--- rpm-4.4.2/rpmdb/legacy.h.digests 2003-05-08 16:39:31.000000000 -0400 +++ rpm-4.4.2/rpmdb/legacy.h 2006-07-05 14:18:15.000000000 -0400 @@ -18,7 +18,20 @@ #endif /** - * Return MD5 sum and size of a file. + * Return digest and size of a file. + * @param fn file name + * @retval digest address of md5sum + * @param asAscii return md5sum as ascii string? + * @retval *fsizep file size pointer (or NULL) + * @return 0 on success, 1 on error + */ +int dodigest(int digestalgo, const char * fn, /*@out@*/ unsigned char * digest, + int asAscii, /*@null@*/ /*@out@*/ size_t *fsizep) + /*@globals h_errno, fileSystem, internalState @*/ + /*@modifies digest, *fsizep, fileSystem, internalState @*/; + +/** + * Return MD5 digest and size of a file. * @param fn file name * @retval digest address of md5sum * @param asAscii return md5sum as ascii string? --- rpm-4.4.2/rpmdb/legacy.c.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/rpmdb/legacy.c 2006-07-05 14:18:15.000000000 -0400 @@ -145,12 +145,12 @@ return fdno; } -int domd5(const char * fn, unsigned char * digest, int asAscii, size_t *fsizep) +int dodigest(int digestalgo, const char * fn, unsigned char * digest, int asAscii, size_t *fsizep) { const char * path; urltype ut = urlPath(fn, &path); - unsigned char * md5sum = NULL; - size_t md5len; + unsigned char * dsum = NULL; + size_t dlen; unsigned char buf[32*BUFSIZ]; FD_t fd; size_t fsize = 0; @@ -193,10 +193,10 @@ #endif } - ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE); + ctx = rpmDigestInit(digestalgo, RPMDIGEST_NONE); if (fsize) xx = rpmDigestUpdate(ctx, mapped, fsize); - xx = rpmDigestFinal(ctx, (void **)&md5sum, &md5len, asAscii); + xx = rpmDigestFinal(ctx, (void **)&dsum, &dlen, asAscii); if (fsize) xx = munmap(mapped, fsize); xx = close(fdno); @@ -219,11 +219,11 @@ break; } - fdInitDigest(fd, PGPHASHALGO_MD5, 0); + fdInitDigest(fd, digestalgo, 0); fsize = 0; while ((rc = Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0) fsize += rc; - fdFiniDigest(fd, PGPHASHALGO_MD5, (void **)&md5sum, &md5len, asAscii); + fdFiniDigest(fd, digestalgo, (void **)&dsum, &dlen, asAscii); if (Ferror(fd)) rc = 1; @@ -244,13 +244,18 @@ if (fsizep) *fsizep = fsize; if (!rc) - memcpy(digest, md5sum, md5len); + memcpy(digest, dsum, dlen); /*@=boundswrite@*/ - md5sum = _free(md5sum); + dsum = _free(dsum); return rc; } +int domd5(const char * fn, unsigned char * digest, int asAscii, size_t *fsizep) +{ + return dodigest(PGPHASHALGO_MD5, fn, digest, asAscii, fsizep); +} + /*@-exportheadervar@*/ /*@unchecked@*/ int _noDirTokens = 0; --- rpm-4.4.2/macros.in.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/macros.in 2006-07-05 14:18:15.000000000 -0400 @@ -455,6 +455,17 @@ #%_fixperms %{__chmod} -Rf @FIXPERMS@ # +# +# Choose metadata file digest algorithm: +# 1 MD5 +# 2 SHA1 +# 8 SHA256 +# 9 SHA384 +# 10 SHA512 +# +# Note: choosing anything but MD5 introduces instant legacy incompatibility. +%_build_file_digest_algo 1 + #============================================================================== # ---- Database configuration macros. # Macros used to configure Berkley db parameters. --- rpm-4.4.2/build/files.c.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/build/files.c 2006-07-05 14:18:15.000000000 -0400 @@ -30,7 +30,7 @@ #include "buildio.h" -#include "legacy.h" /* XXX domd5, expandFileList, compressFileList */ +#include "legacy.h" /* XXX dodigest, expandFileList, compressFileList */ #include "misc.h" #include "debug.h" @@ -1280,12 +1280,37 @@ * RPM_INT32_TYPE, &(flp->fl_gid), 1); */ + { static uint_32 dalgo = 0; + static int oneshot = 0; + if (!oneshot) { + dalgo = rpmExpandNumeric("%{?