emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/verifysig.c: use xbps_file_hash_raw()

Browse Source 
instead of mmap'ing the source file, xbps_file_hash_raw is used
to generate a digest of the file.
This commit is contained in:
Enno Boland 2016-06-15 23:22:44 +02:00
parent 7ce66edc57
commit df97be6a54
1 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/verifysig.c
View File

@ -41,14 +41,12 @@
#include "xbps_api_impl.h" #include "xbps_api_impl.h"
static bool static bool
rsa_verify_buf(struct xbps_repo *repo, xbps_data_t pubkey, rsa_verify_hash(struct xbps_repo *repo, xbps_data_t pubkey,
unsigned char *sig, unsigned int siglen, unsigned char *sig, unsigned int siglen,
unsigned char *buf, unsigned int buflen) unsigned char *sha256)
{ {
SHA256_CTX context;
BIO *bio; BIO *bio;
RSA *rsa; RSA *rsa;
unsigned char sha256[SHA256_DIGEST_LENGTH];
int rv; int rv;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
@ -65,11 +63,7 @@ rsa_verify_buf(struct xbps_repo *repo, xbps_data_t pubkey,
return false; return false;
} }
SHA256_Init(&context); rv = RSA_verify(NID_sha1, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa);
SHA256_Update(&context, buf, buflen);
SHA256_Final(sha256, &context);
rv = RSA_verify(NID_sha1, sha256, sizeof(sha256), sig, siglen, rsa);
RSA_free(rsa); RSA_free(rsa);
BIO_free(bio); BIO_free(bio);
ERR_free_strings(); ERR_free_strings();
@ -83,8 +77,8 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
xbps_dictionary_t repokeyd = NULL; xbps_dictionary_t repokeyd = NULL;
xbps_data_t pubkey; xbps_data_t pubkey;
char *hexfp = NULL; char *hexfp = NULL;
unsigned char *buf = NULL, *sig_buf = NULL; unsigned char *digest = NULL, *sig_buf = NULL;
size_t buflen, filelen, sigbuflen, sigfilelen; size_t sigbuflen, sigfilelen;
char *rkeyfile = NULL, *sig = NULL; char *rkeyfile = NULL, *sig = NULL;
bool val = false; bool val = false;
@ -116,7 +110,7 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
/* /*
* Prepare fname and signature data buffers. * Prepare fname and signature data buffers.
*/ */
if (!xbps_mmap_file(fname, (void *)&buf, &buflen, &filelen)) { if (!(digest = xbps_file_hash_raw(fname))) {
xbps_dbg_printf(repo->xhp, "can't open file %s: %s\n", fname, strerror(errno)); xbps_dbg_printf(repo->xhp, "can't open file %s: %s\n", fname, strerror(errno));
goto out; goto out;
} }
@ -128,7 +122,7 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
/* /*
* Verify fname RSA signature. * Verify fname RSA signature.
*/ */
if (rsa_verify_buf(repo, pubkey, sig_buf, sigfilelen, buf, filelen)) if (rsa_verify_hash(repo, pubkey, sig_buf, sigfilelen, digest))
val = true; val = true;
out: out:
@ -136,8 +130,8 @@ out:
free(hexfp); free(hexfp);
if (rkeyfile) if (rkeyfile)
free(rkeyfile); free(rkeyfile);
if (buf) if (digest)
(void)munmap(buf, buflen); free(digest);
if (sig_buf) if (sig_buf)
(void)munmap(sig_buf, sigbuflen); (void)munmap(sig_buf, sigbuflen);
if (sig) if (sig)