From: Michael Tremer Date: Fri, 27 Oct 2023 12:12:31 +0000 (+0000) Subject: key: Anchor on context instead of pakfire X-Git-Tag: 0.9.30~1393 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=866d96ffc4fc7bd3c524bf2f584803529ca12fdc;p=pakfire.git key: Anchor on context instead of pakfire Signed-off-by: Michael Tremer --- diff --git a/src/_pakfire/pakfire.c b/src/_pakfire/pakfire.c index d0728be15..08f1416a6 100644 --- a/src/_pakfire/pakfire.c +++ b/src/_pakfire/pakfire.c @@ -231,6 +231,9 @@ ERROR: return 0; } +/* + XXX This could be moved out of here as this no longer depends on Pakfire +*/ static PyObject* Pakfire_generate_key(PakfireObject* self, PyObject* args, PyObject* kwds) { char* kwlist[] = { "algorithm", "comment", NULL }; struct pakfire_key* key = NULL; @@ -241,7 +244,7 @@ static PyObject* Pakfire_generate_key(PakfireObject* self, PyObject* args, PyObj return NULL; // Generate a new key - int r = pakfire_key_generate(&key, self->pakfire, algo, comment); + int r = pakfire_key_generate(&key, pakfire_ctx, algo, comment); if (r) { PyErr_SetFromErrno(PyExc_OSError); return NULL; @@ -252,7 +255,9 @@ static PyObject* Pakfire_generate_key(PakfireObject* self, PyObject* args, PyObj return object; } - +/* + XXX This could be moved out of here as this no longer depends on Pakfire +*/ static PyObject* Pakfire_import_key(PakfireObject* self, PyObject* args) { struct pakfire_key* key = NULL; PyObject* object = NULL; @@ -270,7 +275,7 @@ static PyObject* Pakfire_import_key(PakfireObject* self, PyObject* args) { return NULL; // Import the key - r = pakfire_key_import(&key, self->pakfire, f); + r = pakfire_key_import(&key, pakfire_ctx, f); if (r) { PyErr_SetFromErrno(PyExc_OSError); goto ERROR; diff --git a/src/cli/lib/repo_compose.c b/src/cli/lib/repo_compose.c index 47cff9b8b..b460c3858 100644 --- a/src/cli/lib/repo_compose.c +++ b/src/cli/lib/repo_compose.c @@ -77,7 +77,7 @@ static error_t parse(int key, char* arg, struct argp_state* state, void* data) { } static int cli_import_key(struct pakfire_key** key, - struct pakfire* pakfire, const char* path) { + struct pakfire_ctx* ctx, const char* path) { FILE* f = NULL; int r; @@ -89,7 +89,7 @@ static int cli_import_key(struct pakfire_key** key, } // Import the key - r = pakfire_key_import(key, pakfire, f); + r = pakfire_key_import(key, ctx, f); if (r) { fprintf(stderr, "Could not import key from %s\n", path); return r; @@ -125,7 +125,7 @@ int cli_repo_compose(void* data, int argc, char* argv[]) { // Read the key (if any) if (config.key) { - r = cli_import_key(&key, pakfire, config.key); + r = cli_import_key(&key, cli_config->ctx, config.key); if (r) goto ERROR; } diff --git a/src/libpakfire/include/pakfire/key.h b/src/libpakfire/include/pakfire/key.h index 22f24c2f7..5ba49a93f 100644 --- a/src/libpakfire/include/pakfire/key.h +++ b/src/libpakfire/include/pakfire/key.h @@ -25,7 +25,7 @@ struct pakfire_key; -#include +#include typedef enum pakfire_key_algos { PAKFIRE_KEY_ALGO_NULL = 0, @@ -47,10 +47,10 @@ pakfire_key_id* pakfire_key_get_id(struct pakfire_key* key); const char* pakfire_key_get_algo(struct pakfire_key* key); const char* pakfire_key_get_comment(struct pakfire_key* key); -int pakfire_key_generate(struct pakfire_key** key, struct pakfire* pakfire, +int pakfire_key_generate(struct pakfire_key** key, struct pakfire_ctx* ctx, const pakfire_key_algo_t algo, const char* comment); int pakfire_key_export(struct pakfire_key* key, FILE* f, const pakfire_key_export_mode_t mode); -int pakfire_key_import(struct pakfire_key** key, struct pakfire* pakfire, FILE* f); +int pakfire_key_import(struct pakfire_key** key, struct pakfire_ctx* ctx, FILE* f); char* pakfire_key_dump(struct