_build_file_digest_algo}"); + switch (dalgo) { + case PGPHASHALGO_MD5: + case PGPHASHALGO_SHA1: + case PGPHASHALGO_SHA256: + case PGPHASHALGO_SHA384: + case PGPHASHALGO_SHA512: + break; + case PGPHASHALGO_RIPEMD160: + case PGPHASHALGO_MD2: + case PGPHASHALGO_TIGER192: + case PGPHASHALGO_HAVAL_5_160: + default: + dalgo = PGPHASHALGO_MD5; + break; + } + oneshot++; + } + buf[0] = '\0'; if (S_ISREG(flp->fl_mode)) - (void) domd5(flp->diskURL, buf, 1, NULL); + (void) dodigest(dalgo, flp->diskURL, (unsigned char *)buf, 1, NULL); s = buf; - (void) headerAddOrAppendEntry(h, RPMTAG_FILEMD5S, RPM_STRING_ARRAY_TYPE, + (void) headerAddOrAppendEntry(h, RPMTAG_FILEDIGESTS, RPM_STRING_ARRAY_TYPE, &s, 1); + (void) headerAddOrAppendEntry(h, RPMTAG_FILEDIGESTALGOS, RPM_INT32_TYPE, + &dalgo, 1); + } buf[0] = '\0'; if (S_ISLNK(flp->fl_mode)) { --- rpm-4.4.2/lib/cpio.c.digests 2003-12-25 18:00:45.000000000 -0500 +++ rpm-4.4.2/lib/cpio.c 2006-07-05 14:18:15.000000000 -0400 @@ -233,7 +233,7 @@ case CPIOERR_HDR_SIZE: s = _("Header size too big"); break; case CPIOERR_UNKNOWN_FILETYPE: s = _("Unknown file type"); break; case CPIOERR_MISSING_HARDLINK: s = _("Missing hard link(s)"); break; - case CPIOERR_MD5SUM_MISMATCH: s = _("MD5 sum mismatch"); break; + case CPIOERR_DIGEST_MISMATCH: s = _("File digest mismatch"); break; case CPIOERR_INTERNAL: s = _("Internal error"); break; case CPIOERR_UNMAPPED_FILE: s = _("Archive file not in header"); break; case CPIOERR_ENOENT: s = strerror(ENOENT); break; --- rpm-4.4.2/lib/rpmfi.h.digests 2005-02-10 03:30:28.000000000 -0500 +++ rpm-4.4.2/lib/rpmfi.h 2006-07-05 14:18:15.000000000 -0400 @@ -45,7 +45,9 @@ const char ** dnl; /*!< Directory name(s) (from header) */ /*@only@*/ /*@relnull@*/ - const char ** fmd5s; /*!< File MD5 sum(s) (from header) */ + const char ** fdigests; /*!< File digest(s) (from header) */ +/*@only@*/ /*@null@*/ + uint_32 * fdigestalgos; /*!< File digest algorithm(s) (from header) */ /*@only@*/ /*@relnull@*/ const char ** flinks; /*!< File link(s) (from header) */ /*@only@*/ /*@null@*/ @@ -126,7 +128,9 @@ int_32 * odil; /*!< Original dirindex(s) (from header) */ /*@only@*/ /*@relnull@*/ - unsigned char * md5s; /*!< File md5 sums in binary. */ + unsigned char * digests; /*!< File digest(s) in binary. */ + uint_32 digestalgo; /*!< File digest algorithm. */ + uint_32 digestlen; /*!< No. bytes in binary digest. */ /*@only@*/ /*@null@*/ const char * pretrans; @@ -335,7 +339,21 @@ /*@*/; /** + * Return current file (binary) digest from file info set. + * @param fi file info set + * @retval *algop digest algorithm + * @retval *lenp digest length (in bytes) + * @return current file digest, NULL on invalid + */ +/*@observer@*/ /*@null@*/ +extern const unsigned char * rpmfiDigest(/*@null@*/ rpmfi fi, + /*@out@*/ /*@null@*/ int * algop, + /*@out@*/ /*@null@*/ size_t * lenp) + /*@modifies *algop, *lenp @*/; + +/** * Return current file (binary) md5 digest from file info set. + * @deprecated Use rpmfiDigest instead. * @param fi file info set * @return current file md5 digest, NULL on invalid */ --- rpm-4.4.2/lib/cpio.h.digests 2004-10-20 06:19:34.000000000 -0400 +++ rpm-4.4.2/lib/cpio.h 2006-07-05 14:18:15.000000000 -0400 @@ -46,7 +46,7 @@ CPIOERR_HDR_TRAILER = (24 ), CPIOERR_UNKNOWN_FILETYPE= (25 ), CPIOERR_MISSING_HARDLINK= (26 ), - CPIOERR_MD5SUM_MISMATCH = (27 ), + CPIOERR_DIGEST_MISMATCH = (27 ), CPIOERR_INTERNAL = (28 ), CPIOERR_UNMAPPED_FILE = (29 ), CPIOERR_ENOENT = (30 ), --- rpm-4.4.2/lib/fsm.c.digests 2004-10-09 15:40:09.000000000 -0400 +++ rpm-4.4.2/lib/fsm.c 2006-07-05 14:18:15.000000000 -0400 @@ -801,14 +801,18 @@ { rpmts ts = fsmGetTs(fsm); /* - * Set file md5 (if not disabled). + * Set file digest (if not disabled). */ - if (ts != NULL && !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOMD5)) { - fsm->fmd5sum = (fi->fmd5s ? fi->fmd5s[i] : NULL); - fsm->md5sum = (fi->md5s ? (fi->md5s + (16 * i)) : NULL); + if (ts != NULL && !