diff options
author | Sami Tolvanen <samitolvanen@google.com> | 2014-11-06 20:33:07 -0800 |
---|---|---|
committer | Iliyan Malchev <malchev@google.com> | 2014-11-13 15:42:50 -0800 |
commit | 9573a13bbc015c555adff1e4e0fbef2a18963111 (patch) | |
tree | 7a76e17ddcfd3717dbde3917a7d49c271f4c7d47 /fs_mgr | |
parent | eb6036ac6be82dcc6e110de22574972631c8f83e (diff) | |
download | system_core-9573a13bbc015c555adff1e4e0fbef2a18963111.zip system_core-9573a13bbc015c555adff1e4e0fbef2a18963111.tar.gz system_core-9573a13bbc015c555adff1e4e0fbef2a18963111.tar.bz2 |
DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1
Verity metadata signatures will be switched to SHA-256. Switch
fs_mgr signature verification to use the correct algorithm.
Needs matching changes from
https://googleplex-android-review.git.corp.google.com/#/c/579905/
https://googleplex-android-review.git.corp.google.com/#/c/583213/
https://googleplex-android-review.git.corp.google.com/#/c/583214/
https://googleplex-android-review.git.corp.google.com/#/c/583233/
Bug: 15984840
Bug: 18120110
Bug: 17917515
Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2
(cherry picked from commit a3465e250cfc3c00931735711e11ad61cf84d8b2)
Diffstat (limited to 'fs_mgr')
-rw-r--r-- | fs_mgr/fs_mgr_verity.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index 83e8043..b2f493a 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -86,11 +86,11 @@ static RSAPublicKey *load_key(char *path) static int verify_table(char *signature, char *table, int table_length) { RSAPublicKey *key; - uint8_t hash_buf[SHA_DIGEST_SIZE]; + uint8_t hash_buf[SHA256_DIGEST_SIZE]; int retval = -1; // Hash the table - SHA_hash((uint8_t*)table, table_length, hash_buf); + SHA256_hash((uint8_t*)table, table_length, hash_buf); // Now get the public key from the keyfile key = load_key(VERITY_TABLE_RSA_KEY); @@ -104,7 +104,7 @@ static int verify_table(char *signature, char *table, int table_length) (uint8_t*) signature, RSANUMBYTES, (uint8_t*) hash_buf, - SHA_DIGEST_SIZE)) { + SHA256_DIGEST_SIZE)) { ERROR("Couldn't verify table."); goto out; } |