diff options
Diffstat (limited to 'src/trust.c')
| -rw-r--r-- | src/trust.c | 66 |
1 files changed, 6 insertions, 60 deletions
diff --git a/src/trust.c b/src/trust.c index 6f63137..6f0f885 100644 --- a/src/trust.c +++ b/src/trust.c @@ -1,60 +1,7 @@ -#include <errno.h> -#include <stdio.h> -#include <openssl/bio.h> -#include <openssl/pem.h> -#include <openssl/err.h> - #include "apk_defines.h" #include "apk_trust.h" #include "apk_io.h" -/* Trust */ -int apk_pkey_init(struct apk_pkey *pkey, EVP_PKEY *key) -{ - unsigned char dig[EVP_MAX_MD_SIZE], *pub = NULL; - unsigned int dlen = sizeof dig; - int len; - - if ((len = i2d_PublicKey(key, &pub)) < 0) return -EIO; - EVP_Digest(pub, len, dig, &dlen, EVP_sha512(), NULL); - memcpy(pkey->id, dig, sizeof pkey->id); - OPENSSL_free(pub); - - pkey->key = key; - return 0; -} - -void apk_pkey_free(struct apk_pkey *pkey) -{ - EVP_PKEY_free(pkey->key); -} - -int apk_pkey_load(struct apk_pkey *pkey, int dirfd, const char *fn) -{ - EVP_PKEY *key; - BIO *bio; - int fd; - - fd = openat(dirfd, fn, O_RDONLY|O_CLOEXEC); - if (fd < 0) return -errno; - - bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE); - if (!bio) return -ENOMEM; - - key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); - if (!key) { - BIO_reset(bio); - key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); - } - ERR_clear_error(); - - BIO_free(bio); - if (!key) return -EBADMSG; - - apk_pkey_init(pkey, key); - return 0; -} - static struct apk_trust_key *apk_trust_load_key(int dirfd, const char *filename) { struct apk_trust_key *key; @@ -89,13 +36,11 @@ int apk_trust_init(struct apk_trust *trust, int dirfd, struct apk_string_array * { char **fn; - *trust = (struct apk_trust){ - .mdctx = EVP_MD_CTX_new(), - }; - if (!trust->mdctx) return -ENOMEM; - EVP_MD_CTX_set_flags(trust->mdctx, EVP_MD_CTX_FLAG_FINALISE); + *trust = (struct apk_trust){}; + apk_digest_ctx_init(&trust->dctx, APK_DIGEST_NONE); list_init(&trust->trusted_key_list); list_init(&trust->private_key_list); + trust->initialized = 1; apk_dir_foreach_file(dirfd, __apk_trust_load_pubkey, trust); foreach_array_item(fn, pkey_files) { @@ -121,10 +66,11 @@ static void __apk_trust_free_keys(struct list_head *h) void apk_trust_free(struct apk_trust *trust) { - if (!trust->mdctx) return; + if (!trust->initialized) return; + trust->initialized = 0; __apk_trust_free_keys(&trust->trusted_key_list); __apk_trust_free_keys(&trust->private_key_list); - EVP_MD_CTX_free(trust->mdctx); + apk_digest_ctx_free(&trust->dctx); } struct apk_pkey *apk_trust_key_by_name(struct apk_trust *trust, const char *filename) |