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOFDIGESTS)) { + fsm->fdigestalgo = fi->digestalgo; + fsm->fdigest = (fi->fdigests ? fi->fdigests[i] : NULL); + fsm->digestlen = fi->digestlen; + fsm->digest = (fi->digests ? (fi->digests + (fsm->digestlen * i)) : NULL); } else { - fsm->fmd5sum = NULL; - fsm->md5sum = NULL; + fsm->fdigestalgo = 0; + fsm->fdigest = NULL; + fsm->digestlen = 0; + fsm->digest = NULL; } } @@ -823,7 +827,7 @@ */ /*@-compdef@*/ static int expandRegular(/*@special@*/ FSM_t fsm) - /*@uses fsm->fmd5sum, fsm->md5sum, fsm->sb, fsm->wfd @*/ + /*@uses fsm->fdigest, fsm->digest, fsm->sb, fsm->wfd @*/ /*@globals h_errno, fileSystem, internalState @*/ /*@modifies fsm, fileSystem, internalState @*/ { @@ -835,8 +839,8 @@ if (rc) goto exit; - if (st->st_size > 0 && (fsm->fmd5sum != NULL || fsm->md5sum != NULL)) - fdInitDigest(fsm->wfd, PGPHASHALGO_MD5, 0); + if (st->st_size > 0 && (fsm->fdigest != NULL || fsm->digest != NULL)) + fdInitDigest(fsm->wfd, fsm->fdigestalgo, 0); while (left) { @@ -856,26 +860,26 @@ (void) fsmNext(fsm, FSM_NOTIFY); } - if (st->st_size > 0 && (fsm->fmd5sum || fsm->md5sum)) { - void * md5sum = NULL; - int asAscii = (fsm->md5sum == NULL ? 1 : 0); + if (st->st_size > 0 && (fsm->fdigest || fsm->digest)) { + void * digest = NULL; + int asAscii = (fsm->digest == NULL ? 1 : 0); (void) Fflush(fsm->wfd); - fdFiniDigest(fsm->wfd, PGPHASHALGO_MD5, &md5sum, NULL, asAscii); + fdFiniDigest(fsm->wfd, fsm->fdigestalgo, &digest, NULL, asAscii); - if (md5sum == NULL) { - rc = CPIOERR_MD5SUM_MISMATCH; + if (digest == NULL) { + rc = CPIOERR_DIGEST_MISMATCH; goto exit; } - if (fsm->md5sum != NULL) { - if (memcmp(md5sum, fsm->md5sum, 16)) - rc = CPIOERR_MD5SUM_MISMATCH; + if (fsm->digest != NULL) { + if (memcmp(digest, fsm->digest, fsm->digestlen)) + rc = CPIOERR_DIGEST_MISMATCH; } else { - if (strcmp(md5sum, fsm->fmd5sum)) - rc = CPIOERR_MD5SUM_MISMATCH; + if (strcmp(digest, fsm->fdigest)) + rc = CPIOERR_DIGEST_MISMATCH; } - md5sum = _free(md5sum); + digest = _free(digest); } exit: --- rpm-4.4.2/lib/signature.c.digests 2005-06-06 19:33:08.000000000 -0400 +++ rpm-4.4.2/lib/signature.c 2006-07-05 14:18:15.000000000 -0400 @@ -817,7 +817,7 @@ case RPMSIGTAG_MD5: pktlen = 16; pkt = memset(alloca(pktlen), 0, pktlen); - if (domd5(file, pkt, 0, NULL) + if (dodigest(PGPHASHALGO_MD5, file, pkt, 0, NULL) || !headerAddEntry(sigh, sigTag, RPM_BIN_TYPE, pkt, pktlen)) break; ret = 0; --- rpm-4.4.2/lib/poptI.c.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/lib/poptI.c 2006-07-05 14:18:15.000000000 -0400 @@ -129,8 +129,8 @@ ia->noDeps = 1; break; - case RPMCLI_POPT_NOMD5: - ia->transFlags |= RPMTRANS_FLAG_NOMD5; + case RPMCLI_POPT_NOFDIGESTS: + ia->transFlags |= RPMTRANS_FLAG_NOFDIGESTS; break; case RPMCLI_POPT_NOCONTEXTS: @@ -248,8 +248,10 @@ &rpmIArgs.transFlags, RPMTRANS_FLAG_NODOCS, N_("do not install documentation"), NULL}, - { "nomd5", '\0', 0, NULL, RPMCLI_POPT_NOMD5, - N_("don't verify MD5 digest of files"), NULL }, + { "nomd5", '\0', POPT_ARGFLAG_DOC_HIDDEN, NULL, RPMCLI_POPT_NOFDIGESTS, + N_("don't verify file digests"), NULL }, + { "nofdigests", '\0', 0, NULL, RPMCLI_POPT_NOFDIGESTS, + N_("don't verify file digests"), NULL }, { "nocontexts", '\0',0, NULL, RPMCLI_POPT_NOCONTEXTS, N_("don't install file security contexts"), NULL}, --- rpm-4.4.2/lib/verify.c.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/lib/verify.c 2006-07-05 14:18:15.000000000 -0400 @@ -11,7 +11,7 @@ #include "rpmfi.h" #include "rpmts.h" -#include "legacy.h" /* XXX domd5(), uidToUname(), gnameToGid */ +#include "legacy.h" /* XXX dodigest(), uidToUname(), gnameToGid */ #include "ugid.h" #include "debug.h" @@ -82,32 +82,32 @@ * Not all attributes of non-regular files can be verified. */ if (S_ISDIR(sb.st_mode)) - flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | + flags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | RPMVERIFY_LINKTO); else if (S_ISLNK(sb.st_mode)) { - flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | + flags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | RPMVERIFY_MODE); #if CHOWN_FOLLOWS_SYMLINK flags &= ~(RPMVERIFY_USER | RPMVERIFY_GROUP); #endif } else if (S_ISFIFO(sb.st_mode)) - flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | + flags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | RPMVERIFY_LINKTO); else if (S_ISCHR(sb.st_mode)) - flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | + flags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | RPMVERIFY_LINKTO); else if (S_ISBLK(sb.st_mode)) - flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | + flags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | RPMVERIFY_LINKTO); - else + else flags &= ~(RPMVERIFY_LINKTO); /* * Content checks of %ghost files are meaningless. */ if (fileAttrs & RPMFILE_GHOST) - flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | + flags &= ~(RPMVERIFY_FDIGEST | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME | RPMVERIFY_LINKTO); /* @@ -117,21 +117,26 @@ /*@=branchstate@*/ - if (flags & RPMVERIFY_MD5) { - unsigned char md5sum[16]; - size_t fsize; - - /* XXX If --nomd5, then prelinked library sizes are not corrected. */ - rc = domd5(fn, md5sum, 0, &fsize); - sb.st_size = fsize; - if (rc) - *res |= (RPMVERIFY_READFAIL|RPMVERIFY_MD5); + if (flags & RPMVERIFY_FDIGEST) { + int dalgo = 0; + size_t dlen = 0; + const unsigned char * digest = rpmfiDigest(fi, &dalgo, &dlen); + + if (digest == NULL) + *res |= RPMVERIFY_FDIGEST; else { - const unsigned char * MD5 = rpmfiMD5(fi); - if (MD5 == NULL || memcmp(md5sum, MD5, sizeof(md5sum))) - *res |= RPMVERIFY_MD5; + /* XXX If --nofdigest, then prelinked library sizes fail to verify. */ + unsigned char * fdigest = memset(alloca(dlen), 0, dlen); + size_t fsize; + rc = dodigest(dalgo, fn, fdigest, 0, &fsize); + sb.st_size = fsize; + if (rc) + *res |= (RPMVERIFY_READFAIL|RPMVERIFY_FDIGEST); + else + if (memcmp(fdigest, digest, dlen)) + *res |= RPMVERIFY_FDIGEST; } - } + } if (flags & RPMVERIFY_LINKTO) { char linkto[1024+1]; @@ -145,12 +150,12 @@ if (flink == NULL || strcmp(linkto, flink)) *res |= RPMVERIFY_LINKTO; } - } + } if (flags & RPMVERIFY_FILESIZE) { if (sb.st_size != rpmfiFSize(fi)) *res |= RPMVERIFY_FILESIZE; - } + } if (flags & RPMVERIFY_MODE) { unsigned short metamode = fmode; @@ -158,7 +163,7 @@ /* * Platforms (like AIX) where sizeof(unsigned short) != sizeof(mode_t) - * need the (unsigned short) cast here. + * need the (unsigned short) cast here. */ filemode = (unsigned short)sb.st_mode; @@ -184,7 +189,7 @@ uint_16 frdev = (rpmfiFRdev(fi) & 0xffff); if (st_rdev != frdev) *res |= RPMVERIFY_RDEV; - } + } } if (flags & RPMVERIFY_MTIME) { @@ -301,7 +306,7 @@ ec = rc; } } else if (verifyResult || rpmIsVerbose()) { - const char * size, * MD5, * link, * mtime, * mode; + const char * size, * digest, * link, * mtime, * mode; const char * group, * user, * rdev; /*@observer@*/ static const char *const aok = "."; /*@observer@*/ static const char *const unknown = "?"; @@ -317,7 +322,7 @@ ((verifyResult & RPMVERIFY_READFAIL) ? unknown : \ (verifyResult & _RPMVERIFY_F) ? _C : aok) - MD5 = _verifyfile(RPMVERIFY_MD5, "5"); + digest = _verifyfile(RPMVERIFY_FDIGEST, "5"); size = _verify(RPMVERIFY_FILESIZE, "S"); link = _verifylink(RPMVERIFY_LINKTO, "L"); mtime = _verify(RPMVERIFY_MTIME, "T"); @@ -331,7 +336,7 @@ #undef _verify sprintf(te, "%s%s%s%s%s%s%s%s %c %s", - size, mode, MD5, rdev, link, user, group, mtime, + size, mode, digest, rdev, link, user, group, mtime, ((fileAttrs & RPMFILE_CONFIG) ? 'c' : (fileAttrs & RPMFILE_DOC) ? 'd' : (fileAttrs & RPMFILE_GHOST) ? 'g' : --- rpm-4.4.2/lib/rpmfi.c.digests 2005-02-10 03:30:28.000000000 -0500 +++ rpm-4.4.2/lib/rpmfi.c 2006-07-05 14:18:15.000000000 -0400 @@ -203,17 +203,36 @@ return fstate; } +const unsigned char * rpmfiDigest(rpmfi fi, int * algop, size_t * lenp) +{ + unsigned char * digest = NULL; + + if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ + if (fi->digests != NULL) { + digest = fi->digests + (fi->digestlen * fi->i); + if (algop != NULL) + *algop = (fi->fdigestalgos + ? fi->fdigestalgos[fi->i] : fi->digestalgo); + if (lenp != NULL) + *lenp = fi->digestlen; + } +/*@=boundsread@*/ + } + return digest; +} + const unsigned char * rpmfiMD5(rpmfi fi) { - unsigned char * MD5 = NULL; + unsigned char * digest = NULL; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { /*@-boundsread@*/ - if (fi->md5s != NULL) - MD5 = fi->md5s + (16 * fi->i); + if (fi->digests != NULL) + digest = fi->digests + (fi->digestlen * fi->i); /*@=boundsread@*/ } - return MD5; + return digest; } const char * rpmfiFLink(rpmfi fi) @@ -530,12 +549,19 @@ if (blink == NULL) return -1; return strcmp(alink, blink); } else if (awhat == REG) { - const unsigned char * amd5 = rpmfiMD5(afi); - const unsigned char * bmd5 = rpmfiMD5(bfi); - if (amd5 == bmd5) return 0; - if (amd5 == NULL) return 1; - if (bmd5 == NULL) return -1; - return memcmp(amd5, bmd5, 16); + int aalgo = 0; + size_t alen = 0; + const unsigned char * adigest = rpmfiDigest(afi, &aalgo, &alen); + int balgo = 0; + size_t blen = 0; + const unsigned char * bdigest = rpmfiDigest(bfi, &balgo, &blen); + /* XXX W2DO? changing file digest algo may break rpmfiCompare. */ + if (!(aalgo == balgo && alen == blen)) + return -1; + if (adigest == bdigest) return 0; + if (adigest == NULL) return 1; + if (bdigest == NULL) return -1; + return memcmp(adigest, bdigest, alen); } return 0; @@ -592,17 +618,23 @@ */ memset(buffer, 0, sizeof(buffer)); if (dbWhat == REG) { - const unsigned char * omd5, * nmd5; - /* XXX avoid md5 on sparse /var/log/lastlog file. */ + int oalgo = 0; + size_t olen = 0; + const unsigned char * odigest; + int nalgo = 0; + size_t nlen = 0; + const unsigned char * ndigest; + odigest = rpmfiDigest(ofi, &oalgo, &olen); + /* XXX avoid digest on sparse /var/log/lastlog file. */ if (strcmp(fn, "/var/log/lastlog")) - if (domd5(fn, buffer, 0, NULL)) + if (dodigest(oalgo, fn, buffer, 0, NULL)) return FA_CREATE; /* assume file has been removed */ - omd5 = rpmfiMD5(ofi); - if (omd5 && !memcmp(omd5, buffer, 16)) + if (odigest && !memcmp(odigest, buffer, olen)) return FA_CREATE; /* unmodified config file, replace. */ - nmd5 = rpmfiMD5(nfi); + ndigest = rpmfiDigest(nfi, &nalgo, &nlen); /*@-nullpass@*/ - if (omd5 && nmd5 && !memcmp(omd5, nmd5, 16)) + if (odigest && ndigest && oalgo == nalgo && olen == nlen + && !memcmp(odigest, ndigest, nlen)) return FA_SKIP; /* identical file, don't bother. */ /*@=nullpass@*/ } else /* dbWhat == LINK */ { @@ -1123,8 +1155,8 @@ fi->flinks = hfd(fi->flinks, -1); fi->flangs = hfd(fi->flangs, -1); - fi->fmd5s = hfd(fi->fmd5s, -1); - fi->md5s = _free(fi->md5s); + fi->fdigests = hfd(fi->fdigests, -1); + fi->digests = _free(fi->digests); fi->cdict = hfd(fi->cdict, -1); @@ -1306,27 +1338,53 @@ xx = hge(h, RPMTAG_FILELINKTOS, NULL, (void **) &fi->flinks, NULL); xx = hge(h, RPMTAG_FILELANGS, NULL, (void **) &fi->flangs, NULL); - fi->fmd5s = NULL; - xx = hge(h, RPMTAG_FILEMD5S, NULL, (void **) &fi->fmd5s, NULL); - - fi->md5s = NULL; - if (fi->fmd5s) { - t = xmalloc(fi->fc * 16); - fi->md5s = t; + fi->digestalgo = PGPHASHALGO_MD5; + fi->digestlen = 16; + fi->fdigestalgos = NULL; + xx = hge(h, RPMTAG_FILEDIGESTALGOS, NULL, (void **) &fi->fdigestalgos, NULL); + if (fi->fdigestalgos) { + int dalgo = 0; + /* XXX Insure that all algorithms are either 0 or constant. */ + for (i = 0; i < fi->fc; i++) { + if (fi->fdigestalgos[i] == 0) + continue; + if (dalgo == 0) + dalgo = fi->fdigestalgos[i]; + else +assert(dalgo == fi->fdigestalgos[i]); + } + fi->digestalgo = dalgo; + switch (dalgo) { + case PGPHASHALGO_MD5: fi->digestlen = 128/8; break; + case PGPHASHALGO_SHA1: fi->digestlen = 160/8; break; + case PGPHASHALGO_SHA256: fi->digestlen = 256/8; break; + case PGPHASHALGO_SHA384: fi->digestlen = 384/8; break; + case PGPHASHALGO_SHA512: fi->digestlen = 512/8; break; + } + fi->fdigestalgos = NULL; + } + + fi->fdigests = NULL; + xx = hge(h, RPMTAG_FILEDIGESTS, NULL, (void **) &fi->fdigests, NULL); + + fi->digests = NULL; + if (fi->fdigests) { + t = xmalloc(fi->fc * fi->digestlen); + fi->digests = t; for (i = 0; i < fi->fc; i++) { - const char * fmd5; + const char * fdigests; int j; - fmd5 = fi->fmd5s[i]; - if (!(fmd5 && *fmd5 != '\0')) { - memset(t, 0, 16); - t += 16; + fdigests = fi->fdigests[i]; + if (!