in kmsp11/operation/kms_digesting_verifier.cc [34:71]
absl::Status KmsDigestingVerifier::Verify(KmsClient* client,
absl::Span<const uint8_t> data,
absl::Span<const uint8_t> signature) {
if (md_ctx_) {
return FailedPreconditionError(
"Verify cannot be used to terminate a multi-part verify operation",
CKR_FUNCTION_FAILED, SOURCE_LOCATION);
}
const size_t md_size = EVP_MD_size(md_);
std::vector<uint8_t> evp_digest(md_size);
unsigned int digest_len;
bssl::UniquePtr<EVP_MD_CTX> ctx(EVP_MD_CTX_new());
if (EVP_Digest(data.data(), data.size(), evp_digest.data(), &digest_len, md_,
nullptr) != 1) {
return NewInternalError(
absl::StrFormat(
"failed while computing EVP digest with digest size %d: %s",
md_size, SslErrorToString()),
SOURCE_LOCATION);
}
if (digest_len != md_size) {
return NewInternalError(
absl::StrFormat(
"computed digest has incorrect size (got %d, want %d): %s",
digest_len, md_size, SslErrorToString()),
SOURCE_LOCATION);
}
if (IsRawRsaAlgorithm(object()->algorithm().algorithm)) {
ASSIGN_OR_RETURN(std::vector<uint8_t> digest_info,
BuildRsaDigestInfo(EVP_MD_type(md_), evp_digest));
return inner_verifier_->Verify(client, digest_info, signature);
}
return inner_verifier_->Verify(client, evp_digest, signature);
}