diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-10-05 18:34:26 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-10-06 02:56:18 +0000 |
| commit | 0fe84e193c648d30a0e45b2332bd4854a3e1d8bb (patch) | |
| tree | adcbb17b592dbea0723ba493824ac36e1d77ca7c /common | |
| parent | 7f5d2a30a4add6125d2ecf33e14efdbccc0e8087 (diff) | |
| download | chrome-ec-0fe84e193c648d30a0e45b2332bd4854a3e1d8bb.tar.gz | |
cr50: update RSA public API to block access on FIPS errors
1. Switched RSA public and internal functions to use enum dcrypto_result
2. Added checks for FIPS errors.
3. Updated call sites to properly handle result values.
BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpm_test.py
TCG tests:
---------------------- Test Result Summary -----------------------------
Test executed on: Mon Oct 5 18:26:07 2021
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I23d391322e55b541d72388b2a4661991a61dd020
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3207348
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'common')
| -rw-r--r-- | common/ap_ro_integrity_check.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 203bd967c0..8465983eea 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -450,8 +450,9 @@ static int verify_signature(struct memory_block *blocks, digest = HASH_final(&ctx); - return !DCRYPTO_rsa_verify(&pubk->rsa, digest, digest_size, sig_body, - sig_size, PADDING_MODE_PKCS1, pubk->hashing); + return DCRYPTO_rsa_verify(&pubk->rsa, digest, digest_size, sig_body, + sig_size, PADDING_MODE_PKCS1, pubk->hashing) - + DCRYPTO_OK; } /** |