Re: Fix for rpmpgp in the rpm 5_4 branch
On 7/18/14, 3:08 PM, Jeffrey Johnson wrote: On Jul 1, 2014, at 10:12 AM, Mark Hatle wrote: The recent changes to add variable encryption have left one compilation issue that I found. Attached is a patch that adds the missing ifdefs to resolve the issue. --Mark rpm-rpmpgp-fix.patch This patch finally checked in, thank you. There's _STILL_ some problem with RSA using openssl: :) At least you finally can reproduce it. We did get the Yocto Project up to rpm 5.4.14. (I also have a 'CVS' recipe for the newer stuff..) So we are testing much newer code at least now. --Mark [jbj@ha tests]$ while true; do make check-sign; done ... === check-sign === -- DSA: -- RSA: -- rpmsslVerify(0x224ec30) BAD RSA/SHA1 error: edos-test/tyre-2-0.noarch.rpm: Header V4 RSA/SHA1 signature: BAD, key ID 36528658 error: reading edos-test/tyre-2-0.noarch.rpm manifest, non-printable characters found make: *** [check-sign] Error 1 This is just a loop resigning with a constant private key (using gpg2), and verifying using rpm internal openssl. The error is specific to openssl ... likely guess is that the bit count has gone awry somehow. Dunno yet. At least I have a reproducer ... digging. 73 de Jeff __ RPM Package Managerhttp://rpm5.org Developer Communication Listrpm-devel@rpm5.org
Re: Fix for rpmpgp in the rpm 5_4 branch
On Jul 1, 2014, at 10:12 AM, Mark Hatle wrote: The recent changes to add variable encryption have left one compilation issue that I found. Attached is a patch that adds the missing ifdefs to resolve the issue. --Mark rpm-rpmpgp-fix.patch This patch finally checked in, thank you. There's _STILL_ some problem with RSA using openssl: [jbj@ha tests]$ while true; do make check-sign; done ... === check-sign === -- DSA: -- RSA: -- rpmsslVerify(0x224ec30) BAD RSA/SHA1 error: edos-test/tyre-2-0.noarch.rpm: Header V4 RSA/SHA1 signature: BAD, key ID 36528658 error: reading edos-test/tyre-2-0.noarch.rpm manifest, non-printable characters found make: *** [check-sign] Error 1 This is just a loop resigning with a constant private key (using gpg2), and verifying using rpm internal openssl. The error is specific to openssl ... likely guess is that the bit count has gone awry somehow. Dunno yet. At least I have a reproducer ... digging. 73 de Jeff __ RPM Package Managerhttp://rpm5.org Developer Communication Listrpm-devel@rpm5.org
Re: Fix for rpmpgp in the rpm 5_4 branch
On Jul 18, 2014, at 5:04 PM, Mark Hatle wrote: On 7/18/14, 3:08 PM, Jeffrey Johnson wrote: On Jul 1, 2014, at 10:12 AM, Mark Hatle wrote: The recent changes to add variable encryption have left one compilation issue that I found. Attached is a patch that adds the missing ifdefs to resolve the issue. --Mark rpm-rpmpgp-fix.patch This patch finally checked in, thank you. There's _STILL_ some problem with RSA using openssl: :) At least you finally can reproduce it. We did get the Yocto Project up to rpm 5.4.14. (I also have a 'CVS' recipe for the newer stuff..) So we are testing much newer code at least now. Gotcha. Leading zeroes on the OpenPGP RSA signature need to be resurrected into a fixed length octet string: ... -- rpmsslSetRSA(0x9cee4e0) OK RSA/SHA1 ==10941== Invalid read of size 1 ==10941==at 0x7F132FC: BN_bin2bn (bn_lib.c:607) ==10941==by 0x7F30662: RSA_eay_public_decrypt (rsa_eay.c:760) ==10941==by 0x7F36B6F: pkey_rsa_verify (rsa_pmeth.c:373) ==10941==by 0x546480B: rpmsslVerify (rpmssl.c:402) ==10941==by 0x50FAE33: rpmVerifySignature (rpmpgp.h:1860) ==10941==by 0x50E9FE5: rpmReadPackageFile (package.c:353) ==10941==by 0x4E883DC: rpmgiReadHeader (rpmgi.c:163) ==10941==by 0x4E88B9C: rpmgiNext (rpmgi.c:232) ==10941==by 0x4E722A7: rpmgiShowMatches (query.c:438) ==10941==by 0x4E7334A: rpmQueryVerify (query.c:556) ==10941==by 0x4E73DFE: rpmcliArgIter (query.c:852) ==10941==by 0x4E74164: rpmcliQuery (query.c:974) ==10941== Address 0x17e47d7f is 0 bytes after a block of size 255 alloc'd ==10941==at 0x4A069EE: malloc (vg_replace_malloc.c:270) ==10941==by 0x5461CBA: rpmsslMpiItem (rpmssl.c:700) ==10941==by 0x5458B00: pgpPrtSigParams (rpmpgp.h:1893) ==10941==by 0x544137F: rpmhkpLoadSignature (rpmhkp.c:553) ==10941==by 0x50E9F7D: rpmReadPackageFile (package.c:289) ==10941==by 0x4E883DC: rpmgiReadHeader (rpmgi.c:163) ==10941==by 0x4E88B9C: rpmgiNext (rpmgi.c:232) ==10941==by 0x4E722A7: rpmgiShowMatches (query.c:438) ==10941==by 0x4E7334A: rpmQueryVerify (query.c:556) ==10941==by 0x4E73DFE: rpmcliArgIter (query.c:852) ==10941==by 0x4E74164: rpmcliQuery (query.c:974) ==10941==by 0x404A30: main (rpmqv.cc:1041) ==10941== == RSA n: CB868DC4E01059B8C9203E14EDCA0EA2E659DA147C3C4B07B862CED80451932944A6B154C79B75BBB648D89F92016B0099679E3853478513E7D08D5A3DAF163DF11AB40B649C8ED0DAB38F01078C94B44D2F32EAD6044CDE6508C8E1965B057D9530DDE6EAF9BA34324CA77051FBCC9FBD09E0453B0DCC6B034738BD75E00729BF535EE985CD33B2EFE9E03637CA9D7FF61DB1474BEAF9505454A637C9174F9A921FB719058F8A74F6F802600A11CEC324F56CE91867DF199A268BDFD7DAF10EECD74F137A0022080DEA7739B82B8358DA1FC9AB47E1BF0714DD1B902752FC69C995E0FDD964BC1873C8848032BC220A01680FF53794433E5387D4A9E94A90D1 e: 010001 d: p: q: dp: dq: qi: hm: 01003021300906052B0E03021A05000414A9948481517A601F7F2D80330F27DB3C8F1AF82D -- rpmsslVerify(0x9cee4e0) BAD RSA/SHA1 ... DSA/ECDSA unaffected fwiw. Check-in fix tomorrow todo++. 73 de Jeff __ RPM Package Managerhttp://rpm5.org Developer Communication Listrpm-devel@rpm5.org