From 114ac2079ed5fafc8deb9cbf58b5af01e74432b1 Mon Sep 17 00:00:00 2001 From: Nicolas Boichat Date: Thu, 2 Mar 2017 21:54:29 -0800 Subject: vbutil_keyblock: Force checking the signature if signpubkey is provided Previously, futility vbutil_keyblock --unpack would just ignore the error if the keyblock was not signed (but a signing public key was provided). This fix would have caught the regression introduced by 939cc3a "futility: Use only vboot 2.0 APIs for keyblocks" BUG=chromium:611535 BRANCH=none TEST=make runtests on m/master => fails TEST=make runtests with CL:448399 => succeeds Change-Id: Id7f0a248863aae2f41c2fa46fbb8a37848e707a9 Reviewed-on: https://chromium-review.googlesource.com/449058 Commit-Ready: Nicolas Boichat Tested-by: Nicolas Boichat Reviewed-by: Randall Spangler --- futility/cmd_vbutil_keyblock.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/futility/cmd_vbutil_keyblock.c b/futility/cmd_vbutil_keyblock.c index f79b8ea8..61053497 100644 --- a/futility/cmd_vbutil_keyblock.c +++ b/futility/cmd_vbutil_keyblock.c @@ -175,11 +175,18 @@ static int Unpack(const char *infile, const char *datapubkey, return 1; } - /* If the block is signed, then verify it with the signing public key, - * since vb2_read_keyblock() only verified the hash. */ - if (block->keyblock_signature.sig_size && signpubkey) { + /* If the signing public key is provided, then verify the block + * signature, since vb2_read_keyblock() only verified the hash. */ + if (signpubkey) { static uint8_t workbuf[VB2_WORKBUF_RECOMMENDED_SIZE]; static struct vb2_workbuf wb; + + if (block->keyblock_signature.sig_size == 0) { + fprintf(stderr, + "vbutil_keyblock: signpubkey provided but keyblock is not signed.\n"); + return 1; + } + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); sign_key = vb2_read_packed_key(signpubkey); -- cgit v1.2.1