rpm/rpmio/digest.c

/** \ingroup signature
 * \file rpmio/digest.c
 */

#include "system.h"

#include "rpmio/digest.h"

#include "debug.h"

#ifdef	SHA_DEBUG
#define	DPRINTF(_a)	fprintf _a
#else
#define	DPRINTF(_a)
#endif


/**
 * MD5/SHA1 digest private data.
 */
struct DIGEST_CTX_s {
    rpmDigestFlags flags;	/*!< Bit(s) to control digest operation. */
    HASHContext *hashctx;	/*!< Internal NSS hash context. */
    pgpHashAlgo algo;		/*!< Used hash algorithm */
};

DIGEST_CTX
rpmDigestDup(DIGEST_CTX octx)
{
    DIGEST_CTX nctx = NULL;
    if (octx) {
	HASHContext *hctx = HASH_Clone(octx->hashctx);
	if (hctx) {
	    nctx = memcpy(xcalloc(1, sizeof(*nctx)), octx, sizeof(*nctx));
	    nctx->hashctx = hctx;
	}
    }
    return nctx;
}

RPM_GNUC_PURE
static HASH_HashType getHashType(pgpHashAlgo hashalgo)
{
    switch (hashalgo) {
    case PGPHASHALGO_MD5:
	return HASH_AlgMD5;
	break;
    case PGPHASHALGO_MD2:
	return HASH_AlgMD2;
	break;
    case PGPHASHALGO_SHA1:
	return HASH_AlgSHA1;
	break;
    case PGPHASHALGO_SHA256:
	return HASH_AlgSHA256;
	break;
    case PGPHASHALGO_SHA384:
	return HASH_AlgSHA384;
	break;
    case PGPHASHALGO_SHA512:
	return HASH_AlgSHA512;
	break;
    case PGPHASHALGO_RIPEMD160:
    case PGPHASHALGO_TIGER192:
    case PGPHASHALGO_HAVAL_5_160:
    default:
	return HASH_AlgNULL;
	break;
    }
}

size_t
rpmDigestLength(pgpHashAlgo hashalgo)
{
    return HASH_ResultLen(getHashType(hashalgo));
}

DIGEST_CTX
rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
{
    HASH_HashType type = getHashType(hashalgo);
    HASHContext *hashctx = NULL;
    DIGEST_CTX ctx = NULL;

    if (rpmInitCrypto() < 0)
	goto exit;

    type = getHashType(hashalgo);
    if (type == HASH_AlgNULL) {
	goto exit;
    }

    if ((hashctx = HASH_Create(type)) != NULL) {
	ctx = xcalloc(1, sizeof(*ctx));
	ctx->flags = flags;
	ctx->algo = hashalgo;
	ctx->hashctx = hashctx;
    	HASH_Begin(ctx->hashctx);
    }
    
DPRINTF((stderr, "*** Init(%x) ctx %p hashctx %p\n", flags, ctx, ctx->hashctx));
exit:
    return ctx;
}

int
rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len)
{
    size_t partlen;
    const unsigned char *ptr = data;

    if (ctx == NULL)
	return -1;

DPRINTF((stderr, "*** Update(%p,%p,%zd) hashctx %p \"%s\"\n", ctx, data, len, ctx->hashctx, ((char *)data)));
   partlen = ~(unsigned int)0xFF;
   while (len > 0) {
   	if (len < partlen) {
   		partlen = len;
   	}
	HASH_Update(ctx->hashctx, ptr, partlen);
	ptr += partlen;
	len -= partlen;
   }
   return 0;
}

int
rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii)
{
    unsigned char * digest;
    unsigned int digestlen;

    if (ctx == NULL)
	return -1;
    digestlen = HASH_ResultLenContext(ctx->hashctx);
    digest = xmalloc(digestlen);

DPRINTF((stderr, "*** Final(%p,%p,%p,%zd) hashctx %p digest %p\n", ctx, datap, lenp, asAscii, ctx->hashctx, digest));
/* FIX: check rc */
    HASH_End(ctx->hashctx, digest, (unsigned int *) &digestlen, digestlen);

