diff options
author | Daisuke Nojiri <dnojiri@chromium.org> | 2016-09-14 12:49:33 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-10-01 00:01:09 -0700 |
commit | 01fb293825877edb83e8ddb9555733876f7556ea (patch) | |
tree | 3a0e60a4fc405f6775b0e86ec3c4e644560f46ec | |
parent | 31cf713244380d927b29bde7eb20f876e2bea580 (diff) | |
download | vboot-01fb293825877edb83e8ddb9555733876f7556ea.tar.gz |
bdb: Make bdb_verify accept null pointer for key digest
If key digest matching is not required (i.e. verify-bdb-key efuse
flag is not set), bdb_verify skips digest matching. This change makes
bdb_verify accept null pointer for the key digest parameter.
BUG=chromium:649555
BRANCH=none
TEST=make runtests
Change-Id: I14e5bd02526684b7b7bca1e1701cf04056df83ea
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/385538
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | firmware/bdb/bdb.c | 6 | ||||
-rw-r--r-- | firmware/bdb/bdb.h | 2 | ||||
-rw-r--r-- | tests/bdb_test.c | 4 |
3 files changed, 10 insertions, 2 deletions
diff --git a/firmware/bdb/bdb.c b/firmware/bdb/bdb.c index 663b43ff..4ebf7936 100644 --- a/firmware/bdb/bdb.c +++ b/firmware/bdb/bdb.c @@ -318,7 +318,7 @@ int bdb_verify(const void *buf, size_t size, const uint8_t *bdb_key_digest) const struct bdb_data *data; const void *oem; uint8_t digest[BDB_SHA256_DIGEST_SIZE]; - int bdb_digest_mismatch; + int bdb_digest_mismatch = -1; /* Make sure buffer doesn't wrap around address space */ if (end < (const uint8_t *)buf) @@ -342,7 +342,9 @@ int bdb_verify(const void *buf, size_t size, const uint8_t *bdb_key_digest) VB2_HASH_SHA256, digest, BDB_SHA256_DIGEST_SIZE)) return BDB_ERROR_DIGEST; - bdb_digest_mismatch = memcmp(digest, bdb_key_digest, sizeof(digest)); + if (bdb_key_digest) + bdb_digest_mismatch = memcmp(digest, + bdb_key_digest, sizeof(digest)); /* Make sure OEM area 0 fits */ oem = bdb_get_oem_area_0(buf); diff --git a/firmware/bdb/bdb.h b/firmware/bdb/bdb.h index ef10a19d..ebe3b414 100644 --- a/firmware/bdb/bdb.h +++ b/firmware/bdb/bdb.h @@ -124,6 +124,8 @@ int bdb_check_data(const struct bdb_data *p, size_t size); * @param size Size of data in bytes * @param bdb_key_digest Pointer to expected digest for BDB key. * Must be BDB_SHA256_DIGEST_SIZE bytes long. + * If it's NULL, digest match will be skipped + * (and it'll be treated as 'mismatch'). * * @return 0 if success, non-zero error code if error. Note that error code * BDB_GOOD_OTHER_THAN_KEY may still indicate an acceptable BDB if the Boot diff --git a/tests/bdb_test.c b/tests/bdb_test.c index 2e8499a4..d22572af 100644 --- a/tests/bdb_test.c +++ b/tests/bdb_test.c @@ -324,6 +324,10 @@ void check_bdb_verify(const char *key_dir) memcpy(h, hgood, hsize); TEST_EQ_S(bdb_verify(h, hsize, bdbkey_digest), BDB_SUCCESS); + /* It can accept a NULL pointer as bdb_key_digest */ + memcpy(h, hgood, hsize); + TEST_EQ_S(bdb_verify(h, hsize, NULL), BDB_GOOD_OTHER_THAN_KEY); + /* Mangle each component in turn */ memcpy(h, hgood, hsize); h->struct_magic++; |