pakfire_key* key); @@ -63,7 +63,7 @@ int pakfire_key_verify(struct pakfire_key* key, #ifdef PAKFIRE_PRIVATE int pakfire_key_import_from_string(struct pakfire_key** key, - struct pakfire* pakfire, const char* data, const size_t length); + struct pakfire_ctx* ctx, const char* data, const size_t length); int pakfire_key_signf(struct pakfire_key* key, FILE* s, FILE* f, const char* comment); diff --git a/src/libpakfire/include/pakfire/util.h b/src/libpakfire/include/pakfire/util.h index bcc87ad36..20673c1d0 100644 --- a/src/libpakfire/include/pakfire/util.h +++ b/src/libpakfire/include/pakfire/util.h @@ -110,9 +110,9 @@ int pakfire_compile_regex(struct pakfire* pakfire, pcre2_code** regex, // Base64 -int pakfire_b64encode(struct pakfire* pakfire, char** output, +int pakfire_b64encode(struct pakfire_ctx* ctx, char** output, const void* buffer, const size_t length); -int pakfire_b64decode(struct pakfire* pakfire, void** output, size_t* length, +int pakfire_b64decode(struct pakfire_ctx* ctx, void** output, size_t* length, const char* buffer); // Copy diff --git a/src/libpakfire/key.c b/src/libpakfire/key.c index 99b5a3a0e..b12778f80 100644 --- a/src/libpakfire/key.c +++ b/src/libpakfire/key.c @@ -33,6 +33,7 @@ #include #include +#include #include #include #include @@ -48,7 +49,7 @@ #define ERROR_MAX 1024 struct pakfire_key { - struct pakfire* pakfire; + struct pakfire_ctx* ctx; int nrefs; // Algorithm @@ -93,7 +94,7 @@ static int pakfire_key_id_equals(const pakfire_key_id* id1, const pakfire_key_id return !memcmp(*id1, *id2, sizeof(*id1)); } -static int pakfire_key_create(struct pakfire_key** key, struct pakfire* pakfire, +static int pakfire_key_create(struct pakfire_key** key, struct pakfire_ctx* ctx, const pakfire_key_algo_t algo, const pakfire_key_id id, EVP_PKEY* pkey, const char* comment) { int r; @@ -107,8 +108,10 @@ static int pakfire_key_create(struct pakfire_key** key, struct pakfire* pakfire, if (!k) return 1; - // Initialize pakfire and reference counter - k->pakfire = pakfire_ref(pakfire); + // Store a reference to the context + k->ctx = pakfire_ctx_ref(ctx); + + // Initialize the reference counter k->nrefs = 1; // Store the algorithm @@ -118,7 +121,7 @@ static int pakfire_key_create(struct pakfire_key** key, struct pakfire* pakfire, break; default: - ERROR(pakfire, "Unsupported key algorithm %u\n", algo); + CTX_ERROR(k->ctx, "Unsupported key algorithm %u\n", algo); errno = ENOTSUP; goto ERROR; } @@ -153,8 +156,8 @@ static void pakfire_key_free(struct pakfire_key* key) { // Free the key if (key->pkey) EVP_PKEY_free(key->pkey); - - pakfire_unref(key->pakfire); + if (key->ctx) + pakfire_ctx_unref(key->ctx); free(key); } @@ -191,7 +194,7 @@ PAKFIRE_EXPORT const char* pakfire_key_get_comment(struct pakfire_key* key) { return key->comment; } -PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire* pakfire, +PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire_ctx* ctx, const pakfire_key_algo_t algo, const char* comment) { EVP_PKEY* pkey = NULL; EVP_PKEY_CTX* pctx = NULL; @@ -206,7 +209,7 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire break; default: - ERROR(pakfire, "Invalid key algorithm %u\n", algo); + CTX_ERROR(ctx, "Invalid key algorithm %u\n", algo); errno = EINVAL; return 1; } @@ -214,7 +217,7 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire // Generate a random key ID r = RAND_bytes((unsigned char*)&key_id, sizeof(key_id)); if (r < 0) { - ERROR(pakfire, "Could not generate the key ID\n"); + CTX_ERROR(ctx, "Could not generate the key ID\n"); r = 1; goto ERROR; } @@ -222,7 +225,7 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire // Setup the context pctx = EVP_PKEY_CTX_new_id(id, NULL); if (!pctx) { - ERROR(pakfire, "Could not allocate the OpenSSL context: %m\n"); + CTX_ERROR(ctx, "Could not allocate the OpenSSL context: %m\n"); r = 1; goto ERROR; } @@ -232,7 +235,7 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire if (r < 1) { ERR_error_string_n(r, error, sizeof(error)); - ERROR(pakfire, "Could not prepare the context: %s\n", error); + CTX_ERROR(ctx, "Could not prepare the context: %s\n", error); r = 1; goto ERROR; } @@ -242,13 +245,13 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire if (r < 1) { ERR_error_string_n(r, error, sizeof(error)); - ERROR(pakfire, "Could not generate the key: %s\n", error); + CTX_ERROR(ctx, "Could not generate the key: %s\n", error); r = 1; goto ERROR; } // Create a key object - r = pakfire_key_create(key, pakfire, algo, key_id, pkey, comment); + r = pakfire_key_create(key, ctx, algo, key_id, pkey, comment); if (r) goto ERROR; @@ -269,7 +272,7 @@ ERROR: */ static int pakfire_key_import_secret_key(struct pakfire_key** key, - struct pakfire* pakfire, const char* comment, + struct pakfire_ctx* ctx, const char* comment, const struct pakfire_key_private_key* buffer) { const pakfire_key_algo_t algo = PAKFIRE_KEY_ALGO_ED25519; EVP_PKEY* pkey = NULL; @@ -287,7 +290,7 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, // Check the signature algorithm if (buffer->sig_algo[0] != 'E' || buffer->sig_algo[1] != 'd') { - ERROR(pakfire, "Unsupported signature algorithm\n"); + CTX_ERROR(ctx, "Unsupported signature algorithm\n"); errno = ENOTSUP; r = 1; goto ERROR; @@ -295,7 +298,7 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, // Check the KDF algorithm if (buffer->kdf_algo[0] != 'B' || buffer->kdf_algo[1] != 'K') { - ERROR(pakfire, "Unsupported KDF algorithm\n"); + CTX_ERROR(ctx, "Unsupported KDF algorithm\n"); errno = ENOTSUP; r = 1; goto ERROR; @@ -303,7 +306,7 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, // We don't support encrypted keys here if (buffer->kdf_rounds) { - ERROR(pakfire, "Encrypted keys are not supported\n"); + CTX_ERROR(ctx, "Encrypted keys are not supported\n"); errno = ENOTSUP; r = 1; goto ERROR; @@ -312,14 +315,14 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, // Compute a SHA512 checksum over the key material r = EVP_Digest(&buffer->keys, sizeof(buffer->keys), checksum, &length, EVP_sha512(), NULL); if (r < 0) { - ERROR(pakfire, "Could not compute the checksum: %m\n"); + CTX_ERROR(ctx, "Could not compute the checksum: %m\n"); r = 1; goto ERROR; } // Compare the checksum if (memcmp(buffer->checksum, checksum, sizeof(buffer->checksum)) != 0) { - ERROR(pakfire, "Checksum mismatch\n"); + CTX_ERROR(ctx, "Checksum mismatch\n"); r = 1; goto ERROR; } @@ -330,13 +333,13 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, if (!pkey) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "Could not load secret key: %s\n", error); + CTX_ERROR(ctx, "Could not load secret key: %s\n", error); r = 1; goto ERROR; } // Create a new key object - r = pakfire_key_create(key, pakfire, algo, buffer->id, pkey, comment); + r = pakfire_key_create(key, ctx, algo, buffer->id, pkey, comment); if (r) goto ERROR; @@ -348,7 +351,7 @@ ERROR: } static int pakfire_key_import_public_key(struct pakfire_key** key, - struct pakfire* pakfire, const char* comment, + struct pakfire_ctx* ctx, const char* comment, const struct pakfire_key_public_key* buffer) { const pakfire_key_algo_t algo = PAKFIRE_KEY_ALGO_ED25519; EVP_PKEY* pkey = NULL; @@ -363,7 +366,7 @@ static int pakfire_key_import_public_key(struct pakfire_key** key, // Check the signature algorithm if (buffer->sig_algo[0] != 'E' || buffer->sig_algo[1] != 'd') { - ERROR(pakfire, "Unsupported