From 2b4b69fa67f33d93d86cb0cedab08a4d2fd3b48d Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Mon, 19 Apr 2021 10:11:35 +0200 Subject: [PATCH] Remove SHA-1 algorithms according to its deprecation in RHEL-9 (#1935442) --- sqlite-3.34.1-remove-SHA-1.patch | 1253 ++++++++++++++++++++++++++++++ sqlite.spec | 8 +- 2 files changed, 1260 insertions(+), 1 deletion(-) create mode 100644 sqlite-3.34.1-remove-SHA-1.patch diff --git a/sqlite-3.34.1-remove-SHA-1.patch b/sqlite-3.34.1-remove-SHA-1.patch new file mode 100644 index 0000000..542807c --- /dev/null +++ b/sqlite-3.34.1-remove-SHA-1.patch @@ -0,0 +1,1253 @@ +From ea78e7c89ddd5dfcde7f93efe450d173f8fa63b2 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Thu, 15 Apr 2021 07:43:31 +0200 +Subject: [PATCH] remove SHA-1 algorithms according to its deprecation in + RHEL-9 + +--- + Makefile.in | 5 - + Makefile.msc | 6 +- + ext/misc/sha1.c | 393 ------------------------------------- + main.mk | 5 - + manifest | 1 - + src/sqlite.h.in | 4 +- + tool/dbhash.c | 491 ---------------------------------------------- + tool/mksourceid.c | 188 +----------------- + 8 files changed, 4 insertions(+), 1089 deletions(-) + delete mode 100644 ext/misc/sha1.c + delete mode 100644 tool/dbhash.c + +diff --git a/Makefile.in b/Makefile.in +index 6ab49db..2bb9078 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -583,7 +583,6 @@ TESTPROGS = \ + sqlite3$(TEXE) \ + sqlite3_analyzer$(TEXE) \ + sqldiff$(TEXE) \ +- dbhash$(TEXE) \ + sqltclsh$(TEXE) + + # Databases containing fuzzer test cases +@@ -660,9 +659,6 @@ sqlite3$(TEXE): shell.c sqlite3.c + sqldiff$(TEXE): $(TOP)/tool/sqldiff.c sqlite3.lo sqlite3.h + $(LTLINK) -o $@ $(TOP)/tool/sqldiff.c sqlite3.lo $(TLIBS) + +-dbhash$(TEXE): $(TOP)/tool/dbhash.c sqlite3.lo sqlite3.h +- $(LTLINK) -o $@ $(TOP)/tool/dbhash.c sqlite3.lo $(TLIBS) +- + scrub$(TEXE): $(TOP)/ext/misc/scrub.c sqlite3.lo + $(LTLINK) -o $@ -I. -DSCRUB_STANDALONE \ + $(TOP)/ext/misc/scrub.c sqlite3.lo $(TLIBS) +@@ -1477,7 +1473,6 @@ clean: + rm -f fuzzershell fuzzershell.exe + rm -f fuzzcheck fuzzcheck.exe + rm -f sqldiff sqldiff.exe +- rm -f dbhash dbhash.exe + rm -f fts5.* fts5parse.* + + distclean: clean +diff --git a/Makefile.msc b/Makefile.msc +index 404e3b2..5380e05 100644 +--- a/Makefile.msc ++++ b/Makefile.msc +@@ -1661,7 +1661,6 @@ TESTPROGS = \ + sqlite3_analyzer.exe \ + sqlite3_checker.exe \ + sqldiff.exe \ +- dbhash.exe \ + sqltclsh.exe + + # Databases containing fuzzer test cases +@@ -1782,9 +1781,6 @@ $(SQLITE3EXE): shell.c $(SHELL_CORE_DEP) $(LIBRESOBJS) $(SHELL_CORE_SRC) $(SQLIT + sqldiff.exe: $(TOP)\tool\sqldiff.c $(SQLITE3C) $(SQLITE3H) + $(LTLINK) $(NO_WARN) $(TOP)\tool\sqldiff.c $(SQLITE3C) /link $(LDFLAGS) $(LTLINKOPTS) + +-dbhash.exe: $(TOP)\tool\dbhash.c $(SQLITE3C) $(SQLITE3H) +- $(LTLINK) $(NO_WARN) $(TOP)\tool\dbhash.c $(SQLITE3C) /link $(LDFLAGS) $(LTLINKOPTS) +- + scrub.exe: $(TOP)\ext\misc\scrub.c $(SQLITE3C) $(SQLITE3H) + $(LTLINK) $(NO_WARN) -DSCRUB_STANDALONE=1 $(TOP)\ext\misc\scrub.c $(SQLITE3C) /link $(LDFLAGS) $(LTLINKOPTS) + +@@ -2618,7 +2614,7 @@ clean: + del /Q shell.c sqlite3ext.h sqlite3session.h 2>NUL + del /Q sqlite3_analyzer.exe sqlite3_analyzer.c 2>NUL + del /Q sqlite-*-output.vsix 2>NUL +- del /Q fuzzershell.exe fuzzcheck.exe sqldiff.exe dbhash.exe 2>NUL ++ del /Q fuzzershell.exe fuzzcheck.exe sqldiff.exe 2>NUL + del /Q sqltclsh.* 2>NUL + del /Q dbfuzz.exe sessionfuzz.exe 2>NUL + del /Q kvtest.exe ossshell.exe scrub.exe 2>NUL +diff --git a/ext/misc/sha1.c b/ext/misc/sha1.c +deleted file mode 100644 +index 9fe6cae..0000000 +--- a/ext/misc/sha1.c ++++ /dev/null +@@ -1,393 +0,0 @@ +-/* +-** 2017-01-27 +-** +-** The author disclaims copyright to this source code. In place of +-** a legal notice, here is a blessing: +-** +-** May you do good and not evil. +-** May you find forgiveness for yourself and forgive others. +-** May you share freely, never taking more than you give. +-** +-****************************************************************************** +-** +-** This SQLite extension implements functions that compute SHA1 hashes. +-** Two SQL functions are implemented: +-** +-** sha1(X) +-** sha1_query(Y) +-** +-** The sha1(X) function computes the SHA1 hash of the input X, or NULL if +-** X is NULL. +-** +-** The sha1_query(Y) function evalutes all queries in the SQL statements of Y +-** and returns a hash of their results. +-*/ +-#include "sqlite3ext.h" +-SQLITE_EXTENSION_INIT1 +-#include +-#include +-#include +- +-/****************************************************************************** +-** The Hash Engine +-*/ +-/* Context for the SHA1 hash */ +-typedef