diff options
author | Tao Bao <tbao@google.com> | 2017-09-22 22:09:32 -0700 |
---|---|---|
committer | Tao Bao <tbao@google.com> | 2017-09-22 22:38:00 -0700 |
commit | 88d51357dc38642e709216ec2217b18e92884b35 (patch) | |
tree | 3f612e62acf6e12db07a27bb19f460e037534fd5 /verity/build_verity_tree.cpp | |
parent | 1db7fa615d40c8eebd4fb844d8bef526b925822b (diff) | |
download | extras-88d51357dc38642e709216ec2217b18e92884b35.tar.gz |
verity: Fix the broken 'build_verity_tree -A'.
Commit 6eb049322c26431961fb69168a113bfd27016ab3 introduced a bug in
checking if there's any passed-in salt string (via '-A <salt>' or '-a
<salt>'). "salt.data()" should be "salt.empty()", which otherwise may
or may not be nullptr even if salt is empty. This CL fixes the issue.
This CL also removes the duplicate variable 'salt_size', which can be
fully covered by salt.size().
Test: m build_verity_tree;
Test: `build_verity_tree system.img verity.img` gives random root hash
and salt string across runs.
Test: `build_verity_tree -A <hex string> system.img verity.img` gives
identical results across runs.
Test: `build_verity_tree -a <string> system.img verity.img` gives
identical results across runs.
Change-Id: I377e42fc48c0f703dc33d813466f6ef60514bbe5
Diffstat (limited to 'verity/build_verity_tree.cpp')
-rw-r--r-- | verity/build_verity_tree.cpp | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/verity/build_verity_tree.cpp b/verity/build_verity_tree.cpp index 69c761de..e841c20e 100644 --- a/verity/build_verity_tree.cpp +++ b/verity/build_verity_tree.cpp @@ -127,7 +127,6 @@ int main(int argc, char **argv) char *data_filename; char *verity_filename; std::vector<unsigned char> salt; - size_t salt_size = 0; bool sparse = false; size_t block_size = 4096; uint64_t calculate_size = 0; @@ -158,9 +157,9 @@ int main(int argc, char **argv) if(!BN_hex2bn(&bn, optarg)) { FATAL("failed to convert salt from hex\n"); } - salt_size = BN_num_bytes(bn); + size_t salt_size = BN_num_bytes(bn); salt.resize(salt_size); - if((size_t)BN_bn2bin(bn, salt.data()) != salt_size) { + if (BN_bn2bin(bn, salt.data()) != salt_size) { FATAL("failed to convert salt to bytes\n"); } } @@ -207,18 +206,17 @@ int main(int argc, char **argv) size_t hash_size = EVP_MD_size(md); assert(hash_size * 2 < block_size); - if (salt.data() || !salt_size) { - salt_size = hash_size; - salt.resize(salt_size); + if (salt.empty()) { + salt.resize(hash_size); int random_fd = open("/dev/urandom", O_RDONLY); if (random_fd < 0) { FATAL("failed to open /dev/urandom\n"); } - ssize_t ret = read(random_fd, salt.data(), salt_size); - if (ret != (ssize_t)salt_size) { - FATAL("failed to read %zu bytes from /dev/urandom: %zd %d\n", salt_size, ret, errno); + ssize_t ret = read(random_fd, salt.data(), salt.size()); + if (ret != static_cast<ssize_t>(salt.size())) { + FATAL("failed to read %zu bytes from /dev/urandom: %zd %d\n", salt.size(), ret, errno); } close(random_fd); } @@ -300,7 +298,7 @@ int main(int argc, char **argv) unsigned char zero_block_hash[hash_size]; unsigned char zero_block[block_size]; memset(zero_block, 0, block_size); - hash_block(md, zero_block, block_size, salt.data(), salt_size, zero_block_hash, NULL); + hash_block(md, zero_block, block_size, salt.data(), salt.size(), zero_block_hash, NULL); unsigned char root_hash[hash_size]; verity_tree_levels[levels] = root_hash; @@ -308,7 +306,7 @@ int main(int argc, char **argv) struct sparse_hash_ctx ctx; ctx.hashes = verity_tree_levels[0]; ctx.salt = salt.data(); - ctx.salt_size = salt_size; + ctx.salt_size = salt.size(); ctx.hash_size = hash_size; ctx.block_size = block_size; ctx.zero_block_hash = zero_block_hash; @@ -324,7 +322,7 @@ int main(int argc, char **argv) hash_blocks(md, verity_tree_levels[i], verity_tree_level_blocks[i] * block_size, verity_tree_levels[i + 1], &out_size, - salt.data(), salt_size, block_size); + salt.data(), salt.size(), block_size); if (i < levels - 1) { assert(div_round_up(out_size, block_size) == verity_tree_level_blocks[i + 1]); } else { @@ -336,8 +334,8 @@ int main(int argc, char **argv) printf("%02x", root_hash[i]); } printf(" "); - for (size_t i = 0; i < salt_size; i++) { - printf("%02x", salt.data()[i]); + for (size_t i = 0; i < salt.size(); i++) { + printf("%02x", salt[i]); } printf("\n"); |