From 0633b872e42991b9c6dccee4991060936bac47ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Tue, 9 Jul 2024 17:38:01 +0200 Subject: [PATCH] Use digest functions from OpenSSL Resolves: RHEL-41048 --- ...t-for-computing-hashes-using-OpenSSL.patch | 162 ++++++++++++++++++ libsolv.spec | 7 + 2 files changed, 169 insertions(+) create mode 100644 0001-Add-support-for-computing-hashes-using-OpenSSL.patch diff --git a/0001-Add-support-for-computing-hashes-using-OpenSSL.patch b/0001-Add-support-for-computing-hashes-using-OpenSSL.patch new file mode 100644 index 0000000..b1af556 --- /dev/null +++ b/0001-Add-support-for-computing-hashes-using-OpenSSL.patch @@ -0,0 +1,162 @@ +From 49859c1ad32487de6adb65eedf4b81f021e1b0e8 Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Fri, 25 Oct 2019 14:33:22 +0200 +Subject: [PATCH] Add support for computing hashes using OpenSSL + +It adds WITH_OPENSSL build option. +If it is ON, OpenSSL will be used instead of internal implementation +of computing hashes (MD5, SHA1, SHA224, SHA256, SHA384, SHA512). +--- + CMakeLists.txt | 13 +++++++++++-- + src/CMakeLists.txt | 13 ++++++++++--- + src/chksum.c | 32 ++++++++++++++++++++++++++++++++ + tools/CMakeLists.txt | 2 +- + 4 files changed, 54 insertions(+), 6 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f899c49..23615bd 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -40,6 +40,7 @@ OPTION (ENABLE_ZCHUNK_COMPRESSION "Build with zchunk compression support?" OFF) + OPTION (WITH_SYSTEM_ZCHUNK "Use system zchunk library?" OFF) + OPTION (WITH_LIBXML2 "Build with libxml2 instead of libexpat?" OFF) + OPTION (WITHOUT_COOKIEOPEN "Disable the use of stdio cookie opens?" OFF) ++OPTION (WITH_OPENSSL "Use OpenSSL instead of internal implementation of hashes?" OFF) + + include (GNUInstallDirs) + message (STATUS "Libraries will be installed in ${CMAKE_INSTALL_FULL_LIBDIR}") +@@ -164,6 +165,11 @@ INCLUDE_DIRECTORIES (${EXPAT_INCLUDE_DIRS}) + ENDIF (WITH_LIBXML2 ) + ENDIF (ENABLE_RPMMD OR ENABLE_SUSEREPO OR ENABLE_APPDATA OR ENABLE_COMPS OR ENABLE_HELIXREPO OR ENABLE_MDKREPO) + ++IF (WITH_OPENSSL) ++FIND_PACKAGE (OpenSSL REQUIRED) ++INCLUDE_DIRECTORIES (${OPENSSL_INCLUDE_DIR}) ++ENDIF(WITH_OPENSSL) ++ + IF (ENABLE_ZLIB_COMPRESSION) + FIND_PACKAGE (ZLIB REQUIRED) + INCLUDE_DIRECTORIES (${ZLIB_INCLUDE_DIRS}) +@@ -288,8 +294,8 @@ ENDIF (${CMAKE_MAJOR_VERSION} GREATER 2) + + # should create config.h with #cmakedefine instead... + FOREACH (VAR HAVE_STRCHRNUL HAVE_FOPENCOOKIE HAVE_FUNOPEN WORDS_BIGENDIAN +- HAVE_RPM_DB_H HAVE_RPMDBNEXTITERATORHEADERBLOB HAVE_RPMDBFSTAT +- WITH_LIBXML2 WITHOUT_COOKIEOPEN) ++ HAVE_RPM_DB_H