struct SHA1Context SHA1Context; +-struct SHA1Context { +- unsigned int state[5]; +- unsigned int count[2]; +- unsigned char buffer[64]; +-}; +- +-#define SHA_ROT(x,l,r) ((x) << (l) | (x) >> (r)) +-#define rol(x,k) SHA_ROT(x,k,32-(k)) +-#define ror(x,k) SHA_ROT(x,32-(k),k) +- +-#define blk0le(i) (block[i] = (ror(block[i],8)&0xFF00FF00) \ +- |(rol(block[i],8)&0x00FF00FF)) +-#define blk0be(i) block[i] +-#define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \ +- ^block[(i+2)&15]^block[i&15],1)) +- +-/* +- * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 +- * +- * Rl0() for little-endian and Rb0() for big-endian. Endianness is +- * determined at run-time. +- */ +-#define Rl0(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk0le(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define Rb0(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk0be(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define R1(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define R2(v,w,x,y,z,i) \ +- z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=ror(w,2); +-#define R3(v,w,x,y,z,i) \ +- z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=ror(w,2); +-#define R4(v,w,x,y,z,i) \ +- z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=ror(w,2); +- +-/* +- * Hash a single 512-bit block. This is the core of the algorithm. +- */ +-void SHA1Transform(unsigned int state[5], const unsigned char buffer[64]){ +- unsigned int qq[5]; /* a, b, c, d, e; */ +- static int one = 1; +- unsigned int block[16]; +- memcpy(block, buffer, 64); +- memcpy(qq,state,5*sizeof(unsigned int)); +- +-#define a qq[0] +-#define b qq[1] +-#define c qq[2] +-#define d qq[3] +-#define e qq[4] +- +- /* Copy p->state[] to working vars */ +- /* +- a = state[0]; +- b = state[1]; +- c = state[2]; +- d = state[3]; +- e = state[4]; +- */ +- +- /* 4 rounds of 20 operations each. Loop unrolled. */ +- if( 1 == *(unsigned char*)&one ){ +- Rl0(a,b,c,d,e, 0); Rl0(e,a,b,c,d, 1); Rl0(d,e,a,b,c, 2); Rl0(c,d,e,a,b, 3); +- Rl0(b,c,d,e,a, 4); Rl0(a,b,c,d,e, 5); Rl0(e,a,b,c,d, 6); Rl0(d,e,a,b,c, 7); +- Rl0(c,d,e,a,b, 8); Rl0(b,c,d,e,a, 9); Rl0(a,b,c,d,e,10); Rl0(e,a,b,c,d,11); +- Rl0(d,e,a,b,c,12); Rl0(c,d,e,a,b,13); Rl0(b,c,d,e,a,14); Rl0(a,b,c,d,e,15); +- }else{ +- Rb0(a,b,c,d,e, 0); Rb0(e,a,b,c,d, 1); Rb0(d,e,a,b,c, 2); Rb0(c,d,e,a,b, 3); +- Rb0(b,c,d,e,a, 4); Rb0(a,b,c,d,e, 5); Rb0(e,a,b,c,d, 6); Rb0(d,e,a,b,c, 7); +- Rb0(c,d,e,a,b, 8); Rb0(b,c,d,e,a, 9); Rb0(a,b,c,d,e,10); Rb0(e,a,b,c,d,11); +- Rb0(d,e,a,b,c,12); Rb0(c,d,e,a,b,13); Rb0(b,c,d,e,a,14); Rb0(a,b,c,d,e,15); +- } +- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); +- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); +- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); +- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); +- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); +- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); +- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); +- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); +- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); +- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); +- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); +- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); +- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); +- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); +- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); +- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); +- +- /* Add the working vars back into context.state[] */ +- state[0] += a; +- state[1] += b; +- state[2] += c; +- state[3] += d; +- state[4] += e; +- +-#undef a +-#undef b +-#undef c +-#undef d +-#undef e +-} +- +- +-/* Initialize a SHA1 context */ +-static void hash_init(SHA1Context *p){ +- /* SHA1 initialization constants */ +- p->state[0] = 0x67452301; +- p->state[1] = 0xEFCDAB89; +- p->state[2] = 0x98BADCFE; +- p->state[3] = 0x10325476; +- p->state[4] = 0xC3D2E1F0; +- p->count[0] = p->count[1] = 0; +-} +- +-/* Add new content to the SHA1 hash */ +-static void hash_step( +- SHA1Context *p, /* Add content to this context */ +- const unsigned char *data, /* Data to be added */ +- unsigned int len /* Number of bytes in data */ +-){ +- unsigned int i, j; +- +- j = p->count[0]; +- if( (p->count[0] += len << 3) < j ){ +- p->count[1] += (len>>29)+1; +- } +- j = (j >> 3) & 63; +- if( (j + len) > 63 ){ +- (void)memcpy(&p->buffer[j], data, (i = 64-j)); +- SHA1Transform(p->state, p->buffer); +- for(; i + 63 < len; i += 64){ +- SHA1Transform(p->state, &data[i]); +- } +- j = 0; +- }else{ +- i = 