+ stream_Delete( p_stream );
+ p_stream = NULL;
+
+ /* Now that we know the status is valid, we must download its signature
+ * to authenticate it */
+ signature_packet_v3_t sign;
+ if( download_signature( VLC_OBJECT( p_update->p_libvlc ), &sign,
+ UPDATE_VLC_STATUS_URL ) != VLC_SUCCESS )
+ {
+ msg_Err( p_update->p_libvlc, "Couldn't download signature of status file" );
+ goto error;
+ }
+
+ if( sign.type != BINARY_SIGNATURE && sign.type != TEXT_SIGNATURE )
+ {
+ msg_Err( p_update->p_libvlc, "Invalid signature type" );
+ goto error;
+ }
+
+ p_update->p_pkey = (public_key_t*)malloc( sizeof( public_key_t ) );
+ if( !p_update->p_pkey )
+ goto error;
+
+ if( parse_public_key( videolan_public_key, sizeof( videolan_public_key ),
+ p_update->p_pkey, NULL ) != VLC_SUCCESS )
+ {
+ msg_Err( p_update->p_libvlc, "Couldn't parse embedded public key, something went really wrong..." );
+ FREENULL( p_update->p_pkey );
+ goto error;
+ }
+
+ if( memcmp( sign.issuer_longid, videolan_public_key_longid , 8 ) != 0 )
+ {
+ msg_Dbg( p_update->p_libvlc, "Need to download the GPG key" );
+ public_key_t *p_new_pkey = download_key(
+ VLC_OBJECT(p_update->p_libvlc),
+ sign.issuer_longid, videolan_public_key_longid );
+ if( !p_new_pkey )
+ {
+ msg_Err( p_update->p_libvlc, "Couldn't download GPG key" );
+ FREENULL( p_update->p_pkey );
+ goto error;
+ }
+
+ uint8_t *p_hash = key_sign_hash( p_new_pkey );
+ if( !p_hash )
+ {
+ msg_Err( p_update->p_libvlc, "Failed to hash signature" );
+ free( p_new_pkey );
+ FREENULL( p_update->p_pkey );
+ goto error;
+ }
+
+ if( verify_signature( VLC_OBJECT(p_update->p_libvlc),
+ p_new_pkey->sig.r, p_new_pkey->sig.s,
+ &p_update->p_pkey->key, p_hash ) == VLC_SUCCESS )
+ {
+ free( p_hash );
+ msg_Info( p_update->p_libvlc, "Key authenticated" );
+ free( p_update->p_pkey );
+ p_update->p_pkey = p_new_pkey;
+ }
+ else
+ {
+ free( p_hash );
+ msg_Err( p_update->p_libvlc, "Key signature invalid !\n" );
+ goto error;
+ }
+ }
+
+ gcry_md_hd_t hd;
+ if( gcry_md_open( &hd, GCRY_MD_SHA1, 0 ) )
+ goto error;
+
+ gcry_md_write( hd, psz_version_line, strlen( psz_version_line ) );
+ FREENULL( psz_version_line );
+ if( sign.type == TEXT_SIGNATURE )
+ gcry_md_putc( hd, '\r' );
+ gcry_md_putc( hd, '\n' );
+ gcry_md_write( hd, p_update->release.psz_url,
+ strlen( p_update->release.psz_url ) );
+ if( sign.type == TEXT_SIGNATURE )
+ gcry_md_putc( hd, '\r' );
+ gcry_md_putc( hd, '\n' );
+ gcry_md_write( hd, p_update->release.psz_desc,
+ strlen( p_update->release.psz_desc ) );
+ if( sign.type == TEXT_SIGNATURE )
+ gcry_md_putc( hd, '\r' );
+ gcry_md_putc( hd, '\n' );
+
+ gcry_md_putc( hd, sign.type );
+ gcry_md_write( hd, &sign.timestamp, 4 );
+
+ gcry_md_final( hd );
+
+ uint8_t *p_hash = gcry_md_read( hd, GCRY_MD_SHA1 );
+
+ if( p_hash[0] != sign.hash_verification[0] ||
+ p_hash[1] != sign.hash_verification[1] )
+ {
+ msg_Warn( p_update->p_libvlc, "Bad SHA1 hash for status file" );
+ free( p_hash );
+ goto error;
+ }
+
+ if( verify_signature( VLC_OBJECT(p_update->p_libvlc),
+ sign.r, sign.s, &p_update->p_pkey->key, p_hash ) != VLC_SUCCESS )
+ {
+ msg_Err( p_update->p_libvlc, "BAD SIGNATURE for status file" );
+ free( p_hash );
+ goto error;
+ }
+ else
+ {
+ msg_Info( p_update->p_libvlc, "Status file authenticated" );
+ free( p_hash );
+ return VLC_TRUE;
+ }
+