Skip to content

Commit ccb3c33

Browse files
wrltormath1
wrl
authored and
tormath1
committed
PayloadSigner: use OpenSSL EVP API
1 parent de8cefa commit ccb3c33

File tree

1 file changed

+30
-12
lines changed

1 file changed

+30
-12
lines changed

src/update_engine/payload_signer.cc

Lines changed: 30 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66

77
#include <glog/logging.h>
88
#include <openssl/pem.h>
9+
#include <openssl/evp.h>
910

1011
#include "update_engine/delta_diff_generator.h"
1112
#include "update_engine/delta_metadata.h"
@@ -292,27 +293,44 @@ bool PayloadSigner::GetRawHashFromSignature(
292293
}
293294

294295
char dummy_password[] = { ' ', 0 }; // Ensure no password is read from stdin.
295-
RSA* rsa = PEM_read_RSA_PUBKEY(fpubkey, NULL, NULL, dummy_password);
296+
EVP_PKEY* pkey = PEM_read_PUBKEY(fpubkey, NULL, NULL, dummy_password);
296297
fclose(fpubkey);
297-
TEST_AND_RETURN_FALSE(rsa != NULL);
298-
unsigned int keysize = RSA_size(rsa);
298+
TEST_AND_RETURN_FALSE(pkey != NULL);
299+
size_t keysize = EVP_PKEY_get_size(pkey);
299300
if (sig_data.size() > 2 * keysize) {
300301
LOG(ERROR) << "Signature size is too big for public key size.";
301-
RSA_free(rsa);
302+
EVP_PKEY_free(pkey);
302303
return false;
303304
}
304305

305-
// Decrypts the signature.
306306
vector<char> hash_data(keysize);
307-
int decrypt_size = RSA_public_decrypt(
308-
sig_data.size(),
309-
reinterpret_cast<const unsigned char*>(sig_data.data()),
307+
308+
// Decrypts the signature.
309+
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);
310+
if (!ctx
311+
|| EVP_PKEY_verify_recover_init(ctx) <= 0
312+
|| EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING) <= 0
313+
|| EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) {
314+
LOG(ERROR) << "Couldn't initialise EVP_PKEY_CTX";
315+
EVP_PKEY_free(pkey);
316+
return false;
317+
}
318+
319+
size_t decrypt_size = keysize;
320+
321+
if (EVP_PKEY_verify_recover(ctx,
310322
reinterpret_cast<unsigned char*>(hash_data.data()),
311-
rsa,
312-
RSA_NO_PADDING);
313-
RSA_free(rsa);
323+
&decrypt_size,
324+
reinterpret_cast<const unsigned char*>(sig_data.data()),
325+
sig_data.size()) <= 0 ) {
326+
decrypt_size = 0;
327+
}
328+
329+
EVP_PKEY_CTX_free(ctx);
330+
EVP_PKEY_free(pkey);
331+
314332
TEST_AND_RETURN_FALSE(decrypt_size > 0 &&
315-
decrypt_size <= static_cast<int>(hash_data.size()));
333+
(ssize_t) decrypt_size <= static_cast<int>(hash_data.size()));
316334
hash_data.resize(decrypt_size);
317335
out_hash_data->swap(hash_data);
318336
return true;

0 commit comments

Comments
 (0)