merge in nyc-release history after reset to master
diff --git a/install.cpp b/install.cpp
index 7d88ed7..c0d0077 100644
--- a/install.cpp
+++ b/install.cpp
@@ -23,6 +23,8 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
+#include <vector>
+
 #include "common.h"
 #include "install.h"
 #include "mincrypt/rsa.h"
@@ -221,19 +223,16 @@
         return INSTALL_CORRUPT;
     }
 
-    int numKeys;
-    Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys);
-    if (loadedKeys == NULL) {
+    std::vector<Certificate> loadedKeys;
+    if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
         LOGE("Failed to load keys\n");
         return INSTALL_CORRUPT;
     }
-    LOGI("%d key(s) loaded from %s\n", numKeys, PUBLIC_KEYS_FILE);
+    LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE);
 
     ui->Print("Verifying update package...\n");
 
-    int err;
-    err = verify_file(map.addr, map.length, loadedKeys, numKeys);
-    free(loadedKeys);
+    int err = verify_file(map.addr, map.length, loadedKeys);
     LOGI("verify_file returned %d\n", err);
     if (err != VERIFY_SUCCESS) {
         LOGE("signature verification failed\n");
diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp
index 098a7a9..705744e 100644
--- a/uncrypt/uncrypt.cpp
+++ b/uncrypt/uncrypt.cpp
@@ -58,6 +58,7 @@
 #include <vector>
 
 #include <android-base/file.h>
+#include <android-base/logging.h>
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <cutils/android_reboot.h>
@@ -67,23 +68,25 @@
 #define LOG_TAG "uncrypt"
 #include <log/log.h>
 
+#include "bootloader.h"
 #include "unique_fd.h"
 
 #define WINDOW_SIZE 5
 
-static const std::string cache_block_map = "/cache/recovery/block.map";
-static const std::string status_file = "/cache/recovery/uncrypt_status";
-static const std::string uncrypt_file = "/cache/recovery/uncrypt_file";
+static const std::string CACHE_BLOCK_MAP = "/cache/recovery/block.map";
+static const std::string COMMAND_FILE = "/cache/recovery/command";
+static const std::string STATUS_FILE = "/cache/recovery/uncrypt_status";
+static const std::string UNCRYPT_PATH_FILE = "/cache/recovery/uncrypt_file";
 
 static struct fstab* fstab = NULL;
 
 static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) {
     if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) {
-        ALOGE("error seeking to offset %" PRId64 ": %s\n", offset, strerror(errno));
+        ALOGE("error seeking to offset %" PRId64 ": %s", offset, strerror(errno));
         return -1;
     }
     if (!android::base::WriteFully(wfd, buffer, size)) {
-        ALOGE("error writing offset %" PRId64 ": %s\n", offset, strerror(errno));
+        ALOGE("error writing offset %" PRId64 ": %s", offset, strerror(errno));
         return -1;
     }
     return 0;
@@ -107,13 +110,13 @@
     // The fstab path is always "/fstab.${ro.hardware}".
     char fstab_path[PATH_MAX+1] = "/fstab.";
     if (!property_get("ro.hardware", fstab_path+strlen(fstab_path), "")) {
-        ALOGE("failed to get ro.hardware\n");
+        ALOGE("failed to get ro.hardware");
         return NULL;
     }
 
     fstab = fs_mgr_read_fstab(fstab_path);
     if (!fstab) {
-        ALOGE("failed to read %s\n", fstab_path);
+        ALOGE("failed to read %s", fstab_path);
         return NULL;
     }
 
@@ -150,16 +153,16 @@
 }
 
 // Parse uncrypt_file to find the update package name.
-static bool find_uncrypt_package(std::string& package_name)
-{
-    if (!android::base::ReadFileToString(uncrypt_file, &package_name)) {
-        ALOGE("failed to open \"%s\": %s\n", uncrypt_file.c_str(), strerror(errno));
+static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::string* package_name) {
+    CHECK(package_name != nullptr);
+    std::string uncrypt_path;
+    if (!android::base::ReadFileToString(uncrypt_path_file, &uncrypt_path)) {
+        ALOGE("failed to open \"%s\": %s", uncrypt_path_file.c_str(), strerror(errno));
         return false;
     }
 
     // Remove the trailing '\n' if present.
-    package_name = android::base::Trim(package_name);
-
+    *package_name = android::base::Trim(uncrypt_path);
     return true;
 }
 
@@ -167,7 +170,7 @@
                              bool encrypted, int status_fd) {
     std::string err;
     if (!android::base::RemoveFileIfExists(map_file, &err)) {
-        ALOGE("failed to remove the existing map file %s: %s\n", map_file, err.c_str());
+        ALOGE("failed to remove the existing map file %s: %s", map_file, err.c_str());
         return -1;
     }
     std::string tmp_map_file = std::string(map_file) + ".tmp";
@@ -179,27 +182,27 @@
 
