diff options
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2common.c | 8 | ||||
-rw-r--r-- | firmware/2lib/2common2.c | 6 | ||||
-rw-r--r-- | firmware/2lib/2rsa.c | 2 | ||||
-rw-r--r-- | firmware/2lib/include/2common.h | 25 | ||||
-rw-r--r-- | firmware/2lib/include/2rsa.h | 2 |
5 files changed, 25 insertions, 18 deletions
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index 9a729e22..e15ddb77 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -171,7 +171,7 @@ int vb2_verify_signature_inside(const void *parent, int vb2_verify_digest(const struct vb2_public_key *key, struct vb2_signature *sig, const uint8_t *digest, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { uint8_t *sig_data = vb2_signature_data(sig); @@ -190,7 +190,7 @@ int vb2_verify_data(const uint8_t *data, uint32_t size, struct vb2_signature *sig, const struct vb2_public_key *key, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { struct vb2_workbuf wblocal = *wb; struct vb2_digest_context *dc; @@ -237,7 +237,7 @@ int vb2_verify_data(const uint8_t *data, int vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, const struct vb2_public_key *key, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { struct vb2_signature *sig; int rv; @@ -306,7 +306,7 @@ int vb2_verify_keyblock(struct vb2_keyblock *block, int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, uint32_t size, const struct vb2_public_key *key, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { struct vb2_signature *sig = &preamble->preamble_signature; diff --git a/firmware/2lib/2common2.c b/firmware/2lib/2common2.c index 52b4e238..813e2b65 100644 --- a/firmware/2lib/2common2.c +++ b/firmware/2lib/2common2.c @@ -221,7 +221,7 @@ static uint8_t *vb2_signature2_data(struct vb2_signature2 *sig) int vb2_verify_digest2(const struct vb2_public_key *key, struct vb2_signature2 *sig, const uint8_t *digest, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg); @@ -255,7 +255,7 @@ int vb2_verify_data2(const void *data, uint32_t size, struct vb2_signature2 *sig, const struct vb2_public_key *key, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { struct vb2_workbuf wblocal = *wb; struct vb2_digest_context *dc; @@ -302,7 +302,7 @@ int vb2_verify_data2(const void *data, int vb2_verify_keyblock2(struct vb2_keyblock2 *block, uint32_t size, const struct vb2_public_key *key, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { uint32_t min_offset = 0, sig_offset; int rv, i; diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c index 37c5cf51..5a1e0fad 100644 --- a/firmware/2lib/2rsa.c +++ b/firmware/2lib/2rsa.c @@ -291,7 +291,7 @@ int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key) int vb2_rsa_verify_digest(const struct vb2_public_key *key, uint8_t *sig, const uint8_t *digest, - struct vb2_workbuf *wb) + const struct vb2_workbuf *wb) { struct vb2_workbuf wblocal = *wb; uint32_t *workbuf32; diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 74c7f420..e0b252b3 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -66,6 +66,11 @@ void vb2_workbuf_init(struct vb2_workbuf *wb, uint8_t *buf, uint32_t size); * is not done. The caller must track the size of each allocation and free via * vb2_workbuf_free() in the reverse order they were allocated. * + * An acceptable alternate workflow inside a function is to pass in a const + * work buffer, then make a local copy. Allocations done to the local copy + * then don't change the passed-in work buffer, and will effectively be freed + * when the local copy goes out of scope. + * * @param wb Work buffer * @param size Requested size in bytes * @return A pointer to the allocated space, or NULL if error. @@ -196,7 +201,8 @@ int vb2_verify_common_header(const void *parent, uint32_t parent_size); * @param min_offset Pointer to minimum offset where member can be located. * If this offset is 0 on input, uses the size of the * fixed header (and description, if any). This will be - * updated on return to the end of the passed member. + * updated on return to the end of the passed member. On + * error, the value of min_offset is undefined. * @param member_offset Offset of member data from start of parent, in bytes * @param member_size Size of member data, in bytes * @return VB2_SUCCESS, or non-zero if error. @@ -217,7 +223,8 @@ int vb2_verify_common_member(const void *parent, * @param min_offset Pointer to minimum offset where member can be located. * If this offset is 0 on input, uses the size of the * fixed header (and description, if any). This will be - * updated on return to the end of the passed member. + * updated on return to the end of the passed member. On + * error, the value of min_offset is undefined. * @param member_offset Offset of member data from start of parent, in bytes. * This should be the start of the common header of the * member. @@ -327,7 +334,7 @@ int vb2_verify_signature2(const struct vb2_signature2 *sig, int vb2_verify_digest(const struct vb2_public_key *key, struct vb2_signature *sig, const uint8_t *digest, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); /** * Verify a signature against an expected hash digest. @@ -341,7 +348,7 @@ int vb2_verify_digest(const struct vb2_public_key *key, int vb2_verify_digest2(const struct vb2_public_key *key, struct vb2_signature2 *sig, const uint8_t *digest, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); /* * Size of work buffer sufficient for vb2_verify_data() or vb2_verify_data2() @@ -367,13 +374,13 @@ int vb2_verify_data(const uint8_t *data, uint32_t size, struct vb2_signature *sig, const struct vb2_public_key *key, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); int vb2_verify_data2(const void *data, uint32_t size, struct vb2_signature2 *sig, const struct vb2_public_key *key, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); /* * Size of work buffer sufficient for vb2_verify_keyblock() or @@ -396,12 +403,12 @@ int vb2_verify_data2(const void *data, int vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, const struct vb2_public_key *key, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); int vb2_verify_keyblock2(struct vb2_keyblock2 *block, uint32_t size, const struct vb2_public_key *key, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); /* Size of work buffer sufficient for vb2_verify_fw_preamble() worst case */ #define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES @@ -420,6 +427,6 @@ int vb2_verify_keyblock2(struct vb2_keyblock2 *block, int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, uint32_t size, const struct vb2_public_key *key, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); #endif /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */ diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h index 3d591a5a..e4e6717c 100644 --- a/firmware/2lib/include/2rsa.h +++ b/firmware/2lib/include/2rsa.h @@ -75,6 +75,6 @@ int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key); int vb2_rsa_verify_digest(const struct vb2_public_key *key, uint8_t *sig, const uint8_t *digest, - struct vb2_workbuf *wb); + const struct vb2_workbuf *wb); #endif /* VBOOT_REFERENCE_2RSA_H_ */ |