4 files changed, 8 insertions, 9 deletions

diff --git a/include/mupdf/pdf/crypt.h b/include/mupdf/pdf/crypt.h
index 46970870..e29da8ca 100644
--- a/include/mupdf/pdf/crypt.h
+++ b/include/mupdf/pdf/crypt.h
@@ -52,7 +52,7 @@ int pdf_signature_widget_contents(fz_context *ctx, pdf_document *doc, pdf_widget
 /*
 	pdf_check_signature: check a signature's certificate chain and digest
 */
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *file, char *ebuf, int ebufsize);
+int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize);
 
 /*
 	pdf_sign_signature: sign a signature form field
diff --git a/platform/x11/pdfapp.c b/platform/x11/pdfapp.c
index 7590213e..6b04720d 100644
--- a/platform/x11/pdfapp.c
+++ b/platform/x11/pdfapp.c
@@ -1718,7 +1718,7 @@ void pdfapp_onmouse(pdfapp_t *app, int x, int y, int btn, int modifiers, int sta
 						char ebuf[256];
 
 						ebuf[0] = 0;
-						if (pdf_check_signature(ctx, idoc, widget, app->docpath, ebuf, sizeof(ebuf)))
+						if (pdf_check_signature(ctx, idoc, widget, ebuf, sizeof(ebuf)))
 						{
 							winwarn(app, "Signature is valid");
 						}
diff --git a/source/pdf/pdf-pkcs7.c b/source/pdf/pdf-pkcs7.c
index 864e3039..2db1b4f2 100644
--- a/source/pdf/pdf-pkcs7.c
+++ b/source/pdf/pdf-pkcs7.c
@@ -464,7 +464,7 @@ exit:
 	return res;
 }
 
-static int verify_sig(char *sig, int sig_len, char *file, int (*byte_range)[2], int byte_range_len, char *ebuf, int ebufsize)
+static int verify_sig(fz_context *ctx, fz_stream *stm, char *sig, int sig_len, int (*byte_range)[2], int byte_range_len, char *ebuf, int ebufsize)
 {
 	PKCS7 *pk7sig = NULL;
 	PKCS7 *pk7cert = NULL;
@@ -481,10 +481,9 @@ static int verify_sig(char *sig, int sig_len, char *file, int (*byte_range)[2],
 	if (pk7sig == NULL)
 		goto exit;
 
-	bdata = BIO_new(BIO_s_file());
+	bdata = BIO_new_stream(ctx, stm);
 	if (bdata == NULL)
 		goto exit;
-	BIO_read_filename(bdata, file);
 
 	bsegs = BIO_new(BIO_f_segments());
 	if (bsegs == NULL)
@@ -847,7 +846,7 @@ void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int
 	}
 }
 
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *file, char *ebuf, int ebufsize)
+int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
 {
 	int (*byte_range)[2] = NULL;
 	int byte_range_len;
@@ -877,7 +876,7 @@ int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
 		contents_len = pdf_signature_widget_contents(ctx, doc, widget, &contents);
 		if (byte_range && contents)
 		{
-			res = verify_sig(contents, contents_len, file, byte_range, byte_range_len, ebuf, ebufsize);
+			res = verify_sig(ctx, doc->file, contents, contents_len, byte_range, byte_range_len, ebuf, ebufsize);
 		}
 		else
 		{
@@ -961,7 +960,7 @@ int pdf_signatures_supported(fz_context *ctx)
 
 #else /* HAVE_LIBCRYPTO */
 
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *file, char *ebuf, int ebufsize)
+int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
 {
 	fz_strlcpy(ebuf, "This version of MuPDF was built without signature support", ebufsize);
 	return 0;
diff --git a/source/tools/pdfsign.c b/source/tools/pdfsign.c
index 81b78ab7..bc14be41 100644
--- a/source/tools/pdfsign.c
+++ b/source/tools/pdfsign.c
@@ -24,7 +24,7 @@ void verify_signature(fz_context *ctx, pdf_document *doc, int n, pdf_widget *wid
 {
 	char msg[256];
 	printf("verifying signature on page %d\n", n+1);
-	pdf_check_signature(ctx, doc, widget, filename, msg, sizeof msg);
+	pdf_check_signature(ctx, doc, widget, msg, sizeof msg);
 	printf("  result: '%s'\n", msg);
 }