     // Make sure we can write to the status_file.
     if (!android::base::WriteStringToFd("0\n", status_fd)) {
-        ALOGE("failed to update \"%s\"\n", status_file.c_str());
+        ALOGE("failed to update \"%s\"\n", STATUS_FILE.c_str());
         return -1;
     }
 
     struct stat sb;
     if (stat(path, &sb) != 0) {
-        ALOGE("failed to stat %s\n", path);
+        ALOGE("failed to stat %s", path);
         return -1;
     }
 
-    ALOGI(" block size: %ld bytes\n", static_cast<long>(sb.st_blksize));
+    ALOGI(" block size: %ld bytes", static_cast<long>(sb.st_blksize));
 
     int blocks = ((sb.st_size-1) / sb.st_blksize) + 1;
-    ALOGI("  file size: %" PRId64 " bytes, %d blocks\n", sb.st_size, blocks);
+    ALOGI("  file size: %" PRId64 " bytes, %d blocks", sb.st_size, blocks);
 
     std::vector<int> ranges;
 
     std::string s = android::base::StringPrintf("%s\n%" PRId64 " %ld\n",
                        blk_dev, sb.st_size, static_cast<long>(sb.st_blksize));
     if (!android::base::WriteStringToFd(s, mapfd.get())) {
-        ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+        ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno));
         return -1;
     }
 
@@ -212,7 +215,7 @@
 
     unique_fd fd(open(path, O_RDONLY));
     if (!fd) {
-        ALOGE("failed to open %s for reading: %s\n", path, strerror(errno));
+        ALOGE("failed to open %s for reading: %s", path, strerror(errno));
         return -1;
     }
 
@@ -220,7 +223,7 @@
     if (encrypted) {
         wfd = open(blk_dev, O_WRONLY);
         if (!wfd) {
-            ALOGE("failed to open fd for writing: %s\n", strerror(errno));
+            ALOGE("failed to open fd for writing: %s", strerror(errno));
             return -1;
         }
     }
@@ -239,7 +242,7 @@
             // write out head buffer
             int block = head_block;
             if (ioctl(fd.get(), FIBMAP, &block) != 0) {
-                ALOGE("failed to find block %d\n", head_block);
+                ALOGE("failed to find block %d", head_block);
                 return -1;
             }
             add_block_to_ranges(ranges, block);
@@ -258,7 +261,7 @@
             size_t to_read = static_cast<size_t>(
                     std::min(static_cast<off64_t>(sb.st_blksize), sb.st_size - pos));
             if (!android::base::ReadFully(fd.get(), buffers[tail].data(), to_read)) {
-                ALOGE("failed to read: %s\n", strerror(errno));
+                ALOGE("failed to read: %s", strerror(errno));
                 return -1;
             }
             pos += to_read;
@@ -275,7 +278,7 @@
         // write out head buffer
         int block = head_block;
         if (ioctl(fd.get(), FIBMAP, &block) != 0) {
-            ALOGE("failed to find block %d\n", head_block);
+            ALOGE("failed to find block %d", head_block);
             return -1;
         }
         add_block_to_ranges(ranges, block);
@@ -291,41 +294,41 @@
 
     if (!android::base::WriteStringToFd(
             android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd.get())) {
-        ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+        ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno));
         return -1;
     }
     for (size_t i = 0; i < ranges.size(); i += 2) {
         if (!android::base::WriteStringToFd(
                 android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd.get())) {
-            ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+            ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno));
             return -1;
         }
     }
 
     if (fsync(mapfd.get()) == -1) {
-        ALOGE("failed to fsync \"%s\": %s\n", tmp_map_file.c_str(), strerror(errno));
+        ALOGE("failed to fsync \"%s\": %s", tmp_map_file.c_str(), strerror(errno));
         return -1;
     }
     if (close(mapfd.get() == -1)) {
-        ALOGE("failed to close %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+        ALOGE("failed to close %s: %s", tmp_map_file.c_str(), strerror(errno));
         return -1;
     }
     mapfd = -1;
 
     if (encrypted) {
         if (fsync(wfd.get()) == -1) {
-            ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno));
+            ALOGE("failed to fsync \"%s\": %s", blk_dev, strerror(errno));
             return -1;
         }
         if (close(wfd.get()) == -1) {
-            ALOGE("failed to close %s: %s\n", blk_dev, strerror(errno));
+            ALOGE("failed to close %s: %s", blk_dev, strerror(errno));
             return -1;
         }
         wfd = -1;
     }
 
     if (rename(tmp_map_file.c_str(), map_file) == -1) {
-        ALOGE("failed to rename %s to %s: %s\n", tmp_map_file.c_str(), map_file, strerror(errno));
+        ALOGE("failed to rename %s to %s: %s", tmp_map_file.c_str(), map_file, strerror(errno));
         return -1;
     }
     // Sync dir to make rename() result written to disk.
@@ -333,50 +336,74 @@
     std::string dir_name = dirname(&file_name[0]);
     unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY));
     if (!dfd) {
-        ALOGE("failed to open dir %s: %s\n", dir_name.c_str(), strerror(errno));
+        ALOGE("failed to open dir %s: %s", dir_name.c_str(), strerror(errno));
         return -1;
     }
     if (fsync(dfd.get()) == -1) {
-        ALOGE("failed to fsync %s: %s\n", dir_name.c_str(), strerror(errno));
+        ALOGE("failed to fsync %s: %s", dir_name.c_str(), strerror(errno));
         return -1;
     }
     if (close(dfd.get() == -1)) {
-        ALOGE("failed to close %s: %s\n", dir_name.c_str(), strerror(errno));
+        ALOGE("failed to close %s: %s", dir_name.c_str(), strerror(errno));
         return -1;
     }
     dfd = -1;
     return 0;
 }
 
-static void wipe_misc() {
-    ALOGI("removing old commands from misc");
+static std::string get_misc_blk_device() {
+    struct fstab* fstab = read_fstab();
+    if (fstab == nullptr) {
+        return "";
+    }
     for (int i = 0; i < fstab->num_entries; ++i) {
-        struct fstab_rec* v = &fstab->recs[i];
-        if (!v->mount_point) continue;
-        if (strcmp(v->mount_point, "/misc") == 0) {
-            int fd = open(v->blk_device, O_WRONLY | O_SYNC);
-            unique_fd fd_holder(fd);
-
-            uint8_t zeroes[1088];   // sizeof(bootloader_message) from recovery
-            memset(zeroes, 0, sizeof(zeroes));
-
-            size_t written = 0;
-            size_t size = sizeof(zeroes);
-            while (written < size) {
-                ssize_t w = TEMP_FAILURE_RETRY(write(fd, zeroes, size-written));
-                if (w == -1) {
-                    ALOGE("zero write failed: %s\n", strerror(errno));
-                    return;
-                } else {
-                    written += w;
-                }
-            }
-            if (fsync(fd) == -1) {
-                ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno));
-                return;
-            }
+        fstab_rec* v = &fstab->recs[i];
+        if (v->mount_point != nullptr && strcmp(v->mount_point, "/misc") == 0) {
+            return v->blk_device;
         }
     }
+    return "";
+}
+
+static int read_bootloader_message(bootloader_message* out) {
+    std::string misc_blk_device = get_misc_blk_device();
+    if (misc_blk_device.empty()) {
+        ALOGE("failed to find /misc partition.");
+        return -1;
+    }
+    unique_fd fd(open(misc_blk_device.c_str(), O_RDONLY));
+    if (!fd) {
+        ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno));
+        return -1;
+    }
+    if (!android::base::ReadFully(fd.get(), out, sizeof(*out))) {
+        ALOGE("failed to read %s: %s", misc_blk_device.c_str(), strerror(errno));
+        return -1;
+    }
+    return 0;
+}
+
+static int write_bootloader_message(const bootloader_message* in) {
+    std::string misc_blk_device = get_misc_blk_device();
+    if (misc_blk_device.empty()) {
+        ALOGE("failed to find /misc partition.");
+        return -1;
+    }
+    unique_fd fd(open(misc_blk_device.c_str(), O_WRONLY | O_SYNC));
+    if (!fd) {
+        ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno));
+        return -1;
+    }
+    if (!android::base::WriteFully(fd.get(), in, sizeof(*in))) {
+        ALOGE("failed to write %s: %s", misc_blk_device.c_str(), strerror(errno));
+        return -1;
+    }
+    // TODO: O_SYNC and fsync() duplicates each other?
+    if (fsync(fd.get()) == -1) {
+        ALOGE("failed to fsync %s: %s", misc_blk_device.c_str(), strerror(errno));
+        return -1;
+    }
+    return 0;
 }
 
 static void reboot_to_recovery() {
@@ -388,7 +415,7 @@
     ALOGE("reboot didn't succeed?");
 }
 
-int uncrypt(const char* input_path, const char* map_file, int status_fd) {
+static int uncrypt(const char* input_path, const char* map_file, int status_fd) {
 
     ALOGI("update package is \"%s\"", input_path);
 
@@ -415,8 +442,8 @@
     // If the filesystem it's on isn't encrypted, we only produce the
     // block map, we don't rewrite the file contents (it would be
     // pointless to do so).
-    ALOGI("encryptable: %s\n", encryptable ? "yes" : "no");
-    ALOGI("  encrypted: %s\n", encrypted ? "yes" : "no");
+    ALOGI("encryptable: %s", encryptable ? "yes" : "no");
+    ALOGI("  encrypted: %s", encrypted ? "yes" : "no");
 
     // Recovery supports installing packages from 3 paths: /cache,
     // /data, and /sdcard.  (On a particular device, other locations
@@ -435,56 +462,113 @@
     return 0;
 }
 
-int main(int argc, char** argv) {
-
-    if (argc != 3 && argc != 1 && (argc == 2 && strcmp(argv[1], "--reboot") != 0)) {
-        fprintf(stderr, "usage: %s [--reboot] [<transform_path> <map_file>]\n", argv[0]);
-        return 2;
+static int uncrypt_wrapper(const char* input_path, const char* map_file,
+                           const std::string& status_file) {
+    // The pipe has been created by the system server.
+    unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR));
+    if (!status_fd) {
+        ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno));
+        return 1;
     }
 
