Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits fd8e096
RSA_verify() expects a binary digest of the data, not hex
Bryan Drewery committed 12 years ago
commit fd8e09638c3069efef22b0ad49424d73eee08e19
parent af4f6a1
3 files changed +13 -5
modified libpkg/private/utils.h
@@ -86,6 +86,7 @@ int is_dir(const char *);
int is_conf_file(const char *path, char *newpath, size_t len);



void sha256_buf(char *, size_t len, char[SHA256_DIGEST_LENGTH * 2 +1]);
+ 
void sha256_buf_bin(char *, size_t len, char[SHA256_DIGEST_LENGTH]);

int sha256_file(const char *, char[SHA256_DIGEST_LENGTH * 2 +1]);

int sha256_fd(int fd, char[SHA256_DIGEST_LENGTH * 2 +1]);

int md5_file(const char *, char[MD5_DIGEST_LENGTH * 2 +1]);
modified libpkg/rsa.c
@@ -103,6 +103,7 @@ rsa_verify_cert(const char *path, unsigned char *key, int keylen,
    unsigned char *sig, int siglen, int fd)

{

	char sha256[SHA256_DIGEST_LENGTH *2 +1];
+ 
	char hash[SHA256_DIGEST_LENGTH];

	char errbuf[1024];

	RSA *rsa = NULL;

	int ret;
@@ -116,11 +117,12 @@ rsa_verify_cert(const char *path, unsigned char *key, int keylen,
	OpenSSL_add_all_algorithms();

	OpenSSL_add_all_ciphers();
+ 
	sha256_buf_bin(sha256, strlen(sha256), hash);
+ 


	rsa = _load_rsa_public_key_buf(key, keylen);

	if (rsa == NULL)

		return (EPKG_FATAL);
-
- 
	ret = RSA_verify(NID_sha256, sha256, sizeof(sha256), sig, siglen, rsa);
+ 
	ret = RSA_verify(NID_sha256, hash, sizeof(hash), sig, siglen, rsa);

	if (ret == 0) {

		pkg_emit_error("%s: %s", key,

		    ERR_error_string(ERR_get_error(), errbuf));
modified libpkg/utils.c
@@ -359,14 +359,19 @@ void
sha256_buf(char *buf, size_t len, char out[SHA256_DIGEST_LENGTH * 2 + 1])

{

	unsigned char hash[SHA256_DIGEST_LENGTH];
- 
	SHA256_CTX sha256;
-
+ 
	sha256_buf_bin(buf, len, hash);

	out[0] = '\0';
+ 
	sha256_hash(hash, out);
+ 
}
+
+ 
void
+ 
sha256_buf_bin(char *buf, size_t len, char hash[SHA256_DIGEST_LENGTH])
+ 
{
+ 
	SHA256_CTX sha256;



	SHA256_Init(&sha256);

	SHA256_Update(&sha256, buf, len);

	SHA256_Final(hash, &sha256);
- 
	sha256_hash(hash, out);

}



int