emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libxbps: ABI/API break due to hash function changes

Browse Source
This commit is contained in:
Duncan Overbruck
2020-02-10 01:54:52 +01:00
parent aa4d726dca
commit 0d90534236
18 changed files with 141 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
bin/xbps-rindex/index-add.c
View File

@@ -252,7 +252,8 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
*/
for (int i = args; i < argmax; i++) {
const char *arch = NULL, *pkg = argv[i];
char *sha256 = NULL, *pkgver = NULL;
char *pkgver = NULL;
char sha256[XBPS_SHA256_SIZE];
char pkgname[XBPS_NAME_SIZE];
assert(pkg);
@@ -331,7 +332,7 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
* - filename-size
* - filename-sha256
*/
if ((sha256 = xbps_file_hash(pkg)) == NULL) {
if (!xbps_file_sha256(sha256, sizeof sha256, pkg)) {
xbps_object_release(binpkgd);
free(pkgver);
rv = EINVAL;
@@ -339,12 +340,10 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
}
if (!xbps_dictionary_set_cstring(binpkgd, "filename-sha256", sha256)) {
xbps_object_release(binpkgd);
free(sha256);
free(pkgver);
rv = EINVAL;
goto out;
}
free(sha256);
if (stat(pkg, &st) == -1) {
xbps_object_release(binpkgd);
free(pkgver);

2
bin/xbps-rindex/index-clean.c
View File

@@ -77,7 +77,7 @@ idx_cleaner_cb(struct xbps_handle *xhp,
*/
xbps_dictionary_get_cstring_nocopy(obj,
"filename-sha256", &sha256);
if (xbps_file_hash_check(filen, sha256) != 0) {
if (xbps_file_sha256_check(filen, sha256) != 0) {
if (!xbps_pkg_name(pkgname, sizeof(pkgname), pkgver))
goto out;
xbps_dictionary_remove(dest, pkgname);

15
bin/xbps-rindex/sign.c
View File

@@ -97,25 +97,26 @@ static bool
rsa_sign_file(RSA *rsa, const char *file,
unsigned char **sigret, unsigned int *siglen)
{
unsigned char *sha256;
unsigned char digest[XBPS_SHA256_DIGEST_SIZE];
sha256 = xbps_file_hash_raw(file);
if(!sha256)
if (!xbps_file_sha256_raw(digest, sizeof digest, file))
return false;
if ((*sigret = calloc(1, RSA_size(rsa) + 1)) == NULL) {
free(sha256);
return false;
}
if (!RSA_sign(NID_sha1, sha256, SHA256_DIGEST_LENGTH,
/*
* XXX: NID_sha1 is wrong, doesn't make it any weaker
* but the ASN1 is wrong, OpenSSL/LibreSSL doesn't care.
* Other implementations like golang fail because of this.
*/
if (!RSA_sign(NID_sha1, digest, XBPS_SHA256_DIGEST_SIZE,
*sigret, siglen, rsa)) {
free(sha256);
free(*sigret);
return false;
}
free(sha256);
return true;
}