    /* Return final digest. */
    if (!asAscii) {
	if (lenp) *lenp = digestlen;
	if (datap) {
	    *datap = digest;
	    digest = NULL;
	}
    } else {
	if (lenp) *lenp = (2*digestlen) + 1;
	if (datap) {
	    const uint8_t * s = (const uint8_t *) digest;
	    *datap = pgpHexStr(s, digestlen);
	}
    }
    if (digest) {
	memset(digest, 0, digestlen);	/* In case it's sensitive */
	free(digest);
    }
    HASH_Destroy(ctx->hashctx);
    memset(ctx, 0, sizeof(*ctx));	/* In case it's sensitive */
    free(ctx);
    return 0;
}

void fdInitDigest(FD_t fd, pgpHashAlgo hashalgo, int flags)
{
    if (fd->ndigests < FDDIGEST_MAX) {
	fd->digests[fd->ndigests] = rpmDigestInit(hashalgo, flags);
	fd->ndigests++;
	fdstat_enter(fd, FDSTAT_DIGEST);
	fdstat_exit(fd, FDSTAT_DIGEST, (ssize_t) 0);
    }
}

void fdUpdateDigests(FD_t fd, const unsigned char * buf, size_t buflen)
{
    int i;

    if (buf != NULL && buflen > 0)
    for (i = fd->ndigests - 1; i >= 0; i--) {
	DIGEST_CTX ctx = fd->digests[i];
	if (ctx == NULL)
	    continue;
	fdstat_enter(fd, FDSTAT_DIGEST);
	(void) rpmDigestUpdate(ctx, buf, buflen);
	fdstat_exit(fd, FDSTAT_DIGEST, (ssize_t) buflen);
    }
}

void fdFiniDigest(FD_t fd, pgpHashAlgo hashalgo,
		void ** datap,
		size_t * lenp,
		int asAscii)
{
    int imax = -1;
    int i;

    for (i = fd->ndigests - 1; i >= 0; i--) {
	DIGEST_CTX ctx = fd->digests[i];
	if (ctx == NULL)
	    continue;
	if (i > imax) imax = i;
	if (ctx->algo != hashalgo)
	    continue;
	fdstat_enter(fd, FDSTAT_DIGEST);
	(void) rpmDigestFinal(ctx, datap, lenp, asAscii);
	fdstat_exit(fd, FDSTAT_DIGEST, (ssize_t) 0);
	fd->digests[i] = NULL;
	break;
    }
    if (i < 0) {
	if (datap) *datap = NULL;
	if (lenp) *lenp = 0;
    }

    fd->ndigests = imax;
    if (i < imax)
	fd->ndigests++;		/* convert index to count */
}


void fdStealDigest(FD_t fd, pgpDig dig)
{
    int i;
    for (i = fd->ndigests - 1; i >= 0; i--) {
	DIGEST_CTX ctx = fd->digests[i];
        if (ctx == NULL)
	    continue;
        switch (ctx->algo) {
        case PGPHASHALGO_MD5:
assert(dig->md5ctx == NULL);
            dig->md5ctx = ctx;
	    fd->digests[i] = NULL;
            break;
        case PGPHASHALGO_SHA1:
        case PGPHASHALGO_SHA256:
        case PGPHASHALGO_SHA384:
        case PGPHASHALGO_SHA512:
assert(dig->sha1ctx == NULL);
            dig->sha1ctx = ctx;
	    fd->digests[i] = NULL;
            break;
        default:
            break;
        }
    }
}
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`/** \ingroup signature`
			`* \file rpmio/digest.c`
			`*/`

