AU: Verify delta payload signature and signed hash.
The signature and hash are verified only if the public key file exists.
This means that currently this feature is desabled until we install a public
key.
BUG=5663
TEST=unit tests, applied a signed delta update on the server
Change-Id: I5be72f7fde88400587f8aae0c7d5745c79fc4428
Review URL: http://codereview.chromium.org/3592008
diff --git a/omaha_hash_calculator.cc b/omaha_hash_calculator.cc
index 88bfc6d..0df83bc 100644
--- a/omaha_hash_calculator.cc
+++ b/omaha_hash_calculator.cc
@@ -36,10 +36,13 @@
bool OmahaHashCalculator::Finalize() {
bool success = true;
TEST_AND_RETURN_FALSE(hash_.empty());
- unsigned char md[SHA256_DIGEST_LENGTH];
- TEST_AND_RETURN_FALSE(SHA256_Final(md, &ctx_) == 1);
+ TEST_AND_RETURN_FALSE(raw_hash_.empty());
+ raw_hash_.resize(SHA256_DIGEST_LENGTH);
+ TEST_AND_RETURN_FALSE(
+ SHA256_Final(reinterpret_cast<unsigned char*>(&raw_hash_[0]),
+ &ctx_) == 1);
- // Convert md to base64 encoding and store it in hash_
+ // Convert raw_hash_ to base64 encoding and store it in hash_.
BIO *b64 = BIO_new(BIO_f_base64());
if (!b64)
LOG(INFO) << "BIO_new(BIO_f_base64()) failed";
@@ -48,7 +51,9 @@
LOG(INFO) << "BIO_new(BIO_s_mem()) failed";
if (b64 && bmem) {
b64 = BIO_push(b64, bmem);
- success = (BIO_write(b64, md, sizeof(md)) == sizeof(md));
+ success =
+ (BIO_write(b64, &raw_hash_[0], raw_hash_.size()) ==
+ static_cast<int>(raw_hash_.size()));
if (success)
success = (BIO_flush(b64) == 1);