32 static int disabled = 0;
47 if (!(name && *name !=
'\0'))
76 const char *pgpbin =
rpmGetPath(
"%{?__pgp}", NULL);
83 if (!(pgpbin && pgpbin[0] !=
'\0')) {
84 pgpbin =
_free(pgpbin);
85 saved_pgp_version = -1;
90 pgpvbin = (
char *)
alloca(strlen(pgpbin) +
sizeof(
"v"));
94 if (stat(pgpvbin, &st) == 0)
95 saved_pgp_version =
PGP_5;
96 else if (stat(pgpbin, &st) == 0)
97 saved_pgp_version =
PGP_2;
103 if (pgpVer && pgpbin)
104 *pgpVer = saved_pgp_version;
127 if (fdno == 123456789) {
130 st.st_size -=
sizeof(
struct rpmlead)+siglen+pad+datalen;
132 }
else if (fstat(fdno, &st) < 0)
136 expected =
sizeof(
struct rpmlead) + siglen + pad;
139 D_(
"Expected size: %12lu = lead(%d)+sigs(%d)+pad(%d)+data(%lu)\n"),
140 (
unsigned long)expected,
141 (
int)
sizeof(
struct rpmlead), siglen, pad, (
unsigned long)datalen);
144 D_(
" Actual size: %12lu\n"), (
unsigned long)st.st_size);
151 0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00
167 unsigned char * dataStart;
168 unsigned char * dataEnd = NULL;
184 memset(block, 0,
sizeof(block));
185 if ((xx =
timedRead(fd, (
char *)block,
sizeof(block))) !=
sizeof(block)) {
187 _(
"sigh size(%d): BAD, read returned %d\n"), (int)
sizeof(block), xx);
192 _(
"sigh magic: BAD\n"));
196 il = ntohl(block[2]);
198 if (il < 0 || il > 32) {
200 _(
"sigh tags: BAD, no. of tags(%d) out of range\n"), il);
204 dl = ntohl(block[3]);
206 if (dl < 0 || dl > 8192) {
208 _(
"sigh data: BAD, no. of bytes(%d) out of range\n"), dl);
215 ei =
xmalloc(
sizeof(il) +
sizeof(dl) + nb);
221 dataStart = (
unsigned char *) (pe + il);
222 if ((xx =
timedRead(fd, (
char *)pe, nb)) != nb) {
224 _(
"sigh blob(%d): BAD, read returned %d\n"), (int)nb, xx);
232 _(
"tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
248 _(
"region offset: BAD, tag %d type %d offset %d count %d\n"),
263 memcpy(dataEnd, &stag,
sizeof(stag));
275 _(
"region trailer: BAD, tag %d type %d offset %d count %d\n"),
282 memset(info, 0,
sizeof(*info));
287 if ((entry->
info.
offset %
sizeof(*pe)) || ril > il) {
289 _(
"region size: BAD, ril(%d) > il(%d)\n"), ril, il);
296 memset(info, 0,
sizeof(*info));
298 for (i = 1; i < il; i++) {
302 _(
"sigh tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
312 (void)
snprintf(buf,
sizeof(buf),
_(
"sigh load: BAD\n"));
318 int pad = (8 - (sigSize % 8)) % 8;
322 if (pad && (xx =
timedRead(fd, (
char *)block, pad)) != pad) {
324 _(
"sigh pad(%d): BAD, read %d bytes\n"), pad, xx);
330 size_t datasize = *(
uint_32 *)archSize;
331 rc =
printSize(fd, sigSize, pad, datasize);
334 _(
"sigh sigSize(%d): BAD, fstat(2) failed\n"), sigSize);
340 if (sighp && sigh && rc ==
RPMRC_OK)
345 buf[
sizeof(buf)-1] =
'\0';