			`#include "system.h"`
Include spring-cleaning - put some consistency into include ordering - everything (apart from bits missed ;) is now ordered like this 1. "system.h" 2. other system includes 3. rpm public headers 4. rpm private headers 5. "debug.h" 2008-01-30 23:05:29 +08:00
Expand private include file names to be relative to $(top_srcdir) 2007-11-23 18:41:29 +08:00			`#include "rpmio/digest.h"`
Include spring-cleaning - put some consistency into include ordering - everything (apart from bits missed ;) is now ordered like this 1. "system.h" 2. other system includes 3. rpm public headers 4. rpm private headers 5. "debug.h" 2008-01-30 23:05:29 +08:00
Sync with rpm-4_0 branch. CVS patchset: 4338 CVS date: 2000/12/12 20:03:45 2000-12-13 04:03:45 +08:00			`#include "debug.h"`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00
- bind beecrypt md5/sha1 underneath rpmio. CVS patchset: 5083 CVS date: 2001/09/26 14:45:50 2001-09-26 22:45:50 +08:00			`#ifdef SHA_DEBUG`
			`#define DPRINTF(_a) fprintf _a`
			`#else`
			`#define DPRINTF(_a)`
			`#endif`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00
- globalize _free(3) wrapper in rpmlib.h, consistent usage throughout. - internalize locale insensitive ctype(3) in rpmio.h - boring lclint annotations and fiddles. CVS patchset: 4721 CVS date: 2001/04/29 01:05:43 2001-04-29 09:05:43 +08:00
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`/**`
			`* MD5/SHA1 digest private data.`
			`*/`
			`struct DIGEST_CTX_s {`
			`rpmDigestFlags flags; /!< Bit(s) to control digest operation. /`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`HASHContext hashctx; /!< Internal NSS hash context. */`
Remember hash algorithm in digest context - alternatively we could reverse map NSS hash types (HASHContext knows its type) but shrug... 2009-03-12 00:07:22 +08:00			`pgpHashAlgo algo; /!< Used hash algorithm /`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`};`

- proof-of-concept GPG/DSA verification for legacy signatures. CVS patchset: 5097 CVS date: 2001/10/05 20:39:50 2001-10-06 04:39:50 +08:00			`DIGEST_CTX`
			`rpmDigestDup(DIGEST_CTX octx)`
			`{`
Proper error handling in rpmDigestDup() - tolerate calling with NULL - avoid allocations in case of failure - return NULL instead of calling exit(), ick 2009-03-16 20:13:00 +08:00			`DIGEST_CTX nctx = NULL;`
			`if (octx) {`
			`HASHContext *hctx = HASH_Clone(octx->hashctx);`
			`if (hctx) {`
			`nctx = memcpy(xcalloc(1, sizeof(nctx)), octx, sizeof(nctx));`
			`nctx->hashctx = hctx;`
			`}`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`}`
- proof-of-concept GPG/DSA verification for legacy signatures. CVS patchset: 5097 CVS date: 2001/10/05 20:39:50 2001-10-06 04:39:50 +08:00			`return nctx;`
			`}`

NSS supports MD2, we might as well handle it too - also getHashType() is a "pure" function, mark it as such 2009-03-12 03:41:57 +08:00			`RPM_GNUC_PURE`
			`static HASH_HashType getHashType(pgpHashAlgo hashalgo)`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`{`
Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`switch (hashalgo) {`
			`case PGPHASHALGO_MD5:`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`return HASH_AlgMD5;`
Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`break;`
NSS supports MD2, we might as well handle it too - also getHashType() is a "pure" function, mark it as such 2009-03-12 03:41:57 +08:00			`case PGPHASHALGO_MD2:`
			`return HASH_AlgMD2;`
			`break;`
Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`case PGPHASHALGO_SHA1:`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`return HASH_AlgSHA1;`
Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`break;`
Add support for sha256/sha384/sha512 (if available.). Update beecrypt version. CVS patchset: 7803 CVS date: 2005/03/13 01:15:37 2005-03-13 09:15:37 +08:00			`case PGPHASHALGO_SHA256:`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`return HASH_AlgSHA256;`
Add support for sha256/sha384/sha512 (if available.). Update beecrypt version. CVS patchset: 7803 CVS date: 2005/03/13 01:15:37 2005-03-13 09:15:37 +08:00			`break;`
			`case PGPHASHALGO_SHA384:`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`return HASH_AlgSHA384;`
Add support for sha256/sha384/sha512 (if available.). Update beecrypt version. CVS patchset: 7803 CVS date: 2005/03/13 01:15:37 2005-03-13 09:15:37 +08:00			`break;`
			`case PGPHASHALGO_SHA512:`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`return HASH_AlgSHA512;`
Add support for sha256/sha384/sha512 (if available.). Update beecrypt version. CVS patchset: 7803 CVS date: 2005/03/13 01:15:37 2005-03-13 09:15:37 +08:00			`break;`
Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`case PGPHASHALGO_RIPEMD160:`
			`case PGPHASHALGO_TIGER192:`
			`case PGPHASHALGO_HAVAL_5_160:`
			`default:`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`return HASH_AlgNULL;`
			`break;`
			`}`
			`}`

