rpmnssMpiCopy(NULL, nss->sig, p); nss->sig = rpmnssMpiCopy(NULL, nss->sig, p);
if (nss->sig == NULL) if (nss->sig == NULL)
rc = 1; rc = 1;
break; break;
case 20: /* DSA r */ case 20: /* DSA r */
hbits = 160; hbits = 160;
nss->item.type = 0; nss->item.type = (SECItemType) 0;
nss->item.len = 2 * (hbits/8); nss->item.len = 2 * (hbits/8);
nss->item.data = xcalloc(1, nss->item.len); nss->item.data = (unsigned char *) xcalloc(1, nss->item.len);
rc = rpmnssMpiSet(pre, hbits, nss->item.data, p, pend); rc = rpmnssMpiSet(pre, hbits, nss->item.data, p, pend);
break; break;
case 21: /* DSA s */ case 21: /* DSA s */
hbits = 160; hbits = 160;
rc = rpmnssMpiSet(pre, hbits, nss->item.data + (hbits/8), p, pend); rc = rpmnssMpiSet(pre, hbits, nss->item.data + (hbits/8), p, pend);
if (nss->sig != NULL) if (nss->sig != NULL)
SECITEM_FreeItem(nss->sig, PR_FALSE); SECITEM_FreeItem(nss->sig, PR_FALSE);
if ((nss->sig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL if ((nss->sig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL
|| DSAU_EncodeDerSig(nss->sig, &nss->item) != SECSuccess) || DSAU_EncodeDerSig(nss->sig, &nss->item) != SECSuccess)
rc = 1; rc = 1;
skipping to change at line 1182 skipping to change at line 1192
case 43: /* DSA y */ case 43: /* DSA y */
if (nss->pub_key == NULL) if (nss->pub_key == NULL)
nss->pub_key = rpmnssNewPublicKey(dsaKey); nss->pub_key = rpmnssNewPublicKey(dsaKey);
if (nss->pub_key == NULL) if (nss->pub_key == NULL)
rc = 1; rc = 1;
else else
(void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.p ublicValue, p); (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.p ublicValue, p);
break; break;
case 50: /* ECDSA r */ case 50: /* ECDSA r */
hbits = 256; hbits = 256;
nss->item.type = 0; nss->item.type = (SECItemType) 0;
nss->item.len = 2 * (hbits/8); nss->item.len = 2 * (hbits/8);
nss->item.data = xcalloc(1, nss->item.len); nss->item.data = (unsigned char *) xcalloc(1, nss->item.len);
rc = rpmnssMpiSet(pre, hbits, nss->item.data, p, pend); rc = rpmnssMpiSet(pre, hbits, nss->item.data, p, pend);
break; break;
case 51: /* ECDSA s */ case 51: /* ECDSA s */
hbits = 256; hbits = 256;
rc = rpmnssMpiSet(pre, hbits, nss->item.data + (hbits/8), p, pend); rc = rpmnssMpiSet(pre, hbits, nss->item.data + (hbits/8), p, pend);
if (nss->sig != NULL) if (nss->sig != NULL)
SECITEM_FreeItem(nss->sig, PR_FALSE); SECITEM_FreeItem(nss->sig, PR_FALSE);
if ((nss->sig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL if ((nss->sig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL
|| DSAU_EncodeDerSigWithLen(nss->sig, &nss->item, nss->item.len) != SECSuccess) || DSAU_EncodeDerSigWithLen(nss->sig, &nss->item, nss->item.len) != SECSuccess)
rc = 1; rc = 1;
nss->item.data = _free(nss->item.data); nss->item.data = _free(nss->item.data);
break; break;
case 60: /* ECDSA curve OID */ case 60: /* ECDSA curve OID */
assert(pend > p); assert(pend > p);
if (nss->pub_key == NULL) if (nss->pub_key == NULL)
nss->pub_key = rpmnssNewPublicKey(ecKey); nss->pub_key = rpmnssNewPublicKey(ecKey);
if (nss->pub_key == NULL) if (nss->pub_key == NULL)
rc = 1; rc = 1;
else { else {
SECKEYECParams * ecp = &nss->pub_key->u.ec.DEREncodedParams; SECKEYECParams * ecp = &nss->pub_key->u.ec.DEREncodedParams;
ecp->data = PORT_ArenaZAlloc(nss->pub_key->arena, nb + 2); ecp->data = (unsigned char *) PORT_ArenaZAlloc(nss->pub_key->are na, nb + 2);
ecp->data[0] = SEC_ASN1_OBJECT_ID; ecp->data[0] = SEC_ASN1_OBJECT_ID;
ecp->data[1] = nb; ecp->data[1] = nb;
memcpy(ecp->data + 2, p, nb); memcpy(ecp->data + 2, p, nb);
ecp->len = nb + 2; ecp->len = nb + 2;
} }
break; break;
case 61: /* ECDSA Q */ case 61: /* ECDSA Q */
assert(nss->pub_key); assert(nss->pub_key);
/* XXX assumes uncompressed Q as a MPI */ /* XXX assumes uncompressed Q as a MPI */
nss->pub_key->u.ec.size = ((nb - (2 + 1)) * 8)/2; nss->pub_key->u.ec.size = ((nb - (2 + 1)) * 8)/2;
skipping to change at line 1228 skipping to change at line 1238
} }
/*@=moduncon@*/ /*@=moduncon@*/
return rc; return rc;
} }
/*@-mustmod@*/ /*@-mustmod@*/
static static
void rpmnssClean(void * impl) void rpmnssClean(void * impl)
/*@modifies impl @*/ /*@modifies impl @*/
{ {
rpmnss nss = impl; rpmnss nss = (rpmnss) impl;
/*@-moduncon@*/ /*@-moduncon@*/
if (nss != NULL) { if (nss != NULL) {
nss->nbits = 0; nss->nbits = 0;
nss->err = 0; nss->err = 0;
nss->badok = 0; nss->badok = 0;
nss->digest = _free(nss->digest); nss->digest = _free(nss->digest);
nss->digestlen = 0; nss->digestlen = 0;
if (nss->sec_key != NULL) { if (nss->sec_key != NULL) {
SECKEY_DestroyPrivateKey(nss->sec_key); SECKEY_DestroyPrivateKey(nss->sec_key);
skipping to change at line 1273 skipping to change at line 1283
rpmnssClean(impl); rpmnssClean(impl);
impl = _free(impl); impl = _free(impl);
return NULL; return NULL;
} }
static static
void * rpmnssInit(void) void * rpmnssInit(void)
/*@globals _rpmnss_init @*/ /*@globals _rpmnss_init @*/
/*@modifies _rpmnss_init @*/ /*@modifies _rpmnss_init @*/
{ {
rpmnss nss = xcalloc(1, sizeof(*nss)); rpmnss nss = (rpmnss) xcalloc(1, sizeof(*nss));
const char * _nssdb_path = rpmExpand("%{?_nssdb_path}", NULL); const char * _nssdb_path = rpmExpand("%{?_nssdb_path}", NULL);
/*@-moduncon@*/ /*@-moduncon@*/
if (_nssdb_path != NULL && *_nssdb_path == '/') if (_nssdb_path != NULL && *_nssdb_path == '/')
(void) NSS_Init(_nssdb_path); (void) NSS_Init(_nssdb_path);
else else
(void) NSS_NoDB_Init(NULL); (void) NSS_NoDB_Init(NULL);
/*@=moduncon@*/ /*@=moduncon@*/
_nssdb_path = _free(_nssdb_path); _nssdb_path = _free(_nssdb_path);
 End of changes. 39 change blocks. 
40 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/