From: Michael Tremer Date: Tue, 17 Oct 2023 16:47:36 +0000 (+0000) Subject: digests: Anchor to the context X-Git-Tag: 0.9.30~1454 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a6d84de0f243107f3195fcb498d4cc21e5eff2f3;p=pakfire.git digests: Anchor to the context Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/archive.c b/src/libpakfire/archive.c index 00ccb8d1f..99cf54414 100644 --- a/src/libpakfire/archive.c +++ b/src/libpakfire/archive.c @@ -110,7 +110,7 @@ static int pakfire_archive_compute_digests(struct pakfire_archive* archive) { rewind(archive->f); // Calculate digest - r = pakfire_digests_compute_from_file(archive->pakfire, &archive->digests, + r = pakfire_digests_compute_from_file(archive->ctx, &archive->digests, PAKFIRE_ARCHIVE_CHECKSUM, archive->f); if (r) ERROR(archive->pakfire, "Could not calculate digest of %s: %m\n", archive->path); @@ -985,8 +985,7 @@ int pakfire_archive_check_digest(struct pakfire_archive* archive, return r; // Compare computed with expected digest - r = pakfire_digests_compare_one(archive->pakfire, &archive->digests, - type, digest, length); + r = pakfire_digests_compare_one(archive->ctx, &archive->digests, type, digest, length); if (r) { const unsigned char* computed_digest = pakfire_digest_get( &archive->digests, type, &computed_length); diff --git a/src/libpakfire/digest.c b/src/libpakfire/digest.c index 8029f916e..0282f051a 100644 --- a/src/libpakfire/digest.c +++ b/src/libpakfire/digest.c @@ -25,6 +25,7 @@ #include #include +#include #include #include #include @@ -224,7 +225,7 @@ void pakfire_digests_reset(struct pakfire_digests* digests, int types) { memset(digests->sha2_256, 0, sizeof(digests->sha2_256)); } -static int pakfire_digests_check_length(struct pakfire* pakfire, +static int pakfire_digests_check_length(struct pakfire_ctx* ctx, const enum pakfire_digest_types type, const size_t length) { const size_t l = pakfire_digest_length(type); @@ -233,53 +234,54 @@ static int pakfire_digests_check_length(struct pakfire* pakfire, return 0; // Otherwise set an error - ERROR(pakfire, "Digest is of an unexpected length\n"); + CTX_ERROR(ctx, "Digest is of an unexpected length\n"); + return -ENOMSG; } -static EVP_MD_CTX* __pakfire_digest_setup(struct pakfire* pakfire, const EVP_MD* md) { - EVP_MD_CTX* ctx = NULL; +static EVP_MD_CTX* __pakfire_digest_setup(struct pakfire_ctx* ctx, const EVP_MD* md) { + EVP_MD_CTX* evp_ctx = NULL; int r; // Setup a new context - ctx = EVP_MD_CTX_new(); - if (!ctx) { - ERROR(pakfire, "Could not initialize OpenSSL context: %s\n", + evp_ctx = EVP_MD_CTX_new(); + if (!evp_ctx) { + CTX_ERROR(ctx, "Could not initialize OpenSSL context: %s\n", ERR_error_string(ERR_get_error(), NULL)); r = 1; goto ERROR; } // Setup digest - r = EVP_DigestInit_ex(ctx, md, NULL); + r = EVP_DigestInit_ex(evp_ctx, md, NULL); if (r != 1) { - ERROR(pakfire, "Could not setup digest: %s\n", + CTX_ERROR(ctx, "Could not setup digest: %s\n", ERR_error_string(ERR_get_error(), NULL)); r = 1; goto ERROR; } - return ctx; + return evp_ctx; ERROR: - if (ctx) - EVP_MD_CTX_free(ctx); + if (evp_ctx) + EVP_MD_CTX_free(evp_ctx); return NULL; } -static int __pakfire_digest_update(struct pakfire* pakfire, EVP_MD_CTX* ctx, +static int __pakfire_digest_update(struct pakfire_ctx* ctx, EVP_MD_CTX* evp_ctx, const char* buffer, const size_t length) { int r; // Nothing to do if digest not initialized - if (!ctx) + if (!evp_ctx) return 0; // Update digest - r = EVP_DigestUpdate(ctx, buffer, length); + r = EVP_DigestUpdate(evp_ctx, buffer, length); if (r != 1) { - ERROR(pakfire, "EVP_Digest_Update() failed: %s\n", + CTX_ERROR(ctx, "EVP_Digest_Update() failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); return 1; } @@ -287,18 +289,18 @@ static int __pakfire_digest_update(struct