int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
FILE *fp = NULL;
BIO *sigbio;
int siglen = 0;
int i;
unsigned char *sigbuf = NULL;
char *msg = NULL;
int size;
size_t rbytes;
int status = 0;
(void)signer_name;
if (!dgst) {
ERROR("Wrong crypto initialization: did you pass the key ?");
status = -ENOKEY;
goto out;
}
msg = malloc(BUFSIZE);
if (!msg) {
status = -ENOMEM;
goto out;
}
sigbio = BIO_new_file(sigfile, "rb");
siglen = EVP_PKEY_size(dgst->pkey);
sigbuf = OPENSSL_malloc(siglen);
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
if(siglen <= 0) {
ERROR("Error reading signature file %s", sigfile);
status = -ENOKEY;
goto out;
}
if ((dgst_init(dgst, EVP_sha256()) < 0) || (dgst_verify_init(dgst) < 0)) {
status = -ENOKEY;
goto out;
}
fp = fopen(file, "r");
if (!fp) {
ERROR("%s cannot be opened", file);
status = -EBADF;
goto out;
}
size = 0;
for (;;) {
rbytes = fread(msg, 1, BUFSIZE, fp);
if (rbytes > 0) {
size += rbytes;
if (verify_update(dgst, msg, rbytes) < 0)
break;
}
if (feof(fp))
break;
}
TRACE("Verify signed image: Read %d bytes", size);
i = verify_final(dgst, sigbuf, (unsigned int)siglen);
if(i > 0) {
TRACE("Verified OK");
status = 0;
} else if(i == 0) {
TRACE("Verification Failure");
status = -EBADMSG;
} else {
TRACE("Error Verifying Data");
status = -EFAULT;
}
out:
if (fp)
fclose(fp);
if (msg)
free(msg);
if (sigbuf)
OPENSSL_free(sigbuf);
return status;
}
inline void message_digest_context::verify_update(const buffer& buf)
{
verify_update(buffer_cast<uint8_t>(buf), buffer_size(buf));
}
