summaryrefslogtreecommitdiff
path: root/firmware
diff options
context:
space:
mode:
Diffstat (limited to 'firmware')
-rw-r--r--firmware/2lib/2common.c8
-rw-r--r--firmware/2lib/2common2.c6
-rw-r--r--firmware/2lib/2rsa.c2
-rw-r--r--firmware/2lib/include/2common.h25
-rw-r--r--firmware/2lib/include/2rsa.h2
5 files changed, 25 insertions, 18 deletions
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c
index 9a729e22..e15ddb77 100644
--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -171,7 +171,7 @@ int vb2_verify_signature_inside(const void *parent,
int vb2_verify_digest(const struct vb2_public_key *key,
struct vb2_signature *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
uint8_t *sig_data = vb2_signature_data(sig);
@@ -190,7 +190,7 @@ int vb2_verify_data(const uint8_t *data,
uint32_t size,
struct vb2_signature *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
struct vb2_digest_context *dc;
@@ -237,7 +237,7 @@ int vb2_verify_data(const uint8_t *data,
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_signature *sig;
int rv;
@@ -306,7 +306,7 @@ int vb2_verify_keyblock(struct vb2_keyblock *block,
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_signature *sig = &preamble->preamble_signature;
diff --git a/firmware/2lib/2common2.c b/firmware/2lib/2common2.c
index 52b4e238..813e2b65 100644
--- a/firmware/2lib/2common2.c
+++ b/firmware/2lib/2common2.c
@@ -221,7 +221,7 @@ static uint8_t *vb2_signature2_data(struct vb2_signature2 *sig)
int vb2_verify_digest2(const struct vb2_public_key *key,
struct vb2_signature2 *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg);
@@ -255,7 +255,7 @@ int vb2_verify_data2(const void *data,
uint32_t size,
struct vb2_signature2 *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
struct vb2_digest_context *dc;
@@ -302,7 +302,7 @@ int vb2_verify_data2(const void *data,
int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
uint32_t min_offset = 0, sig_offset;
int rv, i;
diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index 37c5cf51..5a1e0fad 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -291,7 +291,7 @@ int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key)
int vb2_rsa_verify_digest(const struct vb2_public_key *key,
uint8_t *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb)
+ const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
uint32_t *workbuf32;
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 74c7f420..e0b252b3 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -66,6 +66,11 @@ void vb2_workbuf_init(struct vb2_workbuf *wb, uint8_t *buf, uint32_t size);
* is not done. The caller must track the size of each allocation and free via
* vb2_workbuf_free() in the reverse order they were allocated.
*
+ * An acceptable alternate workflow inside a function is to pass in a const
+ * work buffer, then make a local copy. Allocations done to the local copy
+ * then don't change the passed-in work buffer, and will effectively be freed
+ * when the local copy goes out of scope.
+ *
* @param wb Work buffer
* @param size Requested size in bytes
* @return A pointer to the allocated space, or NULL if error.
@@ -196,7 +201,8 @@ int vb2_verify_common_header(const void *parent, uint32_t parent_size);
* @param min_offset Pointer to minimum offset where member can be located.
* If this offset is 0 on input, uses the size of the
* fixed header (and description, if any). This will be
- * updated on return to the end of the passed member.
+ * updated on return to the end of the passed member. On
+ * error, the value of min_offset is undefined.
* @param member_offset Offset of member data from start of parent, in bytes
* @param member_size Size of member data, in bytes
* @return VB2_SUCCESS, or non-zero if error.
@@ -217,7 +223,8 @@ int vb2_verify_common_member(const void *parent,
* @param min_offset Pointer to minimum offset where member can be located.
* If this offset is 0 on input, uses the size of the
* fixed header (and description, if any). This will be
- * updated on return to the end of the passed member.
+ * updated on return to the end of the passed member. On
+ * error, the value of min_offset is undefined.
* @param member_offset Offset of member data from start of parent, in bytes.
* This should be the start of the common header of the
* member.
@@ -327,7 +334,7 @@ int vb2_verify_signature2(const struct vb2_signature2 *sig,
int vb2_verify_digest(const struct vb2_public_key *key,
struct vb2_signature *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/**
* Verify a signature against an expected hash digest.
@@ -341,7 +348,7 @@ int vb2_verify_digest(const struct vb2_public_key *key,
int vb2_verify_digest2(const struct vb2_public_key *key,
struct vb2_signature2 *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/*
* Size of work buffer sufficient for vb2_verify_data() or vb2_verify_data2()
@@ -367,13 +374,13 @@ int vb2_verify_data(const uint8_t *data,
uint32_t size,
struct vb2_signature *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
int vb2_verify_data2(const void *data,
uint32_t size,
struct vb2_signature2 *sig,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/*
* Size of work buffer sufficient for vb2_verify_keyblock() or
@@ -396,12 +403,12 @@ int vb2_verify_data2(const void *data,
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
/* Size of work buffer sufficient for vb2_verify_fw_preamble() worst case */
#define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
@@ -420,6 +427,6 @@ int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
#endif /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 3d591a5a..e4e6717c 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -75,6 +75,6 @@ int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key);
int vb2_rsa_verify_digest(const struct vb2_public_key *key,
uint8_t *sig,
const uint8_t *digest,
- struct vb2_workbuf *wb);
+ const struct vb2_workbuf *wb);
#endif /* VBOOT_REFERENCE_2RSA_H_ */
View Lorry Controller Status