Besides the logic being completely wrong to begin with, it wasn't
actually handling the failure to allocate a digest at all. Do that,
and return values according to documentation.
Change the way individual digests within bundles are stored and accessed:
Previously the digest algo number was used directly as the index into
the bundle. Which works, but limits you to a single digest per algo,
and the array is likely to be rather sparse. To address both issues, use
an arbitrary integer ID to address the digests and always add new
digests in the first available slot. And yes the implementation is
a bit simplistic and taking some shortcuts, but so was the previous one.
Abstracting out the actual algorithm allows using eg rpm tag values
as the identifier, and also makes it possible to do multiple digests
of the same type on overlapping ranges. This is entirely backwards
compatible however if you simply use algorithm number also as the id,
so callers *need* to be updated.
- Should've really been in commit 20cfa7d2b4
but at the time NSS didn't even support SHA-224 so it was untestable.
Now that it does, and somebody actually bothered to test...
Fixes RhBug:1066494.
- Not everybody needs/wants the certified monster that NSS is
(along with all its quirks), this leaves room for alternative
compile-time selectable crypto backends. Besides that, we get
a clean functionality separation for the PGP parser and the
cryptography parts.
- The whole crypto abstraction works inspired + somewhat based on
Michael Schroeder's similar patch in Suse, kudos.
- TODO: port beecrypt support from Suse to the new interface.
- While its use would seem kinda obvious here, in rpm context this
information often comes from header tags which are plain integers
and would require conversion/casting to the enum. What matters is
the integral value, not it being actual enum.
- allocate+free digests locally where needed, pass around in separate argument
- use digest bundles to handle rpmVerifySignatures() needs
- kill-kill-kill fdStealDigest(), dup the contexts from bundles as needed
- in various places we need to calculate different digests of the same
data, having them stored in a single container makes managing easier
- can hold as many digest types as we support
- remembers how much input data it has handled
- since NSS is allergic (ie becomes non-functional) after forking, delay
it's initialization until really needed, ie lazy init in rpmDigestInit()
- however as NSS init can fail if attempted in completely empty chroot,
we force crypto init to happen at transaction set create time, forking
past that is pretty much doomed anyway
- this is the other half of the fix for rhbz#476737, and similar case
noticed by Pixel in Mandriva (due to urpm forking)
- put some consistency into include ordering
- everything (apart from bits missed ;) is now ordered like this
1. "system.h"
2. other system includes
3. rpm public headers
4. rpm private headers
5. "debug.h"
Panu Matilainen