pkg(7): now that we do use libmd, use it completly

Use SHA256_Fd and SHA256_Data instead of home made equivalent. wrap those functions into hash.c to avoid header collition between openssl and libmd Suggested by: kevans
2024-07-21 10:19:04 +00:00 · 2023-03-09 21:29:15 +01:00 · 2023-03-09 21:29:15 +01:00 · e5dd5bfa55
parent 5b3f109816
commit e5dd5bfa55
3 changed files with 16 additions and 77 deletions
--- a/usr.sbin/pkg/hash.c
+++ b/usr.sbin/pkg/hash.c
@ -27,86 +27,21 @@
 * SUCH DAMAGE.
 */

-#include <err.h>
 #include <sha256.h>
-#include <stdio.h>
 #include <unistd.h>

 #include "hash.h"

-static void
-sha256_hash(unsigned char hash[SHA256_DIGEST_LENGTH],
-    char out[SHA256_DIGEST_LENGTH * 2 + 1])
+char *
+sha256_buf(char *buf, size_t len)
 {
-	int i;

-	for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
-		sprintf(out + (i * 2), "%02x", hash[i]);
-
-	out[SHA256_DIGEST_LENGTH * 2] = '\0';
+	return (SHA256_Data(buf, len, NULL));
 }

-void
-sha256_buf(char *buf, size_t len, char out[SHA256_DIGEST_LENGTH * 2 + 1])
+char *
+sha256_fd(int fd)
 {
-	unsigned char hash[SHA256_DIGEST_LENGTH];
-	SHA256_CTX sha256;

-	out[0] = '\0';
-
-	SHA256_Init(&sha256);
-	SHA256_Update(&sha256, buf, len);
-	SHA256_Final(hash, &sha256);
-	sha256_hash(hash, out);
-}
-
-int
-sha256_fd(int fd, char out[SHA256_DIGEST_LENGTH * 2 + 1])
-{
-	int my_fd;
-	FILE *fp;
-	char buffer[BUFSIZ];
-	unsigned char hash[SHA256_DIGEST_LENGTH];
-	size_t r;
-	int ret;
-	SHA256_CTX sha256;
-
-	fp = NULL;
-	ret = 1;
-
-	out[0] = '\0';
-
-	/* Duplicate the fd so that fclose(3) does not close it. */
-	if ((my_fd = dup(fd)) == -1) {
-		warnx("dup");
-		goto cleanup;
-	}
-
-	if ((fp = fdopen(my_fd, "rb")) == NULL) {
-		warnx("fdopen");
-		goto cleanup;
-	}
-
-	SHA256_Init(&sha256);
-
-	while ((r = fread(buffer, 1, BUFSIZ, fp)) > 0)
-		SHA256_Update(&sha256, buffer, r);
-
-	if (ferror(fp) != 0) {
-		warnx("fread");
-		goto cleanup;
-	}
-
-	SHA256_Final(hash, &sha256);
-	sha256_hash(hash, out);
-	ret = 0;
-
-cleanup:
-	if (fp != NULL)
-		fclose(fp);
-	else if (my_fd != -1)
-		close(my_fd);
-	(void)lseek(fd, 0, SEEK_SET);
-
-	return (ret);
+	return (SHA256_Fd(fd, NULL));
 }
--- a/usr.sbin/pkg/hash.h
+++ b/usr.sbin/pkg/hash.h
@ -28,5 +28,5 @@

 #pragma once

-void sha256_buf(char *buf, size_t len, char out[]);
-int sha256_fd(int fd, char out[]);
+char *sha256_buf(char *buf, size_t len);
+char *sha256_fd(int fd);
--- a/usr.sbin/pkg/pkg.c
+++ b/usr.sbin/pkg/pkg.c
@ -445,10 +445,11 @@ rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key,
 {
 	EVP_MD_CTX *mdctx;
 	EVP_PKEY *pkey;
-	char sha256[(SHA256_DIGEST_LENGTH * 2) + 2];
+	char *sha256;
 	char errbuf[1024];
 	bool ret;

+	sha256 = NULL;
 	pkey = NULL;
 	mdctx = NULL;
 	ret = false;
@ -460,7 +461,7 @@ rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key,
 		warn("lseek");
 		goto cleanup;
 	}
-	if ((sha256_fd(fd, sha256)) == -1) {
+	if ((sha256 = sha256_fd(fd)) == NULL) {
 		warnx("Error creating SHA256 hash for package");
 		goto cleanup;
 	}
@ -505,6 +506,7 @@ rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key,
 	printf("failed\n");

 cleanup:
+	free(sha256);
 	if (pkey)
 		EVP_PKEY_free(pkey);
 	if (mdctx)
@ -667,8 +669,9 @@ verify_signature(int fd_pkg, int fd_sig)
 	int trusted_count, revoked_count;
 	const char *fingerprints;
 	char path[MAXPATHLEN];
-	char hash[SHA256_DIGEST_LENGTH * 2 + 1];
+	char *hash;

+	hash = NULL;
 	sc = NULL;
 	trusted = revoked = NULL;
 	ret = false;
@ -705,7 +708,7 @@ verify_signature(int fd_pkg, int fd_sig)
 	sc->trusted = false;

 	/* Parse signature and pubkey out of the certificate */
-	sha256_buf(sc->cert, sc->certlen, hash);
+	hash = sha256_buf(sc->cert, sc->certlen);

 	/* Check if this hash is revoked */
 	if (revoked != NULL) {
@ -744,6 +747,7 @@ verify_signature(int fd_pkg, int fd_sig)
 	ret = true;

 cleanup:
+	free(hash);
 	if (trusted)
 		free_fingerprint_list(trusted);
 	if (revoked)