From 660d5b95cd1982e0c3456a754cea569dc342d6f7 Mon Sep 17 00:00:00 2001
From: Paul Gardiner <paul.gardiner@artifex.com>
Date: Tue, 9 Jan 2018 10:08:43 +0000
Subject: Perform signature verification via fz_stream

Previously, signature verification worked only for file-based documents
and the file path had to be passed into the verification function.
---
 source/pdf/pdf-pkcs7.c | 11 +++++------
 source/tools/pdfsign.c |  2 +-
 2 files changed, 6 insertions(+), 7 deletions(-)

(limited to 'source')

diff --git a/source/pdf/pdf-pkcs7.c b/source/pdf/pdf-pkcs7.c
index 864e3039..2db1b4f2 100644
--- a/source/pdf/pdf-pkcs7.c
+++ b/source/pdf/pdf-pkcs7.c
@@ -464,7 +464,7 @@ exit:
 	return res;
 }
 
-static int verify_sig(char *sig, int sig_len, char *file, int (*byte_range)[2], int byte_range_len, char *ebuf, int ebufsize)
+static int verify_sig(fz_context *ctx, fz_stream *stm, char *sig, int sig_len, int (*byte_range)[2], int byte_range_len, char *ebuf, int ebufsize)
 {
 	PKCS7 *pk7sig = NULL;
 	PKCS7 *pk7cert = NULL;
@@ -481,10 +481,9 @@ static int verify_sig(char *sig, int sig_len, char *file, int (*byte_range)[2],
 	if (pk7sig == NULL)
 		goto exit;
 
-	bdata = BIO_new(BIO_s_file());
+	bdata = BIO_new_stream(ctx, stm);
 	if (bdata == NULL)
 		goto exit;
-	BIO_read_filename(bdata, file);
 
 	bsegs = BIO_new(BIO_f_segments());
 	if (bsegs == NULL)
@@ -847,7 +846,7 @@ void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int
 	}
 }
 
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *file, char *ebuf, int ebufsize)
+int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
 {
 	int (*byte_range)[2] = NULL;
 	int byte_range_len;
@@ -877,7 +876,7 @@ int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
 		contents_len = pdf_signature_widget_contents(ctx, doc, widget, &contents);
 		if (byte_range && contents)
 		{
-			res = verify_sig(contents, contents_len, file, byte_range, byte_range_len, ebuf, ebufsize);
+			res = verify_sig(ctx, doc->file, contents, contents_len, byte_range, byte_range_len, ebuf, ebufsize);
 		}
 		else
 		{
@@ -961,7 +960,7 @@ int pdf_signatures_supported(fz_context *ctx)
 
 #else /* HAVE_LIBCRYPTO */
 
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *file, char *ebuf, int ebufsize)
+int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
 {
 	fz_strlcpy(ebuf, "This version of MuPDF was built without signature support", ebufsize);
 	return 0;
diff --git a/source/tools/pdfsign.c b/source/tools/pdfsign.c
index 81b78ab7..bc14be41 100644
--- a/source/tools/pdfsign.c
+++ b/source/tools/pdfsign.c
@@ -24,7 +24,7 @@ void verify_signature(fz_context *ctx, pdf_document *doc, int n, pdf_widget *wid
 {
 	char msg[256];
 	printf("verifying signature on page %d\n", n+1);
-	pdf_check_signature(ctx, doc, widget, filename, msg, sizeof msg);
+	pdf_check_signature(ctx, doc, widget, msg, sizeof msg);
 	printf("  result: '%s'\n", msg);
 }
 
-- 
cgit v1.2.3