0; +- } +- (void)memcpy(&p->buffer[j], &data[i], len - i); +-} +- +-/* Compute a string using sqlite3_vsnprintf() and hash it */ +-static void hash_step_vformat( +- SHA1Context *p, /* Add content to this context */ +- const char *zFormat, +- ... +-){ +- va_list ap; +- int n; +- char zBuf[50]; +- va_start(ap, zFormat); +- sqlite3_vsnprintf(sizeof(zBuf),zBuf,zFormat,ap); +- va_end(ap); +- n = (int)strlen(zBuf); +- hash_step(p, (unsigned char*)zBuf, n); +-} +- +- +-/* Add padding and compute the message digest. Render the +-** message digest as lower-case hexadecimal and put it into +-** zOut[]. zOut[] must be at least 41 bytes long. */ +-static void hash_finish( +- SHA1Context *p, /* The SHA1 context to finish and render */ +- char *zOut /* Store hexadecimal hash here */ +-){ +- unsigned int i; +- unsigned char finalcount[8]; +- unsigned char digest[20]; +- static const char zEncode[] = "0123456789abcdef"; +- +- for (i = 0; i < 8; i++){ +- finalcount[i] = (unsigned char)((p->count[(i >= 4 ? 0 : 1)] +- >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ +- } +- hash_step(p, (const unsigned char *)"\200", 1); +- while ((p->count[0] & 504) != 448){ +- hash_step(p, (const unsigned char *)"\0", 1); +- } +- hash_step(p, finalcount, 8); /* Should cause a SHA1Transform() */ +- for (i = 0; i < 20; i++){ +- digest[i] = (unsigned char)((p->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); +- } +- for(i=0; i<20; i++){ +- zOut[i*2] = zEncode[(digest[i]>>4)&0xf]; +- zOut[i*2+1] = zEncode[digest[i] & 0xf]; +- } +- zOut[i*2]= 0; +-} +-/* End of the hashing logic +-*****************************************************************************/ +- +-/* +-** Implementation of the sha1(X) function. +-** +-** Return a lower-case hexadecimal rendering of the SHA1 hash of the +-** argument X. If X is a BLOB, it is hashed as is. For all other +-** types of input, X is converted into a UTF-8 string and the string +-** is hash without the trailing 0x00 terminator. The hash of a NULL +-** value is NULL. +-*/ +-static void sha1Func( +- sqlite3_context *context, +- int argc, +- sqlite3_value **argv +-){ +- SHA1Context cx; +- int eType = sqlite3_value_type(argv[0]); +- int nByte = sqlite3_value_bytes(argv[0]); +- char zOut[44]; +- +- assert( argc==1 ); +- if( eType==SQLITE_NULL ) return; +- hash_init(&cx); +- if( eType==SQLITE_BLOB ){ +- hash_step(&cx, sqlite3_value_blob(argv[0]), nByte); +- }else{ +- hash_step(&cx, sqlite3_value_text(argv[0]), nByte); +- } +- hash_finish(&cx, zOut); +- sqlite3_result_text(context, zOut, 40, SQLITE_TRANSIENT); +-} +- +-/* +-** Implementation of the sha1_query(SQL) function. +-** +-** This function compiles and runs the SQL statement(s) given in the +-** argument. The results are hashed using SHA1 and that hash is returned. +-** +-** The original SQL text is included as part of the hash. +-** +-** The hash is not just a concatenation of the outputs. Each query +-** is delimited and each row and value within the query is delimited, +-** with all values being marked with their datatypes. +-*/ +-static void sha1QueryFunc( +- sqlite3_context *context, +- int argc, +- sqlite3_value **argv +-){ +- sqlite3 *db = sqlite3_context_db_handle(context); +- const char *zSql = (const char*)sqlite3_value_text(argv[0]); +- sqlite3_stmt *pStmt = 0; +- int nCol; /* Number of columns in the result set */ +- int i; /* Loop counter */ +- int rc; +- int n; +- const char *z; +- SHA1Context cx; +- char zOut[44]; +- +- assert( argc==1 ); +- if( zSql==0 ) return; +- hash_init(&cx); +- while( zSql[0] ){ +- rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zSql); +- if( rc ){ +- char *zMsg = sqlite3_mprintf("error SQL statement [%s]: %s", +- zSql, sqlite3_errmsg(db)); +- sqlite3_finalize(pStmt); +- sqlite3_result_error(context, zMsg, -1); +- sqlite3_free(zMsg); +- return; +- } +- if( !sqlite3_stmt_readonly(pStmt) ){ +- char *zMsg = sqlite3_mprintf("non-query: [%s]", sqlite3_sql(pStmt)); +- sqlite3_finalize(pStmt); +- sqlite3_result_error(context, zMsg, -1); +- sqlite3_free(zMsg); +- return; +- } +- nCol = sqlite3_column_count(pStmt); +- z = sqlite3_sql(pStmt); +- n = (int)strlen(z); +- hash_step_vformat(&cx,"S%d:",n); +- hash_step(&cx,(unsigned char*)z,n); +- +- /* Compute a hash over the result of the query */ +- while( SQLITE_ROW==sqlite3_step(pStmt) ){ +- hash_step(&cx,(const unsigned char*)"R",1); +- for(i=0; i=1; j--){ +- x[j] = u & 0xff; +- u >>= 8; +- } +- x[0] = 'I'; +- hash_step(&cx, x, 9); +- break; +- } +- case SQLITE_FLOAT: { +- sqlite3_uint64 u; +- int j; +- unsigned char x[9]; +- double r = sqlite3_column_double(pStmt,i); +- memcpy(&u, &r, 8); +- for(j=8; j>=1; j--){ +- x[j] = u & 0xff; +- u >>= 8; +- } +- x[0] = 'F'; +- hash_step(&cx,x,9); +- break; +- } +- case SQLITE_TEXT: { +- int n2 = sqlite3_column_bytes(pStmt, i); +- const unsigned char *z2 = sqlite3_column_text(pStmt, i); +- hash_step_vformat(&cx,"T%d:",n2); +- hash_step(&cx, z2, n2); +- break; +- } +- case SQLITE_BLOB: { +- int n2 = sqlite3_column_bytes(pStmt, i); +- const unsigned char *z2 = sqlite3_column_blob(pStmt, i); +- hash_step_vformat(&cx,"B%d:",n2); +- hash_step(&cx, z2, n2); +- break; +- } +- } +- } +- } +- sqlite3_finalize(pStmt); +- } +- hash_finish(&cx, zOut); +- sqlite3_result_text(context, zOut, 40, SQLITE_TRANSIENT); +-} +- +- +-#ifdef _WIN32 +-__declspec(dllexport) +-#endif +-int sqlite3_sha_init( +- sqlite3 *db, +- char **pzErrMsg, +- const sqlite3_api_routines *pApi +-){ +- int rc = SQLITE_OK; +- SQLITE_EXTENSION_INIT2(pApi); +- (void)pzErrMsg; /* Unused parameter */ +- rc = sqlite3_create_function(db, "sha1", 1, +- SQLITE_UTF8 | SQLITE_INNOCUOUS | SQLITE_DETERMINISTIC, +- 0, sha1Func, 0, 0); +- if( rc==SQLITE_OK ){ +- rc = sqlite3_create_function(db, "sha1_query", 1, +- SQLITE_UTF8|SQLITE_DIRECTONLY, 0, +- sha1QueryFunc, 0, 0); +- } +- return rc; +-} +diff --git a/main.mk b/main.mk +index e47e85f..391c565 100644 +--- a/main.mk ++++ b/main.mk +@@ -503,7 +503,6 @@ TESTPROGS = \ + sqlite3_analyzer$(EXE) \ + sqlite3_checker$(EXE) \ + sqldiff$(EXE) \ +- dbhash$(EXE) \ + sqltclsh$(EXE) + + # Databases containing fuzzer test cases +@@ -564,10 +563,6 @@ sqldiff$(EXE): $(TOP)/tool/sqldiff.c sqlite3.c sqlite3.h + $(TCCX) -o sqldiff$(EXE) -DSQLITE_THREADSAFE=0 \ + $(TOP)/tool/sqldiff.c sqlite3.c $(TLIBS) $(THREADLIB) + +-dbhash$(EXE): $(TOP)/tool/dbhash.c sqlite3.c sqlite3.h +- $(TCCX) -o dbhash$(EXE) -DSQLITE_THREADSAFE=0 \ +- $(TOP)/tool/dbhash.c sqlite3.c $(TLIBS) $(THREADLIB) +- + scrub$(EXE): $(TOP)/ext/misc/scrub.c sqlite3.o + $(TCC) -I. -DSCRUB_STANDALONE -o scrub$(EXE) $(TOP)/ext/misc/scrub.c sqlite3.o $(THREADLIB) + +diff --git a/manifest b/manifest +index 37ade30..b3ececf 100644 +--- a/manifest ++++ b/manifest +@@ -1791,7 +1791,6 @@ F tool/build-all-msvc.bat c12328d06c45fec8baada5949e3d5af54bf8c887 x + F tool/build-shell.sh 950f47c6174f1eea171319438b93ba67ff5bf367 + F tool/cg_anno.tcl c1f875f5a4c9caca3d59937b16aff716f8b1883935f1b4c9ae23124705bc8099 x + F tool/checkSpacing.c 810e51703529a204fc4e1eb060e9ab663e3c06d2 +-F tool/dbhash.c 5da0c61032d23d74f2ab84ffc5740f0e8abec94f2c45c0b4306be7eb3ae96df0 + F tool/dbtotxt.c b2221864a20fb391c46bd31bc1fbdc4a96f5c8a89bef58f421eb9b9c36b1702c + F tool/dbtotxt.md c9a57af8739957ef36d2cfad5c4b1443ff3688ed33e4901ee200c8b651f43f3c + F tool/enlargedb.c 3e8b2612b985cfa7e3e8800031ee191b43ae80de96abb5abbd5eada62651ee21 +diff --git a/src/sqlite.h.in b/src/sqlite.h.in +index 1493a77..68a9075 100644 +--- a/src/sqlite.h.in ++++ b/src/sqlite.h.in +@@ -114,8 +114,8 @@ extern "C" { + ** system. ^The SQLITE_SOURCE_ID macro evaluates to + ** a string which identifies a particular check-in of SQLite + ** within its configuration management system. ^The SQLITE_SOURCE_ID +-** string contains the date and time of the check-in (UTC) and a SHA1 +-** or SHA3-256 hash of the entire source tree. If the source code has ++** string contains the date and time of the check-in (UTC) and SHA3-256 ++** hash of the entire source tree. If the source code has + ** been edited in any way since it was last checked in, then the last + ** four hexadecimal digits of the hash may be modified. + ** +diff --git a/tool/dbhash.c b/tool/dbhash.c +deleted file mode 100644 +index 78685dc..0000000 +--- a/tool/dbhash.c ++++ /dev/null +@@ -1,491 +0,0 @@ +-/* +-** 2016-06-07 +-** +-** The author disclaims copyright to this source code. In place of +-** a legal notice, here is a blessing: +-** +-** May you do good and not evil. +-** May you find forgiveness for yourself and forgive others. +-** May you share freely, never taking more than you give. +-** +-************************************************************************* +-** +-** This is a utility program that computes an SHA1 hash on the content +-** of an SQLite database. +-** +-** The hash is computed over just the content of the database. Free +-** space inside of the database file, and alternative on-disk representations +-** of the same content (ex: UTF8 vs UTF16) do not affect the hash. So, +-** for example, the database file page size, encoding, and auto_vacuum setting +-** can all be changed without changing the hash. +-*/ +-#include +-#include +-#include +-#include +-#include +-#include +-#include "sqlite3.h" +- +-/* Context for the SHA1 hash */ +-typedef struct SHA1Context