pakfire* pakfire, EVP_MD_CTX* ctx, return 0; } -static int __pakfire_digest_finalize(struct pakfire* pakfire, - EVP_MD_CTX* ctx, unsigned char* digest) { +static int __pakfire_digest_finalize(struct pakfire_ctx* ctx, + EVP_MD_CTX* evp_ctx, unsigned char* digest) { int r; // Nothing to do if digest not initialized - if (!ctx) + if (!evp_ctx) return 0; // Finalize digest - r = EVP_DigestFinal_ex(ctx, digest, NULL); + r = EVP_DigestFinal_ex(evp_ctx, digest, NULL); if (r != 1) { - ERROR(pakfire, "EVP_DigestFinal_ex() failed: %s\n", + CTX_ERROR(ctx, "EVP_DigestFinal_ex() failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); return 1; } @@ -306,7 +308,7 @@ static int __pakfire_digest_finalize(struct pakfire* pakfire, return 0; } -int pakfire_digests_compute_from_file(struct pakfire* pakfire, +int pakfire_digests_compute_from_file(struct pakfire_ctx* ctx, struct pakfire_digests* digests, int types, FILE* f) { EVP_MD_CTX* sha3_512_ctx = NULL; EVP_MD_CTX* sha3_256_ctx = NULL; @@ -326,42 +328,42 @@ int pakfire_digests_compute_from_file(struct pakfire* pakfire, // Initialize context for SHA-3-512 if (types & PAKFIRE_DIGEST_SHA3_512) { - sha3_512_ctx = __pakfire_digest_setup(pakfire, EVP_sha3_512()); + sha3_512_ctx = __pakfire_digest_setup(ctx, EVP_sha3_512()); if (!sha3_512_ctx) goto ERROR; } // Initialize context for SHA-3-256 if (types & PAKFIRE_DIGEST_SHA3_256) { - sha3_256_ctx = __pakfire_digest_setup(pakfire, EVP_sha3_256()); + sha3_256_ctx = __pakfire_digest_setup(ctx, EVP_sha3_256()); if (!sha3_256_ctx) goto ERROR; } // Initialize context for BLAKE2B512 if (types & PAKFIRE_DIGEST_BLAKE2B512) { - blake2b512_ctx = __pakfire_digest_setup(pakfire, EVP_blake2b512()); + blake2b512_ctx = __pakfire_digest_setup(ctx, EVP_blake2b512()); if (!blake2b512_ctx) goto ERROR; } // Initialize context for BLAKE2S256 if (types & PAKFIRE_DIGEST_BLAKE2S256) { - blake2s256_ctx = __pakfire_digest_setup(pakfire, EVP_blake2s256()); + blake2s256_ctx = __pakfire_digest_setup(ctx, EVP_blake2s256()); if (!blake2s256_ctx) goto ERROR; } // Initialize context for SHA-2-512 if (types & PAKFIRE_DIGEST_SHA2_512) { - sha2_512_ctx = __pakfire_digest_setup(pakfire, EVP_sha512()); + sha2_512_ctx = __pakfire_digest_setup(ctx, EVP_sha512()); if (!sha2_512_ctx) goto ERROR; } // Initialize context for SHA-2-256 if (types & PAKFIRE_DIGEST_SHA2_256) { - sha2_256_ctx = __pakfire_digest_setup(pakfire, EVP_sha256()); + sha2_256_ctx = __pakfire_digest_setup(ctx, EVP_sha256()); if (!sha2_256_ctx) goto ERROR; } @@ -377,63 +379,63 @@ int pakfire_digests_compute_from_file(struct pakfire* pakfire, } // SHA-3-512 - r = __pakfire_digest_update(pakfire, sha3_512_ctx, buffer, bytes_read); + r = __pakfire_digest_update(ctx, sha3_512_ctx, buffer, bytes_read); if (r) goto ERROR; // SHA-3-256 - r = __pakfire_digest_update(pakfire, sha3_256_ctx, buffer, bytes_read); + r = __pakfire_digest_update(ctx, sha3_256_ctx, buffer, bytes_read); if (r) goto ERROR; // BLAKE2B512 - r = __pakfire_digest_update(pakfire, blake2b512_ctx, buffer, bytes_read); + r = __pakfire_digest_update(ctx, blake2b512_ctx, buffer, bytes_read); if (r) goto ERROR; // BLAKE2S256 - r = __pakfire_digest_update(pakfire, blake2s256_ctx, buffer, bytes_read); + r = __pakfire_digest_update(ctx, blake2s256_ctx, buffer, bytes_read); if (r) goto ERROR; // SHA-2-512 - r = __pakfire_digest_update(pakfire, sha2_512_ctx, buffer, bytes_read); + r = __pakfire_digest_update(ctx, sha2_512_ctx, buffer, bytes_read); if (r) goto ERROR; // SHA-2-256 - r = __pakfire_digest_update(pakfire, sha2_256_ctx, buffer, bytes_read); + r = __pakfire_digest_update(ctx, sha2_256_ctx, buffer, bytes_read); if (r) goto ERROR; } // Finalize SHA-3-512 - r = __pakfire_digest_finalize(pakfire, sha3_512_ctx, digests->sha3_512); + r = __pakfire_digest_finalize(ctx, sha3_512_ctx, digests->sha3_512); if (r) goto ERROR; // Finalize SHA-3-256 - r = __pakfire_digest_finalize(pakfire, sha3_256_ctx, digests->sha3_256); + r = __pakfire_digest_finalize(ctx, sha3_256_ctx, digests->sha3_256); if (r) goto ERROR; // Finalize BLAKE2b512 - r = __pakfire_digest_finalize(pakfire, blake2b512_ctx, digests->blake2b512); + r = __pakfire_digest_finalize(ctx, blake2b512_ctx, digests->blake2b512); if (r) goto ERROR; // Finalize BLAKE2s256 - r = __pakfire_digest_finalize(pakfire, blake2s256_ctx, digests->blake2s256); + r = __pakfire_digest_finalize(ctx, blake2s256_ctx, digests->blake2s256); if (r) goto ERROR; // Finalize SHA-2-512 - r = __pakfire_digest_finalize(pakfire, sha2_512_ctx, digests->sha2_512); + r = __pakfire_digest_finalize(ctx, sha2_512_ctx, digests->sha2_512); if (r) goto ERROR; // Finalize SHA-2-256 - r = __pakfire_digest_finalize(pakfire, sha2_256_ctx, digests->sha2_256); + r = __pakfire_digest_finalize(ctx, sha2_256_ctx, digests->sha2_256); if (r) goto ERROR; @@ -460,17 +462,17 @@ ERROR: return r; } -static void pakfire_digests_compare_mismatch(struct pakfire* pakfire, const char* what, +static void pakfire_digests_compare_mismatch(struct pakfire_ctx* ctx, const char* what, const unsigned char* digest1, const unsigned char* digest2, const size_t length) { char* hexdigest1 = __pakfire_hexlify(digest1, length); char* hexdigest2 = __pakfire_hexlify(digest2, length); - DEBUG(pakfire, "%s digest does not match:\n", what); + CTX_DEBUG(ctx, "%s digest does not match:\n", what); if (hexdigest1) - DEBUG(pakfire, " Digest 1: %s\n", hexdigest1); + CTX_DEBUG(ctx, " Digest 1: %s\n", hexdigest1); if (hexdigest2) - DEBUG(pakfire, " Digest 2: %s\n", hexdigest2); + CTX_DEBUG(ctx, " Digest 2: %s\n", hexdigest2); if (hexdigest1) free(hexdigest1); @@ -478,7 +480,7 @@ static void pakfire_digests_compare_mismatch(struct pakfire* pakfire, const char free(hexdigest2); } -int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digests* digests1, +int pakfire_digests_compare(struct pakfire_ctx* ctx, const struct pakfire_digests* digests1, const struct pakfire_digests* digests2, const int types) { int r; @@ -490,7 +492,7 @@ int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digest if (types & PAKFIRE_DIGEST_SHA3_512) { r = CRYPTO_memcmp(digests1->sha3_512, digests2->sha3_512, sizeof(digests1->sha3_512)); if (r) { - pakfire_digests_compare_mismatch(pakfire, "SHA-3-512", + pakfire_digests_compare_mismatch(ctx, "SHA-3-512", digests1->sha3_512, digests2->sha3_512, sizeof(digests1->sha3_512)); return 1; } @@ -500,7 +502,7 @@ int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digest if (types & PAKFIRE_DIGEST_SHA3_256) { r = CRYPTO_memcmp(digests1->sha3_256, digests2->sha3_256, sizeof(digests1->sha3_256)); if (r) { - pakfire_digests_compare_mismatch(pakfire, "SHA-3-256", + pakfire_digests_compare_mismatch(ctx, "SHA-3-256", digests1->sha3_256, digests2->sha3_256, sizeof(digests1->sha3_256)); return 1; } @@ -510,7 +512,7 @@ int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digest if (types & PAKFIRE_DIGEST_BLAKE2B512) { r = CRYPTO_memcmp(digests1->blake2b512, digests2->blake2b512, sizeof(digests1->blake2b512)); if (r) { - pakfire_digests_compare_mismatch(pakfire, "BLAKE2b512", + pakfire_digests_compare_mismatch(ctx, "BLAKE2b512", digests1->blake2b512, digests2->blake2b512, sizeof(digests1->blake2b512)); return 1; } @@ -520,7 +522,7 @@ int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digest if (types & PAKFIRE_DIGEST_BLAKE2S256) { r = CRYPTO_memcmp(digests1->blake2s256, digests2->blake2s256, sizeof(digests1->blake2s256)); if (r) { - pakfire_digests_compare_mismatch(pakfire, "BLAKE2s256", + pakfire_digests_compare_mismatch(ctx, "BLAKE2s256", digests1->blake2s256, digests2->blake2s256, sizeof(digests1->blake2s256)); return 