(fdigests && *fdigests != '\0')) { + memset(t, 0, fi->digestlen); + t += fi->digestlen; continue; } - for (j = 0; j < 16; j++, t++, fmd5 += 2) - *t = (nibble(fmd5[0]) << 4) | nibble(fmd5[1]); + for (j = 0; j < fi->digestlen; j++, t++, fdigests += 2) + *t = (nibble(fdigests[0]) << 4) | nibble(fdigests[1]); } - fi->fmd5s = hfd(fi->fmd5s, -1); + fi->fdigests = hfd(fi->fdigests, -1); } /* XXX TR_REMOVED doesn;t need fmtimes, frdevs, finodes, or fcontexts */ @@ -1401,7 +1459,7 @@ /* XXX DYING */ if (fi->actions == NULL) fi->actions = xcalloc(fi->fc, sizeof(*fi->actions)); - /*@-compdef@*/ /* FIX: fi-md5s undefined */ + /*@-compdef@*/ /* FIX: fi->digests undefined */ foo = relocateFileList(ts, fi, h, fi->actions); /*@=compdef@*/ fi->h = headerFree(fi->h); --- rpm-4.4.2/lib/rpmcli.h.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/lib/rpmcli.h 2006-07-05 14:18:15.000000000 -0400 @@ -83,7 +83,7 @@ */ #define RPMCLI_POPT_NODEPS -1025 #define RPMCLI_POPT_FORCE -1026 -#define RPMCLI_POPT_NOMD5 -1027 +#define RPMCLI_POPT_NOFDIGESTS -1027 #define RPMCLI_POPT_NOSCRIPTS -1028 #define RPMCLI_POPT_NOSIGNATURE -1029 #define RPMCLI_POPT_NODIGEST -1030 @@ -111,7 +111,7 @@ RPMQV_SPECFILE, /*!< ... from spec file parse (query only). */ RPMQV_PKGID, /*!< ... from package id (header+payload MD5). */ RPMQV_HDRID, /*!< ... from header id (immutable header SHA1). */ - RPMQV_FILEID, /*!< ... from file id (file MD5). */ + RPMQV_FILEID, /*!< ... from file id (file digest, usually MD5). */ RPMQV_TID, /*!< ... from install transaction id (time stamp). */ RPMQV_HDLIST, /*!< ... from system hdlist. */ RPMQV_FTSWALK /*!< ... from fts(3) walk. */ @@ -122,7 +122,7 @@ */ typedef enum rpmVerifyAttrs_e { RPMVERIFY_NONE = 0, /*!< */ - RPMVERIFY_MD5 = (1 << 0), /*!< from %verify(md5) */ + RPMVERIFY_FDIGEST = (1 << 0), /*!< from %verify(digest) */ RPMVERIFY_FILESIZE = (1 << 1), /*!< from %verify(size) */ RPMVERIFY_LINKTO = (1 << 2), /*!< from %verify(link) */ RPMVERIFY_USER = (1 << 3), /*!< from %verify(user) */ @@ -139,6 +139,7 @@ RPMVERIFY_LSTATFAIL = (1 << 30), /*!< lstat failed */ RPMVERIFY_LGETFILECONFAIL = (1 << 31) /*!< lgetfilecon failed */ } rpmVerifyAttrs; +#define RPMVERIFY_MD5 RPMVERIFY_FDIGEST #define RPMVERIFY_ALL ~(RPMVERIFY_NONE) #define RPMVERIFY_FAILURES \ (RPMVERIFY_LSTATFAIL|RPMVERIFY_READFAIL|RPMVERIFY_READLINKFAIL|RPMVERIFY_LGETFILECONFAIL) @@ -150,7 +151,7 @@ typedef enum rpmQueryFlags_e { /*@-enummemuse@*/ QUERY_FOR_DEFAULT = 0, /*!< */ - QUERY_MD5 = (1 << 0), /*!< from --nomd5 */ + QUERY_FDIGEST = (1 << 0), /*!< from --nofdigest */ QUERY_SIZE = (1 << 1), /*!< from --nosize */ QUERY_LINKTO = (1 << 2), /*!< from --nolink */ QUERY_USER = (1 << 3), /*!< from --nouser) */ @@ -193,7 +194,7 @@ /*@-enummemuse@*/ VERIFY_DEFAULT = 0, /*!< */ /*@=enummemuse@*/ - VERIFY_MD5 = (1 << 0), /*!< from --nomd5 */ + VERIFY_FDIGEST = (1 << 0), /*!< from --nofdigest */ VERIFY_SIZE = (1 << 1), /*!< from --nosize */ VERIFY_LINKTO = (1 << 2), /*!< from --nolinkto */ VERIFY_USER = (1 << 3), /*!< from --nouser */ @@ -221,7 +222,7 @@ } rpmVerifyFlags; #define VERIFY_ATTRS \ - ( VERIFY_MD5 | VERIFY_SIZE | VERIFY_LINKTO | VERIFY_USER | VERIFY_GROUP | \ + ( VERIFY_FDIGEST | VERIFY_SIZE | VERIFY_LINKTO | VERIFY_USER | VERIFY_GROUP | \ VERIFY_MTIME | VERIFY_MODE | VERIFY_RDEV | VERIFY_CONTEXTS ) #define VERIFY_ALL \ ( VERIFY_ATTRS | VERIFY_FILES | VERIFY_DEPS | VERIFY_SCRIPT | VERIFY_DIGEST |\ @@ -404,7 +405,7 @@ fileSystem, internalState @*/; /** \ingroup rpmcli - * Verify file attributes (including MD5 sum). + * Verify file attributes (including file digest). * @todo gnorpm and python bindings prevent this from being static. * @param ts transaction set * @param fi file info (with linked header and current file index) --- rpm-4.4.2/lib/fsm.h.digests 2003-12-25 18:00:45.000000000 -0500 +++ rpm-4.4.2/lib/fsm.h 2006-07-05 14:18:15.000000000 -0400 @@ -181,14 +181,16 @@ int rc; /*!< External file stage return code. */ int commit; /*!< Commit synchronously? */ cpioMapFlags mapFlags; /*!< Bit(s) to control mapping. */ + int fdigestalgo; /*!