HAVE_PGPDIGGETPARAMS HAVE_RPMDBNEXTITERATORHEADERBLOB HAVE_RPMDBFSTAT ++ WITH_LIBXML2 WITHOUT_COOKIEOPEN WITH_OPENSSL) + IF(${VAR}) + ADD_DEFINITIONS (-D${VAR}=1) + SET (SWIG_FLAGS ${SWIG_FLAGS} -D${VAR}) +@@ -426,6 +432,9 @@ ENDIF (ENABLE_ZSTD_COMPRESSION) + IF (WITH_SYSTEM_ZCHUNK) + SET (SYSTEM_LIBRARIES ${SYSTEM_LIBRARIES} ${ZCHUNK_LIBRARIES}) + ENDIF (WITH_SYSTEM_ZCHUNK) ++IF (WITH_OPENSSL) ++SET (SYSTEM_LIBRARIES ${SYSTEM_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY}) ++ENDIF (WITH_OPENSSL) + IF (ENABLE_RPMDB) + SET (SYSTEM_LIBRARIES ${RPMDB_LIBRARY} ${SYSTEM_LIBRARIES}) + ENDIF (ENABLE_RPMDB) +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index ca04b39..a0ce267 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -18,9 +18,9 @@ SET (libsolv_SRCS + solver.c solverdebug.c repo_solv.c repo_write.c evr.c pool.c + queue.c repo.c repodata.c repopage.c util.c policy.c solvable.c + transaction.c order.c rules.c problems.c linkedpkg.c cplxdeps.c +- chksum.c md5.c sha1.c sha2.c solvversion.c selection.c +- fileprovides.c diskusage.c suse.c solver_util.c cleandeps.c +- userinstalled.c filelistfilter.c decision.c) ++ chksum.c solvversion.c selection.c fileprovides.c diskusage.c ++ suse.c solver_util.c cleandeps.c userinstalled.c ++ filelistfilter.c decision.c) + + SET (libsolv_HEADERS + bitmap.h evr.h hash.h policy.h poolarch.h poolvendor.h pool.h +@@ -43,14 +43,21 @@ IF (WIN32) + LIST (APPEND libsolv_SRCS ${WIN32_COMPAT_SOURCES}) + ENDIF (WIN32) + ++IF (NOT WITH_OPENSSL) ++ SET (libsolv_SRCS ${libsolv_SRCS} md5.c sha1.c sha2.c) ++ENDIF (NOT WITH_OPENSSL) ++ + IF (HAVE_LINKER_VERSION_SCRIPT) + SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${LINK_FLAGS} -Wl,--version-script=${CMAKE_SOURCE_DIR}/src/libsolv.ver") + ENDIF (HAVE_LINKER_VERSION_SCRIPT) + + IF (DISABLE_SHARED) + ADD_LIBRARY (libsolv STATIC ${libsolv_SRCS}) + ELSE (DISABLE_SHARED) + ADD_LIBRARY (libsolv SHARED ${libsolv_SRCS}) ++ IF (WITH_OPENSSL) ++ TARGET_LINK_LIBRARIES (libsolv ${OPENSSL_CRYPTO_LIBRARY}) ++ ENDIF (WITH_OPENSSL) + ENDIF (DISABLE_SHARED) + + IF (WIN32) +diff --git a/src/chksum.c b/src/chksum.c +index 1f8ab47..9189b74 100644 +--- a/src/chksum.c ++++ b/src/chksum.c +@@ -15,10 +15,42 @@ + #include "util.h" + #include "chksum.h" + ++#ifdef WITH_OPENSSL ++ ++#include ++#include ++ ++typedef SHA_CTX SHA1_CTX; ++typedef SHA256_CTX SHA224_CTX; ++typedef SHA512_CTX SHA384_CTX; ++ ++#define solv_MD5_Init(ctx) MD5_Init(ctx) ++#define solv_MD5_Update(ctx, data, len) MD5_Update(ctx, data, len) ++#define solv_MD5_Final(md, ctx) MD5_Final(md, ctx) ++#define solv_SHA1_Init(ctx) SHA1_Init(ctx) ++#define