355 static byte buf[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
364 pad = (8 - (sigSize % 8)) % 8;
367 if (
Fwrite(buf,
sizeof(buf[0]), pad, fd) != pad)
397 const char * passPhrase)
403 char * sigfile =
alloca(1024);
419 addMacro(NULL,
"__plaintext_filename", NULL, file, -1);
420 addMacro(NULL,
"__signature_filename", NULL, sigfile, -1);
422 inpipe[0] = inpipe[1] = 0;
427 if (!(pid = fork())) {
428 const char *pgp_path =
rpmExpand(
"%{?_pgp_path}", NULL);
432 (void) dup2(inpipe[0], 3);
433 (void) close(inpipe[1]);
435 (void)
dosetenv(
"PGPPASSFD",
"3", 1);
437 if (pgp_path && *pgp_path !=
'\0')
438 (void)
dosetenv(
"PGPPATH", pgp_path, 1);
447 cmd =
rpmExpand(
"%{?__pgp_sign_cmd}", NULL);
448 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
451 rc = execve(av[0], av+1, environ);
455 cmd =
rpmExpand(
"%{?__pgp5_sign_cmd}", NULL);
456 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
459 rc = execve(av[0], av+1, environ);
473 delMacro(NULL,
"__plaintext_filename");
474 delMacro(NULL,
"__signature_filename");
476 (void) close(inpipe[0]);
478 (void) write(inpipe[1], passPhrase, strlen(passPhrase));
479 (void) write(inpipe[1],
"\n", 1);
480 (void) close(inpipe[1]);
482 (void)waitpid(pid, &status, 0);
483 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
488 if (stat(sigfile, &st)) {
490 if (sigfile) (void) unlink(sigfile);
496 *pktlenp = st.st_size;
505 fd =
Fopen(sigfile,
"r.fdio");
506 if (fd != NULL && !
Ferror(fd)) {
508 if (sigfile) (void) unlink(sigfile);
511 if (rc != *pktlenp) {
513 *pktp =
_free(*pktp);
547 const char * passPhrase)
553 char * sigfile =
alloca(strlen(file)+
sizeof(
".sig"));
568 addMacro(NULL,
"__plaintext_filename", NULL, file, -1);
569 addMacro(NULL,
"__signature_filename", NULL, sigfile, -1);
571 inpipe[0] = inpipe[1] = 0;
576 if (!(pid = fork())) {
577 const char *gpg_path =
rpmExpand(
"%{?_gpg_path}", NULL);
579 (void) dup2(inpipe[0], 3);
580 (void) close(inpipe[1]);
583 if (gpg_path && *gpg_path !=
'\0')
584 (void)
dosetenv(
"GNUPGHOME", gpg_path, 1);
588 cmd =
rpmExpand(
"%{?__gpg_sign_cmd}", NULL);
589 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
592 rc = execve(av[0], av+1, environ);
600 delMacro(NULL,
"__plaintext_filename");
601 delMacro(NULL,
"__signature_filename");
603 fpipe = fdopen(inpipe[1],
"w");
604 (void) close(inpipe[0]);
606 fprintf(fpipe,
"%s\n", (passPhrase ? passPhrase :
""));
607 (void) fclose(fpipe);
610 (void) waitpid(pid, &status, 0);
611 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
616 if (stat(sigfile, &st)) {
618 if (sigfile) (void) unlink(sigfile);
624 *pktlenp = st.st_size;
633 fd =
Fopen(sigfile,
"r.fdio");
634 if (fd != NULL && !
