static int
rsa_verify_cert_cb(int fd, void *ud)
{
struct rsa_verify_cbdata *cbdata = ud;
char sha256[SHA256_DIGEST_LENGTH *2 +1];
char hash[SHA256_DIGEST_LENGTH];
char errbuf[1024];
RSA *rsa = NULL;
int ret;
if (sha256_fd(fd, sha256) != EPKG_OK)
return (EPKG_FATAL);
sha256_buf_bin(sha256, strlen(sha256), hash);
rsa = _load_rsa_public_key_buf(cbdata->key, cbdata->keylen);
if (rsa == NULL)
return (EPKG_FATAL);
ret = RSA_verify(NID_sha256, hash, sizeof(hash), cbdata->sig,
cbdata->siglen, rsa);
if (ret == 0) {
pkg_emit_error("rsa verify failed: %s",
ERR_error_string(ERR_get_error(), errbuf));
RSA_free(rsa);
return (EPKG_FATAL);
}
RSA_free(rsa);
return (EPKG_OK);
}
void
sha256_buf(const char *buf, size_t len, char out[SHA256_DIGEST_LENGTH * 2 + 1])
{
unsigned char hash[SHA256_DIGEST_LENGTH];
sha256_buf_bin(buf, len, hash);
out[0] = '\0';
sha256_hash(hash, out);
}