solv_SHA1_Update(ctx, data, len) SHA1_Update(ctx, data, len) ++#define solv_SHA1_Final(ctx, md) SHA1_Final(md, ctx) ++#define solv_SHA224_Init(ctx) SHA224_Init(ctx) ++#define solv_SHA224_Update(ctx, data, len) SHA224_Update(ctx, data, len) ++#define solv_SHA224_Final(md, ctx) SHA224_Final(md, ctx) ++#define solv_SHA256_Init(ctx) SHA256_Init(ctx) ++#define solv_SHA256_Update(ctx, data, len) SHA256_Update(ctx, data, len) ++#define solv_SHA256_Final(md, ctx) SHA256_Final(md, ctx) ++#define solv_SHA384_Init(ctx) SHA384_Init(ctx) ++#define solv_SHA384_Update(ctx, data, len) SHA384_Update(ctx, data, len) ++#define solv_SHA384_Final(md, ctx) SHA384_Final(md, ctx) ++#define solv_SHA512_Init(ctx) SHA512_Init(ctx) ++#define solv_SHA512_Update(ctx, data, len) SHA512_Update(ctx, data, len) ++#define solv_SHA512_Final(md, ctx) SHA512_Final(md, ctx) ++ ++#else ++ + #include "md5.h" + #include "sha1.h" + #include "sha2.h" + ++#endif ++ + #ifdef _WIN32 + #include "strfncs.h" + #endif +diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt +index f19030e..d477e19 100644 +--- a/tools/CMakeLists.txt ++++ b/tools/CMakeLists.txt +@@ -116,7 +116,7 @@ SET(tools_list ${tools_list} repo2solv) + ENDIF (NOT WIN32) + + ADD_EXECUTABLE (dumpsolv dumpsolv.c ) +-TARGET_LINK_LIBRARIES (dumpsolv libsolv) ++TARGET_LINK_LIBRARIES (dumpsolv libsolv ${SYSTEM_LIBRARIES}) + + ADD_EXECUTABLE (mergesolv mergesolv.c ) + TARGET_LINK_LIBRARIES (mergesolv toolstuff libsolvext libsolv ${SYSTEM_LIBRARIES}) +-- +libgit2 1.3.2 + diff --git a/libsolv.spec b/libsolv.spec index 46ec2f6..b51cac1 100644 --- a/libsolv.spec +++ b/libsolv.spec @@ -33,6 +33,8 @@ Summary: Package dependency solver License: BSD-3-Clause URL: https://github.com/openSUSE/libsolv Source: %{url}/archive/%{version}/%{name}-%{version}.tar.gz +# Downstream-only, RHEL-41048 +Patch0: 0001-Add-support-for-computing-hashes-using-OpenSSL.patch BuildRequires: cmake BuildRequires: gcc-c++ @@ -41,6 +43,8 @@ BuildRequires: pkgconfig(rpm) BuildRequires: zlib-devel # -DWITH_LIBXML2=ON BuildRequires: libxml2-devel +# -DWITH_OPENSSL=ON +BuildRequires: pkgconfig(openssl) # -DENABLE_LZMA_COMPRESSION=ON BuildRequires: xz-devel # -DENABLE_BZIP2_COMPRESSION=ON @@ -139,6 +143,8 @@ Python 3 version. %prep %autosetup -p1 +# Prune unbundled cryptography sources, RHEL-41048. +rm src/{md5,sha1,sha2}.{c,h} %build %cmake -GNinja \ @@ -152,6 +158,7 @@ Python 3 version. -DENABLE_APPDATA=%{__cmake_switch -b appdata} \ -DUSE_VENDORDIRS=ON \ -DWITH_LIBXML2=ON \ + -DWITH_OPENSSL=ON \ -DENABLE_LZMA_COMPRESSION=ON \ -DENABLE_BZIP2_COMPRESSION=ON \ -DENABLE_ZSTD_COMPRESSION=%{__cmake_switch -b zstd} \