signature algorithm\n"); + CTX_ERROR(ctx, "Unsupported signature algorithm\n"); errno = ENOTSUP; r = 1; goto ERROR; @@ -375,13 +378,13 @@ static int pakfire_key_import_public_key(struct pakfire_key** key, if (!pkey) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "Could not load public key: %s\n", error); + CTX_ERROR(ctx, "Could not load public key: %s\n", error); r = 1; goto ERROR; } // Create a new key object - r = pakfire_key_create(key, pakfire, algo, buffer->id, pkey, comment); + r = pakfire_key_create(key, ctx, algo, buffer->id, pkey, comment); if (r) goto ERROR; @@ -393,7 +396,7 @@ ERROR: } PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, - struct pakfire* pakfire, FILE* f) { + struct pakfire_ctx* ctx, FILE* f) { void* buffer = NULL; size_t buffer_length = 0; int r; @@ -416,7 +419,7 @@ PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, // The first line must start with "untrusted comment:" case 1: if (!pakfire_string_startswith(line, "untrusted comment: ")) { - ERROR(pakfire, "The first line must start with 'untrusted comment: '" + CTX_ERROR(ctx, "The first line must start with 'untrusted comment: '" " and not %s\n", line); errno = EINVAL; r = 1; @@ -426,7 +429,7 @@ PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, // Copy the comment r = pakfire_string_set(comment, line + strlen("untrusted comment: ")); if (r) { - ERROR(pakfire, "Could not copy comment: %m\n"); + CTX_ERROR(ctx, "Could not copy comment: %m\n"); r = 1; goto ERROR; } @@ -436,9 +439,9 @@ PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, // The second line should hold the key case 2: // Decode the key - r = pakfire_b64decode(pakfire, &buffer, &buffer_length, line); + r = pakfire_b64decode(ctx, &buffer, &buffer_length, line); if (r) { - ERROR(pakfire, "Could not decode the key: %m\n"); + CTX_ERROR(ctx, "Could not decode the key: %m\n"); errno = EINVAL; r = 1; goto ERROR; @@ -448,19 +451,19 @@ PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, switch (buffer_length) { // Public Key case sizeof(struct pakfire_key_public_key): - r = pakfire_key_import_public_key(key, pakfire, comment, + r = pakfire_key_import_public_key(key, ctx, comment, (struct pakfire_key_public_key*)buffer); break; // Private Key case sizeof(struct pakfire_key_private_key): - r = pakfire_key_import_secret_key(key, pakfire, comment, + r = pakfire_key_import_secret_key(key, ctx, comment, (struct pakfire_key_private_key*)buffer); break; // Unknown key default: - ERROR(pakfire, "Unsupported key type\n"); + CTX_ERROR(ctx, "Unsupported key type\n"); errno = ENOTSUP; r = 1; goto ERROR; @@ -488,20 +491,20 @@ ERROR: } int pakfire_key_import_from_string(struct pakfire_key** key, - struct pakfire* pakfire, const char* data, const size_t length) { + struct pakfire_ctx* ctx, const char* data, const size_t length) { FILE* f = NULL; int r; // Map the data to a file f = fmemopen((char*)data, length, "r"); if (!f) { - ERROR(pakfire, "Could not map the key to file: %m\n"); + CTX_ERROR(ctx, "Could not map the key to file: %m\n"); r = 1; goto ERROR; } // Import the key - r = pakfire_key_import(key, pakfire, f); + r = pakfire_key_import(key, ctx, f); ERROR: if (f) @@ -522,12 +525,12 @@ static int pakfire_key_get_public_key(struct pakfire_key* key, if (r < 0) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(key->pakfire, "Could not extract the public key: %s\n", error); + CTX_ERROR(key->ctx, "Could not extract the public key: %s\n", error); return 1; } if (l > length) { - ERROR(key->pakfire, "The buffer was too small to write the public key\n"); + CTX_ERROR(key->ctx, "The buffer was too small to write the public key\n"); errno = ENOBUFS; return 1; } @@ -547,12 +550,12 @@ static int pakfire_key_get_secret_key(struct pakfire_key* key, if (r < 0) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(key->pakfire, "Could not extract the secret key: %s\n", error); + CTX_ERROR(key->ctx, "Could not extract the secret key: %s\n", error); return 1; } if (l > length) { - ERROR(key->pakfire, "The buffer was too small to write the secret key\n"); + CTX_ERROR(key->ctx, "The buffer was too small to write the secret key\n"); errno = ENOBUFS; return 1; } @@ -583,14 +586,14 @@ static int pakfire_key_export_private_key(struct pakfire_key* key, break; default: - ERROR(key->pakfire, "Unknown algorithm\n"); + CTX_ERROR(key->ctx, "Unknown algorithm\n"); return 1; } // Generate a salt r = RAND_bytes(buffer->kdf_salt, sizeof(buffer->kdf_salt)); if (r < 1) { - ERROR(key->pakfire, "Could not generate salt\n"); + CTX_ERROR(key->ctx, "Could not generate salt\n"); return 1; } @@ -600,21 +603,21 @@ static int pakfire_key_export_private_key(struct pakfire_key* key, // Write the public key r = pakfire_key_get_public_key(key, buffer->keys.public, sizeof(buffer->keys.public)); if (r) { - ERROR(key->pakfire, "Could not export the public key: %m\n"); + CTX_ERROR(key->ctx, "Could not export the public key: %m\n"); return r; } // Write the secret key r = pakfire_key_get_secret_key(key, buffer->keys.secret, sizeof(buffer->keys.secret)); if (r) { - ERROR(key->pakfire, "Could not export the secret key: %m\n"); + CTX_ERROR(key->ctx, "Could not export the secret key: %m\n"); return r; } // Compute a SHA512 checksum over the key material r = EVP_Digest(&buffer->keys, sizeof(buffer->keys), checksum, &length, EVP_sha512(), NULL); if (r < 0) { - ERROR(key->pakfire, "Could not compute the checksum: %m\n"); + CTX_ERROR(key->ctx, "Could not compute the checksum: %m\n"); return 1; } @@ -637,7 +640,7 @@ static int pakfire_key_export_public_key(struct pakfire_key* key, break; default: - ERROR(key->pakfire, "Unknown algorithm\n"); + CTX_ERROR(key->ctx, "Unknown algorithm\n"); return 1; } @@ -647,7 +650,7 @@ static int pakfire_key_export_public_key(struct pakfire_key* key, // Write the public key r = pakfire_key_get_public_key(key, buffer->pubkey, sizeof(buffer->pubkey)); if (r) { - ERROR(key->pakfire, "Could not export the public key: %m\n"); + CTX_ERROR(key->ctx, "Could not export the public key: %m\n"); return r; } @@ -668,7 +671,7 @@ PAKFIRE_EXPORT int pakfire_key_export(struct pakfire_key* key, FILE* f, if (*key->comment) { r = fprintf(f, "untrusted comment: %s\n", key->comment); if (r < 0) { - ERROR(key->pakfire, "Could not write comment: %m\n"); + CTX_ERROR(key->ctx, "Could not write comment: %m\n"); r = 1; goto ERROR; } @@ -677,7 +680,7 @@ PAKFIRE_EXPORT int pakfire_key_export(struct pakfire_key* key, FILE* f, // Setup the base64 encoder b64 = BIO_new(BIO_f_base64()); if (!b64) { - ERROR(key->pakfire, "Could not setup the base64 encoder\n"); + CTX_ERROR(key->ctx, "Could not setup the base64 encoder\n"); r = 1; goto ERROR; } @@ -687,7 +690,7 @@ PAKFIRE_EXPORT int pakfire_key_export(struct pakfire_key* key, FILE* f, bio = BIO_new_fp(f, BIO_NOCLOSE); if (!bio) { - ERROR(key->pakfire, "Could not open BIO\n"); + CTX_ERROR(key->ctx, "Could not open BIO\n"); r = 1; goto ERROR; } @@ -703,7 +706,7 @@ PAKFIRE_EXPORT int pakfire_key_export(struct pakfire_key* key, FILE* f, // Write the output r = BIO_write(b64, &public_key, sizeof(public_key)); if (r < 0) { - ERROR(key->pakfire, "Could not write the public key\n"); + CTX_ERROR(key->ctx, "Could not write the public key\n"); r = 1; goto ERROR; } @@ -717,7 +720,7 @@ PAKFIRE_EXPORT int pakfire_key_export(struct pakfire_key* key, FILE* f, // Write the output r = BIO_write(b64, &private_key, sizeof(private_key)); if (r < 0) { - ERROR(key->pakfire, "Could not write the private key\n"); + CTX_ERROR(key->ctx, "Could not write the private key\n"); r = 1; goto ERROR; } @@ -756,7 +759,7 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { // Allocate a buffer in memory fd = memfd_create("pakfire-key-dump", MFD_CLOEXEC); if (fd < 0) { - ERROR(key->pakfire, "Could not allocate a temporary file: %m\n"); + CTX_ERROR(key->ctx, "Could not allocate a temporary file: %m\n"); r = 1; goto ERROR; } @@ -764,7 +767,7 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { // Re-open as FILE handle f = fdopen(fd, "r+"); if (!f) { - ERROR(key->pakfire, "Could not open file handle for temporary file: %m\n"); + CTX_ERROR(key->ctx, "Could not open file handle for temporary file: %m\n"); r = 1; goto ERROR; } @@ -772,7 +775,7 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { // Export the public part of the key r = pakfire_key_export(key, f, PAKFIRE_KEY_EXPORT_MODE_PUBLIC); if (r) { - ERROR(key->pakfire, "Could not export key: %m\n"); + CTX_ERROR(key->ctx, "Could not export key: %m\n"); goto ERROR; } @@ -785,7 +788,7 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { // Allocate a buffer buffer = calloc(1, length + 1); if (!buffer) { - ERROR(key->pakfire, "Could not allocate buffer of %zu byte(s)\n", length + 1); + CTX_ERROR(key->ctx, "Could not allocate buffer of %zu byte(s)\n", length + 1); r = 1; goto ERROR; } @@ -793,7 +796,7 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { // Read everything into the buffer size_t bytes_read = fread(buffer, 1, length, f); if (bytes_read < length) { - ERROR(key->pakfire, "Could not read back the buffer: %m\n"); + CTX_ERROR(key->ctx, "Could not read back the buffer: %m\n"); r = 1; goto ERROR; } @@ -842,7 +845,7 @@ static int __pakfire_key_sign(struct pakfire_key* key, // Create a message digest context mdctx = EVP_MD_CTX_new(); if (!mdctx) { - ERROR(key->pakfire, "Could not initialize the message digest context: %m\n"); + CTX_ERROR(key->ctx, "Could not initialize the message digest context: %m\n"); r = 1; goto ERROR; } @@ -850,7 +853,7 @@ static int __pakfire_key_sign(struct pakfire_key* key, // Setup the context r = EVP_DigestSignInit(mdctx, NULL, NULL, NULL, key->pkey); if (r < 1) { - ERROR(key->pakfire, "Could not setup context\n"); + CTX_ERROR(key->ctx, "Could not setup context\n"); r = 1; goto ERROR; } @@ -862,7 +865,7 @@ static int __pakfire_key_sign(struct pakfire_key* key, if (r < 1) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(key->pakfire, "Could not sign content: %s\n", error); + CTX_ERROR(key->ctx, "Could not sign content: %s\n", error); r = 1; goto ERROR; } @@ -892,21 +895,21 @@ PAKFIRE_EXPORT int pakfire_key_sign(struct pakfire_key* key, if (comment) { r = fprintf(f, "untrusted comment: %s\n", comment); if (r < 0) { - ERROR(key->pakfire, "Could not write comment: %m\n"); + CTX_ERROR(key->ctx, "Could not write comment: %m\n"); r = 1; goto ERROR; } } // Encode the signature to base64 - r = pakfire_b64encode(key->pakfire, &s, &signature, sizeof(signature)); + r = pakfire_b64encode(key->ctx, &s, &signature, sizeof(signature)); if (r) goto ERROR; // Write the signature r = fprintf(f, "%s\n", s); if (r < 0) { - ERROR(key->pakfire, "Could not write the signature: %m\n"); + CTX_ERROR(key->ctx, "Could not write the signature: %m\n"); r = 1; goto ERROR; } @@ -966,7 +969,7 @@ static int pakfire_key_read_signature(struct pakfire_key* key, // The first line must start with "untrusted comment:" case 1: if (!pakfire_string_startswith(line, "untrusted comment:")) { - ERROR(key->pakfire, "The first line must start with 'untrusted comment:'\n"); + CTX_ERROR(key->ctx, "The