rpm  5.4.10
rpmgc.c
Go to the documentation of this file.
1 
5 #include "system.h"
6 
7 #include <rpmiotypes.h>
8 #define _RPMGC_INTERNAL
9 #if defined(WITH_GCRYPT)
10 #define _RPMPGP_INTERNAL
11 #include <rpmgc.h>
12 #endif
13 
14 #include "debug.h"
15 
16 #if defined(WITH_GCRYPT)
17 
18 /*@access pgpDig @*/
19 /*@access pgpDigParams @*/
20 
21 /*@-redecl@*/
22 /*@unchecked@*/
23 extern int _pgp_debug;
24 
25 /*@unchecked@*/
26 extern int _pgp_print;
27 /*@=redecl@*/
28 
29 /*@unchecked@*/
30 static int _rpmgc_debug;
31 
32 #define SPEW(_t, _rc, _dig) \
33  { if ((_t) || _rpmgc_debug || _pgp_debug < 0) \
34  fprintf(stderr, "<-- %s(%p) %s\t%s\n", __FUNCTION__, (_dig), \
35  ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN); \
36  }
37 
38 static const char * rpmgcHashAlgo2Name(uint32_t algo)
39 {
40  return pgpValStr(pgpHashTbl, (rpmuint8_t)algo);
41 }
42 
43 static const char * rpmgcPubkeyAlgo2Name(uint32_t algo)
44 {
45  return pgpValStr(pgpPubkeyTbl, (rpmuint8_t)algo);
46 }
47 
48 static void fail(const char *format, ...)
49 {
50  va_list arg_ptr;
51 
52  va_start(arg_ptr, format);
53  vfprintf(stderr, format, arg_ptr);
54  va_end(arg_ptr);
56 }
57 
58 static
59 void rpmgcDump(const char * msg, gcry_sexp_t sexp)
60  /*@*/
61 {
62  if (_rpmgc_debug || _pgp_debug) {
63  size_t nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
64  char * buf = (char *) alloca(nb+1);
65 
66  nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, buf, nb);
67  buf[nb] = '\0';
68  fprintf(stderr, "========== %s:\n%s", msg, buf);
69  }
70  return;
71 }
72 
73 static
74 gcry_error_t rpmgcErr(rpmgc gc, const char * msg, gcry_error_t err)
75  /*@*/
76 {
77  /* XXX Don't spew on expected failures ... */
78  if (err && gcry_err_code(err) != gc->badok)
79  fprintf (stderr, "rpmgc: %s(0x%0x): %s/%s\n",
80  msg, (unsigned)err, gcry_strsource(err), gcry_strerror(err));
81  return err;
82 }
83 
84 static
85 int rpmgcSetRSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
86  /*@modifies dig @*/
87 {
88  rpmgc gc = (rpmgc) dig->impl;
89  gcry_error_t err;
90  const char * hash_algo_name = NULL;
91  int rc = 1; /* assume error */
92  int xx;
93 pgpDigParams pubp = pgpGetPubkey(dig);
94 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
95 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
96 
97  switch (sigp->hash_algo) {
98  case PGPHASHALGO_MD5:
99  hash_algo_name = "md5";
100  break;
101  case PGPHASHALGO_SHA1:
102  hash_algo_name = "sha1";
103  break;
105  hash_algo_name = "ripemd160"; /* XXX FIXME: RPM != GCRYPT name */
106  break;
107  case PGPHASHALGO_MD2:
108  hash_algo_name = "md2";
109  break;
111  hash_algo_name = "tiger";
112  break;
114 #ifdef NOTYET
115  hash_algo_name = "haval";
116 #endif
117  break;
118  case PGPHASHALGO_SHA256:
119  hash_algo_name = "sha256";
120  break;
121  case PGPHASHALGO_SHA384:
122  hash_algo_name = "sha384";
123  break;
124  case PGPHASHALGO_SHA512:
125  hash_algo_name = "sha512";
126  break;
127  case PGPHASHALGO_SHA224:
128 #ifdef NOTYET
129  hash_algo_name = "sha224";
130 #endif
131  break;
132  default:
133  break;
134  }
135  if (hash_algo_name == NULL)
136  goto exit;
137 
138  xx = rpmDigestFinal(ctx, (void **)&gc->digest, &gc->digestlen, 0);
139  ctx = NULL; /* XXX avoid double free */
140 
141  /* Set RSA hash. */
142  err = rpmgcErr(gc, "RSA c",
143  gcry_sexp_build(&gc->hash, NULL,
144  "(data (flags pkcs1) (hash %s %b))", hash_algo_name, gc->digestlen, gc->digest) );
145 if (_pgp_debug < 0) rpmgcDump("gc->hash", gc->hash);
146 
147  /* Compare leading 16 bits of digest for quick check. */
148  { const rpmuint8_t *s = (const rpmuint8_t *) gc->digest;
149  const rpmuint8_t *t = sigp->signhash16;
150  rc = memcmp(s, t, sizeof(sigp->signhash16));
151  }
152 
153 exit:
154  if (ctx) { /* XXX Free the context on error returns. */
155  xx = rpmDigestFinal(ctx, NULL, NULL, 0);
156  ctx = NULL;
157  }
158 SPEW(0, !rc, dig);
159  return rc;
160 }
161 
162 static
163 int rpmgcSetDSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
164  /*@modifies dig @*/
165 {
166  rpmgc gc = (rpmgc) dig->impl;
167  gcry_error_t err;
168  int rc;
169  int xx;
170 pgpDigParams pubp = pgpGetPubkey(dig);
171 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
172 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
173 
174 assert(sigp->hash_algo == rpmDigestAlgo(ctx));
175  xx = rpmDigestFinal(ctx, (void **)&gc->digest, &gc->digestlen, 0);
176 
177  /* Set DSA hash. */
178 /*@-moduncon -noeffectuncon @*/
179  { gcry_mpi_t c = NULL;
180  /* XXX truncate to 160 bits */
181  err = rpmgcErr(gc, "DSA c",
182  gcry_mpi_scan(&c, GCRYMPI_FMT_USG, gc->digest, 160/8, NULL));
183  err = rpmgcErr(gc, "DSA gc->hash",
184  gcry_sexp_build(&gc->hash, NULL,
185  "(data (flags raw) (value %m))", c) );
186  gcry_mpi_release(c);
187 if (_pgp_debug < 0) rpmgcDump("gc->hash", gc->hash);
188  }
189 /*@=moduncon =noeffectuncon @*/
190 
191  /* Compare leading 16 bits of digest for quick check. */
192  rc = memcmp(gc->digest, sigp->signhash16, sizeof(sigp->signhash16));
193 SPEW(0, !rc, dig);
194  return rc;
195 }
196 
197 static
198 int rpmgcSetELG(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
199  /*@*/
200 {
201  rpmgc gc = (rpmgc) dig->impl;
202  int rc = 1; /* XXX always fail. */
203  int xx;
204 pgpDigParams pubp = pgpGetPubkey(dig);
205 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
206 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
207 
208 assert(sigp->hash_algo == rpmDigestAlgo(ctx));
209  xx = rpmDigestFinal(ctx, (void **)&gc->digest, &gc->digestlen, 0);
210 
211  /* Compare leading 16 bits of digest for quick check. */
212 
213 SPEW(0, !rc, dig);
214  return rc;
215 }
216 
217 static
218 int rpmgcSetECDSA(/*@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
219  /*@*/
220 {
221  rpmgc gc = (rpmgc) dig->impl;
222  int rc = 1; /* assume failure. */
223  gpg_error_t err;
224  int xx;
225 pgpDigParams pubp = pgpGetPubkey(dig);