SHA1Context; +-struct SHA1Context { +- unsigned int state[5]; +- unsigned int count[2]; +- unsigned char buffer[64]; +-}; +- +-/* +-** All global variables are gathered into the "g" singleton. +-*/ +-struct GlobalVars { +- const char *zArgv0; /* Name of program */ +- unsigned fDebug; /* Debug flags */ +- sqlite3 *db; /* The database connection */ +- SHA1Context cx; /* SHA1 hash context */ +-} g; +- +-/* +-** Debugging flags +-*/ +-#define DEBUG_FULLTRACE 0x00000001 /* Trace hash to stderr */ +- +-/****************************************************************************** +-** The Hash Engine +-** +-** Modify these routines (and appropriate state fields in global variable 'g') +-** in order to compute a different (better?) hash of the database. +-*/ +-/* +- * blk0() and blk() perform the initial expand. +- * I got the idea of expanding during the round function from SSLeay +- * +- * blk0le() for little-endian and blk0be() for big-endian. +- */ +-#define SHA_ROT(x,l,r) ((x) << (l) | (x) >> (r)) +-#define rol(x,k) SHA_ROT(x,k,32-(k)) +-#define ror(x,k) SHA_ROT(x,32-(k),k) +- +-#define blk0le(i) (block[i] = (ror(block[i],8)&0xFF00FF00) \ +- |(rol(block[i],8)&0x00FF00FF)) +-#define blk0be(i) block[i] +-#define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \ +- ^block[(i+2)&15]^block[i&15],1)) +- +-/* +- * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 +- * +- * Rl0() for little-endian and Rb0() for big-endian. Endianness is +- * determined at run-time. +- */ +-#define Rl0(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk0le(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define Rb0(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk0be(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define R1(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define R2(v,w,x,y,z,i) \ +- z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=ror(w,2); +-#define R3(v,w,x,y,z,i) \ +- z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=ror(w,2); +-#define R4(v,w,x,y,z,i) \ +- z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=ror(w,2); +- +-/* +- * Hash a single 512-bit block. This is the core of the algorithm. +- */ +-#define a qq[0] +-#define b qq[1] +-#define c qq[2] +-#define d qq[3] +-#define e qq[4] +- +-void SHA1Transform(unsigned int state[5], const unsigned char buffer[64]){ +- unsigned int qq[5]; /* a, b, c, d, e; */ +- static int one = 1; +- unsigned int block[16]; +- memcpy(block, buffer, 64); +- memcpy(qq,state,5*sizeof(unsigned int)); +- +- /* Copy g.cx.state[] to working vars */ +- /* +- a = state[0]; +- b = state[1]; +- c = state[2]; +- d = state[3]; +- e = state[4]; +- */ +- +- /* 4 rounds of 20 operations each. Loop unrolled. */ +- if( 1 == *(unsigned char*)&one ){ +- Rl0(a,b,c,d,e, 0); Rl0(e,a,b,c,d, 1); Rl0(d,e,a,b,c, 2); Rl0(c,d,e,a,b, 3); +- Rl0(b,c,d,e,a, 4); Rl0(a,b,c,d,e, 5); Rl0(e,a,b,c,d, 6); Rl0(d,e,a,b,c, 7); +- Rl0(c,d,e,a,b, 8); Rl0(b,c,d,e,a, 9); Rl0(a,b,c,d,e,10); Rl0(e,a,b,c,d,11); +- Rl0(d,e,a,b,c,12); Rl0(c,d,e,a,b,13); Rl0(b,c,d,e,a,14); Rl0(a,b,c,d,e,15); +- }else{ +- Rb0(a,b,c,d,e, 0); Rb0(e,a,b,c,d, 1); Rb0(d,e,a,b,c, 2); Rb0(c,d,e,a,b, 3); +- Rb0(b,c,d,e,a, 4); Rb0(a,b,c,d,e, 5); Rb0(e,a,b,c,d, 6); Rb0(d,e,a,b,c, 7); +- Rb0(c,d,e,a,b, 8); Rb0(b,c,d,e,a, 9); Rb0(a,b,c,d,e,10); Rb0(e,a,b,c,d,11); +- Rb0(d,e,a,b,c,12); Rb0(c,d,e,a,b,13); Rb0(b,c,d,e,a,14); Rb0(a,b,c,d,e,15); +- } +- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); +- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); +- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); +- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); +- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); +- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); +- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); +- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); +- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); +- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); +- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); +- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); +- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); +- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); +- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); +- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); +- +- /* Add the working vars back into context.state[] */ +- state[0] += a; +- state[1] += b; +- state[2] += c; +- state[3] += d; +- state[4] += e; +-} +- +- +-/* Initialize the SHA1 hash */ +-static void hash_init(void){ +- /* SHA1 initialization constants */ +- g.cx.state[0] = 0x67452301; +- g.cx.state[1] = 