< Digest algorithm (~= PGPHASHALGO_MD5) */ + int digestlen; /*!< No. of bytes in binary digest (~= 16) */ /*@shared@*/ /*@relnull@*/ const char * dirName; /*!< File directory name. */ /*@shared@*/ /*@relnull@*/ const char * baseName; /*!< File base name. */ /*@shared@*/ /*@relnull@*/ - const char * fmd5sum; /*!< Hex MD5 sum (NULL disables). */ + const char * fdigest; /*!< Hex digest (usually MD5, NULL disables). */ /*@shared@*/ /*@relnull@*/ - const char * md5sum; /*!< Binary MD5 sum (NULL disables). */ + const char * digest; /*!< Bin digest (usually MD5, NULL disables). */ /*@dependent@*/ /*@observer@*/ /*@null@*/ const char * fcontext; /*!< File security context (NULL disables). */ --- rpm-4.4.2/lib/poptQV.c.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/lib/poptQV.c 2006-07-05 14:18:15.000000000 -0400 @@ -222,8 +222,8 @@ qva->qva_flags |= VERIFY_DEPS; break; - case RPMCLI_POPT_NOMD5: - qva->qva_flags |= VERIFY_MD5; + case RPMCLI_POPT_NOFDIGESTS: + qva->qva_flags |= VERIFY_FDIGEST; break; case RPMCLI_POPT_NOCONTEXTS: @@ -315,11 +315,13 @@ /* Duplicate file verify flags from packages into command line options. */ /** @todo Add --nomd5 alias to rpmpopt, eliminate. */ #ifdef DYING - { "nomd5", '\0', POPT_BIT_SET, &rpmQVKArgs.qva_flags, VERIFY_MD5, - N_("don't verify MD5 digest of files"), NULL }, + { "nomd5", '\0', POPT_BIT_SET, &rpmQVKArgs.qva_flags, VERIFY_FDIGEST, + N_("don't verify file digests"), NULL }, #else - { "nomd5", '\0', 0, NULL, RPMCLI_POPT_NOMD5, - N_("don't verify MD5 digest of files"), NULL }, + { "nomd5", '\0', POPT_ARGFLAG_DOC_HIDDEN, NULL, RPMCLI_POPT_NOFDIGESTS, + N_("don't verify file digests"), NULL }, + { "nofdigests", '\0', 0, NULL, RPMCLI_POPT_NOFDIGESTS, + N_("don't verify file digests"), NULL }, #endif { "nosize", '\0', POPT_BIT_SET|POPT_ARGFLAG_DOC_HIDDEN, &rpmQVKArgs.qva_flags, VERIFY_SIZE, --- rpm-4.4.2/lib/psm.c.digests 2005-07-13 07:13:34.000000000 -0400 +++ rpm-4.4.2/lib/psm.c 2006-07-05 14:18:15.000000000 -0400 @@ -321,9 +321,6 @@ *cookie = xstrdup(*cookie); } - /* XXX FIXME: can't do endian neutral MD5 verification yet. */ -/*@i@*/ fi->fmd5s = hfd(fi->fmd5s, -1); - /* XXX FIXME: don't do per-file mapping, force global flags. */ fi->fmapflags = _free(fi->fmapflags); fi->mapflags = CPIO_MAP_PATH | CPIO_MAP_MODE | CPIO_MAP_UID | CPIO_MAP_GID; --- rpm-4.4.2/lib/rpmlib.h.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/lib/rpmlib.h 2006-07-05 14:34:53.000000000 -0400 @@ -304,7 +304,8 @@ RPMTAG_FILEGIDS = 1032, /*!< internal */ RPMTAG_FILERDEVS = 1033, /* h */ RPMTAG_FILEMTIMES = 1034, /* i */ - RPMTAG_FILEMD5S = 1035, /* s[] */ + RPMTAG_FILEDIGESTS = 1035, /* s[] */ +#define RPMTAG_FILEMD5S RPMTAG_FILEDIGESTS /* s[] */ RPMTAG_FILELINKTOS = 1036, /* s[] */ RPMTAG_FILEFLAGS = 1037, /* i */ /*@-enummemuse@*/ @@ -447,6 +448,8 @@ RPMTAG_PRIORITY = 1162, /* i extension placeholder */ RPMTAG_CVSID = 1163, /* s */ #define RPMTAG_SVNID RPMTAG_CVSID /* s */ + RPMTAG_FILEDIGESTALGOS = 1177, /*!< i[] */ + /*@-enummemuse@*/ RPMTAG_FIRSTFREE_TAG /*!< internal */ @@ -997,7 +1000,7 @@ RPMTRANS_FLAG_APPLYONLY = (1 << 25), RPMTRANS_FLAG_ANACONDA = (1 << 26), /*!< from --anaconda */ - RPMTRANS_FLAG_NOMD5 = (1 << 27), /*!< from --nomd5 */ + RPMTRANS_FLAG_NOFDIGESTS = (1 << 27), /*!< from --nomd5 */ RPMTRANS_FLAG_NOSUGGEST = (1 << 28), /*!< from --nosuggest */ RPMTRANS_FLAG_ADDINDEPS = (1 << 29), /*!< from --aid */ RPMTRANS_FLAG_NOCONFIGS = (1 << 30), /*!< from --noconfigs */ --- rpm-4.4.2/lib/query.c.