1; } @@ -530,7 +532,7 @@ int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digest if (types & PAKFIRE_DIGEST_SHA2_512) { r = CRYPTO_memcmp(digests1->sha2_512, digests2->sha2_512, sizeof(digests1->sha2_512)); if (r) { - pakfire_digests_compare_mismatch(pakfire, "SHA-2-512", + pakfire_digests_compare_mismatch(ctx, "SHA-2-512", digests1->sha2_512, digests2->sha2_512, sizeof(digests1->sha2_512)); return 1; } @@ -540,7 +542,7 @@ int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digest if (types & PAKFIRE_DIGEST_SHA2_256) { r = CRYPTO_memcmp(digests1->sha2_256, digests2->sha2_256, sizeof(digests1->sha2_256)); if (r) { - pakfire_digests_compare_mismatch(pakfire, "SHA-2-256", + pakfire_digests_compare_mismatch(ctx, "SHA-2-256", digests1->sha2_256, digests2->sha2_256, sizeof(digests1->sha2_256)); return 1; } @@ -550,13 +552,13 @@ int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digest return 0; } -int pakfire_digests_compare_one(struct pakfire* pakfire, struct pakfire_digests* digests1, +int pakfire_digests_compare_one(struct pakfire_ctx* ctx, struct pakfire_digests* digests1, const enum pakfire_digest_types type, const unsigned char* digest, const size_t length) { struct pakfire_digests digests2; int r; // Check for valid inputs - r = pakfire_digests_check_length(pakfire, type, length); + r = pakfire_digests_check_length(ctx, type, length); if (r) return r; @@ -589,5 +591,5 @@ int pakfire_digests_compare_one(struct pakfire* pakfire, struct pakfire_digests* break; } - return pakfire_digests_compare(pakfire, digests1, &digests2, type); + return pakfire_digests_compare(ctx, digests1, &digests2, type); } diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c index 73ac81610..41377ca60 100644 --- a/src/libpakfire/file.c +++ b/src/libpakfire/file.c @@ -1214,7 +1214,7 @@ static int __pakfire_file_compute_digests(struct pakfire_file* file, goto ERROR; // Compute digests - r = pakfire_digests_compute_from_file(file->pakfire, digests, types, f); + r = pakfire_digests_compute_from_file(file->ctx, digests, types, f); if (r) goto ERROR; @@ -1738,7 +1738,7 @@ static int pakfire_file_verify_payload(struct pakfire_file* file, const struct s goto ERROR; // Compare digests - r = pakfire_digests_compare(file->pakfire, &file->digests, &computed_digests, digest_types); + r = pakfire_digests_compare(file->ctx, &file->digests, &computed_digests, digest_types); if (r) { file->verify_status |= PAKFIRE_FILE_PAYLOAD_CHANGED; diff --git a/src/libpakfire/include/pakfire/digest.h b/src/libpakfire/include/pakfire/digest.h index 85e942451..9545c4362 100644 --- a/src/libpakfire/include/pakfire/digest.h +++ b/src/libpakfire/include/pakfire/digest.h @@ -43,7 +43,7 @@ int pakfire_digest_get_by_name(const char* name); #include -#include +#include // libsolv only supports storing one checksum which has to be of a supported type #define PAKFIRE_ARCHIVE_CHECKSUM PAKFIRE_DIGEST_SHA2_512 @@ -100,12 +100,12 @@ int pakfire_digest_has_any(const struct pakfire_digests* digests); void pakfire_digests_reset(struct pakfire_digests* digests, int types); -int pakfire_digests_compute_from_file(struct pakfire* pakfire, +int pakfire_digests_compute_from_file(struct pakfire_ctx* ctx, struct pakfire_digests* digests, int types, FILE* f); -int pakfire_digests_compare(struct pakfire* pakfire, const struct pakfire_digests* digests1, +int pakfire_digests_compare(struct pakfire_ctx* ctx, const struct pakfire_digests* digests1, const struct pakfire_digests* digests2, const int types); -int pakfire_digests_compare_one(struct pakfire* pakfire, struct pakfire_digests* digests1, +int pakfire_digests_compare_one(struct pakfire_ctx* ctx, struct pakfire_digests* digests1, const enum pakfire_digest_types type, const unsigned char* digest, const size_t length); #endif