host/lib/host_key.c - Issue 3136017: Add additional sanity checks to RSA verification code.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: host/lib/host_key.c

Issue 3136017: Add additional sanity checks to RSA verification code. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git

Patch Set: Created 10 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: host/lib/host_key.c

diff --git a/host/lib/host_key.c b/host/lib/host_key.c

index da91e666d4354792676206213bcce3a10f53da3d..bcc89fcec0d3ac61ebaeaa776c1df00c4db2c0bc 100644

--- a/host/lib/host_key.c

+++ b/host/lib/host_key.c

@@ -116,7 +116,7 @@ VbPrivateKey* PrivateKeyRead(const char* filename) {

uint64_t filelen = 0;

uint8_t *buffer;

const unsigned char *start;

buffer = ReadFile(filename, &filelen);

if (!buffer) {

error("unable to read from file %s\n", filename);

@@ -148,8 +148,6 @@ VbPrivateKey* PrivateKeyRead(const char* filename) {

}

/* Allocate a new public key with space for a [key_size] byte key. */

VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm,

uint64_t version) {

@@ -164,12 +162,12 @@ VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm,

return key;

}

VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,

uint64_t version) {

VbPublicKey* key;

uint8_t* key_data;

uint64_t key_size;

+ int expected_key_size;

if (algorithm >= kNumAlgorithms) {

VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n"));

@@ -185,7 +183,8 @@ VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,

if (!key_data)

return NULL;

- if (RSAProcessedKeySize(algorithm) != key_size) {

+ if (!RSAProcessedKeySize(algorithm, &expected_key_size) ||

+ expected_key_size != key_size) {

VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n"));

Free(key_data);

return NULL;

@@ -206,6 +205,7 @@ VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,

VbPublicKey* PublicKeyRead(const char* filename) {

VbPublicKey* key;

uint64_t file_size;

+ int key_size;

key = (VbPublicKey*)ReadFile(filename, &file_size);

if (!key)

@@ -225,7 +225,8 @@ VbPublicKey* PublicKeyRead(const char* filename) {

VBDEBUG(("PublicKeyRead() invalid version\n"));

break; /* Currently, TPM only supports 16-bit version */

}

- if (RSAProcessedKeySize(key->algorithm) != key->key_size) {

+ if (!RSAProcessedKeySize(key->algorithm, &key_size) ||

+ key_size != key->key_size) {

VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n"));

break;

}

@@ -240,7 +241,6 @@ VbPublicKey* PublicKeyRead(const char* filename) {

return NULL;

}

int PublicKeyWrite(const char* filename, const VbPublicKey* key) {

VbPublicKey* kcopy;

int rv;

« no previous file with comments | « host/lib/file_keys.c ('k') | host/lib/signature_digest.c » ('j') | no next file with comments »