From 6d2ff015c50ad57b6e2d3a3270bc22fa9b3e4640 Mon Sep 17 00:00:00 2001
From: Pavla Kratochvilova <pkratoch@redhat.com>
Date: Thu, 12 Aug 2021 14:30:12 +0200
Subject: [PATCH] Use OpenSSL for computing hashes

Resolves: rhbz#1993126
---
 ...t-for-computing-hashes-using-OpenSSL.patch | 165 ++++++++++++++++++
 libsolv.spec                                  |  10 +-
 2 files changed, 174 insertions(+), 1 deletion(-)
 create mode 100644 0002-Add-support-for-computing-hashes-using-OpenSSL.patch

diff --git a/0002-Add-support-for-computing-hashes-using-OpenSSL.patch b/0002-Add-support-for-computing-hashes-using-OpenSSL.patch
new file mode 100644
index 0000000..5a7c78a
--- /dev/null
+++ b/0002-Add-support-for-computing-hashes-using-OpenSSL.patch
@@ -0,0 +1,165 @@
+From 11eab76046e2df31248d358ab85bdbcf366d2c78 Mon Sep 17 00:00:00 2001
+From: Nicola Sella <nsella@redhat.com>
+Date: Wed, 11 Nov 2020 14:52:14 +0100
+Subject: [PATCH 1/1] Add support for computing hashes using OpenSSL
+
+It adds WITH_OPENSSL build option.
+If it is ON, OpenSSL will be used instead of internal implementation
+of computing hashes (MD5, SHA1, SHA224, SHA256, SHA384, SHA512).
+
+Rebase of https://github.com/openSUSE/libsolv/commit/9839a88e4fda23b46015170b201c98da7bcdd55e
+---
+ CMakeLists.txt       | 13 +++++++++++--
+ src/CMakeLists.txt   | 16 +++++++++++-----
+ src/chksum.c         | 32 ++++++++++++++++++++++++++++++++
+ tools/CMakeLists.txt |  2 +-
+ 4 files changed, 55 insertions(+), 8 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 3541f496..e73dc552 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -40,6 +40,7 @@ OPTION (ENABLE_ZCHUNK_COMPRESSION "Build with zchunk compression support?" OFF)
+ OPTION (WITH_SYSTEM_ZCHUNK "Use system zchunk library?" OFF)
+ OPTION (WITH_LIBXML2  "Build with libxml2 instead of libexpat?" OFF)
+ OPTION (WITHOUT_COOKIEOPEN "Disable the use of stdio cookie opens?" OFF)
++OPTION (WITH_OPENSSL "Use OpenSSL instead of internal implementation of hashes?" OFF)
+ 
+ include (GNUInstallDirs)
+ message (STATUS "Libraries will be installed in ${CMAKE_INSTALL_FULL_LIBDIR}")
+@@ -164,6 +165,11 @@ INCLUDE_DIRECTORIES (${EXPAT_INCLUDE_DIRS})
+ ENDIF (WITH_LIBXML2 )
+ ENDIF (ENABLE_RPMMD OR ENABLE_SUSEREPO OR ENABLE_APPDATA OR ENABLE_COMPS OR ENABLE_HELIXREPO OR ENABLE_MDKREPO)
+ 
++IF (WITH_OPENSSL)
++FIND_PACKAGE (OpenSSL REQUIRED)
++INCLUDE_DIRECTORIES (${OPENSSL_INCLUDE_DIR})
++ENDIF(WITH_OPENSSL)
++
+ IF (ENABLE_ZLIB_COMPRESSION)
+ FIND_PACKAGE (ZLIB REQUIRED)
+ INCLUDE_DIRECTORIES (${ZLIB_INCLUDE_DIRS})
+@@ -288,8 +294,8 @@ ENDIF (${CMAKE_MAJOR_VERSION} GREATER 2)
+ 
+ # should create config.h with #cmakedefine instead...
+ FOREACH (VAR HAVE_STRCHRNUL HAVE_FOPENCOOKIE HAVE_FUNOPEN WORDS_BIGENDIAN
+-  HAVE_RPM_DB_H HAVE_RPMDBNEXTITERATORHEADERBLOB HAVE_RPMDBFSTAT
+-  WITH_LIBXML2 WITHOUT_COOKIEOPEN)
++  HAVE_RPM_DB_H HAVE_PGPDIGGETPARAMS HAVE_RPMDBNEXTITERATORHEADERBLOB HAVE_RPMDBFSTAT
++  WITH_LIBXML2 WITHOUT_COOKIEOPEN WITH_OPENSSL)
+   IF(${VAR})
+     ADD_DEFINITIONS (-D${VAR}=1)
+     SET (SWIG_FLAGS ${SWIG_FLAGS} -D${VAR})
+@@ -426,6 +432,9 @@ ENDIF (ENABLE_ZSTD_COMPRESSION)
+ IF (WITH_SYSTEM_ZCHUNK)
+ SET (SYSTEM_LIBRARIES ${SYSTEM_LIBRARIES} ${ZCHUNK_LIBRARIES})
+ ENDIF (WITH_SYSTEM_ZCHUNK)
++IF (WITH_OPENSSL)
++SET (SYSTEM_LIBRARIES ${SYSTEM_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY})
++ENDIF (WITH_OPENSSL)
+ IF (ENABLE_RPMDB)
+ SET (SYSTEM_LIBRARIES ${RPMDB_LIBRARY} ${SYSTEM_LIBRARIES})
+ ENDIF (ENABLE_RPMDB)
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index bbf30bac..ece870ee 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -18,9 +18,8 @@ SET (libsolv_SRCS