-    // When uncrypt is started with "--reboot", it wipes misc and reboots.
-    // Otherwise it uncrypts the package and writes the block map.
+    std::string package;
+    if (input_path == nullptr) {
+        if (!find_uncrypt_package(UNCRYPT_PATH_FILE, &package)) {
+            android::base::WriteStringToFd("-1\n", status_fd.get());
+            return 1;
+        }
+        input_path = package.c_str();
+    }
+    CHECK(map_file != nullptr);
+    int status = uncrypt(input_path, map_file, status_fd.get());
+    if (status != 0) {
+        android::base::WriteStringToFd("-1\n", status_fd.get());
+        return 1;
+    }
+    android::base::WriteStringToFd("100\n", status_fd.get());
+    return 0;
+}
+
+static int clear_bcb(const std::string& status_file) {
+    unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR));
+    if (!status_fd) {
+        ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno));
+        return 1;
+    }
+    bootloader_message boot = {};
+    if (write_bootloader_message(&boot) != 0) {
+        android::base::WriteStringToFd("-1\n", status_fd.get());
+        return 1;
+    }
+    android::base::WriteStringToFd("100\n", status_fd.get());
+    return 0;
+}
+
+static int setup_bcb(const std::string& command_file, const std::string& status_file) {
+    unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR));
+    if (!status_fd) {
+        ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno));
+        return 1;
+    }
+    std::string content;
+    if (!android::base::ReadFileToString(command_file, &content)) {
+        ALOGE("failed to read \"%s\": %s", command_file.c_str(), strerror(errno));
+        android::base::WriteStringToFd("-1\n", status_fd.get());
+        return 1;
+    }
+    bootloader_message boot = {};
+    strlcpy(boot.command, "boot-recovery", sizeof(boot.command));
+    strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery));
+    strlcat(boot.recovery, content.c_str(), sizeof(boot.recovery));
+    if (write_bootloader_message(&boot) != 0) {
+        ALOGE("failed to set bootloader message");
+        android::base::WriteStringToFd("-1\n", status_fd.get());
+        return 1;
+    }
+    android::base::WriteStringToFd("100\n", status_fd.get());
+    return 0;
+}
+
+static int read_bcb() {
+    bootloader_message boot;
+    if (read_bootloader_message(&boot) != 0) {
+        ALOGE("failed to get bootloader message");
+        return 1;
+    }
+    printf("bcb command: %s\n", boot.command);
+    printf("bcb recovery:\n%s\n", boot.recovery);
+    return 0;
+}
+
+static void usage(const char* exename) {
+    fprintf(stderr, "Usage of %s:\n", exename);
+    fprintf(stderr, "%s [<package_path> <map_file>]  Uncrypt ota package.\n", exename);
+    fprintf(stderr, "%s --reboot  Clear BCB data and reboot to recovery.\n", exename);
+    fprintf(stderr, "%s --clear-bcb  Clear BCB data in misc partition.\n", exename);
+    fprintf(stderr, "%s --setup-bcb  Setup BCB data by command file.\n", exename);
+    fprintf(stderr, "%s --read-bcb   Read BCB data from misc partition.\n", exename);
+}
+
+int main(int argc, char** argv) {
     if (argc == 2) {
-        if (read_fstab() == NULL) {
-            return 1;
+        if (strcmp(argv[1], "--reboot") == 0) {
+            reboot_to_recovery();
+        } else if (strcmp(argv[1], "--clear-bcb") == 0) {
+            return clear_bcb(STATUS_FILE);
+        } else if (strcmp(argv[1], "--setup-bcb") == 0) {
+            return setup_bcb(COMMAND_FILE, STATUS_FILE);
+        } else if (strcmp(argv[1], "--read-bcb") == 0) {
+            return read_bcb();
         }
-        wipe_misc();
-        reboot_to_recovery();
-    } else {
-        // The pipe has been created by the system server.
-        int status_fd = open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR);
-        if (status_fd == -1) {
-            ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno));
-            return 1;
-        }
-        unique_fd status_fd_holder(status_fd);
-
-        std::string package;
-        const char* input_path;
-        const char* map_file;
-
+    } else if (argc == 1 || argc == 3) {
+        const char* input_path = nullptr;
+        const char* map_file = CACHE_BLOCK_MAP.c_str();
         if (argc == 3) {
-            // when command-line args are given this binary is being used
-            // for debugging.
             input_path = argv[1];
             map_file = argv[2];
-        } else {
-            if (!find_uncrypt_package(package)) {
-                android::base::WriteStringToFd("-1\n", status_fd);
-                return 1;
-            }
-            input_path = package.c_str();
-            map_file = cache_block_map.c_str();
         }
-
-        int status = uncrypt(input_path, map_file, status_fd);
-        if (status != 0) {
-            android::base::WriteStringToFd("-1\n", status_fd);
-            return 1;
-        }
-
-        android::base::WriteStringToFd("100\n", status_fd);
+        return uncrypt_wrapper(input_path, map_file, STATUS_FILE);
     }
-
-    return 0;
+    usage(argv[0]);
+    return 2;
 }
diff --git a/uncrypt/uncrypt.rc b/uncrypt/uncrypt.rc
index 5f4c479..b07c1da 100644
--- a/uncrypt/uncrypt.rc
+++ b/uncrypt/uncrypt.rc
@@ -7,3 +7,13 @@
     class main
     disabled
     oneshot
+
+service setup-bcb /system/bin/uncrypt --setup-bcb
+    class main
+    disabled
+    oneshot
+
+service clear-bcb /system/bin/uncrypt --clear-bcb
+    class main
+    disabled
+    oneshot
\ No newline at end of file
diff --git a/verifier.cpp b/verifier.cpp
index 61e5adf..9a2d60c 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -113,7 +113,7 @@
 // or no key matches the signature).
 