			`size_t`
			`rpmDigestLength(pgpHashAlgo hashalgo)`
			`{`
			`return HASH_ResultLen(getHashType(hashalgo));`
			`}`

			`DIGEST_CTX`
			`rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)`
			`{`
Streamline rpmDigestInit() a bit - single point of exit, rearrange to avoid having to free if stuff fails 2009-03-11 23:14:25 +08:00			`HASH_HashType type = getHashType(hashalgo);`
			`HASHContext *hashctx = NULL;`
			`DIGEST_CTX ctx = NULL;`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00
Delay NSS initialization until actually used - since NSS is allergic (ie becomes non-functional) after forking, delay it's initialization until really needed, ie lazy init in rpmDigestInit() - however as NSS init can fail if attempted in completely empty chroot, we force crypto init to happen at transaction set create time, forking past that is pretty much doomed anyway - this is the other half of the fix for rhbz#476737, and similar case noticed by Pixel in Mandriva (due to urpm forking) 2009-01-08 19:17:22 +08:00			`if (rpmInitCrypto() < 0)`
Streamline rpmDigestInit() a bit - single point of exit, rearrange to avoid having to free if stuff fails 2009-03-11 23:14:25 +08:00			`goto exit;`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00
			`type = getHashType(hashalgo);`
			`if (type == HASH_AlgNULL) {`
Streamline rpmDigestInit() a bit - single point of exit, rearrange to avoid having to free if stuff fails 2009-03-11 23:14:25 +08:00			`goto exit;`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`}`

Streamline rpmDigestInit() a bit - single point of exit, rearrange to avoid having to free if stuff fails 2009-03-11 23:14:25 +08:00			`if ((hashctx = HASH_Create(type)) != NULL) {`
			`ctx = xcalloc(1, sizeof(*ctx));`
			`ctx->flags = flags;`
Remember hash algorithm in digest context - alternatively we could reverse map NSS hash types (HASHContext knows its type) but shrug... 2009-03-12 00:07:22 +08:00			`ctx->algo = hashalgo;`
Streamline rpmDigestInit() a bit - single point of exit, rearrange to avoid having to free if stuff fails 2009-03-11 23:14:25 +08:00			`ctx->hashctx = hashctx;`
			`HASH_Begin(ctx->hashctx);`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`}`

			`DPRINTF((stderr, "*** Init(%x) ctx %p hashctx %p\n", flags, ctx, ctx->hashctx));`
Streamline rpmDigestInit() a bit - single point of exit, rearrange to avoid having to free if stuff fails 2009-03-11 23:14:25 +08:00			`exit:`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`return ctx;`
			`}`

Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`int`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len)`
			`{`
More assorted int -> size_t uses 2008-01-02 20:10:25 +08:00			`size_t partlen;`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`const unsigned char *ptr = data;`

Splint clean. CVS patchset: 6729 CVS date: 2003/04/02 21:16:26 2003-04-03 05:16:26 +08:00			`if (ctx == NULL)`
			`return -1;`

More assorted int -> size_t uses 2008-01-02 20:10:25 +08:00			`DPRINTF((stderr, "*** Update(%p,%p,%zd) hashctx %p \"%s\"\n", ctx, data, len, ctx->hashctx, ((char *)data)));`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`partlen = ~(unsigned int)0xFF;`
			`while (len > 0) {`
			`if (len < partlen) {`
More assorted int -> size_t uses 2008-01-02 20:10:25 +08:00			`partlen = len;`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`}`
			`HASH_Update(ctx->hashctx, ptr, partlen);`
			`ptr += partlen;`
			`len -= partlen;`
			`}`
			`return 0;`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`}`

Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`int`
Splint clean. CVS patchset: 6729 CVS date: 2003/04/02 21:16:26 2003-04-03 05:16:26 +08:00			`rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii)`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`{`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`unsigned char * digest;`
NSS uses unsigned int, not size_t for hash lengths - broke ppc64 in entertaining ways... 2008-07-12 22:57:51 +08:00			`unsigned int digestlen;`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00
Splint clean. CVS patchset: 6729 CVS date: 2003/04/02 21:16:26 2003-04-03 05:16:26 +08:00			`if (ctx == NULL)`
			`return -1;`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`digestlen = HASH_ResultLenContext(ctx->hashctx);`
			`digest = xmalloc(digestlen);`
Splint clean. CVS patchset: 6729 CVS date: 2003/04/02 21:16:26 2003-04-03 05:16:26 +08:00
More assorted int -> size_t uses 2008-01-02 20:10:25 +08:00			`DPRINTF((stderr, "*** Final(%p,%p,%p,%zd) hashctx %p digest %p\n", ctx, datap, lenp, asAscii, ctx->hashctx, digest));`
Remove splint tags. 2007-09-11 22:48:54 +08:00			`/* FIX: check rc */`
Gah, nss doesn't use size_t for lengths... 2008-01-02 20:44:58 +08:00			`HASH_End(ctx->hashctx, digest, (unsigned int *) &digestlen, digestlen);`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00
- add sha1 test vectors, verify on ix86/alpha/sparc. - add (but disable for now) rpm-perl subpackage from Perl-RPM. - python: parameterize with PYVER to handle 1.5 and/or 2.1 builds. - add build dependency on zlib-devel (#49575). CVS patchset: 4969 CVS date: 2001/07/21 19:44:22 2001-07-22 03:44:22 +08:00			`/* Return final digest. */`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`if (!asAscii) {`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`if (lenp) *lenp = digestlen;`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`if (datap) {`
- bind beecrypt md5/sha1 underneath rpmio. CVS patchset: 5083 CVS date: 2001/09/26 14:45:50 2001-09-26 22:45:50 +08:00			`*datap = digest;`
			`digest = NULL;`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`}`
			`} else {`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`if (lenp) lenp = (2digestlen) + 1;`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`if (datap) {`
Eliminate type "byte" 2007-11-26 17:42:39 +08:00			`const uint8_t * s = (const uint8_t *) digest;`
Eliminate several copy-paste hex converters, use pgpHexStr() instead 2008-04-07 19:04:00 +08:00			`*datap = pgpHexStr(s, digestlen);`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`}`
			`}`
- bind beecrypt md5/sha1 underneath rpmio. CVS patchset: 5083 CVS date: 2001/09/26 14:45:50 2001-09-26 22:45:50 +08:00			`if (digest) {`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`memset(digest, 0, digestlen); /* In case it's sensitive */`
- bind beecrypt md5/sha1 underneath rpmio. CVS patchset: 5083 CVS date: 2001/09/26 14:45:50 2001-09-26 22:45:50 +08:00			`free(digest);`
			`}`
Use NSS instead of beecrypt for encryption (Tomas Mraz) 2007-11-02 16:02:40 +08:00			`HASH_Destroy(ctx->hashctx);`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`memset(ctx, 0, sizeof(ctx)); / In case it's sensitive */`
			`free(ctx);`
Rewire digests, step 2. CVS patchset: 5122 CVS date: 2001/10/19 01:35:57 2001-10-19 09:35:57 +08:00			`return 0;`
- add support for SHA1 as well as MD5 message digests. lclint annotations. CVS patchset: 4234 CVS date: 2000/10/31 16:18:34 2000-11-01 00:18:34 +08:00			`}`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00
			`void fdInitDigest(FD_t fd, pgpHashAlgo hashalgo, int flags)`
			`{`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`if (fd->ndigests < FDDIGEST_MAX) {`
			`fd->digests[fd->ndigests] = rpmDigestInit(hashalgo, flags);`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`fd->ndigests++;`
			`fdstat_enter(fd, FDSTAT_DIGEST);`
			`fdstat_exit(fd, FDSTAT_DIGEST, (ssize_t) 0);`
			`}`
			`}`

