From 896dbfc03146157a057543b3b5152c1fbf0f9170 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Mon, 24 Aug 2020 21:06:31 -0300 Subject: [PATCH 1/8] configure: add bearssl to LDFLAGS. --- configure | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configure b/configure index f8895d796..6c359e4cd 100755 --- a/configure +++ b/configure @@ -700,6 +700,12 @@ else >>$CONFIG_MK fi +# +# bearssl doesn't ship pkg-config files +# +echo "LDFLAGS += -lbearssl" >>$CONFIG_MK +echo "STATIC_LIBS += -lbearssl -static" >>$CONFIG_MK + # # libssl with pkg-config support is required. # From 803ce3cc2a3e264f335e50af60d451c2f617a28b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Tue, 25 Aug 2020 02:12:47 -0300 Subject: [PATCH 2/8] .travis.yml: add bearssl-devel. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 79dd18c75..75b3715c0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,7 +18,7 @@ env: install: - docker pull "$IMG" - - docker run -v "$PWD":/tmp/build-dir -w "/tmp/build-dir" "$IMG" /bin/sh -c "xbps-install -Syu xbps && xbps-install -yu && xbps-install -y $DEPS make pkgconf kyua zlib-devel libarchive-devel atf-devel && CC=$CC ./configure --enable-tests && make -j$(nproc) && make check" + - docker run -v "$PWD":/tmp/build-dir -w "/tmp/build-dir" "$IMG" /bin/sh -c "xbps-install -Syu xbps && xbps-install -yu && xbps-install -y $DEPS make pkgconf kyua zlib-devel libarchive-devel atf-devel bearssl-devel && CC=$CC ./configure --enable-tests && make -j$(nproc) && make check" script: - echo BUILDS PASSED From 4d19a6a7a550e02147fb49744f1028d0cd0cc06a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Tue, 25 Aug 2020 02:03:20 -0300 Subject: [PATCH 3/8] lib/repo: remove unnecessary openssl headers. --- lib/repo.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/lib/repo.c b/lib/repo.c index 4547d0cd9..5aec615c9 100644 --- a/lib/repo.c +++ b/lib/repo.c @@ -31,12 +31,6 @@ #include #include -#include -#include -#include -#include -#include - #include "xbps_api_impl.h" /** From 63197efc10a6715093b6b09341ac94c794f035d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Tue, 25 Aug 2020 03:32:09 -0300 Subject: [PATCH 4/8] xbps-fetch/main: remove openssl header. --- bin/xbps-fetch/main.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/bin/xbps-fetch/main.c b/bin/xbps-fetch/main.c index 0411f6567..aed3d623c 100644 --- a/bin/xbps-fetch/main.c +++ b/bin/xbps-fetch/main.c @@ -31,8 +31,6 @@ #include #include -#include - #include #include "../xbps-install/defs.h" @@ -175,7 +173,7 @@ main(int argc, char **argv) rv = 0; } if (shasum) { - print_digest(digest, SHA256_DIGEST_LENGTH); + print_digest(digest, XBPS_SHA256_DIGEST_SIZE); printf(" %s\n", filename); } } From d33355beff9d02a39fa755c078faa8af26affb32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Mon, 24 Aug 2020 21:17:41 -0300 Subject: [PATCH 5/8] lib/download: move to bearssl. --- lib/download.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/download.c b/lib/download.c index b3dcc02dc..97f5bf752 100644 --- a/lib/download.c +++ b/lib/download.c @@ -42,7 +42,7 @@ #include #include -#include +#include #include "xbps_api_impl.h" #include "fetch.h" @@ -106,7 +106,7 @@ xbps_fetch_file_dest_sha256(struct xbps_handle *xhp, const char *uri, const char char fetch_flags[8]; int fd = -1, rv = 0; bool refetch = false, restart = false; - SHA256_CTX sha256; + br_sha256_context sha256; assert(xhp); assert(uri); @@ -117,7 +117,7 @@ xbps_fetch_file_dest_sha256(struct xbps_handle *xhp, const char *uri, const char errno = ENOBUFS; return -1; } - SHA256_Init(&sha256); + br_sha256_init(&sha256); } /* Extern vars declared in libfetch */ @@ -232,7 +232,7 @@ xbps_fetch_file_dest_sha256(struct xbps_handle *xhp, const char *uri, const char if (restart) { if (digest) { while ((bytes_read = read(fd, buf, sizeof(buf))) > 0) { - SHA256_Update(&sha256, buf, bytes_read); + br_sha256_update(&sha256, buf, bytes_read); } if (bytes_read == -1) { xbps_dbg_printf(xhp, "IO error while reading %s: %s\n", @@ -257,7 +257,7 @@ xbps_fetch_file_dest_sha256(struct xbps_handle *xhp, const char *uri, const char */ while ((bytes_read = fetchIO_read(fio, buf, sizeof(buf))) > 0) { if (digest) - SHA256_Update(&sha256, buf, bytes_read); + br_sha256_update(&sha256, buf, bytes_read); bytes_written = write(fd, buf, (size_t)bytes_read); if (bytes_written != bytes_read) { xbps_dbg_printf(xhp, @@ -319,7 +319,7 @@ xbps_fetch_file_dest_sha256(struct xbps_handle *xhp, const char *uri, const char rv = 1; if (digest) - SHA256_Final(digest, &sha256); + br_sha256_out(&sha256, digest); fetch_file_out: if (fio != NULL) From 96a908f1eeff4e1c9453362b8d9b430cfe8b2786 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Mon, 24 Aug 2020 21:07:12 -0300 Subject: [PATCH 6/8] lib/util_hash: move to bearssl, use FILE streams. There is no need to use raw file descriptors. --- lib/util_hash.