Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 54399a9
repo: isolate the function to RSA sign the content of repo
Baptiste Daroussin committed 2 years ago
commit 54399a913923a7360153e9d1a9205380160cf494
parent 890bdc7
3 files changed +24 -14
modified libpkg/pkg_repo_create.c
@@ -982,13 +982,32 @@ done:
}



static int
+ 
pack_rsa_sign(struct packing *pack, struct pkg_key *keyinfo, const char *path,
+ 
    const char *name)
+ 
{
+ 
	unsigned char *sigret = NULL;
+ 
	unsigned int siglen = 0;
+
+ 
	if (keyinfo == NULL)
+ 
		return (EPKG_FATAL);
+
+ 
	if (rsa_sign(path, keyinfo, &sigret, &siglen) != EPKG_OK) {
+ 
		free(sigret);
+ 
		return (EPKG_FATAL);
+ 
	}
+ 
	if (packing_append_buffer(pack, sigret, name, siglen + 1) != EPKG_OK) {
+ 
		free(sigret);
+ 
		return (EPKG_FATAL);
+ 
	}
+ 
	return (EPKG_OK);
+ 
}
+
+ 
static int

pkg_repo_pack_db(const char *name, const char *archive, char *path,

		struct pkg_key *keyinfo, struct pkg_repo_meta *meta,

		char **argv, int argc)

{

	struct packing *pack;
- 
	unsigned char *sigret = NULL;
- 
	unsigned int siglen = 0;

	size_t signature_len = 0;

	char fname[MAXPATHLEN];

	char *sig, *pub;
@@ -1001,15 +1020,7 @@ pkg_repo_pack_db(const char *name, const char *archive, char *path,
		return (EPKG_FATAL);



	if (keyinfo != NULL) {
- 
		if (rsa_sign(path, keyinfo, &sigret, &siglen) != EPKG_OK) {
- 
			ret = EPKG_FATAL;
- 
			goto out;
- 
		}
-
- 
		if (packing_append_buffer(pack, sigret, "signature", siglen + 1) != EPKG_OK) {
- 
			ret = EPKG_FATAL;
- 
			goto out;
- 
		}
+ 
		ret = pack_rsa_sign(pack, keyinfo, path, "signature");

	} else if (argc >= 1) {

		if (pkg_repo_sign(path, argv, argc, &sig, &signature_len, &pub) != EPKG_OK) {

			ret = EPKG_FATAL;
@@ -1034,7 +1045,6 @@ pkg_repo_pack_db(const char *name, const char *archive, char *path,
out:

	packing_finish(pack);

	unlink(path);
- 
	free(sigret);

	free(sig);

	free(pub);
modified libpkg/private/utils.h
@@ -89,7 +89,7 @@ int is_link(const char *);


int rsa_new(struct pkg_key **, pkg_password_cb *, char *path);

void rsa_free(struct pkg_key *);
- 
int rsa_sign(char *path, struct pkg_key *keyinfo, unsigned char **sigret,
+ 
int rsa_sign(const char *path, struct pkg_key *keyinfo, unsigned char **sigret,

    unsigned int *siglen);

int rsa_verify(const char *key, unsigned char *sig, unsigned int sig_len, int fd);

int rsa_verify_cert(unsigned char *cert,
modified libpkg/rsa.c
@@ -364,7 +364,7 @@ rsa_verify(const char *key, unsigned char *sig, unsigned int sig_len, int fd)
}



int
- 
rsa_sign(char *path, struct pkg_key *keyinfo, unsigned char **sigret,
+ 
rsa_sign(const char *path, struct pkg_key *keyinfo, unsigned char **sigret,

    unsigned int *osiglen)

{

	char errbuf[1024];