 int verify_file(unsigned char* addr, size_t length,
-                const Certificate* pKeys, unsigned int numKeys) {
+                const std::vector<Certificate>& keys) {
     ui->SetProgress(0.0);
 
     // An archive with a whole-file signature will end in six bytes:
@@ -176,8 +176,7 @@
         return VERIFY_FAILURE;
     }
 
-    size_t i;
-    for (i = 4; i < eocd_size-3; ++i) {
+    for (size_t i = 4; i < eocd_size-3; ++i) {
         if (eocd[i  ] == 0x50 && eocd[i+1] == 0x4b &&
             eocd[i+2] == 0x05 && eocd[i+3] == 0x06) {
             // if the sequence $50 $4b $05 $06 appears anywhere after
@@ -193,8 +192,8 @@
 
     bool need_sha1 = false;
     bool need_sha256 = false;
-    for (i = 0; i < numKeys; ++i) {
-        switch (pKeys[i].hash_len) {
+    for (const auto& key : keys) {
+        switch (key.hash_len) {
             case SHA_DIGEST_SIZE: need_sha1 = true; break;
             case SHA256_DIGEST_SIZE: need_sha256 = true; break;
         }
@@ -225,7 +224,7 @@
     const uint8_t* sha1 = SHA_final(&sha1_ctx);
     const uint8_t* sha256 = SHA256_final(&sha256_ctx);
 
-    uint8_t* sig_der = NULL;
+    uint8_t* sig_der = nullptr;
     size_t sig_der_length = 0;
 
     size_t signature_size = signature_start - FOOTER_SIZE;
@@ -240,9 +239,10 @@
      * any key can match, we need to try each before determining a verification
      * failure has happened.
      */
-    for (i = 0; i < numKeys; ++i) {
+    size_t i = 0;
+    for (const auto& key : keys) {
         const uint8_t* hash;
-        switch (pKeys[i].hash_len) {
+        switch (key.hash_len) {
             case SHA_DIGEST_SIZE: hash = sha1; break;
             case SHA256_DIGEST_SIZE: hash = sha256; break;
             default: continue;
@@ -250,15 +250,15 @@
 
         // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that
         // the signing tool appends after the signature itself.
-        if (pKeys[i].key_type == Certificate::RSA) {
+        if (key.key_type == Certificate::RSA) {
             if (sig_der_length < RSANUMBYTES) {
                 // "signature" block isn't big enough to contain an RSA block.
                 LOGI("signature is too short for RSA key %zu\n", i);
                 continue;
             }
 
-            if (!RSA_verify(pKeys[i].rsa, sig_der, RSANUMBYTES,
-                            hash, pKeys[i].hash_len)) {
+            if (!RSA_verify(key.rsa.get(), sig_der, RSANUMBYTES,
+                            hash, key.hash_len)) {
                 LOGI("failed to verify against RSA key %zu\n", i);
                 continue;
             }
@@ -266,8 +266,8 @@
             LOGI("whole-file signature verified against RSA key %zu\n", i);
             free(sig_der);
             return VERIFY_SUCCESS;
-        } else if (pKeys[i].key_type == Certificate::EC
-                && pKeys[i].hash_len == SHA256_DIGEST_SIZE) {
+        } else if (key.key_type == Certificate::EC
+                && key.hash_len == SHA256_DIGEST_SIZE) {
             p256_int r, s;
             if (!dsa_sig_unpack(sig_der, sig_der_length, &r, &s)) {
                 LOGI("Not a DSA signature block for EC key %zu\n", i);
@@ -276,7 +276,7 @@
 