Ferror(fd)) {
636 if (sigfile) (void) unlink(sigfile);
639 if (rc != *pktlenp) {
641 *pktp =
_free(*pktp);
697 const char * passPhrase)
705 const char * fn = NULL;
706 const char * SHA1 = NULL;
718 fd =
Fopen(file,
"r.fdio");
719 if (fd == NULL ||
Ferror(fd))
724 (void)
Fclose(fd); fd = NULL;
752 fd =
Fopen(file,
"r.fdio");
753 if (fd == NULL ||
Ferror(fd))
758 (void)
Fclose(fd); fd = NULL;
763 (void)
Fclose(fd); fd = NULL;
770 fd =
Fopen(file,
"r.fdio");
771 if (fd == NULL ||
Ferror(fd))
776 (void)
Fclose(fd); fd = NULL;
781 (void)
Fclose(fd); fd = NULL;
796 if (fd != NULL) (void)
Fclose(fd);
801 const char * passPhrase)
810 if (stat(file, &st) != 0)
819 pkt = memset(
alloca(pktlen), 0, pktlen);
857 int passPhrasePipe[2];
862 passPhrasePipe[0] = passPhrasePipe[1] = 0;
864 xx = pipe(passPhrasePipe);
866 if (!(pid = fork())) {
871 xx = close(STDIN_FILENO);
872 xx = close(STDOUT_FILENO);
873 xx = close(passPhrasePipe[1]);
875 xx = close(STDERR_FILENO);
876 if ((fdno = open(
"/dev/null", O_RDONLY)) != STDIN_FILENO) {
877 xx = dup2(fdno, STDIN_FILENO);
880 if ((fdno = open(
"/dev/null", O_WRONLY)) != STDOUT_FILENO) {
881 xx = dup2(fdno, STDOUT_FILENO);
884 xx = dup2(passPhrasePipe[0], 3);
890 {
const char *gpg_path =
rpmExpand(
"%{?_gpg_path}", NULL);
893 if (gpg_path && *gpg_path !=
'\0')
894 (void)
dosetenv(
"GNUPGHOME", gpg_path, 1);
897 cmd =
rpmExpand(
"%{?__gpg_check_password_cmd}", NULL);
898 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
901 rc = execve(av[0], av+1, environ);
910 {
const char *pgp_path =
rpmExpand(
"%{?_pgp_path}", NULL);
914 (void)
dosetenv(
"PGPPASSFD",
"3", 1);
916 if (pgp_path && *pgp_path !=
'\0')
917 xx =
dosetenv(
"PGPPATH", pgp_path, 1);
923 cmd =
rpmExpand(
"%{?__pgp_check_password_cmd}", NULL);
924 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
927 rc = execve(av[0], av+1, environ);
931 cmd =
rpmExpand(
"%{?__pgp5_check_password_cmd}", NULL);
932 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
935 rc = execve(av[0], av+1, environ);
954 xx = close(passPhrasePipe[0]);
955 xx = write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
956 xx = write(passPhrasePipe[1],
"\n", 1);
957 xx = close(passPhrasePipe[1]);
959 (void) waitpid(pid, &status, 0);
961 return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
974 aok = (name && *name !=
'\0');
981 _(
"You must set \"%%_gpg_name\" in your macro file\n"));
988 aok = (name && *name !=
'\0');
995 _(
"You must set \"%%_pgp_name\" in your macro file\n"));
1038 int_32 size = 0x7fffffff;
1041 t =
stpcpy(t,
_(
"Header+Payload size: "));
1043 if (sig == NULL || dig == NULL || dig->
nbytes == 0) {
1049 memcpy(&size, sig,
sizeof(size));
1051 if (size != dig->
nbytes) {
1054 sprintf(t,
" Expected(%d) != (%d)\n", (
int)size, (
int)dig->
nbytes);
1058 sprintf(t,
" (%d)", (
int)dig->
nbytes);
1078 byte * md5sum = NULL;
1082 t =
stpcpy(t,
_(
"MD5 digest: "));
1084 if (md5ctx == NULL || sig == NULL || dig == NULL) {
1095 if (md5len != siglen || memcmp(md5sum, sig, md5len)) {
1098 t =
stpcpy(t,
" Expected(");
1112 md5sum =
_free(md5sum);