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/util_hash.c b/lib/util_hash.c index 4b1de715b..5caaf2edd 100644 --- a/lib/util_hash.c +++ b/lib/util_hash.c @@ -31,7 +31,7 @@ #include #include -#include +#include #include "xbps_api_impl.h" @@ -111,10 +111,10 @@ xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen) bool xbps_file_sha256_raw(unsigned char *dst, size_t dstlen, const char *file) { - int fd; - ssize_t len; + FILE *stream; + size_t len; char buf[65536]; - SHA256_CTX sha256; + br_sha256_context sha256; assert(dstlen >= XBPS_SHA256_DIGEST_SIZE); if (dstlen < XBPS_SHA256_DIGEST_SIZE) { @@ -122,20 +122,20 @@ xbps_file_sha256_raw(unsigned char *dst, size_t dstlen, const char *file) return false; } - if ((fd = open(file, O_RDONLY)) < 0) + if ((stream = fopen(file, "rb")) == 0) return false; - SHA256_Init(&sha256); - - while ((len = read(fd, buf, sizeof(buf))) > 0) - SHA256_Update(&sha256, buf, len); + br_sha256_init(&sha256); - (void)close(fd); + while ((len = fread(buf, 1, sizeof(buf), stream)) > 0) + br_sha256_update(&sha256, buf, len); - if(len == -1) + if (ferror(stream)) return false; - SHA256_Final(dst, &sha256); + fclose(stream); + + br_sha256_out(&sha256, dst); return true; } From 3a309e2f698b3911ab4b582bfb3c0609f3f3dc03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Tue, 25 Aug 2020 02:03:49 -0300 Subject: [PATCH 7/8] lib/verifysig: use bearssl where possible. BearSSL currently doesn't support decoding the pubkey in the format we are using. Since there are plans for changing the signing algorithm, this shouldn't be an issue for the transition, once the new design is finalized. For now, we are using LibreSSL to decode the PEM string in pubkey into a public key. --- lib/verifysig.c | 51 ++++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/lib/verifysig.c b/lib/verifysig.c index 565379896..b23cca301 100644 --- a/lib/verifysig.c +++ b/lib/verifysig.c @@ -32,11 +32,10 @@ #include #include -#include -#include #include -#include #include +#include +#include #include "xbps_api_impl.h" @@ -45,30 +44,38 @@ rsa_verify_hash(struct xbps_repo *repo, xbps_data_t pubkey, unsigned char *sig, unsigned int siglen, unsigned char *sha256) { + int rv; + br_rsa_public_key pk; + br_rsa_pkcs1_vrfy vrfy; + // ssl + unsigned char e[3], n[512]; BIO *bio; RSA *rsa; - int rv; + const BIGNUM *nrsa = NULL, *ersa = NULL, *drsa = NULL; - ERR_load_crypto_strings(); - SSL_load_error_strings(); - - bio = BIO_new_mem_buf(__UNCONST(xbps_data_data_nocopy(pubkey)), - xbps_data_size(pubkey)); - assert(bio); + (void) repo; + bio = BIO_new_mem_buf(__UNCONST(xbps_data_data_nocopy(pubkey)), xbps_data_size(pubkey)); rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); - if (rsa == NULL) { - xbps_dbg_printf(repo->xhp, "`%s' error reading public key: %s\n", - repo->uri, ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - rv = RSA_verify(NID_sha1, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa); - RSA_free(rsa); - BIO_free(bio); - ERR_free_strings(); - - return rv ? true : false; + RSA_get0_key(rsa, &nrsa, &ersa, &drsa); + printf("- n (size %d): ", BN_num_bytes(nrsa)); + BN_print_fp(stdout, nrsa); + printf("\n- e (size %d): ", BN_num_bytes(ersa)); + BN_print_fp(stdout, ersa); + puts(""); + assert(BN_num_bytes(nrsa) == 512); + BN_bn2bin(nrsa, n); + BN_bn2bin(ersa, e); + + pk.n = n; + pk.nlen = 512; + pk.e = e; + pk.elen = 3; + + vrfy = br_rsa_pkcs1_vrfy_get_default(); + rv = vrfy(sig, siglen, BR_HASH_OID_SHA1, 32, &pk, sha256); + + return rv; } bool From 4398820c523fe53008a14bf165a53ecbb1ad5894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Sun, 30 Aug 2020 01:28:26 -0300 Subject: [PATCH 8/8] lib/verifysig: keep consistent logic. No need to check if passing NULL to free(). --- lib/verifysig.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/verifysig.c b/lib/verifysig.c index b23cca301..57766dc1d 100644 --- a/lib/verifysig.c +++ b/lib/verifysig.c @@ -98,7 +98,7 @@ xbps_verify_signature(struct xbps_repo *repo, const char *sigfile, xbps_dictionary_get(repo->idxmeta, "public-key")); if (hexfp == NULL) { xbps_dbg_printf(repo->xhp, "%s: incomplete signed repo, missing hexfp obj\n", repo->uri); - return false; + goto out; } /* @@ -128,10 +128,8 @@ xbps_verify_signature(struct xbps_repo *repo, const char *sigfile, val = true; out: - if (hexfp) - free(hexfp); - if (rkeyfile) - free(rkeyfile); + free(hexfp); + free(rkeyfile); if (sig_buf) (void)munmap(sig_buf, sigbuflen); if (repokeyd)