             p256_int p256_hash;
             p256_from_bin(hash, &p256_hash);
-            if (!p256_ecdsa_verify(&(pKeys[i].ec->x), &(pKeys[i].ec->y),
+            if (!p256_ecdsa_verify(&(key.ec->x), &(key.ec->y),
                                    &p256_hash, &r, &s)) {
                 LOGI("failed to verify against EC key %zu\n", i);
                 continue;
@@ -286,8 +286,9 @@
             free(sig_der);
             return VERIFY_SUCCESS;
         } else {
-            LOGI("Unknown key type %d\n", pKeys[i].key_type);
+            LOGI("Unknown key type %d\n", key.key_type);
         }
+        i++;
     }
     free(sig_der);
     LOGE("failed to verify whole-file signature\n");
@@ -323,140 +324,122 @@
 //       4: 2048-bit RSA key with e=65537 and SHA-256 hash
 //       5: 256-bit EC key using the NIST P-256 curve parameters and SHA-256 hash
 //
-// Returns NULL if the file failed to parse, or if it contain zero keys.
-Certificate*
-load_keys(const char* filename, int* numKeys) {
-    Certificate* out = NULL;
-    *numKeys = 0;
-
-    FILE* f = fopen(filename, "r");
-    if (f == NULL) {
+// Returns true on success, and appends the found keys (at least one) to certs.
+// Otherwise returns false if the file failed to parse, or if it contains zero
+// keys. The contents in certs would be unspecified on failure.
+bool load_keys(const char* filename, std::vector<Certificate>& certs) {
+    std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose);
+    if (!f) {
         LOGE("opening %s: %s\n", filename, strerror(errno));
-        goto exit;
+        return false;
     }
 
-    {
-        int i;
-        bool done = false;
-        while (!done) {
-            ++*numKeys;
-            out = (Certificate*)realloc(out, *numKeys * sizeof(Certificate));
-            Certificate* cert = out + (*numKeys - 1);
-            memset(cert, '\0', sizeof(Certificate));
+    while (true) {
+        certs.emplace_back(0, Certificate::RSA, nullptr, nullptr);
+        Certificate& cert = certs.back();
 
-            char start_char;
-            if (fscanf(f, " %c", &start_char) != 1) goto exit;
-            if (start_char == '{') {
-                // a version 1 key has no version specifier.
-                cert->key_type = Certificate::RSA;
-                cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
-                cert->rsa->exponent = 3;
-                cert->hash_len = SHA_DIGEST_SIZE;
-            } else if (start_char == 'v') {
-                int version;
-                if (fscanf(f, "%d {", &version) != 1) goto exit;
-                switch (version) {
-                    case 2:
-                        cert->key_type = Certificate::RSA;
-                        cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
-                        cert->rsa->exponent = 65537;
-                        cert->hash_len = SHA_DIGEST_SIZE;
-                        break;
-                    case 3:
-                        cert->key_type = Certificate::RSA;
-                        cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
-                        cert->rsa->exponent = 3;
-                        cert->hash_len = SHA256_DIGEST_SIZE;
-                        break;
-                    case 4:
-                        cert->key_type = Certificate::RSA;
-                        cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
-                        cert->rsa->exponent = 65537;
-                        cert->hash_len = SHA256_DIGEST_SIZE;
-                        break;
-                    case 5:
-                        cert->key_type = Certificate::EC;
-                        cert->ec = (ECPublicKey*)calloc(1, sizeof(ECPublicKey));
-                        cert->hash_len = SHA256_DIGEST_SIZE;
-                        break;
-                    default:
-                        goto exit;
-                }
+        char start_char;
+        if (fscanf(f.get(), " %c", &start_char) != 1) return false;
+        if (start_char == '{') {
+            // a version 1 key has no version specifier.
+            cert.key_type = Certificate::RSA;
+            cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+            cert.rsa->exponent = 3;
+            cert.hash_len = SHA_DIGEST_SIZE;
+        } else if (start_char == 'v') {
+            int version;
+            if (fscanf(f.get(), "%d {", &version) != 1) return false;
+            switch (version) {
+                case 2:
+                    cert.key_type = Certificate::RSA;
+                    cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+                    cert.rsa->exponent = 65537;
+                    cert.hash_len = SHA_DIGEST_SIZE;
+                    break;
+                case 3:
+                    cert.key_type = Certificate::RSA;
+                    cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+                    cert.rsa->exponent = 3;
+                    cert.hash_len = SHA256_DIGEST_SIZE;
+                    break;
+                case 4:
+                    cert.key_type = Certificate::RSA;
+                    cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+                    cert.rsa->exponent = 65537;
+                    cert.hash_len = SHA256_DIGEST_SIZE;
+                    break;
+                case 5:
+                    cert.key_type = Certificate::EC;
+                    cert.ec = std::unique_ptr<ECPublicKey>(new ECPublicKey);
+                    cert.hash_len = SHA256_DIGEST_SIZE;
+                    break;
+                default:
+                    return false;
             }
+        }
 