0xEFCDAB89; +- g.cx.state[2] = 0x98BADCFE; +- g.cx.state[3] = 0x10325476; +- g.cx.state[4] = 0xC3D2E1F0; +- g.cx.count[0] = g.cx.count[1] = 0; +-} +- +-/* Add new content to the SHA1 hash */ +-static void hash_step(const unsigned char *data, unsigned int len){ +- unsigned int i, j; +- +- j = g.cx.count[0]; +- if( (g.cx.count[0] += len << 3) < j ){ +- g.cx.count[1] += (len>>29)+1; +- } +- j = (j >> 3) & 63; +- if( (j + len) > 63 ){ +- (void)memcpy(&g.cx.buffer[j], data, (i = 64-j)); +- SHA1Transform(g.cx.state, g.cx.buffer); +- for(; i + 63 < len; i += 64){ +- SHA1Transform(g.cx.state, &data[i]); +- } +- j = 0; +- }else{ +- i = 0; +- } +- (void)memcpy(&g.cx.buffer[j], &data[i], len - i); +-} +- +- +-/* Add padding and compute and output the message digest. */ +-static void hash_finish(const char *zName){ +- unsigned int i; +- unsigned char finalcount[8]; +- unsigned char digest[20]; +- static const char zEncode[] = "0123456789abcdef"; +- char zOut[41]; +- +- for (i = 0; i < 8; i++){ +- finalcount[i] = (unsigned char)((g.cx.count[(i >= 4 ? 0 : 1)] +- >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ +- } +- hash_step((const unsigned char *)"\200", 1); +- while ((g.cx.count[0] & 504) != 448){ +- hash_step((const unsigned char *)"\0", 1); +- } +- hash_step(finalcount, 8); /* Should cause a SHA1Transform() */ +- for (i = 0; i < 20; i++){ +- digest[i] = (unsigned char)((g.cx.state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); +- } +- for(i=0; i<20; i++){ +- zOut[i*2] = zEncode[(digest[i]>>4)&0xf]; +- zOut[i*2+1] = zEncode[digest[i] & 0xf]; +- } +- zOut[i*2]= 0; +- printf("%s %s\n", zOut, zName); +-} +-/* End of the hashing logic +-*******************************************************************************/ +- +-/* +-** Print an error resulting from faulting command-line arguments and +-** abort the program. +-*/ +-static void cmdlineError(const char *zFormat, ...){ +- va_list ap; +- fprintf(stderr, "%s: ", g.zArgv0); +- va_start(ap, zFormat); +- vfprintf(stderr, zFormat, ap); +- va_end(ap); +- fprintf(stderr, "\n\"%s --help\" for more help\n", g.zArgv0); +- exit(1); +-} +- +-/* +-** Print an error message for an error that occurs at runtime, then +-** abort the program. +-*/ +-static void runtimeError(const char *zFormat, ...){ +- va_list ap; +- fprintf(stderr, "%s: ", g.zArgv0); +- va_start(ap, zFormat); +- vfprintf(stderr, zFormat, ap); +- va_end(ap); +- fprintf(stderr, "\n"); +- exit(1); +-} +- +-/* +-** Prepare a new SQL statement. Print an error and abort if anything +-** goes wrong. +-*/ +-static sqlite3_stmt *db_vprepare(const char *zFormat, va_list ap){ +- char *zSql; +- int rc; +- sqlite3_stmt *pStmt; +- +- zSql = sqlite3_vmprintf(zFormat, ap); +- if( zSql==0 ) runtimeError("out of memory"); +- rc = sqlite3_prepare_v2(g.db, zSql, -1, &pStmt, 0); +- if( rc ){ +- runtimeError("SQL statement error: %s\n\"%s\"", sqlite3_errmsg(g.db), +- zSql); +- } +- sqlite3_free(zSql); +- return pStmt; +-} +-static sqlite3_stmt *db_prepare(const char *zFormat, ...){ +- va_list ap; +- sqlite3_stmt *pStmt; +- va_start(ap, zFormat); +- pStmt = db_vprepare(zFormat, ap); +- va_end(ap); +- return pStmt; +-} +- +-/* +-** Compute the hash for all rows of the query formed from the printf-style +-** zFormat and its argument. +-*/ +-static void hash_one_query(const char *zFormat, ...){ +- va_list ap; +- sqlite3_stmt *pStmt; /* The query defined by zFormat and "..." */ +- int nCol; /* Number of columns in the result set */ +- int i; /* Loop counter */ +- +- /* Prepare the query defined by zFormat and "..." */ +- va_start(ap, zFormat); +- pStmt = db_vprepare(zFormat, ap); +- va_end(ap); +- nCol = sqlite3_column_count(pStmt); +- +- /* Compute a hash over the result of the query */ +- while( SQLITE_ROW==sqlite3_step(pStmt) ){ +- for(i=0; i=0; j--){ +- x[j] = u & 0xff; +- u >>= 8; +- } +- hash_step((const unsigned char*)"1",1); +- hash_step(x,8); +- if( g.fDebug & DEBUG_FULLTRACE ){ +- fprintf(stderr, "INT %s\n", sqlite3_column_text(pStmt,i)); +- } +- break; +- } +- case SQLITE_FLOAT: { +- sqlite3_uint64 u; +- int j; +- unsigned char x[8]; +- double r = sqlite3_column_double(pStmt,i); +- memcpy(&u, &r, 8); +- for(j=7; j>=0; j--){ +- x[j] = u & 0xff; +- u >>= 8; +- } +- hash_step((const unsigned char*)"2",1); +- hash_step(x,8); +- if( g.fDebug & DEBUG_FULLTRACE ){ +- fprintf(stderr, "FLOAT %s\n", sqlite3_column_text(pStmt,i)); +- } +- break; +- } +- case SQLITE_TEXT: { +- int n = sqlite3_column_bytes(pStmt, i); +- const unsigned char *z = sqlite3_column_text(pStmt, i); +- hash_step((const unsigned char*)"3", 1); +- hash_step(z, n); +- if( g.fDebug & DEBUG_FULLTRACE ){ +- fprintf(stderr, "TEXT '%s'\n", sqlite3_column_text(pStmt,i)); +- } +- break; +- } +- case SQLITE_BLOB: { +- int n = sqlite3_column_bytes(pStmt, i); +- const unsigned char *z = sqlite3_column_blob(pStmt, i); +- hash_step((const unsigned char*)"4", 1); +- hash_step(z, n); +- if( g.fDebug & DEBUG_FULLTRACE ){ +- fprintf(stderr, "BLOB (%d bytes)\n", n); +- } +- break; +- } +- } +- } +- } +- sqlite3_finalize(pStmt); +-} +- +- +-/* +-** Print sketchy documentation for this utility program +-*/ +-static void showHelp(void){ +- printf("Usage: %s [options] FILE ...