Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits cd74830
More functions to only use fd
Baptiste Daroussin committed 9 years ago
commit cd7483097bfb53908d67d1afc95d57c4a9cf2155
parent 8efc943
3 files changed +4 -11
modified libpkg/pkg_repo.c
@@ -633,7 +633,7 @@ pkg_repo_archive_extract_check_archive(int fd, const char *file,
	}

	else if (pkg_repo_signature_type(repo) == SIG_FINGERPRINT) {

		HASH_ITER(hh, sc, s, stmp) {
- 
			ret = rsa_verify_cert(NULL, s->cert, s->certlen, s->sig, s->siglen,
+ 
			ret = rsa_verify_cert(s->cert, s->certlen, s->sig, s->siglen,

				dest_fd);

			if (ret == EPKG_OK && s->trusted) {

				break;
@@ -863,7 +863,7 @@ pkg_repo_fetch_meta(struct pkg_repo *repo, time_t *t)
		}



		HASH_ITER(hh, sc, s, stmp) {
- 
			ret = rsa_verify_cert(NULL, s->cert, s->certlen, s->sig, s->siglen,
+ 
			ret = rsa_verify_cert(s->cert, s->certlen, s->sig, s->siglen,

				metafd);

			if (ret == EPKG_OK && s->trusted)

				break;
modified libpkg/private/utils.h
@@ -74,7 +74,7 @@ int rsa_new(struct rsa_key **, pkg_password_cb *, char *path);
void rsa_free(struct rsa_key *);

int rsa_sign(char *path, struct rsa_key *rsa, unsigned char **sigret, unsigned int *siglen);

int rsa_verify(const char *key, unsigned char *sig, unsigned int sig_len, int fd);
- 
int rsa_verify_cert(const char *path, unsigned char *cert,
+ 
int rsa_verify_cert(unsigned char *cert,

    int certlen, unsigned char *sig, int sig_len, int fd);



bool check_for_hardlink(hardlinks_t *hl, struct stat *st);
modified libpkg/rsa.c
@@ -133,20 +133,13 @@ rsa_verify_cert_cb(int fd, void *ud)
}



int
- 
rsa_verify_cert(const char *path, unsigned char *key, int keylen,
+ 
rsa_verify_cert(unsigned char *key, int keylen,

    unsigned char *sig, int siglen, int fd)

{

	int ret;

	bool need_close = false;

	struct rsa_verify_cbdata cbdata;
- 
	if (fd == -1) {
- 
		if ((fd = open(path, O_RDONLY)) == -1) {
- 
			pkg_emit_errno("fopen", path);
- 
			return (EPKG_FATAL);
- 
		}
- 
		need_close = true;
- 
	}

	(void)lseek(fd, 0, SEEK_SET);



	cbdata.key = key;