diff options
| author | Daniel Axtens <dja@axtens.net> | 2021-06-21 18:26:38 +1000 |
|---|---|---|
| committer | Vasant Hegde <hegdevasant@linux.vnet.ibm.com> | 2021-07-27 15:58:50 +0530 |
| commit | 4c17264f37130c7e0bf9e7a4ae7cae013947e6ee (patch) | |
| tree | 7dbc42361b272471867459c3c4736b57ebd164d8 | |
| parent | b539bd76ca36cc0b1149fdf1db33db383597ee1f (diff) | |
| download | skiboot-4c17264f37130c7e0bf9e7a4ae7cae013947e6ee.zip skiboot-4c17264f37130c7e0bf9e7a4ae7cae013947e6ee.tar.gz skiboot-4c17264f37130c7e0bf9e7a4ae7cae013947e6ee.tar.bz2 | |
secvar/backend: clarify variables in process_update
process_update() has tbhbuffer and tbhbuffersize. However, tbhbuffer
doesn't contain to-be-hashed data, but a hash:
/* Prepare the data to be verified */
tbhbuffer = get_hash_to_verify(update->key, *newesl, *new_data_size,
timestamp);
And tbhbuffersize is initalised to zero and then never filled with
the actual length, so 0 is passed through to verify_signature.
verify_signature will in turn pass that to mbedtls, which will interpret
it as "figure out the length yourself based on the hash type". So this
has always worked, but by accident.
Rename tbhbuffer to hash, as that's what it is.
Drop tbhbuffersize, and pass 32 directly to verify_signature. We only
support SHA-256, and SHA-256 is 32 bytes long.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Nick Child <nick.child@ibm.com>
Tested-by: Nick Child <nick.child@ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
| -rw-r--r-- | libstb/secvar/backend/edk2-compat-process.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index 541ff5a..90acd43 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -700,8 +700,7 @@ int process_update(const struct secvar *update, char **newesl, void *auth_buffer = NULL; int auth_buffer_size = 0; const char *key_authority[3]; - char *tbhbuffer = NULL; - size_t tbhbuffersize = 0; + char *hash = NULL; struct secvar *avar = NULL; int rc = 0; int i; @@ -761,9 +760,9 @@ int process_update(const struct secvar *update, char **newesl, } /* Prepare the data to be verified */ - tbhbuffer = get_hash_to_verify(update->key, *newesl, *new_data_size, + hash = get_hash_to_verify(update->key, *newesl, *new_data_size, timestamp); - if (!tbhbuffer) { + if (!hash) { rc = OPAL_INTERNAL_ERROR; goto out; } @@ -784,9 +783,8 @@ int process_update(const struct secvar *update, char **newesl, if (!avar || !avar->data_size) continue; - /* Verify the signature */ - rc = verify_signature(auth, tbhbuffer, tbhbuffersize, - avar); + /* Verify the signature. sha256 is 32 bytes long. */ + rc = verify_signature(auth, hash, 32, avar); /* Break if signature verification is successful */ if (rc == OPAL_SUCCESS) { @@ -797,7 +795,7 @@ int process_update(const struct secvar *update, char **newesl, out: free(auth_buffer); - free(tbhbuffer); + free(hash); return rc; } |