-            if (cert->key_type == Certificate::RSA) {
-                RSAPublicKey* key = cert->rsa;
-                if (fscanf(f, " %i , 0x%x , { %u",
-                           &(key->len), &(key->n0inv), &(key->n[0])) != 3) {
-                    goto exit;
-                }
-                if (key->len != RSANUMWORDS) {
-                    LOGE("key length (%d) does not match expected size\n", key->len);
-                    goto exit;
-                }
-                for (i = 1; i < key->len; ++i) {
-                    if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit;
-                }
-                if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit;
-                for (i = 1; i < key->len; ++i) {
-                    if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit;
-                }
-                fscanf(f, " } } ");
-
-                LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len);
-            } else if (cert->key_type == Certificate::EC) {
-                ECPublicKey* key = cert->ec;
-                int key_len;
-                unsigned int byte;
-                uint8_t x_bytes[P256_NBYTES];
-                uint8_t y_bytes[P256_NBYTES];
-                if (fscanf(f, " %i , { %u", &key_len, &byte) != 2) goto exit;
-                if (key_len != P256_NBYTES) {
-                    LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES);
-                    goto exit;
-                }
-                x_bytes[P256_NBYTES - 1] = byte;
-                for (i = P256_NBYTES - 2; i >= 0; --i) {
-                    if (fscanf(f, " , %u", &byte) != 1) goto exit;
-                    x_bytes[i] = byte;
-                }
-                if (fscanf(f, " } , { %u", &byte) != 1) goto exit;
-                y_bytes[P256_NBYTES - 1] = byte;
-                for (i = P256_NBYTES - 2; i >= 0; --i) {
-                    if (fscanf(f, " , %u", &byte) != 1) goto exit;
-                    y_bytes[i] = byte;
-                }
-                fscanf(f, " } } ");
-                p256_from_bin(x_bytes, &key->x);
-                p256_from_bin(y_bytes, &key->y);
-            } else {
-                LOGE("Unknown key type %d\n", cert->key_type);
-                goto exit;
+        if (cert.key_type == Certificate::RSA) {
+            RSAPublicKey* key = cert.rsa.get();
+            if (fscanf(f.get(), " %i , 0x%x , { %u", &(key->len), &(key->n0inv),
+                    &(key->n[0])) != 3) {
+                return false;
             }
-
-            // if the line ends in a comma, this file has more keys.
-            switch (fgetc(f)) {
-            case ',':
-                // more keys to come.
-                break;
-
-            case EOF:
-                done = true;
-                break;
-
-            default:
-                LOGE("unexpected character between keys\n");
-                goto exit;
+            if (key->len != RSANUMWORDS) {
+                LOGE("key length (%d) does not match expected size\n", key->len);
+                return false;
             }
+            for (int i = 1; i < key->len; ++i) {
+                if (fscanf(f.get(), " , %u", &(key->n[i])) != 1) return false;
+            }
+            if (fscanf(f.get(), " } , { %u", &(key->rr[0])) != 1) return false;
+            for (int i = 1; i < key->len; ++i) {
+                if (fscanf(f.get(), " , %u", &(key->rr[i])) != 1) return false;
+            }
+            fscanf(f.get(), " } } ");
+
+            LOGI("read key e=%d hash=%d\n", key->exponent, cert.hash_len);
+        } else if (cert.key_type == Certificate::EC) {
+            ECPublicKey* key = cert.ec.get();
+            int key_len;
+            unsigned int byte;
+            uint8_t x_bytes[P256_NBYTES];
+            uint8_t y_bytes[P256_NBYTES];
+            if (fscanf(f.get(), " %i , { %u", &key_len, &byte) != 2) return false;
+            if (key_len != P256_NBYTES) {
+                LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES);
+                return false;
+            }
+            x_bytes[P256_NBYTES - 1] = byte;
+            for (int i = P256_NBYTES - 2; i >= 0; --i) {
+                if (fscanf(f.get(), " , %u", &byte) != 1) return false;
+                x_bytes[i] = byte;
+            }
+            if (fscanf(f.get(), " } , { %u", &byte) != 1) return false;
+            y_bytes[P256_NBYTES - 1] = byte;
+            for (int i = P256_NBYTES - 2; i >= 0; --i) {
+                if (fscanf(f.get(), " , %u", &byte) != 1) return false;
+                y_bytes[i] = byte;
+            }
+            fscanf(f.get(), " } } ");
+            p256_from_bin(x_bytes, &key->x);
+            p256_from_bin(y_bytes, &key->y);
+        } else {
+            LOGE("Unknown key type %d\n", cert.key_type);
+            return false;
+        }
+
+        // if the line ends in a comma, this file has more keys.
+        int ch = fgetc(f.get());
+        if (ch == ',') {
+            // more keys to come.
+            continue;
+        } else if (ch == EOF) {
+            break;
+        } else {
+            LOGE("unexpected character between keys\n");
+            return false;
         }
     }
 
-    fclose(f);
-    return out;
-
-exit:
-    if (f) fclose(f);
-    free(out);
-    *numKeys = 0;
-    return NULL;
+    return true;
 }
diff --git a/verifier.h b/verifier.h
index 15f8d98..4eafc75 100644
--- a/verifier.h
+++ b/verifier.h
@@ -17,6 +17,9 @@
 #ifndef _RECOVERY_VERIFIER_H
 #define _RECOVERY_VERIFIER_H
 
+#include <memory>
+#include <vector>
+
 #include "mincrypt/p256.h"
 #include "mincrypt/rsa.h"
 
@@ -25,17 +28,25 @@
     p256_int y;
 } ECPublicKey;
 
