diff --git a/configure.ac b/configure.ac index dd4ac04..8bc7a0e 100644 --- a/configure.ac +++ b/configure.ac @@ -120,10 +120,15 @@ AC_ARG_WITH(ldconfig, [set the full path to ldconfig]), [LDCONFIG=$withval], [LDCONFIG=/sbin/ldconfig]) -# Help line for using OpenSSL +# Help line for using OpenSSL (enabled by default) AC_ARG_WITH(openssl, - AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations instead of internal routines]), - [], [with_openssl=check]) + AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations @<:@default=yes@:>@]), + [], [with_openssl=yes]) + +# Help line for using nettle (disabled by default) +AC_ARG_WITH(nettle, + AS_HELP_STRING([--with-nettle], [use nettle crypto implementations @<:@default=no@:>@]), + [], [with_nettle=no]) # Help line for using gpgme AC_ARG_WITH(gpgme, @@ -218,16 +223,51 @@ AC_CHECK_LIB([m], [fabs], , PKG_CHECK_MODULES(LIBARCHIVE, [libarchive >= 2.8.0], , AC_MSG_ERROR([*** libarchive >= 2.8.0 is needed to compile pacman!])) +# Check if exactly one crypto backend is selected +AS_IF([test "x$with_openssl" == "xyes" -a "x$with_nettle" == "xyes"], + [AC_MSG_ERROR([--with-openssl and --with-nettle are mutually exclusive. + Pacman can be compiled with either OpenSSL or nettle support + but not both. Please change one of the flags and retry configure. + ])] +) +AS_IF([test "x$with_openssl" == "xno" -a "x$with_nettle" == "xno"], + [AC_MSG_ERROR([--without-openssl and --without-nettle are mutually exclusive. + Pacman must be compiled with either OpenSSL or nettle support. + Please change one of the flags and retry configure. + ])] +) + # Check for OpenSSL have_openssl=no -if test "x$with_openssl" != "xno"; then +if test "x$with_openssl" == "xyes"; then PKG_CHECK_MODULES(LIBSSL, [libcrypto], - [AC_DEFINE(HAVE_LIBSSL, 1, [Define if libcrypto is available]) have_openssl=yes], have_openssl=no) + [AC_DEFINE(WITH_LIBSSL, 0, [Define whether to use libcrypto]) + HASH_FUNC='openssl dgst -' + HASH_FUNC_PARSE='$${sum\#\#* }' + CRYPTO_BINARY_NAME='openssl' + have_openssl=yes], have_openssl=no) if test "x$have_openssl" = xno -a "x$with_openssl" = xyes; then AC_MSG_ERROR([*** openssl support requested but libraries not found]) fi +else +# Check for nettle +have_nettle=no +if test "x$with_nettle" == "xyes"; then + PKG_CHECK_MODULES(NETTLE, [nettle], + [AC_DEFINE(WITH_LIBSSL, 1, [Define whether to use nettle]) + HASH_FUNC='nettle-hash -a ' + HASH_FUNC_PARSE='$${sum\#\#*:};hash_tmp=$${hash_tmp% *};hash_tmp=$${hash_tmp// /}' + CRYPTO_BINARY_NAME='nettle-hash' + have_nettle=yes], have_nettle=no) + if test "x$have_nettle" = xno -a "x$with_nettle" = xyes; then + AC_MSG_ERROR([*** nettle support requested but libraries not found]) + fi +fi fi -AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"]) + +AC_SUBST(HASH_FUNC) +AC_SUBST(HASH_FUNC_PARSE) +AC_SUBST(CRYPTO_BINARY_NAME) # Check for libcurl have_libcurl=no @@ -539,7 +579,7 @@ ${PACKAGE_NAME}: compiler : ${CC} preprocessor flags : ${CPPFLAGS} compiler flags : ${WARNING_CFLAGS} ${CFLAGS} - library flags : ${LIBS} ${LIBSSL_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS} + library flags : ${LIBS} ${LIBSSL_LIBS} ${NETTLE_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS} linker flags : ${LDFLAGS} Architecture : ${CARCH} @@ -566,6 +606,7 @@ ${PACKAGE_NAME}: Use libcurl : ${have_libcurl} Use GPGME : ${have_gpgme} Use OpenSSL : ${have_openssl} + Use nettle : ${have_nettle} Run make in doc/ dir : ${wantdoc} ${asciidoc} Doxygen support : ${usedoxygen} debug support : ${debug} diff --git a/lib/libalpm/Makefile.am b/lib/libalpm/Makefile.am index 4272ae7..f3e4c34 100644 --- a/lib/libalpm/Makefile.am +++ b/lib/libalpm/Makefile.am @@ -58,12 +58,6 @@ libalpm_la_SOURCES = \ util-common.h util-common.c \ version.c -if !HAVE_LIBSSL -libalpm_la_SOURCES += \ - md5.h md5.c \ - sha2.h sha2.c -endif - libalpm_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_INFO) libalpm_la_CFLAGS = \ @@ -71,13 +65,15 @@ libalpm_la_CFLAGS = \ $(GPGME_CFLAGS) \ $(LIBARCHIVE_CFLAGS) \ $(LIBCURL_CFLAGS) \ - $(LIBSSL_CFLAGS) + $(LIBSSL_CFLAGS) \ + $(NETTLE_CFLAGS) libalpm_la_LIBADD = \ $(LTLIBINTL) \ $(GPGME_LIBS) \ $(LIBARCHIVE_LIBS) \ $(LIBCURL_LIBS) \ - $(LIBSSL_LIBS) + $(LIBSSL_LIBS) \ + $(NETTLE_LIBS) # vim:set noet: diff --git a/lib/libalpm/libalpm.pc.in b/lib/libalpm/libalpm.pc.in index e4be174..e1d74ef 100644 --- a/lib/libalpm/libalpm.pc.in +++ b/lib/libalpm/libalpm.pc.in @@ -9,4 +9,4 @@ URL: http://www.archlinux.org/pacman/ Version: @LIB_VERSION@ Cflags: -I${includedir} @LFS_CFLAGS@ Libs: -L${libdir} -lalpm -Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@ +Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @NETTLE_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@ diff --git a/lib/libalpm/md5.c b/lib/libalpm/md5.c deleted file mode 100644 index 0d5ed9e..0000000 --- a/lib/libalpm/md5.c +++ /dev/null @@ -1,333 +0,0 @@ -/* - * RFC 1321 compliant MD5 implementation - * - * Copyright (C) 2006-2010, Brainspark B.V. - * - * This file is part of PolarSSL (http://www.polarssl.org) - * Lead Maintainer: Paul Bakker - * - * All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -/* - * The MD5 algorithm was designed by Ron Rivest in 1991. - * - * http://www.ietf.org/rfc/rfc1321.txt - */ -/* - * Pacman Notes: - * - * Taken from the PolarSSL project at http://polarssl.org under terms of the - * GPL. This is from version 1.0.0 of the library, and has been modified - * as following, which may be helpful for future updates: - * * remove "polarssl/config.h" include - * * change include from "polarssl/md5.h" to "md5.h" - * * removal of HMAC code - * * removal of SELF_TEST code - * * removal of ipad and opad from the md5_context struct in md5.h - * * increase the size of buffer for performance reasons - * * change 'unsigned long' to uint32_t - */ - -#include -#include - -#include "md5.h" - -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_U32_LE -#define GET_U32_LE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_U32_LE -#define PUT_U32_LE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ -} -#endif - -/* - * MD5 context setup - */ -static void md5_starts( md5_context *ctx ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xEFCDAB89; - ctx->state[2] = 0x98BADCFE; - ctx->state[3] = 0x10325476; -} - -static void md5_process( md5_context *ctx, const unsigned char data[64] ) -{ - uint32_t X[16], A, B, C, D; - - GET_U32_LE( X[ 0], data, 0 ); - GET_U32_LE( X[ 1], data, 4 ); - GET_U32_LE( X[ 2], data, 8 ); - GET_U32_LE( X[ 3], data, 12 ); - GET_U32_LE( X[ 4], data, 16 ); - GET_U32_LE( X[ 5], data, 20 ); - GET_U32_LE( X[ 6], data, 24 ); - GET_U32_LE( X[ 7], data, 28 ); - GET_U32_LE( X[ 8], data, 32 ); - GET_U32_LE( X[ 9], data, 36 ); - GET_U32_LE( X[10], data, 40 ); - GET_U32_LE( X[11], data, 44 ); - GET_U32_LE( X[12], data, 48 ); - GET_U32_LE( X[13], data, 52 ); - GET_U32_LE( X[14], data, 56 ); - GET_U32_LE( X[15], data, 60 ); - -#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) - -#define P(a,b,c,d,k,s,t) \ -{ \ - a += F(b,c,d) + X[k] + t; a = S(a,s) + b; \ -} - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - -#define F(x,y,z) (z ^ (x & (y ^ z))) - - P( A, B, C, D, 0, 7, 0xD76AA478 ); - P( D, A, B, C, 1, 12, 0xE8C7B756 ); - P( C, D, A, B, 2, 17, 0x242070DB ); - P( B, C, D, A, 3, 22, 0xC1BDCEEE ); - P( A, B, C, D, 4, 7, 0xF57C0FAF ); - P( D, A, B, C, 5, 12, 0x4787C62A ); - P( C, D, A, B, 6, 17, 0xA8304613 ); - P( B, C, D, A, 7, 22, 0xFD469501 ); - P( A, B, C, D, 8, 7, 0x698098D8 ); - P( D, A, B, C, 9, 12, 0x8B44F7AF ); - P( C, D, A, B, 10, 17, 0xFFFF5BB1 ); - P( B, C, D, A, 11, 22, 0x895CD7BE ); - P( A, B, C, D, 12, 7, 0x6B901122 ); - P( D, A, B, C, 13, 12, 0xFD987193 ); - P( C, D, A, B, 14, 17, 0xA679438E ); - P( B, C, D, A, 15, 22, 0x49B40821 ); - -#undef F - -#define F(x,y,z) (y ^ (z & (x ^ y))) - - P( A, B, C, D, 1, 5, 0xF61E2562 ); - P( D, A, B, C, 6, 9, 0xC040B340 ); - P( C, D, A, B, 11, 14, 0x265E5A51 ); - P( B, C, D, A, 0, 20, 0xE9B6C7AA ); - P( A, B, C, D, 5, 5, 0xD62F105D ); - P( D, A, B, C, 10, 9, 0x02441453 ); - P( C, D, A, B, 15, 14, 0xD8A1E681 ); - P( B, C, D, A, 4, 20, 0xE7D3FBC8 ); - P( A, B, C, D, 9, 5, 0x21E1CDE6 ); - P( D, A, B, C, 14, 9, 0xC33707D6 ); - P( C, D, A, B, 3, 14, 0xF4D50D87 ); - P( B, C, D, A, 8, 20, 0x455A14ED ); - P( A, B, C, D, 13, 5, 0xA9E3E905 ); - P( D, A, B, C, 2, 9, 0xFCEFA3F8 ); - P( C, D, A, B, 7, 14, 0x676F02D9 ); - P( B, C, D, A, 12, 20, 0x8D2A4C8A ); - -#undef F - -#define F(x,y,z) (x ^ y ^ z) - - P( A, B, C, D, 5, 4, 0xFFFA3942 ); - P( D, A, B, C, 8, 11, 0x8771F681 ); - P( C, D, A, B, 11, 16, 0x6D9D6122 ); - P( B, C, D, A, 14, 23, 0xFDE5380C ); - P( A, B, C, D, 1, 4, 0xA4BEEA44 ); - P( D, A, B, C, 4, 11, 0x4BDECFA9 ); - P( C, D, A, B, 7, 16, 0xF6BB4B60 ); - P( B, C, D, A, 10, 23, 0xBEBFBC70 ); - P( A, B, C, D, 13, 4, 0x289B7EC6 ); - P( D, A, B, C, 0, 11, 0xEAA127FA ); - P( C, D, A, B, 3, 16, 0xD4EF3085 ); - P( B, C, D, A, 6, 23, 0x04881D05 ); - P( A, B, C, D, 9, 4, 0xD9D4D039 ); - P( D, A, B, C, 12, 11, 0xE6DB99E5 ); - P( C, D, A, B, 15, 16, 0x1FA27CF8 ); - P( B, C, D, A, 2, 23, 0xC4AC5665 ); - -#undef F - -#define F(x,y,z) (y ^ (x | ~z)) - - P( A, B, C, D, 0, 6, 0xF4292244 ); - P( D, A, B, C, 7, 10, 0x432AFF97 ); - P( C, D, A, B, 14, 15, 0xAB9423A7 ); - P( B, C, D, A, 5, 21, 0xFC93A039 ); - P( A, B, C, D, 12, 6, 0x655B59C3 ); - P( D, A, B, C, 3, 10, 0x8F0CCC92 ); - P( C, D, A, B, 10, 15, 0xFFEFF47D ); - P( B, C, D, A, 1, 21, 0x85845DD1 ); - P( A, B, C, D, 8, 6, 0x6FA87E4F ); - P( D, A, B, C, 15, 10, 0xFE2CE6E0 ); - P( C, D, A, B, 6, 15, 0xA3014314 ); - P( B, C, D, A, 13, 21, 0x4E0811A1 ); - P( A, B, C, D, 4, 6, 0xF7537E82 ); - P( D, A, B, C, 11, 10, 0xBD3AF235 ); - P( C, D, A, B, 2, 15, 0x2AD7D2BB ); - P( B, C, D, A, 9, 21, 0xEB86D391 ); - -#undef F - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; -} - -/* - * MD5 process buffer - */ -static void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen ) -{ - size_t fill; - uint32_t left; - - if( ilen <= 0 ) - return; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); - md5_process( ctx, ctx->buffer ); - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - md5_process( ctx, input ); - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); - } -} - -static const unsigned char md5_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * MD5 final digest - */ -static void md5_finish( md5_context *ctx, unsigned char output[16] ) -{ - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_U32_LE( low, msglen, 0 ); - PUT_U32_LE( high, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - md5_update( ctx, (unsigned char *) md5_padding, padn ); - md5_update( ctx, msglen, 8 ); - - PUT_U32_LE( ctx->state[0], output, 0 ); - PUT_U32_LE( ctx->state[1], output, 4 ); - PUT_U32_LE( ctx->state[2], output, 8 ); - PUT_U32_LE( ctx->state[3], output, 12 ); -} - -/* - * output = MD5( input buffer ) - */ -void md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) -{ - md5_context ctx; - - md5_starts( &ctx ); - md5_update( &ctx, input, ilen ); - md5_finish( &ctx, output ); - - memset( &ctx, 0, sizeof( md5_context ) ); -} - -/* - * output = MD5( file contents ) - */ -int md5_file( const char *path, unsigned char output[16] ) -{ - FILE *f; - size_t n; - md5_context ctx; - unsigned char buf[4096]; - - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( 1 ); - - md5_starts( &ctx ); - - while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - md5_update( &ctx, buf, n ); - - md5_finish( &ctx, output ); - - memset( &ctx, 0, sizeof( md5_context ) ); - - if( ferror( f ) != 0 ) - { - fclose( f ); - return( 2 ); - } - - fclose( f ); - return( 0 ); -} diff --git a/lib/libalpm/md5.h b/lib/libalpm/md5.h deleted file mode 100644 index d03013a..0000000 --- a/lib/libalpm/md5.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * RFC 1321 compliant MD5 implementation - * - * Copyright (C) 2006-2010, Brainspark B.V. - * - * This file is part of PolarSSL (http://www.polarssl.org) - * Lead Maintainer: Paul Bakker - * - * All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -#ifndef _MD5_H -#define _MD5_H - -#include - -/** - * \brief MD5 context structure - */ -typedef struct -{ - unsigned long total[2]; /*!< number of bytes processed */ - unsigned long state[4]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ -} -md5_context; - -/** - * \brief Output = MD5( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output MD5 checksum result - */ -void md5( const unsigned char *input, size_t ilen, unsigned char output[16] ); - -/** - * \brief Output = MD5( file contents ) - * - * \param path input file name - * \param output MD5 checksum result - * - * \return 0 if successful, 1 if fopen failed, - * or 2 if fread failed - */ -int md5_file( const char *path, unsigned char output[16] ); - -#endif /* md5.h */ diff --git a/lib/libalpm/sha2.c b/lib/libalpm/sha2.c deleted file mode 100644 index 366dc65..0000000 --- a/lib/libalpm/sha2.c +++ /dev/null @@ -1,370 +0,0 @@ -/* - * FIPS-180-2 compliant SHA-256 implementation - * - * Copyright (C) 2006-2010, Brainspark B.V. - * - * This file is part of PolarSSL (http://www.polarssl.org) - * Lead Maintainer: Paul Bakker - * - * All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -/* - * The SHA-256 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ -/* - * Pacman Notes: - * - * Taken from the PolarSSL project at http://polarssl.org under terms of the - * GPL. This is from version 1.0.0 of the library, and has been modified - * as following, which may be helpful for future updates: - * * remove "polarssl/config.h" include - * * change include from "polarssl/md5.h" to "md5.h" - * * removal of HMAC code - * * removal of SELF_TEST code - * * removal of ipad and opad from the sha2_context struct in sha2.h - * * increase the size of buffer for performance reasons - * * change 'unsigned long' to uint32_t - */ - -#include -#include - -#include "sha2.h" - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_U32_BE -#define GET_U32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_U32_BE -#define PUT_U32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - -/* - * SHA-256 context setup - */ -static void sha2_starts( sha2_context *ctx, int is224 ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is224 == 0 ) - { - /* SHA-256 */ - ctx->state[0] = 0x6A09E667; - ctx->state[1] = 0xBB67AE85; - ctx->state[2] = 0x3C6EF372; - ctx->state[3] = 0xA54FF53A; - ctx->state[4] = 0x510E527F; - ctx->state[5] = 0x9B05688C; - ctx->state[6] = 0x1F83D9AB; - ctx->state[7] = 0x5BE0CD19; - } - else - { - /* SHA-224 */ - ctx->state[0] = 0xC1059ED8; - ctx->state[1] = 0x367CD507; - ctx->state[2] = 0x3070DD17; - ctx->state[3] = 0xF70E5939; - ctx->state[4] = 0xFFC00B31; - ctx->state[5] = 0x68581511; - ctx->state[6] = 0x64F98FA7; - ctx->state[7] = 0xBEFA4FA4; - } - - ctx->is224 = is224; -} - -static void sha2_process( sha2_context *ctx, const unsigned char data[64] ) -{ - uint32_t temp1, temp2, W[64]; - uint32_t A, B, C, D, E, F, G, H; - - GET_U32_BE( W[ 0], data, 0 ); - GET_U32_BE( W[ 1], data, 4 ); - GET_U32_BE( W[ 2], data, 8 ); - GET_U32_BE( W[ 3], data, 12 ); - GET_U32_BE( W[ 4], data, 16 ); - GET_U32_BE( W[ 5], data, 20 ); - GET_U32_BE( W[ 6], data, 24 ); - GET_U32_BE( W[ 7], data, 28 ); - GET_U32_BE( W[ 8], data, 32 ); - GET_U32_BE( W[ 9], data, 36 ); - GET_U32_BE( W[10], data, 40 ); - GET_U32_BE( W[11], data, 44 ); - GET_U32_BE( W[12], data, 48 ); - GET_U32_BE( W[13], data, 52 ); - GET_U32_BE( W[14], data, 56 ); - GET_U32_BE( W[15], data, 60 ); - -#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) -#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) - -#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) -#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) - -#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) -#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) - -#define F0(x,y,z) ((x & y) | (z & (x | y))) -#define F1(x,y,z) (z ^ (x & (y ^ z))) - -#define R(t) \ -( \ - W[t] = S1(W[t - 2]) + W[t - 7] + \ - S0(W[t - 15]) + W[t - 16] \ -) - -#define P(a,b,c,d,e,f,g,h,x,K) \ -{ \ - temp1 = h + S3(e) + F1(e,f,g) + K + x; \ - temp2 = S2(a) + F0(a,b,c); \ - d += temp1; h = temp1 + temp2; \ -} - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - E = ctx->state[4]; - F = ctx->state[5]; - G = ctx->state[6]; - H = ctx->state[7]; - - P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 ); - P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 ); - P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF ); - P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 ); - P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B ); - P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 ); - P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 ); - P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 ); - P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 ); - P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 ); - P( G, H, A, B, C, D, E, F, W[10], 0x243185BE ); - P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 ); - P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 ); - P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE ); - P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 ); - P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 ); - P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 ); - P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 ); - P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 ); - P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC ); - P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F ); - P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA ); - P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC ); - P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA ); - P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 ); - P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D ); - P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 ); - P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 ); - P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 ); - P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 ); - P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 ); - P( B, C, D, E, F, G, H, A, R(31), 0x14292967 ); - P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 ); - P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 ); - P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC ); - P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 ); - P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 ); - P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB ); - P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E ); - P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 ); - P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 ); - P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B ); - P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 ); - P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 ); - P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 ); - P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 ); - P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 ); - P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 ); - P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 ); - P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 ); - P( G, H, A, B, C, D, E, F, R(50), 0x2748774C ); - P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 ); - P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 ); - P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A ); - P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F ); - P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 ); - P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE ); - P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F ); - P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 ); - P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 ); - P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA ); - P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB ); - P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 ); - P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 ); - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; - ctx->state[4] += E; - ctx->state[5] += F; - ctx->state[6] += G; - ctx->state[7] += H; -} - -/* - * SHA-256 process buffer - */ -static void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen ) -{ - size_t fill; - uint32_t left; - - if( ilen <= 0 ) - return; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); - sha2_process( ctx, ctx->buffer ); - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - sha2_process( ctx, input ); - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); - } -} - -static const unsigned char sha2_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-256 final digest - */ -static void sha2_finish( sha2_context *ctx, unsigned char output[32] ) -{ - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_U32_BE( high, msglen, 0 ); - PUT_U32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - sha2_update( ctx, (unsigned char *) sha2_padding, padn ); - sha2_update( ctx, msglen, 8 ); - - PUT_U32_BE( ctx->state[0], output, 0 ); - PUT_U32_BE( ctx->state[1], output, 4 ); - PUT_U32_BE( ctx->state[2], output, 8 ); - PUT_U32_BE( ctx->state[3], output, 12 ); - PUT_U32_BE( ctx->state[4], output, 16 ); - PUT_U32_BE( ctx->state[5], output, 20 ); - PUT_U32_BE( ctx->state[6], output, 24 ); - - if( ctx->is224 == 0 ) - PUT_U32_BE( ctx->state[7], output, 28 ); -} - -/* - * output = SHA-256( input buffer ) - */ -void sha2( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ) -{ - sha2_context ctx; - - sha2_starts( &ctx, is224 ); - sha2_update( &ctx, input, ilen ); - sha2_finish( &ctx, output ); - - memset( &ctx, 0, sizeof( sha2_context ) ); -} - -/* - * output = SHA-256( file contents ) - */ -int sha2_file( const char *path, unsigned char output[32], int is224 ) -{ - FILE *f; - size_t n; - sha2_context ctx; - unsigned char buf[4096]; - - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( 1 ); - - sha2_starts( &ctx, is224 ); - - while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - sha2_update( &ctx, buf, n ); - - sha2_finish( &ctx, output ); - - memset( &ctx, 0, sizeof( sha2_context ) ); - - if( ferror( f ) != 0 ) - { - fclose( f ); - return( 2 ); - } - - fclose( f ); - return( 0 ); -} diff --git a/lib/libalpm/sha2.h b/lib/libalpm/sha2.h deleted file mode 100644 index 887b9c6..0000000 --- a/lib/libalpm/sha2.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * SHA-224 and SHA-256 cryptographic hash function - * - * Copyright (C) 2006-2010, Brainspark B.V. - * - * This file is part of PolarSSL (http://www.polarssl.org) - * Lead Maintainer: Paul Bakker - * - * All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -#ifndef _SHA2_H -#define _SHA2_H - -#include - -/** - * \brief SHA-256 context structure - */ -typedef struct -{ - unsigned long total[2]; /*!< number of bytes processed */ - unsigned long state[8]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ - - int is224; /*!< 0 => SHA-256, else SHA-224 */ -} -sha2_context; - -/** - * \brief Output = SHA-256( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-224/256 checksum result - * \param is224 0 = use SHA256, 1 = use SHA224 - */ -void sha2( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ); - -/** - * \brief Output = SHA-256( file contents ) - * - * \param path input file name - * \param output SHA-224/256 checksum result - * \param is224 0 = use SHA256, 1 = use SHA224 - * - * \return 0 if successful, 1 if fopen failed, - * or 2 if fread failed - */ -int sha2_file( const char *path, unsigned char output[32], int is224 ); - -#endif /* sha2.h */ diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c index 1e55463..4874b50 100644 --- a/lib/libalpm/util.c +++ b/lib/libalpm/util.c @@ -37,12 +37,12 @@ #include #include -#ifdef HAVE_LIBSSL +#if WITH_LIBSSL #include #include -#else -#include "md5.h" -#include "sha2.h" +#else /*WITH_NETTLE*/ +#include +#include #endif /* libalpm */ @@ -859,7 +859,6 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle) return cachedir; } -#ifdef HAVE_LIBSSL /** Compute the MD5 message digest of a file. * @param path file path of file to compute MD5 digest of * @param output string to hold computed MD5 digest @@ -867,7 +866,11 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle) */ static int md5_file(const char *path, unsigned char output[16]) { +#if WITH_LIBSSL MD5_CTX ctx; +#else + struct md5_ctx ctx; +#endif unsigned char *buf; ssize_t n; int fd; @@ -879,14 +882,20 @@ static int md5_file(const char *path, unsigned char output[16]) free(buf); return 1; } - +#if WITH_LIBSSL MD5_Init(&ctx); - +#else + md5_init(&ctx); +#endif while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) { if(n < 0) { continue; } +#if WITH_LIBSSL MD5_Update(&ctx, buf, n); +#else + md5_update(&ctx, n, buf); +#endif } close(fd); @@ -895,8 +904,11 @@ static int md5_file(const char *path, unsigned char output[16]) if(n < 0) { return 2; } - +#if WITH_LIBSSL MD5_Final(output, &ctx); +#else + md5_digest(&ctx, MD5_DIGEST_SIZE, output); +#endif return 0; } @@ -909,7 +921,12 @@ static int md5_file(const char *path, unsigned char output[16]) */ static int sha2_file(const char *path, unsigned char output[32], int is224) { +#if WITH_LIBSSL SHA256_CTX ctx; +#else + struct sha_224_ctx ctx224; + struct sha_256_ctx ctx256; +#endif unsigned char *buf; ssize_t n; int fd; @@ -923,19 +940,30 @@ static int sha2_file(const char *path, unsigned char output[32], int is224) } if(is224) { +#if WITH_LIBSSL SHA224_Init(&ctx); } else { SHA256_Init(&ctx); +#else + sha_224_init(&ctx224); + } else { + sha_256_init(&ctx256); +#endif } - while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) { if(n < 0) { continue; } if(is224) { +#if WITH_LIBSSL SHA224_Update(&ctx, buf, n); } else { SHA256_Update(&ctx, buf, n); +#else + sha_224_update(&ctx224, n, buf); + } else { + sha_256_update(&ctx256, n, buf); +#endif } } @@ -947,13 +975,18 @@ static int sha2_file(const char *path, unsigned char output[32], int is224) } if(is224) { +#if WITH_LIBSSL SHA224_Final(output, &ctx); } else { SHA256_Final(output, &ctx); +#else + sha_224_digest(&ctx224, SHA_224_DIGEST_SIZE, output); + } else { + sha_256_digest(&ctx256, SHA_256_DIGEST_SIZE, output); +#endif } return 0; } -#endif /** Create a string representing bytes in hexadecimal. * @param bytes the bytes to represent in hexadecimal diff --git a/scripts/Makefile.am b/scripts/Makefile.am index e4f9fb1..84d29f3 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -141,6 +141,9 @@ edit = sed \ -e 's|@DUFLAGS[@]|$(DUFLAGS)|g' \ -e 's|@DUPATH[@]|$(DUPATH)|g' \ -e 's|@SCRIPTNAME[@]|$@|g' \ + -e 's|@hash_func[@]|$(HASH_FUNC)|g' \ + -e 's|@hash_func_parse[@]|$(HASH_FUNC_PARSE)|g' \ + -e 's|@crypto_binary[@]|$(CRYPTO_BINARY_NAME)|g' \ -e 's|@configure_input[@]|Generated from $@.sh.in; do not edit by hand.|g' ## All the scripts depend on Makefile so that they are rebuilt when the diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in index 7a56710..67034f2 100644 --- a/scripts/libmakepkg/integrity/generate_checksum.sh.in +++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in @@ -59,8 +59,9 @@ generate_one_checksum() { if [[ $netfile != *.@(sig?(n)|asc) ]]; then local file file="$(get_filepath "$netfile")" || missing_source_file "$netfile" - sum="$(openssl dgst -${integ} "$file")" - sum=${sum##* } + sum="$(@hash_func@${integ} "$file")" + hash_tmp=@hash_func_parse@ + sum=${hash_tmp} else sum="SKIP" fi @@ -80,8 +81,8 @@ generate_one_checksum() { generate_checksums() { msg "$(gettext "Generating checksums for source files...")" - if ! type -p openssl >/dev/null; then - error "$(gettext "Cannot find the %s binary required for generating sourcefile checksums.")" "openssl" + if ! type -p @crypto_binary@ >/dev/null; then + error "$(gettext "Cannot find the %s binary required for generating sourcefile checksums.")" "@crypto_binary@" exit 1 # $E_MISSING_PROGRAM fi diff --git a/scripts/libmakepkg/integrity/verify_checksum.sh.in b/scripts/libmakepkg/integrity/verify_checksum.sh.in index 44a2b2e..c3fc0b9 100644 --- a/scripts/libmakepkg/integrity/verify_checksum.sh.in +++ b/scripts/libmakepkg/integrity/verify_checksum.sh.in @@ -82,8 +82,10 @@ verify_integrity_one() { return 1 fi - local realsum="$(openssl dgst -${integ} "$file")" - realsum="${realsum##* }" + local sum="$(@hash_func@${integ} "$file")" + hash_tmp=@hash_func_parse@ + realsum=${hash_tmp} + if [[ ${expectedsum,,} = "$realsum" ]]; then printf '%s\n' "$(gettext "Passed")" >&2 else diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 7b2ce51..79941ba 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -28,7 +28,7 @@ # makepkg uses quite a few external programs during its execution. You # need to have at least the following installed for makepkg to function: # awk, bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils), -# gettext, gpg, grep, gzip, openssl, sed, tput (ncurses), xz +# gettext, gpg, grep, gzip, openssl or nettle, sed, tput (ncurses), xz # gettext initialization export TEXTDOMAIN='pacman-scripts' @@ -658,8 +658,9 @@ write_buildinfo() { printf "builddir = %s\n" "${BUILDDIR}" - local sum="$(openssl dgst -sha256 "${BUILDFILE}")" - sum=${sum##* } + local sum="$(@hash_func@sha256 "${BUILDFILE}")" + hash_tmp=@hash_func_parse@ + sum=${hash_tmp} printf "pkgbuild_sha256sum = %s\n" $sum @@ -1022,10 +1023,10 @@ check_software() { fi fi - # openssl - checksum operations + # openssl/nettle - checksum operations if (( ! SKIPCHECKSUMS )); then - if ! type -p openssl >/dev/null; then - error "$(gettext "Cannot find the %s binary required for validating source file checksums.")" "openssl" + if ! type -p @crypto_binary@ >/dev/null; then + error "$(gettext "Cannot find the %s binary required for validating source file checksums.")" "@crypto_binary@" ret=1 fi fi diff --git a/scripts/pacman-optimize.sh.in b/scripts/pacman-optimize.sh.in index f5ad924..c17f8d8 100644 --- a/scripts/pacman-optimize.sh.in +++ b/scripts/pacman-optimize.sh.in @@ -97,8 +97,8 @@ if [[ -n $1 ]]; then dbroot="$1" fi -if ! type -p openssl >/dev/null; then - die "$(gettext "Cannot find the %s binary required for verifying integrity.")" "openssl" +if ! type -p @crypto_binary@ >/dev/null; then + die "$(gettext "Cannot find the %s binary required for verifying integrity.")" "@crypto_binary@" fi if [[ ! -d $dbroot || ! -d $dbroot/local ]]; then @@ -127,7 +127,7 @@ workdir=$(mktemp -d "${TMPDIR:-/tmp}/pacman-optimize.XXXXXXXXXX") || # step 1: sum the old db msg "$(gettext "MD5sum'ing the old database...")" (cd "$localdb" && find . -type f -print0 | \ - xargs -0 openssl dgst -md5 | sort > "$workdir/pacsums.old") + xargs -0 @hash_func@md5 | sort > "$workdir/pacsums.old") # step 2: tar it up msg "$(gettext "Tar'ing up %s...")" "$localdb" @@ -149,12 +149,12 @@ fi msg "$(gettext "Syncing database to disk...")" sync (cd "$localdb.new" && find . -type f -print0 | \ - xargs -0 openssl dgst -md5 | sort > "$workdir/pacsums.new") + xargs -0 @hash_func@md5 | sort > "$workdir/pacsums.new") # step 4: compare the sums msg "$(gettext "Checking integrity...")" -read -ra old_dgst < <(openssl dgst -md5 < "$workdir/pacsums.old") -read -ra new_dgst < <(openssl dgst -md5 < "$workdir/pacsums.new") +read -ra old_dgst < <(@hash_func@md5 < "$workdir/pacsums.old") +read -ra new_dgst < <(@hash_func@md5 < "$workdir/pacsums.new") if [[ ${old_dgst[@]:(-1)} != ${new_dgst[@]:(-1)} ]]; then # failed # leave our pacman-optimize tmpdir for checking to see what doesn't match up diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index d62f9c4..005babe 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -151,8 +151,9 @@ db_write_delta() { echo -e "%DELTAS%" >"$deltas" fi # get md5sum and compressed size of package - md5sum=$(openssl dgst -md5 "$deltafile") - md5sum=${md5sum##* } + sum=$(@hash_func@md5 "$deltafile") + hash_tmp=@hash_func_parse@ + md5sum=${hash_tmp} csize=$(@SIZECMD@ -L "$deltafile") oldfile=$(xdelta3 printhdr "$deltafile" | grep "XDELTA filename (source)" | sed 's/.*: *//') @@ -374,17 +375,19 @@ db_write_entry() { return 1 fi msg2 "$(gettext "Adding package signature...")" - pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n') + pgpsig=$(base64 "$pkgfile.sig" | tr -d '\n') fi csize=$(@SIZECMD@ -L "$pkgfile") # compute checksums msg2 "$(gettext "Computing checksums...")" - md5sum=$(openssl dgst -md5 "$pkgfile") - md5sum=${md5sum##* } - sha256sum=$(openssl dgst -sha256 "$pkgfile") - sha256sum=${sha256sum##* } + sum=$(@hash_func@md5 "$pkgfile") + hash_tmp=@hash_func_parse@ + md5sum=${hash_tmp} + sum=$(@hash_func@sha256 "$pkgfile") + hash_tmp=@hash_func_parse@ + sha256sum=${hash_tmp} # remove an existing entry if it exists, ignore failures db_remove_entry "$pkgname" @@ -501,7 +504,8 @@ elephant() { "ZL9JFFZeAa0a2+lKjL2anpYfV+0Zx9LJ+/MC8nRayuDlSNy2rfAPibOzsiWHL0jL" \ "SsjFAQAA" ;; - esac | openssl base64 -d | gzip -d + esac | base64 -d | gzip -d + } prepare_repo_db() {