Fix websocket handshake on big-endian systems.

This commit is contained in:
Elliott Sales de Andrade 2020-09-07 03:02:16 -04:00
parent 17ef2c20d0
commit 7cb0cc1653
3 changed files with 84 additions and 6 deletions

View File

@ -1,7 +1,7 @@
From 8a2ee63187456e3b19f2f7dac02687723784b9d9 Mon Sep 17 00:00:00 2001
From 0512f262c6a8ef7d06d66197c6553a10857adbff Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date: Mon, 30 Apr 2018 04:53:42 -0400
Subject: [PATCH] Use unbundled libuv.
Subject: [PATCH 1/2] Use unbundled libuv.
Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
---
@ -118,7 +118,7 @@ index 125bf40..cba8c82 100644
#include <boost/bind.hpp>
#include "webapplication.h"
diff --git a/src/httprequest.h b/src/httprequest.h
index 8de50fc..97da8f5 100644
index fdc505c..9448d21 100644
--- a/src/httprequest.h
+++ b/src/httprequest.h
@@ -8,7 +8,7 @@
@ -222,5 +222,5 @@ index bc23646..f3ee5f1 100644
#include "websockets.h"
#include "thread.h"
--
2.25.4
2.26.2

View File

@ -0,0 +1,72 @@
From 52540c1a7816dc8f69e0b6c61b4220a7776e979f Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date: Mon, 7 Sep 2020 02:44:29 -0400
Subject: [PATCH 2/2] Fix sha1 calculation on big-endian systems.
Even though there is a check for `WORDS_BIGENDIAN`, this does nothing
because that is defined by R headers, which are not included by this
code. But instead of fixing the #define, it is simpler to load the
`block` workspace from the `buffer` as big-endian `uint32_t` directly.
Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
---
src/sha1/sha1.c | 36 ++++++++++++++----------------------
1 file changed, 14 insertions(+), 22 deletions(-)
diff --git a/src/sha1/sha1.c b/src/sha1/sha1.c
index ca9c660..bdedef5 100644
--- a/src/sha1/sha1.c
+++ b/src/sha1/sha1.c
@@ -94,15 +94,9 @@ void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64]);
/* blk0() and blk() perform the initial expand. */
/* I got the idea of expanding during the round function from SSLeay */
-/* FIXME: can we do this in an endian-proof way? */
-#ifdef WORDS_BIGENDIAN
-#define blk0(i) block->l[i]
-#else
-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
- |(rol(block->l[i],8)&0x00FF00FF))
-#endif
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
- ^block->l[(i+2)&15]^block->l[i&15],1))
+#define blk0(i) block[i]
+#define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \
+ ^block[(i+2)&15]^block[i&15],1))
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
@@ -129,19 +123,17 @@ void SHAPrintContext(SHA1_CTX *context, char *msg){
void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64])
{
uint32_t a, b, c, d, e;
- typedef union {
- uint8_t c[64];
- uint32_t l[16];
- } CHAR64LONG16;
- CHAR64LONG16* block;
-
-#ifdef SHA1HANDSOFF
- static uint8_t workspace[64];
- block = (CHAR64LONG16*)workspace;
- memcpy(block, buffer, 64);
-#else
- block = (CHAR64LONG16*)buffer;
-#endif
+ typedef uint32_t BLOCK[16];
+ BLOCK block;
+
+ /* Load buffer into block as big-endian always. */
+ for (int i = 0; i < 16; i++) {
+ block[i] = 0;
+ for (int j = 0; j < 4; j++) {
+ block[i] <<= 8;
+ block[i] += buffer[i * 4 + j];
+ }
+ }
/* Copy context->state[] to working vars */
a = state[0];
--
2.26.2

View File

@ -3,8 +3,8 @@
%global rlibdir %{_libdir}/R/library
Name: R-%{packname}
Version: %{packver}
Release: 2%{?dist}
Version: 1.5.4
Release: 3%{?dist}
Summary: HTTP and WebSocket Server Library
# Main: GPLv2+; http-parser: MIT; sha1: Public Domain
@ -12,6 +12,8 @@ License: GPLv2+ and MIT and Public Domain
URL: https://CRAN.R-project.org/package=%{packname}
Source0: https://cran.r-project.org/src/contrib/%{packname}_%{packver}.tar.gz
Patch0001: 0001-Use-unbundled-libuv.patch
# https://github.com/rstudio/httpuv/pull/284
Patch0002: 0002-Fix-sha1-calculation-on-big-endian-systems.patch
# Here's the R view of the dependencies world:
# Depends:
@ -52,6 +54,7 @@ by Joyent, Inc.
pushd %{packname}
%patch0001 -p1
%patch0002 -p1
rm -r src/libuv
sed -i '/libuv/d' MD5
popd
@ -89,6 +92,9 @@ export LANG=C.UTF-8
%changelog
* Mon Sep 07 2020 Elliott Sales de Andrade <quantum.analyst@gmail.com> - 1.5.4-3
- Fix websocket handshake on big-endian systems
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild