summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRandall Spangler <rspangler@chromium.org>2014-11-04 16:45:37 -0800
committerchrome-internal-fetch <chrome-internal-fetch@google.com>2014-11-06 02:28:16 +0000
commita063a43ad776c9831051e62565c0136ce36d0b09 (patch)
tree9bef87d76bd7c5730d353cec1626cf613b0ff8c7
parentad105edeb2ff0f2fbafd15655d351e8bb7522a21 (diff)
downloadvboot-a063a43ad776c9831051e62565c0136ce36d0b09.tar.gz
vboot2: pass const work buffers, and clarify min_offset output
When a work buffer is passed to a function, and duplicated inside that function, allocations made against the duplicate are automatically freed when the duplicate goes out of scope. Make that explicit in the comments. And pass in const struct workbuf * instead of struct workbuf *, to make it clear that the passed-in work buffer pointer is not being altered by the function. Also, comment that the value of min_offset becomes undefined if vb2_verify_common_member() or vb2_verify_common_subobject() fails. BUG=chromium:423882 BRANCH=none TEST=VBOOT2=1 make runtests Change-Id: Icc6010e6ef786f78cd2176a59d4d0e6e14905a11 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227524 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat
-rw-r--r--firmware/2lib/2common.c8
-rw-r--r--firmware/2lib/2common2.c6
-rw-r--r--firmware/2lib/2rsa.c2
-rw-r--r--firmware/2lib/include/2common.h25
-rw-r--r--firmware/2lib/include/2rsa.h2
-rw-r--r--tests/vb2_api_tests.c2
-rw-r--r--tests/vb2_misc2_tests.c4
7 files changed, 28 insertions, 21 deletions
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c
index 9a729e22..e15ddb77 100644
--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -171,7 +171,7 @@ int vb2_verify_signature_inside(const void *parent,
int vb2_verify_digest(const struct vb2_public_key *key,
struct vb2_signature *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
uint8_t *sig_data = vb2_signature_data(sig);
@@ -190,7 +190,7 @@ int vb2_verify_data(const uint8_t *data,
uint32_t size,
struct vb2_signature *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
struct vb2_digest_context *dc;
@@ -237,7 +237,7 @@ int vb2_verify_data(const uint8_t *data,
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_signature *sig;
int rv;
@@ -306,7 +306,7 @@ int vb2_verify_keyblock(struct vb2_keyblock *block,
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_signature *sig = &preamble->preamble_signature;
diff --git a/firmware/2lib/2common2.c b/firmware/2lib/2common2.c
index 52b4e238..813e2b65 100644
--- a/firmware/2lib/2common2.c
+++ b/firmware/2lib/2common2.c
@@ -221,7 +221,7 @@ static uint8_t *vb2_signature2_data(struct vb2_signature2 *sig)
int vb2_verify_digest2(const struct vb2_public_key *key,
struct vb2_signature2 *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg);
@@ -255,7 +255,7 @@ int vb2_verify_data2(const void *data,
uint32_t size,
struct vb2_signature2 *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
struct vb2_digest_context *dc;
@@ -302,7 +302,7 @@ int vb2_verify_data2(const void *data,
int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
uint32_t min_offset = 0, sig_offset;
int rv, i;
diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index 37c5cf51..5a1e0fad 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -291,7 +291,7 @@ int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key)
int vb2_rsa_verify_digest(const struct vb2_public_key *key,
uint8_t *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
uint32_t *workbuf32;
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 74c7f420..e0b252b3 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -66,6 +66,11 @@ void vb2_workbuf_init(struct vb2_workbuf *wb, uint8_t *buf, uint32_t size);
* is not done. The caller must track the size of each allocation and free via
* vb2_workbuf_free() in the reverse order they were allocated.
*
+ * An acceptable alternate workflow inside a function is to pass in a const
+ * work buffer, then make a local copy. Allocations done to the local copy
+ * then don't change the passed-in work buffer, and will effectively be freed
+ * when the local copy goes out of scope.
+ *
* @param wb Work buffer
* @param size Requested size in bytes
* @return A pointer to the allocated space, or NULL if error.
@@ -196,7 +201,8 @@ int vb2_verify_common_header(const void *parent, uint32_t parent_size);
* @param min_offset Pointer to minimum offset where member can be located.
* If this offset is 0 on input, uses the size of the
* fixed header (and description, if any). This will be
- * updated on return to the end of the passed member.
+ * updated on return to the end of the passed member. On
+ * error, the value of min_offset is undefined.
* @param member_offset Offset of member data from start of parent, in bytes
* @param member_size Size of member data, in bytes
* @return VB2_SUCCESS, or non-zero if error.
@@ -217,7 +223,8 @@ int vb2_verify_common_member(const void *parent,
* @param min_offset Pointer to minimum offset where member can be located.
* If this offset is 0 on input, uses the size of the
* fixed header (and description, if any). This will be
- * updated on return to the end of the passed member.
+ * updated on return to the end of the passed member. On
+ * error, the value of min_offset is undefined.
* @param member_offset Offset of member data from start of parent, in bytes.
* This should be the start of the common header of the
* member.
@@ -327,7 +334,7 @@ int vb2_verify_signature2(const struct vb2_signature2 *sig,
int vb2_verify_digest(const struct vb2_public_key *key,
struct vb2_signature *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/**
* Verify a signature against an expected hash digest.
@@ -341,7 +348,7 @@ int vb2_verify_digest(const struct vb2_public_key *key,
int vb2_verify_digest2(const struct vb2_public_key *key,
struct vb2_signature2 *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/*
* Size of work buffer sufficient for vb2_verify_data() or vb2_verify_data2()
@@ -367,13 +374,13 @@ int vb2_verify_data(const uint8_t *data,
uint32_t size,
struct vb2_signature *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
int vb2_verify_data2(const void *data,
uint32_t size,
struct vb2_signature2 *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/*
* Size of work buffer sufficient for vb2_verify_keyblock() or
@@ -396,12 +403,12 @@ int vb2_verify_data2(const void *data,
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/* Size of work buffer sufficient for vb2_verify_fw_preamble() worst case */
#define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
@@ -420,6 +427,6 @@ int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
#endif /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 3d591a5a..e4e6717c 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -75,6 +75,6 @@ int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key);
int vb2_rsa_verify_digest(const struct vb2_public_key *key,
uint8_t *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
#endif /* VBOOT_REFERENCE_2RSA_H_ */
diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c
index cf706d46..5d667663 100644
--- a/tests/vb2_api_tests.c
+++ b/tests/vb2_api_tests.c
@@ -182,7 +182,7 @@ uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg)
int vb2_rsa_verify_digest(const struct vb2_public_key *key,
uint8_t *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
return retval_vb2_verify_digest;
}
diff --git a/tests/vb2_misc2_tests.c b/tests/vb2_misc2_tests.c
index 2025fb41..796d8e6a 100644
--- a/tests/vb2_misc2_tests.c
+++ b/tests/vb2_misc2_tests.c
@@ -154,7 +154,7 @@ int vb2_unpack_key(struct vb2_public_key *key,
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
return mock_verify_keyblock_retval;
}
@@ -162,7 +162,7 @@ int vb2_verify_keyblock(struct vb2_keyblock *block,
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
return mock_verify_preamble_retval;
}
View Lorry Controller Status