-/* $OpenBSD: extern.h,v 1.102 2022/01/13 13:18:41 claudio Exp $ */
+/* $OpenBSD: extern.h,v 1.103 2022/01/13 13:46:03 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
const struct cert *);
int valid_roa(const char *, struct auth_tree *, struct roa *);
int valid_filename(const char *);
-int valid_filehash(const char *, const char *, size_t);
+int valid_filehash(int, const char *, size_t);
int valid_uri(const char *, size_t, const char *);
int valid_origin(const char *, const char *);
-/* $OpenBSD: mft.c,v 1.44 2022/01/11 13:06:07 claudio Exp $ */
+/* $OpenBSD: mft.c,v 1.45 2022/01/13 13:46:03 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
#include <limits.h>
#include <stdarg.h>
#include <stdint.h>
-#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
return p.res;
}
-/*
- * Check all files and their hashes in a MFT structure.
- * Return zero on failure, non-zero on success.
- */
-int
-mft_check(const char *fn, struct mft *p)
-{
- size_t i;
- int rc = 1;
- char *cp, *h, *path = NULL;
-
- /* Check hash of file now, but first build path for it */
- cp = strrchr(fn, '/');
- assert(cp != NULL);
- assert(cp - fn < INT_MAX);
-
- for (i = 0; i < p->filesz; i++) {
- const struct mftfile *m = &p->files[i];
- if (!valid_filename(m->file)) {
- if (base64_encode(m->hash, sizeof(m->hash), &h) == -1)
- errx(1, "base64_encode failed in %s", __func__);
- warnx("%s: unsupported filename for %s", fn, h);
- free(h);
- continue;
- }
- if (asprintf(&path, "%.*s/%s", (int)(cp - fn), fn,
- m->file) == -1)
- err(1, NULL);
- if (!valid_filehash(path, m->hash, sizeof(m->hash))) {
- warnx("%s: bad message digest for %s", fn, m->file);
- rc = 0;
- }
- free(path);
- }
-
- return rc;
-}
-
/*
* Free an MFT pointer.
* Safe to call with NULL.
-/* $OpenBSD: parser.c,v 1.34 2022/01/11 13:06:07 claudio Exp $ */
+/* $OpenBSD: parser.c,v 1.35 2022/01/13 13:46:03 claudio Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
#include <assert.h>
#include <err.h>
+#include <fcntl.h>
#include <poll.h>
#include <stdio.h>
#include <stdlib.h>
return roa;
}
+/*
+ * Check all files and their hashes in a MFT structure.
+ * Return zero on failure, non-zero on success.
+ */
+int
+mft_check(const char *fn, struct mft *p)
+{
+ size_t i;
+ int fd, rc = 1;
+ char *cp, *h, *path = NULL;
+
+ /* Check hash of file now, but first build path for it */
+ cp = strrchr(fn, '/');
+ assert(cp != NULL);
+ assert(cp - fn < INT_MAX);
+
+ for (i = 0; i < p->filesz; i++) {
+ const struct mftfile *m = &p->files[i];
+ if (!valid_filename(m->file)) {
+ if (base64_encode(m->hash, sizeof(m->hash), &h) == -1)
+ errx(1, "base64_encode failed in %s", __func__);
+ warnx("%s: unsupported filename for %s", fn, h);
+ free(h);
+ continue;
+ }
+ if (asprintf(&path, "%.*s/%s", (int)(cp - fn), fn,
+ m->file) == -1)
+ err(1, NULL);
+ fd = open(path, O_RDONLY);
+ if (!valid_filehash(fd, m->hash, sizeof(m->hash))) {
+ warnx("%s: bad message digest for %s", fn, m->file);
+ rc = 0;
+ }
+ free(path);
+ }
+
+ return rc;
+}
+
/*
* Parse and validate a manifest file.
* Here we *don't* validate against the list of CRLs, because the
-/* $OpenBSD: repo.c,v 1.22 2022/01/13 13:18:41 claudio Exp $ */
+/* $OpenBSD: repo.c,v 1.23 2022/01/13 13:46:03 claudio Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
if ((fn = rrdp_filename(rr, uri, 1)) == NULL)
return 0;
}
- if (!valid_filehash(fn, hash, hlen)) {
- warnx("%s: bad message digest", fn);
+ fd = open(fn, O_RDONLY);
+ if (!valid_filehash(fd, hash, hlen)) {
+ warnx("%s: bad file digest for %s", rr->notifyuri, fn);
free(fn);
return 0;
}
-/* $OpenBSD: validate.c,v 1.23 2021/12/26 12:32:28 tb Exp $ */
+/* $OpenBSD: validate.c,v 1.24 2022/01/13 13:46:03 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
/*
* Validate a file by verifying the SHA256 hash of that file.
- * Returns 1 if valid, 0 otherwise.
+ * The file to check is passed as a file descriptor.
+ * Returns 1 if hash matched, 0 otherwise. Closes fd when done.
*/
int
-valid_filehash(const char *fn, const char *hash, size_t hlen)
+valid_filehash(int fd, const char *hash, size_t hlen)
{
SHA256_CTX ctx;
char filehash[SHA256_DIGEST_LENGTH];
char buffer[8192];
ssize_t nr;
- int fd;
if (hlen != sizeof(filehash))
errx(1, "bad hash size");
- if ((fd = open(fn, O_RDONLY)) == -1)
+ if (fd == -1)
return 0;
SHA256_Init(&ctx);
while ((nr = read(fd, buffer, sizeof(buffer))) > 0)
SHA256_Update(&ctx, buffer, nr);
close(fd);
-
SHA256_Final(filehash, &ctx);
+
if (memcmp(hash, filehash, sizeof(filehash)) != 0)
return 0;
projects / openbsd / commitdiff