226 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
227 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
228 
229 assert(sigp->hash_algo == rpmDigestAlgo(ctx));
230 gc->digest = _free(gc->digest);
231 gc->digestlen = 0;
232  xx = rpmDigestFinal(ctx, (void **)&gc->digest, &gc->digestlen, 0);
233 
234  { gcry_mpi_t c = NULL;
235  err = rpmgcErr(gc, "ECDSA c",
236  gcry_mpi_scan(&c, GCRYMPI_FMT_USG, gc->digest, gc->digestlen, NULL));
237 if (gc->hash) {
238  gcry_sexp_release(gc->hash); gc->hash = NULL;
239 }
240  err = rpmgcErr(gc, "ECDSA gc->hash",
241  gcry_sexp_build(&gc->hash, NULL,
242  "(data (flags raw) (value %m))", c) );
243  gcry_mpi_release(c);
244 if (_pgp_debug < 0) rpmgcDump("gc->hash", gc->hash);
245  }
246 
247  /* Compare leading 16 bits of digest for quick check. */
248  rc = 0;
249 
250 SPEW(0, !rc, dig);
251  return rc;
252 }
253 
254 static int rpmgcErrChk(pgpDig dig, const char * msg, int rc, unsigned expected)
255 {
256 rpmgc gc = (rpmgc) dig->impl;
257  /* Was the return code the expected result? */
258  rc = (gcry_err_code(gc->err) != expected);
259  if (rc)
260  fail("%s failed: %s\n", msg, gpg_strerror(gc->err));
261 /* XXX FIXME: pgpImplStrerror */
262  return rc; /* XXX 0 on success */
263 }
264 
265 static int rpmgcAvailable(rpmgc gc, int algo, int rc)
266 {
267  /* Permit non-certified algo's if not in FIPS mode. */
268  if (rc && !gc->in_fips_mode)
269  rc = 0;
270 #ifdef NOTNOW
271  if (rc)
272  rpmlog(RPMLOG_INFO," algorithm %d not available in fips mode\n", algo);
273 #else
274 /* XXX FIXME: refactor back into trsa.c */
275  if (rc)
276  fprintf(stderr," algorithm %d not available in fips mode\n", algo);
277 #endif
278  return rc; /* XXX 0 on success */
279 }
280 
281 static int rpmgcAvailableCipher(pgpDig dig, int algo)
282 {
283  rpmgc gc = (rpmgc) dig->impl;
284  return rpmgcAvailable(gc, algo, gcry_cipher_test_algo(algo));
285 }
286 
287 static int rpmgcAvailableDigest(pgpDig dig, int algo)
288 {
289  rpmgc gc = (rpmgc) dig->impl;
290  int rc = 0; /* assume available */
291  rc = rpmgcAvailable(gc, algo,
292  (gcry_md_test_algo(algo) || algo == PGPHASHALGO_MD5));
293  return rc;
294 }
295 
296 static int rpmgcAvailablePubkey(pgpDig dig, int algo)
297 {
298  rpmgc gc = (rpmgc) dig->impl;
299  int rc = 0; /* assume available */
300  rc = rpmgcAvailable(gc, algo, gcry_pk_test_algo(algo));
301  return rc;
302 }
303 
304 static
305 int rpmgcVerify(pgpDig dig)
306 {
307  rpmgc gc = (rpmgc) dig->impl;
308  int rc;
309 pgpDigParams pubp = pgpGetPubkey(dig);
310 pgpDigParams sigp = pgpGetSignature(dig);
311 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
312 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
313 
314  if (gc->sig == NULL) {
315  pgpDigParams pubp = pgpGetPubkey(dig);
316  switch (pubp->pubkey_algo) {
317  case PGPPUBKEYALGO_RSA:
318 assert(gc->c);
319  gc->err = rpmgcErr(gc, "RSA gc->sig",
320  gcry_sexp_build(&gc->sig, NULL,
321  "(sig-val (RSA (s %m)))", gc->c) );
322  break;
323  case PGPPUBKEYALGO_DSA:
324  case PGPPUBKEYALGO_ELGAMAL: /* XXX FIXME: untested. */
325 assert(gc->r);
326 assert(gc->s);
327  gc->err = rpmgcErr(gc, "DSA gc->sig",
328  gcry_sexp_build(&gc->sig, NULL,
329  "(sig-val (DSA (r %m) (s %m)))", gc->r, gc->s) );
330  break;
331  case PGPPUBKEYALGO_ECDSA: /* XXX FIXME */
332  default:
333 assert(0);
334  break;
335  }
336 if (_pgp_debug < 0)
337 rpmgcDump("gc->sig", gc->sig);
338  }
339 
340  if (gc->pub_key == NULL) {
341  pgpDigParams pubp = pgpGetPubkey(dig);
342  switch (pubp->pubkey_algo) {
343  case PGPPUBKEYALGO_RSA:
344 assert(gc->n);
345 assert(gc->e);
346  gc->err = rpmgcErr(gc, "RSA gc->pub_key",
347  gcry_sexp_build(&gc->pub_key, NULL,
348  "(public-key (RSA (n %m) (e %m)))", gc->n, gc->e) );
349  break;
350  case PGPPUBKEYALGO_DSA:
351 assert(gc->p);
352 assert(gc->q);
353 assert(gc->g);
354 assert(gc->y);
355  gc->err = rpmgcErr(gc, "DSA gc->pub_key",
356  gcry_sexp_build(&gc->pub_key, NULL,
357  "(public-key (DSA (p %m) (q %m) (g %m) (y %m)))",
358  gc->p, gc->q, gc->g, gc->y) );
359  break;
360  case PGPPUBKEYALGO_ELGAMAL: /* XXX FIXME: untested. */
361 assert(gc->p);
362 assert(gc->g);
363 assert(gc->y);
364  gc->err = rpmgcErr(gc, "ELG gc->pub_key",
365  gcry_sexp_build(&gc->pub_key, NULL,
366  "(public-key (ELG (p %m) (g %m) (y %m)))",
367  gc->p, gc->g, gc->y) );
368  break;
369  case PGPPUBKEYALGO_ECDSA:
370  default:
371 assert(0);
372  break;
373  }
374 if (_pgp_debug < 0)
375 rpmgcDump("gc->pub_key", gc->pub_key);
376  }
377 
378  /* Verify the signature. */
379  gc->err = rpmgcErr(gc, "gcry_pk_verify",
380  gcry_pk_verify (gc->sig, gc->hash, gc->pub_key));
381 
382  rc = (gc->err == 0);
383 
384 SPEW(0, rc, dig);
385  return rc; /* XXX 1 on success */
386 }
387 
388 static
389 int rpmgcSign(pgpDig dig)
390 {
391  rpmgc gc = (rpmgc) dig->impl;
392  int rc;
393 pgpDigParams pubp = pgpGetPubkey(dig);
394 pgpDigParams sigp = pgpGetSignature(dig);
395 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
396 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
397 
398  /* Sign the hash. */
399  gc->err = rpmgcErr(gc, "gcry_pk_sign",
400  gcry_pk_sign (&gc->sig, gc->hash, gc->sec_key));
401 
402 if (_pgp_debug < 0 && gc->sig) rpmgcDump("gc->sig", gc->sig);
403 
404  rc = (gc->err == 0);
405 
406 SPEW(!rc, rc, dig);
407  return rc; /* XXX 1 on success */
408 }
409 
410 static
411 int rpmgcGenerate(pgpDig dig)
412  /*@*/
413 {
414  rpmgc gc = (rpmgc) dig->impl;
415  int rc;
416 pgpDigParams pubp = pgpGetPubkey(dig);
417 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
418 
419 /* XXX FIXME: gc->{key_spec,key_pair} could be local. */
420 /* XXX FIXME: gc->qbits w DSA? curve w ECDSA? other params? */
421  switch (pubp->pubkey_algo) {
422  case PGPPUBKEYALGO_RSA:
423 if (gc->nbits == 0) gc->nbits = 1024; /* XXX FIXME */
424  gc->err = rpmgcErr(gc, "gc->key_spec",
425  gcry_sexp_build(&gc->key_spec, NULL,
426  gc->in_fips_mode
427  ? "(genkey (RSA (nbits %d)))"
428  : "(genkey (RSA (nbits %d)(transient-key)))",