\n", g.zArgv0); +- printf( +-"Compute a SHA1 hash on the content of database FILE. System tables such as\n" +-"sqlite_stat1, sqlite_stat4, and sqlite_sequence are omitted from the hash.\n" +-"Options:\n" +-" --debug N Set debugging flags to N (experts only)\n" +-" --like PATTERN Only hash tables whose name is LIKE the pattern\n" +-" --schema-only Only hash the schema - omit table content\n" +-" --without-schema Only hash table content - omit the schema\n" +- ); +-} +- +-int main(int argc, char **argv){ +- const char *zDb = 0; /* Name of the database currently being hashed */ +- int i; /* Loop counter */ +- int rc; /* Subroutine return code */ +- char *zErrMsg; /* Error message when opening database */ +- sqlite3_stmt *pStmt; /* An SQLite query */ +- const char *zLike = 0; /* LIKE pattern of tables to hash */ +- int omitSchema = 0; /* True to compute hash on content only */ +- int omitContent = 0; /* True to compute hash on schema only */ +- int nFile = 0; /* Number of input filenames seen */ +- +- g.zArgv0 = argv[0]; +- sqlite3_config(SQLITE_CONFIG_SINGLETHREAD); +- for(i=1; i +-** 100% Public Domain +-*/ +-typedef struct SHA1Context SHA1Context; +-struct SHA1Context { +- unsigned int state[5]; +- unsigned int count[2]; +- unsigned char buffer[64]; +-}; +- + /* + * blk0() and blk() perform the initial expand. + * I got the idea of expanding during the round function from SSLeay +@@ -550,25 +533,6 @@ struct SHA1Context { + #define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \ + ^block[(i+2)&15]^block[i&15],1)) + +-/* +- * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 +- * +- * Rl0() for little-endian and Rb0() for big-endian. Endianness is +- * determined at run-time. +- */ +-#define Rl0(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk0le(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define Rb0(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk0be(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define R1(v,w,x,y,z,i) \ +- z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=ror(w,2); +-#define R2(v,w,x,y,z,i) \ +- z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=ror(w,2); +-#define R3(v,w,x,y,z,i) \ +- z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=ror(w,2); +-#define R4(v,w,x,y,z,i) \ +- z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=ror(w,2); +- + /* + * Hash a single 512-bit block. This is the core of the algorithm. + */ +@@ -578,156 +542,10 @@ struct SHA1Context { + #define d qq[3] + #define e qq[4] + +-static void SHA1Transform( +- unsigned int state[5], +- const unsigned char buffer[64] +-){ +- unsigned int qq[5]; /* a, b, c, d, e; */ +- static int one = 1; +- unsigned int block[16]; +- memcpy(block, buffer, 64); +- memcpy(qq,state,5*sizeof(unsigned int)); +- +- /* Copy context->state[] to working vars */ +- /* +- a = state[0]; +- b = state[1]; +- c = state[2]; +- d = state[3]; +- e = state[4]; +- */ +- +- /* 4 rounds of 20 operations each. Loop unrolled. */ +- if( 1 == *(unsigned char*)&one ){ +- Rl0(a,b,c,d,e, 0); Rl0(e,a,b,c,d, 1); Rl0(d,e,a,b,c, 2); Rl0(c,d,e,a,b, 3); +- Rl0(b,c,d,e,a, 4); Rl0(a,b,c,d,e, 5); Rl0(e,a,b,c,d, 6); Rl0(d,e,a,b,c, 7); +- Rl0(c,d,e,a,b, 8); Rl0(b,c,d,e,a, 9); Rl0(a,b,c,d,e,10); Rl0(e,a,b,c,d,11); +- Rl0(d,e,a,b,c,12); Rl0(c,d,e,a,b,13); Rl0(b,c,d,e,a,14); Rl0(a,b,c,d,e,15); +- }else{ +- Rb0(a,b,c,d,e, 0); Rb0(e,a,b,c,d, 1); Rb0(d,e,a,b,c, 2); Rb0(c,d,e,a,b, 3); +- Rb0(b,c,d,e,a, 4); Rb0(a,b,c,d,e, 5); Rb0(e,a,b,c,d, 6); Rb0(d,e,a,b,c, 7); +- Rb0(c,d,e,a,b, 8); Rb0(b,c,d,e,a, 