1138 const char * SHA1 = NULL;
1141 t =
stpcpy(t,
_(
"Header SHA1 digest: "));
1143 if (sha1ctx == NULL || sig == NULL || dig == NULL) {
1153 if (SHA1 == NULL || strlen(SHA1) != strlen(sig) || strcmp(SHA1, sig)) {
1156 t =
stpcpy(t,
" Expected(");
1183 if (c >=
'0' && c <=
'9')
1185 if (c >=
'A' && c <=
'F')
1186 return (c -
'A') + 10;
1187 if (c >=
'a' && c <=
'f')
1188 return (c -
'a') + 10;
1213 const char * prefix = NULL;
1217 assert(dig != NULL);
1218 assert(sigp != NULL);
1220 if (dig != NULL && dig->
hdrmd5ctx == md5ctx)
1224 case 3: *t++ =
'3';
break;
1225 case 4: *t++ =
'4';
break;
1228 if (md5ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
1248 t =
stpcpy(t,
" RSA/MD5");
1249 prefix =
"3020300c06082a864886f70d020505000410";
1252 t =
stpcpy(t,
" RSA/SHA1");
1253 prefix =
"3021300906052b0e03021a05000414";
1256 t =
stpcpy(t,
" RSA/RIPEMD160");
1257 prefix =
"3021300906052b2403020105000414";
1260 t =
stpcpy(t,
" RSA/MD2");
1261 prefix =
"3020300c06082a864886f70d020205000410";
1264 t =
stpcpy(t,
" RSA/TIGER192");
1265 prefix =
"3029300d06092b06010401da470c0205000418";
1272 t =
stpcpy(t,
" RSA/SHA256");
1273 prefix =
"3031300d060960864801650304020105000420";
1276 t =
stpcpy(t,
" RSA/SHA384");
1277 prefix =
"3041300d060960864801650304020205000430";
1280 t =
stpcpy(t,
" RSA/SHA512");
1281 prefix =
"3051300d060960864801650304020305000440";
1290 t =
stpcpy(t,
_(
" signature: "));
1295 assert(md5ctx != NULL);
1301 if (sigp->
hash != NULL)
1311 memcpy(trailer+2, &nb,
sizeof(nb));
1324 if (memcmp(signhash16, sigp->
signhash16,
sizeof(signhash16))) {
1331 {
unsigned int nbits = MP_WORDS_TO_BITS(dig->
c.size);
1332 unsigned int nb = (nbits + 7) >> 3;
1333 const char * hexstr;
1336 assert(prefix != NULL);
1337 hexstr = tt =
xmalloc(2 * nb + 1);
1338 memset(tt,
'f', (2 * nb));
1339 tt[0] =
'0'; tt[1] =
'0';
1340 tt[2] =
'0'; tt[3] =
'1';
1341 tt += (2 * nb) - strlen(prefix) - strlen(dig->
md5) - 2;
1342 *tt++ =
'0'; *tt++ =
'0';
1346 mpnzero(&dig->
rsahm); (void) mpnsethex(&dig->
rsahm, hexstr);
1348 hexstr =
_free(hexstr);
1359 #if HAVE_BEECRYPT_API_H
1374 t =
stpcpy(t,
", key ID ");
1407 assert(dig != NULL);
1408 assert(sigp != NULL);
1410 if (dig != NULL && dig->
hdrsha1ctx == sha1ctx)
1414 case 3: *t++ =
'3';
break;
1415 case 4: *t++ =
'4';
break;
1417 t =
stpcpy(t,
_(
" DSA signature: "));
1419 if (sha1ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
1437 if (sigp->
hash != NULL)
1446 memcpy(trailer+2, &nb,
sizeof(nb));
1453 mpnzero(&dig->
hm); (void) mpnsethex(&dig->
hm, dig->
sha1);
1456 signhash16[0] = (*dig->
hm.data >> 24) & 0xff;
1457 signhash16[1] = (*dig->
hm.data >> 16) & 0xff;
1458 if (memcmp(signhash16, sigp->
signhash16,
sizeof(signhash16))) {
1470 if (dsavrfy(&dig->
p, &dig->
q, &dig->
g,
1471 &dig->
hm, &dig->
y, &dig->
r, &dig->
s))
1480 t =
stpcpy(t,
", key ID ");
1498 if (sig == NULL || siglen <= 0 || dig == NULL) {
1499 sprintf(result,
_(
"Verify signature: BAD PARAMETERS\n"));
1530 sprintf(result,
_(
"Broken MD5 digest: UNSUPPORTED\n"));
1534 sprintf(result,
_(
"Signature: UNKNOWN (%d)\n"), sigtag);