429  gc->nbits));
430  break;
431  case PGPPUBKEYALGO_DSA:
432 if (gc->nbits == 0) gc->nbits = 1024; /* XXX FIXME */
433  gc->err = rpmgcErr(gc, "gc->key_spec",
434  gcry_sexp_build(&gc->key_spec, NULL,
435  gc->in_fips_mode
436  ? "(genkey (DSA (nbits %d)))"
437  : "(genkey (DSA (nbits %d)(transient-key)))",
438  gc->nbits));
439  break;
440  case PGPPUBKEYALGO_ELGAMAL: /* XXX FIXME: untested. */
441 if (gc->nbits == 0) gc->nbits = 1024; /* XXX FIXME */
442  gc->err = rpmgcErr(gc, "gc->key_spec",
443  gcry_sexp_build(&gc->key_spec, NULL,
444  gc->in_fips_mode
445  ? "(genkey (ELG (nbits %d)))"
446  : "(genkey (ELG (nbits %d)(transient-key)))",
447  gc->nbits));
448  break;
449  case PGPPUBKEYALGO_ECDSA:
450 if (gc->nbits == 0) gc->nbits = 256; /* XXX FIXME */
451 #ifdef DYING
452  gc->err = rpmgcErr(gc, "gc->key_spec",
453  gcry_sexp_build(&gc->key_spec, NULL,
454  gc->in_fips_mode
455  ? "(genkey (ECDSA (nbits %d)))"
456  : "(genkey (ECDSA (nbits %d)(transient-key)))",
457  gc->nbits));
458 #else
459  gc->err = rpmgcErr(gc, "gc->key_spec",
460  gcry_sexp_build(&gc->key_spec, NULL,
461  gc->in_fips_mode
462  ? "(genkey (ECDSA (curve prime256v1)))"
463  : "(genkey (ECDSA (curve prime256v1)(transient-key)))",
464  gc->nbits));
465 #endif
466  break;
467  default:
468 assert(0);
469  break;
470  }
471  if (gc->err)
472  goto exit;
473 if ((_rpmgc_debug || _pgp_debug < 0) && gc->key_spec) rpmgcDump("gc->key_spec", gc->key_spec);
474 
475  /* Generate the key pair. */
476  gc->err = rpmgcErr(gc, "gc->key_pair",
477  gcry_pk_genkey(&gc->key_pair, gc->key_spec));
478  if (gc->err)
479  goto exit;
480 if ((_rpmgc_debug || _pgp_debug < 0) && gc->key_pair) rpmgcDump("gc->key_pair", gc->key_pair);
481 
482  gc->pub_key = gcry_sexp_find_token(gc->key_pair, "public-key", 0);
483  if (gc->pub_key == NULL)
484 /* XXX FIXME: refactor errmsg here. */
485  goto exit;
486 if ((_rpmgc_debug || _pgp_debug < 0) && gc->pub_key) rpmgcDump("gc->pub_key", gc->pub_key);
487 
488  gc->sec_key = gcry_sexp_find_token(gc->key_pair, "private-key", 0);
489  if (gc->sec_key == NULL)
490 /* XXX FIXME: refactor errmsg here. */
491  goto exit;
492 if ((_rpmgc_debug || _pgp_debug < 0) && gc->sec_key) rpmgcDump("gc->sec_key", gc->sec_key);
493 
494 exit:
495 
496  rc = (gc->err == 0 && gc->pub_key && gc->sec_key);
497 
498 #ifdef NOTYET
499 if (gc->key_spec) {
500  gcry_sexp_release(gc->key_spec);
501  gc->key_spec = NULL;
502 }
503 if (gc->key_pair) {
504  gcry_sexp_release(gc->key_pair);
505  gc->key_pair = NULL;
506 }
507 #endif
508 
509 SPEW(!rc, rc, dig);
510  return rc; /* XXX 1 on success */
511 }
512 
513 /*@-globuse -mustmod @*/
514 static
515 int rpmgcMpiItem(/*@unused@*/ const char * pre, pgpDig dig, int itemno,
516  const rpmuint8_t * p,
517  /*@unused@*/ /*@null@*/ const rpmuint8_t * pend)
518  /*@globals fileSystem @*/
519  /*@modifies dig, fileSystem @*/
520 {
521  rpmgc gc = (rpmgc) dig->impl;
522  size_t nb = pgpMpiLen(p);
523  const char * mpiname = "";
