int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile, const char *file, const char *signer_name) { FILE *fp = NULL; BIO *sigbio; int siglen = 0; int i; unsigned char *sigbuf = NULL; char *msg = NULL; int size; size_t rbytes; int status = 0; (void)signer_name; if (!dgst) { ERROR("Wrong crypto initialization: did you pass the key ?"); status = -ENOKEY; goto out; } msg = malloc(BUFSIZE); if (!msg) { status = -ENOMEM; goto out; } sigbio = BIO_new_file(sigfile, "rb"); siglen = EVP_PKEY_size(dgst->pkey); sigbuf = OPENSSL_malloc(siglen); siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if(siglen <= 0) { ERROR("Error reading signature file %s", sigfile); status = -ENOKEY; goto out; } if ((dgst_init(dgst, EVP_sha256()) < 0) || (dgst_verify_init(dgst) < 0)) { status = -ENOKEY; goto out; } fp = fopen(file, "r"); if (!fp) { ERROR("%s cannot be opened", file); status = -EBADF; goto out; } size = 0; for (;;) { rbytes = fread(msg, 1, BUFSIZE, fp); if (rbytes > 0) { size += rbytes; if (verify_update(dgst, msg, rbytes) < 0) break; } if (feof(fp)) break; } TRACE("Verify signed image: Read %d bytes", size); i = verify_final(dgst, sigbuf, (unsigned int)siglen); if(i > 0) { TRACE("Verified OK"); status = 0; } else if(i == 0) { TRACE("Verification Failure"); status = -EBADMSG; } else { TRACE("Error Verifying Data"); status = -EFAULT; } out: if (fp) fclose(fp); if (msg) free(msg); if (sigbuf) OPENSSL_free(sigbuf); return status; }
inline void message_digest_context::verify_update(const buffer& buf) { verify_update(buffer_cast<uint8_t>(buf), buffer_size(buf)); }