+     solver.c solverdebug.c repo_solv.c repo_write.c evr.c pool.c
+     queue.c repo.c repodata.c repopage.c util.c policy.c solvable.c
+     transaction.c order.c rules.c problems.c linkedpkg.c cplxdeps.c
+-    chksum.c md5.c sha1.c sha2.c solvversion.c selection.c
+-    fileprovides.c diskusage.c suse.c solver_util.c cleandeps.c
+-    userinstalled.c filelistfilter.c)
++    chksum.c solvversion.c selection.c fileprovides.c diskusage.c
++    suse.c solver_util.c cleandeps.c userinstalled.c filelistfilter.c)
+ 
+ SET (libsolv_HEADERS
+     bitmap.h evr.h hash.h policy.h poolarch.h poolvendor.h pool.h
+@@ -43,14 +42,21 @@ IF (WIN32)
+     LIST (APPEND libsolv_SRCS ${WIN32_COMPAT_SOURCES})
+ ENDIF (WIN32)
+ 
++IF (NOT WITH_OPENSSL)
++  SET (libsolv_SRCS ${libsolv_SRCS} md5.c sha1.c sha2.c)
++ENDIF (NOT WITH_OPENSSL)
++
+ IF (HAVE_LINKER_VERSION_SCRIPT)
+ SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${LINK_FLAGS} -Wl,--version-script=${CMAKE_SOURCE_DIR}/src/libsolv.ver")
+ ENDIF (HAVE_LINKER_VERSION_SCRIPT)
+ 
+ IF (DISABLE_SHARED)
+-    ADD_LIBRARY (libsolv STATIC ${libsolv_SRCS})
++  ADD_LIBRARY (libsolv STATIC ${libsolv_SRCS})
+ ELSE (DISABLE_SHARED)
+-    ADD_LIBRARY (libsolv SHARED ${libsolv_SRCS})
++  ADD_LIBRARY (libsolv SHARED ${libsolv_SRCS})
++  IF (WITH_OPENSSL)
++    TARGET_LINK_LIBRARIES (libsolv ${OPENSSL_CRYPTO_LIBRARY})
++  ENDIF (WITH_OPENSSL)
+ ENDIF (DISABLE_SHARED)
+ 
+ IF (WIN32)
+diff --git a/src/chksum.c b/src/chksum.c
+index 1f8ab471..9189b744 100644
+--- a/src/chksum.c
++++ b/src/chksum.c
+@@ -15,10 +15,42 @@
+ #include "util.h"
+ #include "chksum.h"
+ 
++#ifdef WITH_OPENSSL
++
++#include <openssl/md5.h>
++#include <openssl/sha.h>
++
++typedef SHA_CTX SHA1_CTX;
++typedef SHA256_CTX SHA224_CTX;
++typedef SHA512_CTX SHA384_CTX;
++
++#define solv_MD5_Init(ctx) MD5_Init(ctx)
++#define solv_MD5_Update(ctx, data, len) MD5_Update(ctx, data, len)
++#define solv_MD5_Final(md, ctx) MD5_Final(md, ctx)
++#define solv_SHA1_Init(ctx) SHA1_Init(ctx)
++#define solv_SHA1_Update(ctx, data, len) SHA1_Update(ctx, data, len)
++#define solv_SHA1_Final(ctx, md) SHA1_Final(md, ctx)
++#define solv_SHA224_Init(ctx) SHA224_Init(ctx)
++#define solv_SHA224_Update(ctx, data, len) SHA224_Update(ctx, data, len)
++#define solv_SHA224_Final(md, ctx) SHA224_Final(md, ctx)
++#define solv_SHA256_Init(ctx) SHA256_Init(ctx)
++#define solv_SHA256_Update(ctx, data, len) SHA256_Update(ctx, data, len)
++#define solv_SHA256_Final(md, ctx) SHA256_Final(md, ctx)
++#define solv_SHA384_Init(ctx) SHA384_Init(ctx)
++#define solv_SHA384_Update(ctx, data, len) SHA384_Update(ctx, data, len)
++#define solv_SHA384_Final(md, ctx) SHA384_Final(md, ctx)
++#define solv_SHA512_Init(ctx) SHA512_Init(ctx)
++#define solv_SHA512_Update(ctx, data, len) SHA512_Update(ctx, data, len)
++#define solv_SHA512_Final(md, ctx) SHA512_Final(md, ctx)
++
++#else
++
+ #include "md5.h"
+ #include "sha1.h"
+ #include "sha2.h"
+ 
++#endif
++
+ #ifdef _WIN32
+   #include "strfncs.h"
+ #endif
+diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
+index f19030eb..d477e195 100644
+--- a/tools/CMakeLists.txt
++++ b/tools/CMakeLists.txt
+@@ -116,7 +116,7 @@ SET(tools_list ${tools_list} repo2solv)
+ ENDIF (NOT WIN32)
+ 
+ ADD_EXECUTABLE (dumpsolv dumpsolv.c )
+-TARGET_LINK_LIBRARIES (dumpsolv libsolv)
++TARGET_LINK_LIBRARIES (dumpsolv libsolv ${SYSTEM_LIBRARIES})
+ 
+ ADD_EXECUTABLE (mergesolv mergesolv.c )
+ TARGET_LINK_LIBRARIES (mergesolv toolstuff libsolvext libsolv ${SYSTEM_LIBRARIES})
+-- 
+2.26.2
+
diff --git a/libsolv.spec b/libsolv.spec
index 5519d37..2c530ac 100644
--- a/libsolv.spec
+++ b/libsolv.spec
@@ -23,13 +23,15 @@
 