9); Rb0(a,b,c,d,e,10); Rb0(e,a,b,c,d,11); +- Rb0(d,e,a,b,c,12); Rb0(c,d,e,a,b,13); Rb0(b,c,d,e,a,14); Rb0(a,b,c,d,e,15); +- } +- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); +- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); +- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); +- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); +- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); +- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); +- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); +- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); +- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); +- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); +- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); +- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); +- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); +- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); +- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); +- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); +- +- /* Add the working vars back into context.state[] */ +- state[0] += a; +- state[1] += b; +- state[2] += c; +- state[3] += d; +- state[4] += e; +-} + + +-/* +- * SHA1Init - Initialize new context +- */ +-static void SHA1Init(SHA1Context *context){ +- /* SHA1 initialization constants */ +- context->state[0] = 0x67452301; +- context->state[1] = 0xEFCDAB89; +- context->state[2] = 0x98BADCFE; +- context->state[3] = 0x10325476; +- context->state[4] = 0xC3D2E1F0; +- context->count[0] = context->count[1] = 0; +-} + + +-/* +- * Run your data through this. +- */ +-static void SHA1Update( +- SHA1Context *context, +- const unsigned char *data, +- unsigned int len +-){ +- unsigned int i, j; +- +- j = context->count[0]; +- if ((context->count[0] += len << 3) < j) +- context->count[1] += (len>>29)+1; +- j = (j >> 3) & 63; +- if ((j + len) > 63) { +- (void)memcpy(&context->buffer[j], data, (i = 64-j)); +- SHA1Transform(context->state, context->buffer); +- for ( ; i + 63 < len; i += 64) +- SHA1Transform(context->state, &data[i]); +- j = 0; +- } else { +- i = 0; +- } +- (void)memcpy(&context->buffer[j], &data[i], len - i); +-} +- +- +-/* +- * Add padding and return the message digest. +- */ +-static void SHA1Final(unsigned char *digest, SHA1Context *context){ +- unsigned int i; +- unsigned char finalcount[8]; +- +- for (i = 0; i < 8; i++) { +- finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] +- >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ +- } +- SHA1Update(context, (const unsigned char *)"\200", 1); +- while ((context->count[0] & 504) != 448) +- SHA1Update(context, (const unsigned char *)"\0", 1); +- SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ +- +- if (digest) { +- for (i = 0; i < 20; i++) +- digest[i] = (unsigned char) +- ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); +- } +-} +- +- +-/* +-** Compute the SHA1 checksum of a file on disk. Store the resulting +-** checksum in the blob pCksum. pCksum is assumed to be initialized. +-** +-** Return the number of errors. +-*/ +-static int sha1sum_file(const char *zFilename, char *pCksum){ +- FILE *in; +- SHA1Context ctx; +- unsigned char zResult[20]; +- char zBuf[10240]; +- +- in = fopen(zFilename,"rb"); +- if( in==0 ){ +- return 1; +- } +- SHA1Init(&ctx); +- for(;;){ +- int n = (int)fread(zBuf, 1, sizeof(zBuf), in); +- if( n<=0 ) break; +- SHA1Update(&ctx, (unsigned char*)zBuf, (unsigned)n); +- } +- fclose(in); +- SHA1Final(zResult, &ctx); +- DigestToBase16(zResult, pCksum, 20); +- return 0; +-} +- + /* + ** Print a usage comment and quit. + */ +@@ -804,11 +622,7 @@ int main(int argc, char **argv){ + char *zFilename = &zLine[2]; + char *zMHash = nextToken(zFilename); + nextToken(zMHash); +- if( strlen(zMHash)==40 ){ +- rc = sha1sum_file(zFilename, zHash); +- }else{ +- rc = sha3sum_file(zFilename, 256, zHash); +- } ++ rc = sha3sum_file(zFilename, 256, zHash); + if( rc ){ + allValid = 0; + if( bVerbose ){ +-- +2.30.2 + diff --git a/sqlite.spec b/sqlite.spec index 080f488..20d5918 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -12,7 +12,7 @@ Summary: Library that implements an embeddable SQL database engine Name: sqlite Version: %{rpmver} -Release: 2%{?dist} +Release: 3%{?dist} License: Public Domain URL: http://www.sqlite.org/ @@ -34,6 +34,8 @@ Patch5: sqlite-3.18.0-sync2-dirsync.patch # Fixed handling LIKE experrsion in WHERE clause # https://sqlite.org/src/info/40852ca8e215e51f Patch6: sqlite-3.35.4-fix-handling-LIKE-expressions.patch +# Remove SHA-1 algorithm accoridng to its deprecation (downstream) +Patch7: sqlite-3.34.1-remove-SHA-1.patch BuildRequires: make BuildRequires: gcc @@ -143,6 +145,7 @@ This package contains the analysis program for %{name}. %endif %patch5 -p1 %patch6 -p1 +%patch7 -p1 # Remove backup-file rm -f %{name}-doc-%{docver}/sqlite.css~ || : @@ -261,6 +264,9 @@ make test %endif %changelog +* Thu Apr 15 2021 Ondrej Dubaj - 3.35.4-3 +- Remove SHA-1 algorithms according to its deprecation in RHEL-9 (#1935442) + * Wed Apr 14 2021 Ondrej Dubaj - 3.35.4-2 - Fixed handling LIKE experrsion in WHERE clause (#1947883)