emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #245 from ebfe/sign-big-pkgs

Browse Source 
bin/xbps-rindex: use xbps_file_hash_raw while signing
This commit is contained in:
Juan RP 2017-10-25 09:17:08 +02:00 committed by GitHub
commit a6df70b8af
1 changed files with 16 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
bin/xbps-rindex/sign.c
View File

@ -94,24 +94,28 @@ pubkey_from_privkey(RSA *rsa)
} }
static bool static bool
rsa_sign_buf(RSA *rsa, const char *buf, unsigned int buflen, rsa_sign_file(RSA *rsa, const char *file,
unsigned char **sigret, unsigned int *siglen) unsigned char **sigret, unsigned int *siglen)
{ {
SHA256_CTX context; unsigned char *sha256;
unsigned char sha256[SHA256_DIGEST_LENGTH];
SHA256_Init(&context); sha256 = xbps_file_hash_raw(file);
SHA256_Update(&context, buf, buflen); if(!sha256)
SHA256_Final(sha256, &context);
if ((*sigret = calloc(1, RSA_size(rsa) + 1)) == NULL)
return false; return false;
if (!RSA_sign(NID_sha1, sha256, sizeof(sha256), if ((*sigret = calloc(1, RSA_size(rsa) + 1)) == NULL) {
free(sha256);
return false;
}
if (!RSA_sign(NID_sha1, sha256, SHA256_DIGEST_LENGTH,
*sigret, siglen, rsa)) { *sigret, siglen, rsa)) {
free(sha256);
free(*sigret); free(*sigret);
return false; return false;
} }
free(sha256);
return true; return true;
} }
@ -252,11 +256,10 @@ static int
sign_pkg(struct xbps_handle *xhp, const char *binpkg, const char *privkey, bool force) sign_pkg(struct xbps_handle *xhp, const char *binpkg, const char *privkey, bool force)
{ {
RSA *rsa = NULL; RSA *rsa = NULL;
struct stat st;
unsigned char *sig = NULL; unsigned char *sig = NULL;
unsigned int siglen = 0; unsigned int siglen = 0;
char *buf = NULL, *sigfile = NULL; char *sigfile = NULL;
int rv = 0, sigfile_fd = -1, binpkg_fd = -1; int rv = 0, sigfile_fd = -1;
sigfile = xbps_xasprintf("%s.sig", binpkg); sigfile = xbps_xasprintf("%s.sig", binpkg);
/* /*
@ -272,30 +275,12 @@ sign_pkg(struct xbps_handle *xhp, const char *binpkg, const char *privkey, bool
/* /*
* Generate pkg file signature. * Generate pkg file signature.
*/ */
if ((binpkg_fd = open(binpkg, O_RDONLY)) == -1) {
fprintf(stderr, "cannot read %s: %s\n", binpkg, strerror(errno));
rv = EINVAL;
goto out;
}
(void)fstat(binpkg_fd, &st);
buf = malloc(st.st_size);
assert(buf);
if (read(binpkg_fd, buf, st.st_size) != st.st_size) {
fprintf(stderr, "failed to read %s: %s\n", binpkg, strerror(errno));
rv = EINVAL;
goto out;
}
close(binpkg_fd);
binpkg_fd = -1;
rsa = load_rsa_key(privkey); rsa = load_rsa_key(privkey);
if (!rsa_sign_buf(rsa, buf, st.st_size, &sig, &siglen)) { if (!rsa_sign_file(rsa, binpkg, &sig, &siglen)) {
fprintf(stderr, "failed to sign %s: %s\n", binpkg, strerror(errno)); fprintf(stderr, "failed to sign %s: %s\n", binpkg, strerror(errno));
rv = EINVAL; rv = EINVAL;
goto out; goto out;
} }
free(buf);
buf = NULL;
/* /*
* Write pkg file signature. * Write pkg file signature.
*/ */
@ -324,14 +309,10 @@ out:
RSA_free(rsa); RSA_free(rsa);
rsa = NULL; rsa = NULL;
} }
if (buf)
free(buf);
if (sigfile) if (sigfile)
free(sigfile); free(sigfile);
if (sigfile_fd != -1) if (sigfile_fd != -1)
close(sigfile_fd); close(sigfile_fd);
if (binpkg_fd != -1)
close(binpkg_fd);
return rv; return rv;
} }