Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 55a7efb
Allow to check rsa from buffer
Baptiste Daroussin committed 12 years ago
commit 55a7efb192d1de3a4324ffdb1a97f75a8853b72b
parent 9968ceb
2 files changed +56 -1
modified libpkg/private/utils.h
@@ -93,6 +93,8 @@ void rsa_free(struct rsa_key *);
int rsa_sign(char *path, struct rsa_key *rsa, unsigned char **sigret, unsigned int *siglen);

int rsa_verify(const char *path, const char *key,

		unsigned char *sig, unsigned int sig_len, int fd);
+ 
int rsa_verify_cert(const char *path, unsigned char *cert,
+ 
    int certlen, unsigned char *sig, int sig_len, int fd);



bool is_hardlink(struct hardlinks *hl, struct stat *st);
modified libpkg/rsa.c
@@ -1,5 +1,5 @@
/*-
- 
 * Copyright (c) 2011-2012 Baptiste Daroussin <bapt@FreeBSD.org>
+ 
 * Copyright (c) 2011-2013 Baptiste Daroussin <bapt@FreeBSD.org>

 * Copyright (c) 2011-2012 Julien Laffaye <jlaffaye@FreeBSD.org>

 * All rights reserved.

 *
@@ -80,6 +80,59 @@ _load_rsa_public_key(const char *rsa_key_path)
	return (rsa);

}
+ 
static RSA *
+ 
_load_rsa_public_key_buf(unsigned char *cert, int certlen)
+ 
{
+ 
	RSA *rsa = NULL;
+ 
	BIO *bp;
+ 
	char errbuf[1024];
+
+ 
	bp = BIO_new_mem_buf((void *)cert, certlen);
+ 
	if (!PEM_read_bio_RSAPublicKey(bp, &rsa, NULL, NULL)) {
+ 
		pkg_emit_error("error reading public key: %s",
+ 
		    ERR_error_string(ERR_get_error(), errbuf));
+ 
		BIO_free(bp);
+ 
		return (NULL);
+ 
	}
+ 
	BIO_free(bp);
+ 
	return (rsa);
+ 
}
+
+ 
int
+ 
rsa_verify_cert(const char *path, unsigned char *key, int keylen,
+ 
    unsigned char *sig, int siglen, int fd)
+ 
{
+ 
	char sha256[SHA256_DIGEST_LENGTH *2 +1];
+ 
	char errbuf[1024];
+ 
	RSA *rsa = NULL;
+ 
	int ret;
+
+ 
	if (fd != -1)
+ 
		sha256_fd(fd, sha256);
+ 
	else
+ 
		sha256_file(path, sha256);
+
+ 
	SSL_load_error_strings();
+ 
	OpenSSL_add_all_algorithms();
+ 
	OpenSSL_add_all_ciphers();
+
+ 
	rsa = _load_rsa_public_key_buf(key, keylen);
+ 
	if (rsa == NULL)
+ 
		return (EPKG_FATAL);
+
+ 
	ret = RSA_verify(NID_sha1, sha256, sizeof(sha256), sig, siglen, rsa);
+ 
	if (ret == 0) {
+ 
		pkg_emit_error("%s: %s", key,
+ 
		    ERR_error_string(ERR_get_error(), errbuf));
+ 
		return (EPKG_FATAL);
+ 
	}
+
+ 
	RSA_free(rsa);
+ 
	ERR_free_strings();
+
+ 
	return (EPKG_OK);
+ 
}
+ 


int

rsa_verify(const char *path, const char *key, unsigned char *sig,

    unsigned int sig_len, int fd)