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/lib/query.c 2006-07-05 14:18:15.000000000 -0400 @@ -528,7 +528,7 @@ for (i = 0, t = MD5, s = arg; i < 16; i++, t++, s += 2) *t = (nibble(s[0]) << 4) | nibble(s[1]); - qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_FILEMD5S, MD5, sizeof(MD5)); + qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_FILEDIGESTS, MD5, sizeof(MD5)); if (qva->qva_mi == NULL) { rpmError(RPMERR_QUERYINFO, _("no package matches %s: %s\n"), "fileid", arg); --- rpm-4.4.2/lib/transaction.c.digests 2006-07-05 14:18:15.000000000 -0400 +++ rpm-4.4.2/lib/transaction.c 2006-07-05 14:18:15.000000000 -0400 @@ -27,7 +27,7 @@ #include "cpio.h" #include "fprint.h" -#include "legacy.h" /* XXX domd5 */ +#include "legacy.h" /* XXX dodigest */ #include "misc.h" /* XXX stripTrailingChar, splitString, currentDirectory */ #include "debug.h" @@ -641,14 +641,21 @@ } /* Here is a pre-existing modified config file that needs saving. */ - /* XXX avoid md5 on sparse /var/log/lastlog file. */ + /* XXX avoid digest on sparse /var/log/lastlog file. */ if (strcmp(fn, "/var/log/lastlog")) - { char md5sum[50]; - const unsigned char * MD5 = rpmfiMD5(fi); - if (!domd5(fn, md5sum, 0, NULL) && memcmp(MD5, md5sum, 16)) { - fi->actions[i] = FA_BACKUP; + { int dalgo = 0; + size_t dlen = 0; + const unsigned char * digest = rpmfiDigest(fi, &dalgo, &dlen); + unsigned char * fdigest; +assert(digest != NULL); + fdigest = xcalloc(1, dlen); + if (!dodigest(dalgo, fn, fdigest, 0, NULL)) { + if (memcmp(digest, fdigest, dlen)) + fi->actions[i] = FA_BACKUP; + fdigest = _free(fdigest); /*@switchbreak@*/ break; } + fdigest = _free(fdigest); } fi->actions[i] = FA_ERASE; /*@switchbreak@*/ break; --- rpm-4.4.2/rpmio/tdigest.c.digests 2003-03-28 17:47:18.000000000 -0500 +++ rpm-4.4.2/rpmio/tdigest.c 2006-07-05 14:18:15.000000000 -0400 @@ -18,6 +18,9 @@ static struct poptOption optionsTable[] = { { "md5", '\0', POPT_ARG_VAL, &hashalgo, PGPHASHALGO_MD5, NULL, NULL }, { "sha1",'\0', POPT_ARG_VAL, &hashalgo, PGPHASHALGO_SHA1, NULL, NULL }, + { "sha256",'\0', POPT_ARG_VAL, &hashalgo, PGPHASHALGO_SHA256, NULL, NULL }, + { "sha384",'\0', POPT_ARG_VAL, &hashalgo, PGPHASHALGO_SHA384, NULL, NULL }, + { "sha512",'\0', POPT_ARG_VAL, &hashalgo, PGPHASHALGO_SHA512, NULL, NULL }, #ifdef DYING { "reverse",'\0', POPT_BIT_SET, &flags, RPMDIGEST_REVERSE, NULL, NULL }, #endif @@ -145,6 +148,7 @@ ssize_t nb; sdigest = NULL; + if (hashalgo == PGPHASHALGO_MD5 || hashalgo == PGPHASHALGO_SHA1) { char *se; FILE * sfp; --- rpm-4.4.2/rpmqv.c.digests 2006-07-05 14:35:11.000000000 -0400 +++ rpm-4.4.2/rpmqv.c 2006-07-05 14:36:10.000000000 -0400 @@ -742,7 +742,7 @@ if (!poptPeekArg(optCon)) { if (ia->rbtid == 0) argerror(_("no packages given for erase")); -ia->transFlags |= RPMTRANS_FLAG_NOMD5; +ia->transFlags |= RPMTRANS_FLAG_NOFDIGESTS; ia->probFilter |= RPMPROB_FILTER_OLDPACKAGE; ec += rpmRollback(ts, ia, NULL); } else { @@ -782,7 +782,7 @@ if (!poptPeekArg(optCon)) { if (ia->rbtid == 0) argerror(_("no packages given for install")); -ia->transFlags |= RPMTRANS_FLAG_NOMD5; +ia->transFlags |= RPMTRANS_FLAG_NOFDIGESTS; ia->probFilter |= RPMPROB_FILTER_OLDPACKAGE; /*@i@*/ ec += rpmRollback(ts, ia, NULL); } else { @@ -821,7 +821,7 @@ #ifdef IAM_RPMK case MODE_CHECKSIG: { rpmVerifyFlags verifyFlags = - (VERIFY_MD5|VERIFY_DIGEST|VERIFY_SIGNATURE); + (VERIFY_FDIGEST|VERIFY_HDRCHK|VERIFY_DIGEST|VERIFY_SIGNATURE); verifyFlags &= ~ka->qva_flags; ka->qva_flags = (rpmQueryFlags) verifyFlags; --- rpm-4.4.2/python/rpmmodule.c.digests 2005-03-07 07:35:04.000000000 -0500 +++ rpm-4.4.2/python/rpmmodule.c 2006-07-05 14:18:15.000000000 -0400 @@ -376,7 +376,7 @@ REGISTER_ENUM(RPMTRANS_FLAG_NOPOSTUN); REGISTER_ENUM(RPMTRANS_FLAG_NOTRIGGERPOSTUN); REGISTER_ENUM(RPMTRANS_FLAG_ANACONDA); - REGISTER_ENUM(RPMTRANS_FLAG_NOMD5); + REGISTER_ENUM(RPMTRANS_FLAG_NOFDIGESTS); REGISTER_ENUM(RPMTRANS_FLAG_NOSUGGEST); REGISTER_ENUM(RPMTRANS_FLAG_ADDINDEPS); REGISTER_ENUM(RPMTRANS_FLAG_NOCONFIGS); --- rpm-4.4.2/python/rpmts-py.c.digests 2005-02-12 22:12:07.000000000 -0500 +++ rpm-4.4.2/python/rpmts-py.c 2006-07-05 14:18:15.000000000 -0400 @@ -635,7 +635,7 @@ memset(ia, 0, sizeof(*ia)); ia->qva_flags = (VERIFY_DIGEST|VERIFY_SIGNATURE|VERIFY_HDRCHK); ia->transFlags |= (INSTALL_UPGRADE|INSTALL_FRESHEN|INSTALL_INSTALL); - ia->transFlags |= RPMTRANS_FLAG_NOMD5; + ia->transFlags |= RPMTRANS_FLAG_NOFDIGESTS; ia->installInterfaceFlags = (INSTALL_UPGRADE|INSTALL_FRESHEN|INSTALL_INSTALL); ia->rbtid = rbtid; ia->relocations = NULL;