 Name:           lib%{libname}
 Version:        0.7.19
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Package dependency solver
 
 License:        BSD
 URL:            https://github.com/openSUSE/libsolv
 Source:         %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 Patch1:         0001-Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1993126
+Patch2:         0002-Add-support-for-computing-hashes-using-OpenSSL.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -38,6 +40,8 @@ BuildRequires:  pkgconfig(rpm)
 BuildRequires:  zlib-devel
 # -DWITH_LIBXML2=ON
 BuildRequires:  libxml2-devel
+# -DWITH_OPENSSL=ON
+BuildRequires:  pkgconfig(openssl)
 # -DENABLE_LZMA_COMPRESSION=ON
 BuildRequires:  xz-devel
 # -DENABLE_BZIP2_COMPRESSION=ON
@@ -140,6 +144,7 @@ Python 3 version.
   -DENABLE_APPDATA=%{__cmake_switch -b appdata}           \
   -DUSE_VENDORDIRS=ON                                     \
   -DWITH_LIBXML2=ON                                       \
+  -DWITH_OPENSSL=ON                                       \
   -DENABLE_LZMA_COMPRESSION=ON                            \
   -DENABLE_BZIP2_COMPRESSION=ON                           \
   -DENABLE_ZSTD_COMPRESSION=%{__cmake_switch -b zstd}     \
@@ -253,6 +258,9 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
 %endif
 
 %changelog
+* Thu Aug 12 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.19-3
+- Use OpenSSL for computing hashes (RhBug:1993126)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.7.19-2
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688