first line must start with 'untrusted comment:'\n"); errno = EINVAL; r = 1; goto ERROR; @@ -976,9 +979,9 @@ static int pakfire_key_read_signature(struct pakfire_key* key, // The second line should hold the signature case 2: // Decode the key - r = pakfire_b64decode(key->pakfire, &buffer, &buffer_length, line); + r = pakfire_b64decode(key->ctx, &buffer, &buffer_length, line); if (r) { - ERROR(key->pakfire, "Could not decode the signature: %m\n"); + CTX_ERROR(key->ctx, "Could not decode the signature: %m\n"); errno = EINVAL; r = 1; goto ERROR; @@ -992,7 +995,7 @@ static int pakfire_key_read_signature(struct pakfire_key* key, // Check if we support the signature type if (signature->sig_algo[0] != 'E' || signature->sig_algo[1] != 'd') { - ERROR(key->pakfire, "Unknown signature type\n"); + CTX_ERROR(key->ctx, "Unknown signature type\n"); errno = ENOTSUP; r = 1; goto ERROR; @@ -1000,7 +1003,7 @@ static int pakfire_key_read_signature(struct pakfire_key* key, break; default: - ERROR(key->pakfire, "Unknown signature type\n"); + CTX_ERROR(key->ctx, "Unknown signature type\n"); errno = ENOTSUP; r = 1; goto ERROR; @@ -1027,11 +1030,11 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, EVP_MD_CTX* mdctx = NULL; int r; - DEBUG(key->pakfire, "Verifying signature...\n"); + CTX_DEBUG(key->ctx, "Verifying signature...\n"); // Check the key ID if (!pakfire_key_id_equals(&key->id, &signature->key_id)) { - ERROR(key->pakfire, "The signature has been created with a different key\n"); + CTX_ERROR(key->ctx, "The signature has been created with a different key\n"); errno = EBADMSG; r = 1; goto ERROR; @@ -1040,7 +1043,7 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, // Create message digest context mdctx = EVP_MD_CTX_new(); if (!mdctx) { - ERROR(key->pakfire, "Could not create the message digest context\n"); + CTX_ERROR(key->ctx, "Could not create the message digest context\n"); r = 1; goto ERROR; } @@ -1048,7 +1051,7 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, // Setup the context for verification r = EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, key->pkey); if (r < 1) { - ERROR(key->pakfire, "Could not setup the verification context\n"); + CTX_ERROR(key->ctx, "Could not setup the verification context\n"); r = 1; goto ERROR; } @@ -1059,20 +1062,20 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, switch (r) { // Fail case 0: - ERROR(key->pakfire, "Signature verification failed\n"); + CTX_ERROR(key->ctx, "Signature verification failed\n"); errno = EBADMSG; r = 1; break; // Success case 1: - DEBUG(key->pakfire, "Signature verification successful\n"); + CTX_DEBUG(key->ctx, "Signature verification successful\n"); r = 0; break; // Error default: - ERROR(key->pakfire, "Could not perform signature verification\n"); + CTX_ERROR(key->ctx, "Could not perform signature verification\n"); r = 1; goto ERROR; } @@ -1092,14 +1095,14 @@ PAKFIRE_EXPORT int pakfire_key_verify(struct pakfire_key* key, FILE* f, // Read the signature r = pakfire_key_read_signature(key, &signature, f); if (r) { - ERROR(key->pakfire, "Could not read signature: %m\n"); + CTX_ERROR(key->ctx, "Could not read signature: %m\n"); return r; } // Verify signature r = pakfire_key_verify_signature(key, &signature, data, length); if (r) { - ERROR(key->pakfire, "Could not verify signature: %m\n"); + CTX_ERROR(key->ctx, "Could not verify signature: %m\n"); return r; } diff --git a/src/libpakfire/repo.c b/src/libpakfire/repo.c index 532acf90c..a37d20d83 100644 --- a/src/libpakfire/repo.c +++ b/src/libpakfire/repo.c @@ -280,7 +280,7 @@ static int pakfire_repo_import_key(struct pakfire_repo* repo, const char* data) } // Import the key - r = pakfire_key_import_from_string(&repo->key, repo->pakfire, data, strlen(data)); + r = pakfire_key_import_from_string(&repo->key, repo->ctx, data, strlen(data)); if (r) { ERROR(repo->pakfire, "Could not import key for repository '%s': %m\n", pakfire_repo_get_name(repo)); @@ -1037,7 +1037,7 @@ PAKFIRE_EXPORT struct pakfire_key* pakfire_repo_get_key(struct pakfire_repo* rep // Import the key if (!repo->key) { - r = pakfire_key_import_from_string(&repo->key, repo->pakfire, + r = pakfire_key_import_from_string(&repo->key, repo->ctx, repo->appdata->key, strlen(repo->appdata->key)); if (r) return NULL; diff --git a/src/libpakfire/util.c b/src/libpakfire/util.c index b2b07bd3f..c2bcfdc8b 100644 --- a/src/libpakfire/util.c +++ b/src/libpakfire/util.c @@ -838,7 +838,7 @@ int pakfire_compile_regex(struct pakfire* pakfire, pcre2_code** regex, const cha #define OPENSSL_ERROR_MAX 1024 -int pakfire_b64encode(struct pakfire* pakfire, char** output, +int pakfire_b64encode(struct pakfire_ctx* ctx, char** output, const void* buffer, const size_t length) { char error[OPENSSL_ERROR_MAX]; BIO* b64 = NULL; @@ -851,7 +851,7 @@ int pakfire_b64encode(struct pakfire* pakfire, char** output, if (!b64) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "Could not initialize the base64 encoder: %s\n", error); + CTX_ERROR(ctx, "Could not initialize the base64 encoder: %s\n", error); r = 1; goto ERROR; } @@ -861,7 +861,7 @@ int pakfire_b64encode(struct pakfire* pakfire, char** output, if (!bio) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "Could not initialize memory buffer: %s\n", error); + CTX_ERROR(ctx, "Could not initialize memory buffer: %s\n", error); r = 1; goto ERROR; } @@ -877,7 +877,7 @@ int pakfire_b64encode(struct pakfire* pakfire, char** output, if (r < 1) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "%s\n", error); + CTX_ERROR(ctx, "%s\n", error); r = 1; goto ERROR; } @@ -891,7 +891,7 @@ int pakfire_b64encode(struct pakfire* pakfire, char** output, // Copy the output to the heap *output = strndup(p, l); if (!*output) { - ERROR(pakfire, "Could not copy base64 encoded string to heap: %m\n"); + CTX_ERROR(ctx, "Could not copy base64 encoded string to heap: %m\n"); r = 1; goto ERROR; } @@ -906,7 +906,7 @@ ERROR: return r; } -int pakfire_b64decode(struct pakfire* pakfire, void** output, size_t* length, +int pakfire_b64decode(struct pakfire_ctx* ctx, void** output, size_t* length, const char* buffer) { char error[OPENSSL_ERROR_MAX]; char chunk[1024]; @@ -923,7 +923,7 @@ int pakfire_b64decode(struct pakfire* pakfire, void** output, size_t* length, if (!b64) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "Could not initialize the base64 decoder: %s\n", error); + CTX_ERROR(ctx, "Could not initialize the base64 decoder: %s\n", error); r = 1; goto ERROR; } @@ -935,7 +935,7 @@ int pakfire_b64decode(struct pakfire* pakfire, void** output, size_t* length, if (!bio) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "Could not initialize memory buffer: %s\n", error); + CTX_ERROR(ctx, "Could not initialize memory buffer: %s\n", error); r = 1; goto ERROR; } @@ -951,7 +951,7 @@ int pakfire_b64decode(struct pakfire* pakfire, void** output, size_t* length, if (bytes_read < 0) { ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - ERROR(pakfire, "Could not read data: %s\n", error); + CTX_ERROR(ctx, "Could not read data: %s\n", error); r = 1; goto ERROR; @@ -967,7 +967,7 @@ int pakfire_b64decode(struct pakfire* pakfire, void** output, size_t* length, // Allocate an output buffer p = realloc(p, *length); if (!p) { - ERROR(pakfire, "Could not allocate buffer: %m\n"); + CTX_ERROR(ctx, "Could not allocate buffer: %m\n"); r = 1; goto ERROR; }