Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(45)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: host/lib/signature_digest.c

Issue 3136017: Add additional sanity checks to RSA verification code. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « host/lib/host_key.c ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 */ 4 */
5 5
6 #include "signature_digest.h" 6 #include "signature_digest.h"
7 #define OPENSSL_NO_SHA 7 #define OPENSSL_NO_SHA
8 #include <openssl/engine.h> 8 #include <openssl/engine.h>
9 #include <openssl/pem.h> 9 #include <openssl/pem.h>
10 #include <openssl/rsa.h> 10 #include <openssl/rsa.h>
11 11
12 #include <stdio.h> 12 #include <stdio.h>
13 #include <stdlib.h> 13 #include <stdlib.h>
14 #include <unistd.h> 14 #include <unistd.h>
15 15
16 #include "cryptolib.h" 16 #include "cryptolib.h"
17 #include "utility.h" 17 #include "utility.h"
18 18
19 uint8_t* PrependDigestInfo(int algorithm, uint8_t* digest) { 19 uint8_t* PrependDigestInfo(unsigned int algorithm, uint8_t* digest) {
20 const int digest_size = hash_size_map[algorithm]; 20 const int digest_size = hash_size_map[algorithm];
21 const int digestinfo_size = digestinfo_size_map[algorithm]; 21 const int digestinfo_size = digestinfo_size_map[algorithm];
22 const uint8_t* digestinfo = hash_digestinfo_map[algorithm]; 22 const uint8_t* digestinfo = hash_digestinfo_map[algorithm];
23 uint8_t* p = Malloc(digestinfo_size + digest_size); 23 uint8_t* p = Malloc(digestinfo_size + digest_size);
24 Memcpy(p, digestinfo, digestinfo_size); 24 Memcpy(p, digestinfo, digestinfo_size);
25 Memcpy(p + digestinfo_size, digest, digest_size); 25 Memcpy(p + digestinfo_size, digest, digest_size);
26 return p; 26 return p;
27 } 27 }
28 28
29 uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len, int algorithm) { 29 uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len,
30 unsigned int algorithm) {
30 uint8_t* info_digest = NULL; 31 uint8_t* info_digest = NULL;
31 uint8_t* digest = NULL; 32 uint8_t* digest = NULL;
32 33
33 if (algorithm >= kNumAlgorithms) { 34 if (algorithm >= kNumAlgorithms) {
34 VBDEBUG(("SignatureDigest() called with invalid algorithm!\n")); 35 VBDEBUG(("SignatureDigest() called with invalid algorithm!\n"));
35 } else if ((digest = DigestBuf(buf, len, algorithm))) { 36 } else if ((digest = DigestBuf(buf, len, algorithm))) {
36 info_digest = PrependDigestInfo(algorithm, digest); 37 info_digest = PrependDigestInfo(algorithm, digest);
37 } 38 }
38 Free(digest); 39 Free(digest);
39 return info_digest; 40 return info_digest;
40 } 41 }
41 42
42 uint8_t* SignatureBuf(const uint8_t* buf, uint64_t len, const char* key_file, 43 uint8_t* SignatureBuf(const uint8_t* buf, uint64_t len, const char* key_file,
43 int algorithm) { 44 unsigned int algorithm) {
44 FILE* key_fp = NULL; 45 FILE* key_fp = NULL;
45 RSA* key = NULL; 46 RSA* key = NULL;
46 uint8_t* signature = NULL; 47 uint8_t* signature = NULL;
47 uint8_t* signature_digest = SignatureDigest(buf, len, algorithm); 48 uint8_t* signature_digest = SignatureDigest(buf, len, algorithm);
48 int signature_digest_len = (hash_size_map[algorithm] + 49 int signature_digest_len = (hash_size_map[algorithm] +
49 digestinfo_size_map[algorithm]); 50 digestinfo_size_map[algorithm]);
50 key_fp = fopen(key_file, "r"); 51 key_fp = fopen(key_file, "r");
51 if (!key_fp) { 52 if (!key_fp) {
52 VBDEBUG(("SignatureBuf(): Couldn't open key file: %s\n", key_file)); 53 VBDEBUG(("SignatureBuf(): Couldn't open key file: %s\n", key_file));
53 Free(signature_digest); 54 Free(signature_digest);
(...skipping 11 matching lines...) Expand all
65 key, /* Key to use. */ 66 key, /* Key to use. */
66 RSA_PKCS1_PADDING)) /* Padding to use. */ 67 RSA_PKCS1_PADDING)) /* Padding to use. */
67 VBDEBUG(("SignatureBuf(): RSA_private_encrypt() failed.\n")); 68 VBDEBUG(("SignatureBuf(): RSA_private_encrypt() failed.\n"));
68 } 69 }
69 fclose(key_fp); 70 fclose(key_fp);
70 if (key) 71 if (key)
71 RSA_free(key); 72 RSA_free(key);
72 Free(signature_digest); 73 Free(signature_digest);
73 return signature; 74 return signature;
74 } 75 }
OLDNEW
« no previous file with comments | « host/lib/host_key.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698