			`void fdUpdateDigests(FD_t fd, const unsigned char * buf, size_t buflen)`
			`{`
			`int i;`

			`if (buf != NULL && buflen > 0)`
			`for (i = fd->ndigests - 1; i >= 0; i--) {`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`DIGEST_CTX ctx = fd->digests[i];`
			`if (ctx == NULL)`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`continue;`
			`fdstat_enter(fd, FDSTAT_DIGEST);`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`(void) rpmDigestUpdate(ctx, buf, buflen);`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`fdstat_exit(fd, FDSTAT_DIGEST, (ssize_t) buflen);`
			`}`
			`}`

			`void fdFiniDigest(FD_t fd, pgpHashAlgo hashalgo,`
			`void ** datap,`
			`size_t * lenp,`
			`int asAscii)`
			`{`
			`int imax = -1;`
			`int i;`

			`for (i = fd->ndigests - 1; i >= 0; i--) {`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`DIGEST_CTX ctx = fd->digests[i];`
			`if (ctx == NULL)`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`continue;`
			`if (i > imax) imax = i;`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`if (ctx->algo != hashalgo)`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`continue;`
			`fdstat_enter(fd, FDSTAT_DIGEST);`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`(void) rpmDigestFinal(ctx, datap, lenp, asAscii);`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`fdstat_exit(fd, FDSTAT_DIGEST, (ssize_t) 0);`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`fd->digests[i] = NULL;`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`break;`
			`}`
			`if (i < 0) {`
			`if (datap) *datap = NULL;`
			`if (lenp) *lenp = 0;`
			`}`

			`fd->ndigests = imax;`
			`if (i < imax)`
			`fd->ndigests++; /* convert index to count */`
			`}`


			`void fdStealDigest(FD_t fd, pgpDig dig)`
			`{`
			`int i;`
			`for (i = fd->ndigests - 1; i >= 0; i--) {`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`DIGEST_CTX ctx = fd->digests[i];`
			`if (ctx == NULL)`
			`continue;`
			`switch (ctx->algo) {`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`case PGPHASHALGO_MD5:`
			`assert(dig->md5ctx == NULL);`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`dig->md5ctx = ctx;`
			`fd->digests[i] = NULL;`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`break;`
			`case PGPHASHALGO_SHA1:`
			`case PGPHASHALGO_SHA256:`
			`case PGPHASHALGO_SHA384:`
			`case PGPHASHALGO_SHA512:`
			`assert(dig->sha1ctx == NULL);`
Eliminate now unnecessary FDDIGEST_t - contexts know their hash algorithm, this is not needed anymore 2009-03-12 00:10:19 +08:00			`dig->sha1ctx = ctx;`
			`fd->digests[i] = NULL;`
Un-inline fd*Digest() - avoid leaking nss + digest internals all over the place 2008-02-27 03:46:38 +08:00			`break;`
			`default:`
			`break;`
			`}`
			`}`
			`}`