From f79353ea74c3ab255f2f9ee4b117a1fd93bb517a Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Mon, 16 Mar 2009 12:18:01 +0200 Subject: [PATCH] Eliminate unnecessary field from pgpDig_s - key/signature can't be both DSA and RSA at the same time --- lib/signature.c | 4 ++-- rpmio/digest.h | 10 +++------- rpmio/rpmpgp.c | 59 +++++++++++++++++++++++---------------------------------- 3 files changed, 29 insertions(+), 44 deletions(-) diff --git a/lib/signature.c b/lib/signature.c index 5ef5d4a..6db3d5f 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -1177,7 +1177,7 @@ verifyRSASignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, char ** msg, /* Retrieve the matching public key and verify. */ res = rpmKeyringLookup(keyring, dig); if (res == RPMRC_OK) { - res = verifyPGPSig(sigp, dig->rsa, dig->rsasig, sigalg, md5ctx); + res = verifyPGPSig(sigp, dig->keydata, dig->sigdata, sigalg, md5ctx); } exit: @@ -1228,7 +1228,7 @@ verifyDSASignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, char ** msg, if (res == RPMRC_OK) { /* XXX TODO: handle other algorithm types too */ SECOidTag sigalg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - res = verifyPGPSig(sigp, dig->dsa, dig->dsasig, sigalg, sha1ctx); + res = verifyPGPSig(sigp, dig->keydata, dig->sigdata, sigalg, sha1ctx); } exit: diff --git a/rpmio/digest.h b/rpmio/digest.h index e68ad96..9870632 100644 --- a/rpmio/digest.h +++ b/rpmio/digest.h @@ -50,13 +50,9 @@ struct pgpDig_s { DIGEST_CTX md5ctx; /*!< (rsa) md5 hash context. */ DIGEST_CTX hdrmd5ctx; /*!< (rsa) header md5 hash context. */ - /* DSA parameters */ - SECKEYPublicKey *dsa; - SECItem *dsasig; - - /* RSA parameters */ - SECKEYPublicKey *rsa; - SECItem *rsasig; + /* DSA/RSA parameters */ + SECKEYPublicKey *keydata; + SECItem *sigdata; }; #endif /* _RPMDIGEST_H */ diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index 8fba347..5cd738e 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -591,8 +591,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, { switch (i) { case 0: /* m**d */ - _dig->rsasig = pgpMpiItem(NULL, _dig->rsasig, p); - if (_dig->rsasig == NULL) + _dig->sigdata = pgpMpiItem(NULL, _dig->sigdata, p); + if (_dig->sigdata == NULL) return 1; break; default: @@ -615,13 +615,13 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, break; case 1: /* s */ xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data + DSA_SUBPRIME_LEN, p, pend); - if (_dig->dsasig != NULL) - SECITEM_FreeItem(_dig->dsasig, PR_FALSE); - else if ((_dig->dsasig=SECITEM_AllocItem(NULL, NULL, 0)) == NULL) { + if (_dig->sigdata != NULL) + SECITEM_FreeItem(_dig->sigdata, PR_FALSE); + else if ((_dig->sigdata=SECITEM_AllocItem(NULL, NULL, 0)) == NULL) { xx = 1; break; } - if (DSAU_EncodeDerSig(_dig->dsasig, &dsaraw) != SECSuccess) + if (DSAU_EncodeDerSig(_dig->sigdata, &dsaraw) != SECSuccess) xx = 1; break; default: @@ -821,17 +821,17 @@ static const uint8_t * pgpPrtPubkeyParams(uint8_t pubkey_algo, if (pubkey_algo == PGPPUBKEYALGO_RSA) { if (i >= 2) break; if (_dig) { - if (_dig->rsa == NULL) { - _dig->rsa = pgpNewRSAKey(); - if (_dig->rsa == NULL) + if (_dig->keydata == NULL) { + _dig->keydata = pgpNewRSAKey(); + if (_dig->keydata == NULL) break; /* error abort? */ } switch (i) { case 0: /* n */ - pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.modulus, p); + pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.rsa.modulus, p); break; case 1: /* e */ - pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.publicExponent, p); + pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.rsa.publicExponent, p); break; default: break; @@ -841,23 +841,23 @@ static const uint8_t * pgpPrtPubkeyParams(uint8_t pubkey_algo, } else if (pubkey_algo == PGPPUBKEYALGO_DSA) { if (i >= 4) break; if (_dig) { - if (_dig->dsa == NULL) { - _dig->dsa = pgpNewDSAKey(); - if (_dig->dsa == NULL) + if (_dig->keydata == NULL) { + _dig->keydata = pgpNewDSAKey(); + if (_dig->keydata == NULL) break; /* error abort? */ } switch (i) { case 0: /* p */ - pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.prime, p); + pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.params.prime, p); break; case 1: /* q */ - pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.subPrime, p); + pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.params.subPrime, p); break; case 2: /* g */ - pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.base, p); + pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.params.base, p); break; case 3: /* y */ - pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.publicValue, p); + pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.publicValue, p); break; default: break; @@ -1243,26 +1243,15 @@ void pgpCleanDig(pgpDig dig) memset(&dig->signature, 0, sizeof(dig->signature)); memset(&dig->pubkey, 0, sizeof(dig->pubkey)); - if (dig->dsa != NULL) { - SECKEY_DestroyPublicKey(dig->dsa); - dig->dsa = NULL; + if (dig->keydata != NULL) { + SECKEY_DestroyPublicKey(dig->keydata); + dig->keydata = NULL; } - if (dig->dsasig != NULL) { - SECITEM_ZfreeItem(dig->dsasig, PR_TRUE); - dig->dsasig = NULL; + if (dig->sigdata != NULL) { + SECITEM_ZfreeItem(dig->sigdata, PR_TRUE); + dig->sigdata = NULL; } - - if (dig->rsa != NULL) { - SECKEY_DestroyPublicKey(dig->rsa); - dig->rsa = NULL; - } - - if (dig->rsasig != NULL) { - SECITEM_ZfreeItem(dig->rsasig, PR_TRUE); - dig->rsasig = NULL; - } - } return; } -- 2.7.4