summaryrefslogtreecommitdiffstats
path: root/fs_mgr
diff options
context:
space:
mode:
authorSami Tolvanen <samitolvanen@google.com>2014-11-06 20:33:07 -0800
committerIliyan Malchev <malchev@google.com>2014-11-13 15:42:50 -0800
commit9573a13bbc015c555adff1e4e0fbef2a18963111 (patch)
tree7a76e17ddcfd3717dbde3917a7d49c271f4c7d47 /fs_mgr
parenteb6036ac6be82dcc6e110de22574972631c8f83e (diff)
downloadsystem_core-9573a13bbc015c555adff1e4e0fbef2a18963111.zip
system_core-9573a13bbc015c555adff1e4e0fbef2a18963111.tar.gz
system_core-9573a13bbc015c555adff1e4e0fbef2a18963111.tar.bz2
DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1
Verity metadata signatures will be switched to SHA-256. Switch fs_mgr signature verification to use the correct algorithm. Needs matching changes from https://googleplex-android-review.git.corp.google.com/#/c/579905/ https://googleplex-android-review.git.corp.google.com/#/c/583213/ https://googleplex-android-review.git.corp.google.com/#/c/583214/ https://googleplex-android-review.git.corp.google.com/#/c/583233/ Bug: 15984840 Bug: 18120110 Bug: 17917515 Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2 (cherry picked from commit a3465e250cfc3c00931735711e11ad61cf84d8b2)
Diffstat (limited to 'fs_mgr')
-rw-r--r--fs_mgr/fs_mgr_verity.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index 83e8043..b2f493a 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -86,11 +86,11 @@ static RSAPublicKey *load_key(char *path)
static int verify_table(char *signature, char *table, int table_length)
{
RSAPublicKey *key;
- uint8_t hash_buf[SHA_DIGEST_SIZE];
+ uint8_t hash_buf[SHA256_DIGEST_SIZE];
int retval = -1;
// Hash the table
- SHA_hash((uint8_t*)table, table_length, hash_buf);
+ SHA256_hash((uint8_t*)table, table_length, hash_buf);
// Now get the public key from the keyfile
key = load_key(VERITY_TABLE_RSA_KEY);
@@ -104,7 +104,7 @@ static int verify_table(char *signature, char *table, int table_length)
(uint8_t*) signature,
RSANUMBYTES,
(uint8_t*) hash_buf,
- SHA_DIGEST_SIZE)) {
+ SHA256_DIGEST_SIZE)) {
ERROR("Couldn't verify table.");
goto out;
}