524  gcry_mpi_t * mpip = NULL;
525  size_t nscan = 0;
526  int rc = 0;
527 
528  switch (itemno) {
529  default:
530 assert(0);
531  case 50: /* ECDSA r */
532  case 51: /* ECDSA s */
533  case 60: /* ECDSA curve OID */
534  case 61: /* ECDSA Q */
535  break;
536  case 10: /* RSA m**d */
537  mpiname = "RSA m**d"; mpip = &gc->c;
538  break;
539  case 20: /* DSA r */
540  mpiname = "DSA r"; mpip = &gc->r;
541  break;
542  case 21: /* DSA s */
543  mpiname = "DSA s"; mpip = &gc->s;
544  break;
545  case 30: /* RSA n */
546  mpiname = "RSA n"; mpip = &gc->n;
547  break;
548  case 31: /* RSA e */
549  mpiname = "RSA e"; mpip = &gc->e;
550  break;
551  case 40: /* DSA p */
552  mpiname = "DSA p"; mpip = &gc->p;
553  break;
554  case 41: /* DSA q */
555  mpiname = "DSA q"; mpip = &gc->q;
556  break;
557  case 42: /* DSA g */
558  mpiname = "DSA g"; mpip = &gc->g;
559  break;
560  case 43: /* DSA y */
561  mpiname = "DSA y"; mpip = &gc->y;
562  break;
563  }
564 
565 /*@-moduncon -noeffectuncon @*/
566  gc->err = rpmgcErr(gc, mpiname,
567  gcry_mpi_scan(mpip, GCRYMPI_FMT_PGP, p, nb, &nscan) );
568 /*@=moduncon =noeffectuncon @*/
569 assert(nb == nscan);
570 
571  if (_pgp_debug < 0)
572  { unsigned nbits = gcry_mpi_get_nbits(*mpip);
573  unsigned char * hex = NULL;
574  size_t nhex = 0;
575  gc->err = rpmgcErr(gc, "MPI print",
576  gcry_mpi_aprint(GCRYMPI_FMT_HEX, &hex, &nhex, *mpip) );
577  fprintf(stderr, "*** %s\t%5d:%s\n", mpiname, (int)nbits, hex);
578  hex = _free(hex);
579  }
580 
581  return rc;
582 }
583 /*@=globuse =mustmod @*/
584 
585 /*@-mustmod@*/
586 static
587 void rpmgcClean(void * impl)
588  /*@modifies impl @*/
589 {
590  rpmgc gc = (rpmgc) impl;
591 /*@-moduncon -noeffectuncon @*/
592  if (gc != NULL) {
593  gc->nbits = 0;
594  gc->err = 0;
595  gc->badok = 0;
596  gc->digest = _free(gc->digest);
597  gc->digestlen = 0;
598 
599  if (gc->key_spec) {
600  gcry_sexp_release(gc->key_spec);
601  gc->key_spec = NULL;
602  }
603  if (gc->key_pair) {
604  gcry_sexp_release(gc->key_pair);
605  gc->key_pair = NULL;
606  }
607  if (gc->pub_key) {
608  gcry_sexp_release(gc->pub_key);
609  gc->pub_key = NULL;
610  }
611  if (gc->sec_key) {
612  gcry_sexp_release(gc->sec_key);
613  gc->sec_key = NULL;
614  }
615  if (gc->hash) {
616  gcry_sexp_release(gc->hash);
617  gc->hash = NULL;
618  }
619  if (gc->sig) {
620  gcry_sexp_release(gc->sig);
621  gc->sig = NULL;
622  }
623 
624  if (gc->c) {
625  gcry_mpi_release(gc->c);
626  gc->c = NULL;
627  }
628  if (gc->p) {
629  gcry_mpi_release(gc->p);
630  gc->p = NULL;
631  }
632  if (gc->q) {
633  gcry_mpi_release(gc->q);
634  gc->q = NULL;
635  }
636  if (gc->g) {
637  gcry_mpi_release(gc->g);
638  gc->g = NULL;
639  }
640  if (gc->y) {
641  gcry_mpi_release(gc->y);
642  gc->y = NULL;
643  }
644 
645  if (gc->r) {
646  gcry_mpi_release(gc->r);
647  gc->r = NULL;
648  }
649  if (gc->s) {
650  gcry_mpi_release(gc->s);
651  gc->s = NULL;
652  }
653  if (gc->n) {
654  gcry_mpi_release(gc->n);
