From 38b401a98986b8f627a9b0b9c3ca94b403e962b0 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 25 Jun 2008 11:17:17 +0300
Subject: [PATCH] Detach pgp digest from transaction set - pass the pgp
 container around as argument as needed - eliminate the related API from rpmts

---
 lib/package.c        | 27 +++++++++++++--------------
 lib/rpmchecksig.c    | 10 +++++-----
 lib/rpmlib.h         |  7 +++----
 lib/rpmts.c          | 39 +++------------------------------------
 lib/rpmts.h          | 30 ++----------------------------
 lib/rpmts_internal.h |  2 --
 lib/signature.c      |  7 +++----
 7 files changed, 29 insertions(+), 93 deletions(-)

diff --git a/lib/package.c b/lib/package.c
index 81c7676..203a02f 100644
--- a/lib/package.c
+++ b/lib/package.c
@@ -165,10 +165,9 @@ Header headerRegenSigHeader(const Header h, int noArchiveSize)
  * @param ts		transaction set
  * @return		0 if new keyid, otherwise 1
  */
-static int rpmtsStashKeyid(rpmts ts)
+static int rpmtsStashKeyid(rpmts ts, pgpDig dig)
 {
-    pgpDig dig = rpmtsDig(ts);
-    pgpDigParams sigp = rpmtsSignature(ts);
+    pgpDigParams sigp = dig ? &dig->signature : NULL;
     unsigned int keyid;
     int i;
 
@@ -212,7 +211,7 @@ static int rpmtsStashKeyid(rpmts ts)
  */
 rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg)
 {
-    pgpDig dig;
+    pgpDig dig = NULL;
     char *buf = NULL;
     int32_t * ei = (int32_t *) uh;
     int32_t il = ntohl(ei[0]);
@@ -392,7 +391,7 @@ verifyinfo_exit:
     }
 
     /* Verify header-only digest/signature. */
-    dig = rpmtsDig(ts);
+    dig = pgpNewDig();
     if (dig == NULL)
 	goto verifyinfo_exit;
     dig->nbytes = 0;
@@ -411,7 +410,7 @@ verifyinfo_exit:
 	    rpmlog(RPMLOG_ERR,
 		_("skipping header with unverifiable V%u signature\n"),
 		dig->signature.version);
-	    rpmtsCleanDig(ts);
+	    pgpFreeDig(dig);
 	    rc = RPMRC_FAIL;
 	    goto exit;
 	}
@@ -452,7 +451,7 @@ verifyinfo_exit:
 	    rpmlog(RPMLOG_ERR,
 		_("skipping header with unverifiable V%u signature\n"),
 		dig->signature.version);
-	    rpmtsCleanDig(ts);
+	    pgpFreeDig(dig);
 	    rc = RPMRC_FAIL;
 	    goto exit;
 	}
@@ -491,7 +490,7 @@ verifyinfo_exit:
 	break;
     }
 
-    rc = rpmVerifySignature(ts, &sigtd, &buf);
+    rc = rpmVerifySignature(ts, &sigtd, dig, &buf);
 
     if (msg) 
 	*msg = buf;
@@ -501,7 +500,7 @@ verifyinfo_exit:
     /* XXX headerCheck can recurse, free info only at top level. */
     if (hclvl == 1) {
 	rpmtdFreeData(&sigtd);
-	rpmtsCleanDig(ts);
+	pgpFreeDig(dig);
     }
     hclvl--;
     return rc;
@@ -588,7 +587,7 @@ exit:
 
 rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
 {
-    pgpDig dig;
+    pgpDig dig = NULL;
     char buf[8*BUFSIZ];
     ssize_t count;
     rpmlead l = NULL;
@@ -709,7 +708,7 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
 	goto exit;
     }
 
-    dig = rpmtsDig(ts);
+    dig = pgpNewDig();
     if (dig == NULL) {
 	rc = RPMRC_FAIL;
 	goto exit;
@@ -817,7 +816,7 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
 