-typedef struct {
+struct Certificate {
     typedef enum {
         RSA,
         EC,
     } KeyType;
 
+    Certificate(int hash_len_, KeyType key_type_,
+            std::unique_ptr<RSAPublicKey>&& rsa_,
+            std::unique_ptr<ECPublicKey>&& ec_) :
+        hash_len(hash_len_),
+        key_type(key_type_),
+        rsa(std::move(rsa_)),
+        ec(std::move(ec_)) { }
+
     int hash_len;  // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
     KeyType key_type;
-    RSAPublicKey* rsa;
-    ECPublicKey* ec;
-} Certificate;
+    std::unique_ptr<RSAPublicKey> rsa;
+    std::unique_ptr<ECPublicKey> ec;
+};
 
 /* addr and length define a an update package file that has been
  * loaded (or mmap'ed, or whatever) into memory.  Verify that the file
@@ -43,9 +54,9 @@
  * one of the constants below.
  */
 int verify_file(unsigned char* addr, size_t length,
-                const Certificate *pKeys, unsigned int numKeys);
+                const std::vector<Certificate>& keys);
 
-Certificate* load_keys(const char* filename, int* numKeys);
+bool load_keys(const char* filename, std::vector<Certificate>& certs);
 
 #define VERIFY_SUCCESS        0
 #define VERIFY_FAILURE        1
diff --git a/verifier_test.cpp b/verifier_test.cpp
index 21633dc..2367e00 100644
--- a/verifier_test.cpp
+++ b/verifier_test.cpp
@@ -23,6 +23,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include <memory>
+#include <vector>
+
 #include "common.h"
 #include "verifier.h"
 #include "ui.h"
@@ -163,56 +166,43 @@
     va_end(ap);
 }
 
-static Certificate* add_certificate(Certificate** certsp, int* num_keys,
-        Certificate::KeyType key_type) {
-    int i = *num_keys;
-    *num_keys = *num_keys + 1;
-    *certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate));
-    Certificate* certs = *certsp;
-    certs[i].rsa = NULL;
-    certs[i].ec = NULL;
-    certs[i].key_type = key_type;
-    certs[i].hash_len = SHA_DIGEST_SIZE;
-    return &certs[i];
-}
-
-int main(int argc, char **argv) {
+int main(int argc, char** argv) {
     if (argc < 2) {
         fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
         return 2;
     }
-    Certificate* certs = NULL;
-    int num_keys = 0;
 
+    std::vector<Certificate> certs;
     int argn = 1;
     while (argn < argc) {
         if (strcmp(argv[argn], "-sha256") == 0) {
-            if (num_keys == 0) {
+            if (certs.empty()) {
                 fprintf(stderr, "May only specify -sha256 after key type\n");
                 return 2;
             }
             ++argn;
-            Certificate* cert = &certs[num_keys - 1];
-            cert->hash_len = SHA256_DIGEST_SIZE;
+            certs.back().hash_len = SHA256_DIGEST_SIZE;
         } else if (strcmp(argv[argn], "-ec") == 0) {
             ++argn;
-            Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC);
-            cert->ec = &test_ec_key;
+            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC,
+                    nullptr, std::unique_ptr<ECPublicKey>(new ECPublicKey(test_ec_key)));
         } else if (strcmp(argv[argn], "-e3") == 0) {
             ++argn;
-            Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
-            cert->rsa = &test_key;
+            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                    std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
         } else if (strcmp(argv[argn], "-f4") == 0) {
             ++argn;
-            Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
-            cert->rsa = &test_f4_key;
+            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                    std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_f4_key)), nullptr);
         } else if (strcmp(argv[argn], "-file") == 0) {
-            if (certs != NULL) {
+            if (!certs.empty()) {
                 fprintf(stderr, "Cannot specify -file with other certs specified\n");
                 return 2;
             }
             ++argn;
-            certs = load_keys(argv[argn], &num_keys);
+            if (!load_keys(argv[argn], certs)) {
+                fprintf(stderr, "Cannot load keys from %s\n", argv[argn]);
+            }
             ++argn;
         } else if (argv[argn][0] == '-') {
             fprintf(stderr, "Unknown argument %s\n", argv[argn]);
@@ -227,17 +217,9 @@
         return 2;
     }
 
-    if (num_keys == 0) {
-        certs = (Certificate*) calloc(1, sizeof(Certificate));
-        if (certs == NULL) {
-            fprintf(stderr, "Failure allocating memory for default certificate\n");
-            return 1;
-        }
-        certs->key_type = Certificate::RSA;
-        certs->rsa = &test_key;
-        certs->ec = NULL;
-        certs->hash_len = SHA_DIGEST_SIZE;
-        num_keys = 1;
+    if (certs.empty()) {
+        certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
     }
 
     ui = new FakeUI();
@@ -248,7 +230,7 @@
         return 4;
     }
 
-    int result = verify_file(map.addr, map.length, certs, num_keys);
+    int result = verify_file(map.addr, map.length, certs);
     if (result == VERIFY_SUCCESS) {
         printf("VERIFIED\n");
         return 0;