655  gc->n = NULL;
656  }
657  if (gc->e) {
658  gcry_mpi_release(gc->e);
659  gc->e = NULL;
660  }
661 
662  }
663 /*@=moduncon =noeffectuncon @*/
664 }
665 /*@=mustmod@*/
666 
667 /*@unchecked@*/
668 static int rpmgc_initialized;
669 
670 static /*@null@*/
671 void * rpmgcFree(/*@only@*/ void * impl)
672  /*@globals rpmgc_initialized @*/
673  /*@modifies impl, rpmgc_initialized @*/
674 {
675 
676  rpmgcClean(impl);
677 
678  if (--rpmgc_initialized == 0 && _pgp_debug < 0) {
679  rpmgc gc = (rpmgc) impl;
680  gc->err = rpmgcErr(gc, "CLEAR_DEBUG_FLAGS",
681  gcry_control(GCRYCTL_CLEAR_DEBUG_FLAGS, 3));
682  gc->err = rpmgcErr(gc, "SET_VERBOSITY",
683  gcry_control(GCRYCTL_SET_VERBOSITY, 0) );
684  }
685 
686  impl = _free(impl);
687 
688  return NULL;
689 }
690 
691 static
692 void * rpmgcInit(void)
693  /*@globals rpmgc_initialized @*/
694  /*@modifies rpmgc_initialized @*/
695 {
696  rpmgc gc = (rpmgc) xcalloc(1, sizeof(*gc));
697 
698  if (rpmgc_initialized++ == 0 && _pgp_debug < 0) {
699  gc->err = rpmgcErr(gc, "SET_VERBOSITY",
700  gcry_control(GCRYCTL_SET_VERBOSITY, 3) );
701  gc->err = rpmgcErr(gc, "SET_DEBUG_FLAGS",
702  gcry_control(GCRYCTL_SET_DEBUG_FLAGS, 3) );
703  }
704 
705  return (void *) gc;
706 }
707 
708 struct pgpImplVecs_s rpmgcImplVecs = {
709  rpmgcSetRSA,
710  rpmgcSetDSA,
711  rpmgcSetELG,
712  rpmgcSetECDSA,
713 
714  rpmgcErrChk,
715  rpmgcAvailableCipher, rpmgcAvailableDigest, rpmgcAvailablePubkey,
716  rpmgcVerify, rpmgcSign, rpmgcGenerate,
717 
718  rpmgcMpiItem, rpmgcClean,
719  rpmgcFree, rpmgcInit
720 };
721 
722 #endif
723 
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
Definition: rpmpgp.c:1232
static const char * pgpValStr(pgpValTbl vs, rpmuint8_t val)
Return string representation of am OpenPGP value.
Definition: rpmpgp.h:1200
struct rpmgc_s * rpmgc
Definition: rpmgc.h:19
struct pgpDigParams_s * pgpDigParams
Definition: rpmiotypes.h:87
struct pgpValTbl_s pgpHashTbl[]
Hash (string, value) pairs.
Definition: rpmpgp.c:144
static void rpmlog(int code, const char *fmt,...)
Definition: rpmlog.h:299
char * alloca()
void * xcalloc(size_t nmemb, size_t size)
Definition: rpmmalloc.c:301
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
Definition: rpmiotypes.h:23
pgpHashAlgo rpmDigestAlgo(DIGEST_CTX ctx)
Return digest algorithm identifier.
Definition: digest.c:188
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
Definition: rpmpgp.c:1227
int _pgp_error_count
Definition: rpmpgp.c:35
Digest private data.
Definition: digest.c:127
struct pgpDig_s * pgpDig
Definition: rpmiotypes.h:83
struct pgpValTbl_s pgpPubkeyTbl[]
Definition: rpmpgp.c:103
static unsigned int pgpMpiLen(const rpmuint8_t *p)
Return no.
Definition: rpmpgp.h:1128
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Definition: rpmiotypes.h:647
#define SPEW(_t, _rc, _dig)
Definition: rpmbc.c:25
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
Definition: digest.c:921
int _pgp_print
Definition: rpmpgp.c:32
int _pgp_debug
Definition: rpmpgp.c:29