From 7cb0cc1653008c9b7905c56003e329fe52f50cc3 Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Mon, 7 Sep 2020 03:02:16 -0400 Subject: [PATCH] Fix websocket handshake on big-endian systems. --- 0001-Use-unbundled-libuv.patch | 8 +-- ...a1-calculation-on-big-endian-systems.patch | 72 +++++++++++++++++++ R-httpuv.spec | 10 ++- 3 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 0002-Fix-sha1-calculation-on-big-endian-systems.patch diff --git a/0001-Use-unbundled-libuv.patch b/0001-Use-unbundled-libuv.patch index e87ab51..fd8f110 100644 --- a/0001-Use-unbundled-libuv.patch +++ b/0001-Use-unbundled-libuv.patch @@ -1,7 +1,7 @@ -From 8a2ee63187456e3b19f2f7dac02687723784b9d9 Mon Sep 17 00:00:00 2001 +From 0512f262c6a8ef7d06d66197c6553a10857adbff Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Mon, 30 Apr 2018 04:53:42 -0400 -Subject: [PATCH] Use unbundled libuv. +Subject: [PATCH 1/2] Use unbundled libuv. Signed-off-by: Elliott Sales de Andrade --- @@ -118,7 +118,7 @@ index 125bf40..cba8c82 100644 #include #include "webapplication.h" diff --git a/src/httprequest.h b/src/httprequest.h -index 8de50fc..97da8f5 100644 +index fdc505c..9448d21 100644 --- a/src/httprequest.h +++ b/src/httprequest.h @@ -8,7 +8,7 @@ @@ -222,5 +222,5 @@ index bc23646..f3ee5f1 100644 #include "websockets.h" #include "thread.h" -- -2.25.4 +2.26.2 diff --git a/0002-Fix-sha1-calculation-on-big-endian-systems.patch b/0002-Fix-sha1-calculation-on-big-endian-systems.patch new file mode 100644 index 0000000..d3ce476 --- /dev/null +++ b/0002-Fix-sha1-calculation-on-big-endian-systems.patch @@ -0,0 +1,72 @@ +From 52540c1a7816dc8f69e0b6c61b4220a7776e979f Mon Sep 17 00:00:00 2001 +From: Elliott Sales de Andrade +Date: Mon, 7 Sep 2020 02:44:29 -0400 +Subject: [PATCH 2/2] Fix sha1 calculation on big-endian systems. + +Even though there is a check for `WORDS_BIGENDIAN`, this does nothing +because that is defined by R headers, which are not included by this +code. But instead of fixing the #define, it is simpler to load the +`block` workspace from the `buffer` as big-endian `uint32_t` directly. + +Signed-off-by: Elliott Sales de Andrade +--- + src/sha1/sha1.c | 36 ++++++++++++++---------------------- + 1 file changed, 14 insertions(+), 22 deletions(-) + +diff --git a/src/sha1/sha1.c b/src/sha1/sha1.c +index ca9c660..bdedef5 100644 +--- a/src/sha1/sha1.c ++++ b/src/sha1/sha1.c +@@ -94,15 +94,9 @@ void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64]); + + /* blk0() and blk() perform the initial expand. */ + /* I got the idea of expanding during the round function from SSLeay */ +-/* FIXME: can we do this in an endian-proof way? */ +-#ifdef WORDS_BIGENDIAN +-#define blk0(i) block->l[i] +-#else +-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ +- |(rol(block->l[i],8)&0x00FF00FF)) +-#endif +-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ +- ^block->l[(i+2)&15]^block->l[i&15],1)) ++#define blk0(i) block[i] ++#define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \ ++ ^block[(i+2)&15]^block[i&15],1)) + + /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ + #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +@@ -129,19 +123,17 @@ void SHAPrintContext(SHA1_CTX *context, char *msg){ + void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64]) + { + uint32_t a, b, c, d, e; +- typedef union { +- uint8_t c[64]; +- uint32_t l[16]; +- } CHAR64LONG16; +- CHAR64LONG16* block; +- +-#ifdef SHA1HANDSOFF +- static uint8_t workspace[64]; +- block = (CHAR64LONG16*)workspace; +- memcpy(block, buffer, 64); +-#else +- block = (CHAR64LONG16*)buffer; +-#endif ++ typedef uint32_t BLOCK[16]; ++ BLOCK block; ++ ++ /* Load buffer into block as big-endian always. */ ++ for (int i = 0; i < 16; i++) { ++ block[i] = 0; ++ for (int j = 0; j < 4; j++) { ++ block[i] <<= 8; ++ block[i] += buffer[i * 4 + j]; ++ } ++ } + + /* Copy context->state[] to working vars */ + a = state[0]; +-- +2.26.2 + diff --git a/R-httpuv.spec b/R-httpuv.spec index 8cfb0d5..d153bf4 100644 --- a/R-httpuv.spec +++ b/R-httpuv.spec @@ -3,8 +3,8 @@ %global rlibdir %{_libdir}/R/library Name: R-%{packname} -Version: %{packver} -Release: 2%{?dist} +Version: 1.5.4 +Release: 3%{?dist} Summary: HTTP and WebSocket Server Library # Main: GPLv2+; http-parser: MIT; sha1: Public Domain @@ -12,6 +12,8 @@ License: GPLv2+ and MIT and Public Domain URL: https://CRAN.R-project.org/package=%{packname} Source0: https://cran.r-project.org/src/contrib/%{packname}_%{packver}.tar.gz Patch0001: 0001-Use-unbundled-libuv.patch +# https://github.com/rstudio/httpuv/pull/284 +Patch0002: 0002-Fix-sha1-calculation-on-big-endian-systems.patch # Here's the R view of the dependencies world: # Depends: @@ -52,6 +54,7 @@ by Joyent, Inc. pushd %{packname} %patch0001 -p1 +%patch0002 -p1 rm -r src/libuv sed -i '/libuv/d' MD5 popd @@ -89,6 +92,9 @@ export LANG=C.UTF-8 %changelog +* Mon Sep 07 2020 Elliott Sales de Andrade - 1.5.4-3 +- Fix websocket handshake on big-endian systems + * Mon Jul 27 2020 Fedora Release Engineering - 1.5.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild