Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(297)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: firmware/lib/vboot_common.c

Issue 3027009: Added size param to VerifyData() (Closed) Base URL: ssh://gitrw.chromium.org/vboot_reference.git
Patch Set: Created 10 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « firmware/lib/include/vboot_common.h ('k') | firmware/lib/vboot_firmware.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: firmware/lib/vboot_common.c
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index be5a34de967e67046c00193261c7a96c3e167ccd..a2a5d9f54bf624b4ac89e4acb88f61d669dae68a 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -126,13 +126,17 @@ RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) {
}
-int VerifyData(const uint8_t* data, const VbSignature *sig,
+int VerifyData(const uint8_t* data, uint64_t size, const VbSignature *sig,
const RSAPublicKey* key) {
if (sig->sig_size != siglen_map[key->algorithm]) {
VBDEBUG(("Wrong signature size for algorithm.\n"));
return 1;
}
+ if (sig->data_size > size) {
+ VBDEBUG(("Data buffer smaller than length of signed data.\n"));
+ return 1;
+ }
if (!RSAVerifyBinary_f(NULL, key, data, sig->data_size,
GetSignatureDataC(sig), key->algorithm))
@@ -201,7 +205,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
VBDEBUG(("Signature calculated past end of the block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
- rv = VerifyData((const uint8_t*)block, sig, rsa);
+ rv = VerifyData((const uint8_t*)block, size, sig, rsa);
RSAPublicKeyFree(rsa);
if (rv)
return VBOOT_KEY_BLOCK_SIGNATURE;
@@ -253,7 +257,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
}
-int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
+int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key) {
const VbSignature* sig = &preamble->preamble_signature;
@@ -281,7 +285,7 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
return VBOOT_PREAMBLE_INVALID;
}
- if (VerifyData((const uint8_t*)preamble, sig, key)) {
+ if (VerifyData((const uint8_t*)preamble, size, sig, key)) {
VBDEBUG(("Preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
}
@@ -311,7 +315,7 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
}
-int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
+int VerifyKernelPreamble(const VbKernelPreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key) {
const VbSignature* sig = &preamble->preamble_signature;
@@ -331,7 +335,7 @@ int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
VBDEBUG(("Preamble signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
- if (VerifyData((const uint8_t*)preamble, sig, key)) {
+ if (VerifyData((const uint8_t*)preamble, size, sig, key)) {
VBDEBUG(("Preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
}
« no previous file with comments | « firmware/lib/include/vboot_common.h ('k') | firmware/lib/vboot_firmware.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698