 /** @todo Implement disable/enable/warn/error/anal policy. */
 
-    rc = rpmVerifySignature(ts, &sigtd, &msg);
+    rc = rpmVerifySignature(ts, &sigtd, dig, &msg);
     switch (rc) {
     case RPMRC_OK:		/* Signature is OK. */
 	rpmlog(RPMLOG_DEBUG, "%s: %s", fn, msg);
@@ -825,7 +824,7 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
     case RPMRC_NOTTRUSTED:	/* Signature is OK, but key is not trusted. */
     case RPMRC_NOKEY:		/* Public key is unavailable. */
 	/* XXX Print NOKEY/NOTTRUSTED warning only once. */
-    {	int lvl = (rpmtsStashKeyid(ts) ? RPMLOG_DEBUG : RPMLOG_WARNING);
+    {	int lvl = (rpmtsStashKeyid(ts, dig) ? RPMLOG_DEBUG : RPMLOG_WARNING);
 	rpmlog(lvl, "%s: %s", fn, msg);
     }	break;
     case RPMRC_NOTFOUND:	/* Signature is unknown type. */
@@ -856,7 +855,7 @@ exit:
 	*hdrp = headerLink(h);
     }
     h = headerFree(h);
-    rpmtsCleanDig(ts);
+    pgpFreeDig(dig);
     sigh = rpmFreeSignature(sigh);
     return rc;
 }
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index 74a629c..ff0378b 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -557,7 +557,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
     char * missingKeys, *untrustedKeys;
     struct rpmtd_s sigtd;
     rpmTag sigtag;
-    pgpDig dig;
+    pgpDig dig = NULL;
     pgpDigParams sigp;
     Header sigh = NULL;
     HeaderIterator hi;
@@ -624,8 +624,8 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
 		sigtag = RPMSIGTAG_SHA1;	/* XXX never happens */
 	}
 
-	dig = rpmtsDig(ts);
-	sigp = rpmtsSignature(ts);
+	dig = pgpNewDig();
+	sigp = &dig->signature;
 
 	/* XXX RSA needs the hash_algo, so decode early. */
 	if (sigtag == RPMSIGTAG_RSA || sigtag == RPMSIGTAG_PGP) {
@@ -712,7 +712,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
 		break;
 	    }
 
-	    sigres = rpmVerifySignature(ts, &sigtd, &result);
+	    sigres = rpmVerifySignature(ts, &sigtd, dig, &result);
 	    if (sigres != RPMRC_OK) {
 		failed = 1;
 	    }
@@ -781,7 +781,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
 
 exit:
     sigh = rpmFreeSignature(sigh);
-    rpmtsCleanDig(ts);
+    pgpFreeDig(dig);
     return res;
 }
 
diff --git a/lib/rpmlib.h b/lib/rpmlib.h
index b76f86a..52d8d34 100644
--- a/lib/rpmlib.h
+++ b/lib/rpmlib.h
@@ -14,6 +14,7 @@
 #include <rpm/header.h>
 #include <rpm/rpmtag.h>
 #include <rpm/rpmds.h>	/* XXX move rpmlib provides to rpmds instead */
+#include <rpm/rpmpgp.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -232,16 +233,14 @@ int rpmGetFilesystemUsage(const char ** fileList, rpm_loff_t * fssizes,
 /** \ingroup signature
  * Verify a signature from a package.
  *
- * This needs the following variables from the transaction set:
- *	- ts->dig	signature/pubkey parameters (malloc'd workspace)
- *
  * @param ts		transaction set
  * @param sigtd		signature tag data container
+ * @param dig		signature/pubkey parameters
  * @retval result	detailed text result of signature verification
  * 			(malloc'd)
  * @return		result of signature verification
  */
-rpmRC rpmVerifySignature(const rpmts ts, rpmtd sigtd, char ** result);
+rpmRC rpmVerifySignature(const rpmts ts, rpmtd sigtd, pgpDig dig, char ** result);
 
 /** \ingroup signature
  * Destroy signature header from package.
diff --git a/lib/rpmts.c b/lib/rpmts.c
index 2d22312..ea15c17 100644
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -263,11 +263,10 @@ exit:
     return mi;
 }
 
-rpmRC rpmtsFindPubkey(rpmts ts)
+rpmRC rpmtsFindPubkey(rpmts ts, pgpDig dig)
 {
-    pgpDig dig = rpmtsDig(ts);
-    pgpDigParams sigp = rpmtsSignature(ts);
-    pgpDigParams pubp = rpmtsPubkey(ts);
+    pgpDigParams sigp = dig ? &dig->signature : NULL;
+    pgpDigParams pubp = dig ? &dig->pubkey : NULL;
     rpmRC res = RPMRC_NOKEY;
     char * pubkeysource = NULL;
     int xx;
@@ -754,11 +753,6 @@ void rpmtsCleanProblems(rpmts ts)
     }
 }
 
-void rpmtsCleanDig(rpmts ts)
-{
-    ts->dig = pgpFreeDig(ts->dig);
-}
-
 void rpmtsClean(rpmts ts)
 {
     rpmtsi pi; rpmte p;
@@ -785,8 +779,6 @@ void rpmtsClean(rpmts ts)
     ts->nsuggests = 0;
 
     rpmtsCleanProblems(ts);
-
-    rpmtsCleanDig(ts);
 }
 
 void rpmtsEmpty(rpmts ts)
@@ -1040,30 +1032,6 @@ rpm_tid_t rpmtsSetTid(rpmts ts, rpm_tid_t tid)
     return otid;
 }
 
-pgpDig rpmtsDig(rpmts ts)
-{
-/* FIX: hide lazy malloc for now */
-    if (ts->dig == NULL)
-	ts->dig = pgpNewDig();
-    if (ts->dig == NULL)
-	return NULL;
-    return ts->dig;
-}
-
-pgpDigParams rpmtsSignature(const rpmts ts)
-{
-    pgpDig dig = rpmtsDig(ts);
-    if (dig == NULL) return NULL;
-    return &dig->signature;
-}
-
-pgpDigParams rpmtsPubkey(const rpmts ts)
-{
-    pgpDig dig = rpmtsDig(ts);
-    if (dig == NULL) return NULL;
-    return &dig->pubkey;
-}
-
 rpmdb rpmtsGetRdb(rpmts ts)
 {
     rpmdb rdb = NULL;
@@ -1440,7 +1408,6 @@ rpmts rpmtsCreate(void)
     ts->pkpkt = NULL;
     ts->pkpktlen = 0;
     memset(ts->pksignid, 0, sizeof(ts->pksignid));
-    ts->dig = NULL;
 
     ts->nrefs = 0;
 
diff --git a/lib/rpmts.h b/lib/rpmts.h
index 9d2f943..8b76684 100644
--- a/lib/rpmts.h
+++ b/lib/rpmts.h
@@ -279,9 +279,10 @@ rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, rpmTag rpmtag,
 /** \ingroup rpmts
  * Retrieve pubkey from rpm database.
  * @param ts		rpm transaction
+ * @param dig		OpenPGP packet container
  * @return		RPMRC_OK on success, RPMRC_NOKEY if not found
  */
-rpmRC rpmtsFindPubkey(rpmts ts);
+rpmRC rpmtsFindPubkey(rpmts ts, pgpDig dig);
 
 /** \ingroup rpmts
  * Import public key packet(s).
@@ -360,12 +361,6 @@ rpmps rpmtsProblems(rpmts ts);
 void rpmtsCleanProblems(rpmts ts);
 
 /** \ingroup rpmts
- * Free signature verification data.
- * @param ts		transaction set
- */
-void rpmtsCleanDig(rpmts ts);
-
-/** \ingroup rpmts
  * Free memory needed only for dependency checks and ordering.
  * @param ts		transaction set
  */
@@ -488,27 +483,6 @@ rpm_tid_t rpmtsGetTid(rpmts ts);
 rpm_tid_t rpmtsSetTid(rpmts ts, rpm_tid_t tid);
 
 /** \ingroup rpmts
- * Get OpenPGP packet parameters, i.e. signature/pubkey constants.
- * @param ts		transaction set
- * @return		signature/pubkey constants.
- */
-pgpDig rpmtsDig(rpmts ts);
-
-/** \ingroup rpmts
- * Get OpenPGP signature constants.
- * @param ts		transaction set
- * @return		signature constants.
- */
-pgpDigParams rpmtsSignature(const rpmts ts);
-
-/** \ingroup rpmts
- * Get OpenPGP pubkey constants.
- * @param ts		transaction set
- * @return		pubkey constants.
- */
-pgpDigParams rpmtsPubkey(const rpmts ts);
-
-/** \ingroup rpmts
  * Get transaction set database handle.
  * @param ts		transaction set
  * @return		transaction database handle
diff --git a/lib/rpmts_internal.h b/lib/rpmts_internal.h
index 505e5f6..aa5d984 100644
--- a/lib/rpmts_internal.h
+++ b/lib/rpmts_internal.h
@@ -101,8 +101,6 @@ struct rpmts_s {
 
     struct rpmop_s ops[RPMTS_OP_MAX];
 
-    pgpDig dig;			/*!< Current signature/pubkey parameters. */
-
     rpmSpec spec;		/*!< Spec file control structure. */
 
     int nrefs;			/*!< Reference count. */
diff --git a/lib/signature.c b/lib/signature.c
index 4991970..c50c02b 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -1234,7 +1234,7 @@ verifyRSASignature(rpmts ts, rpmtd sigtd, pgpDig dig, char ** msg,
     }
 
     /* Retrieve the matching public key. */
-    res = rpmtsFindPubkey(ts);
+    res = rpmtsFindPubkey(ts, dig);
     if (res != RPMRC_OK)
 	goto exit;
 
@@ -1328,7 +1328,7 @@ verifyDSASignature(rpmts ts, rpmtd sigtd, pgpDig dig, char ** msg,
     }
 
     /* Retrieve the matching public key. */
-    res = rpmtsFindPubkey(ts);
+    res = rpmtsFindPubkey(ts, dig);
     if (res != RPMRC_OK)
 	goto exit;
 
@@ -1354,9 +1354,8 @@ exit:
 }
 
 rpmRC
-rpmVerifySignature(const rpmts ts, rpmtd sigtd, char ** result)
+rpmVerifySignature(const rpmts ts, rpmtd sigtd, pgpDig dig, char ** result)
 {
-    pgpDig dig = rpmtsDig(ts);
     rpmRC res;
     
     assert(result != NULL);
-- 
2.7.4