Google Git
Sign in
android / platform / system / update_engine / 7d192200b897a9d65912e270691e5a3c8a8ff1a7^! / . / payload_consumer / payload_verifier.cc
commit7d192200b897a9d65912e270691e5a3c8a8ff1a7[log] [tgz]
authorAmin Hassani <[email protected]>Tue Sep 29 15:58:37 2020 -0700
committerCommit Bot <[email protected]>Wed Sep 30 18:52:36 2020 +0000
treef9324fe348633417d3004c17be2faf5e350d309a
parentfbe526cb9cbcfab38cbea286eca6b8c2f19a75af [diff] [blame]
update_engine: Switch back crypto function calls to get0 version

Because of b/158580694 we had to switch the crypto calls to get1 version
and manually release them. Since that bug has been marked as fixed, we
can now switch it back to its original form.

BUG=b:163153182
TEST=FEATURES=test emerge update_engine

Change-Id: I8c2ff6619f592fc5e78a45efce14d42626d66034
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2438992
Tested-by: Amin Hassani <[email protected]>
Auto-Submit: Amin Hassani <[email protected]>
Reviewed-by: Jae Hoon Kim <[email protected]>
Commit-Queue: Amin Hassani <[email protected]>

diff --git a/payload_consumer/payload_verifier.cc b/payload_consumer/payload_verifier.cc
index 7fd2b8e..85902c8 100644
--- a/payload_consumer/payload_verifier.cc
+++ b/payload_consumer/payload_verifier.cc

@@ -175,10 +175,7 @@
     }
 
     if (key_type == EVP_PKEY_EC) {
-      // TODO(b/158580694): Switch back to get0 version and remove manual
-      // freeing of the object once the bug is resolved or gale has been moved
-      // to informational.
-      EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(public_key.get());
+      EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(public_key.get());
       TEST_AND_RETURN_FALSE(ec_key != nullptr);
       if (ECDSA_verify(0,
                        sha256_hash_data.data(),
@@ -186,10 +183,8 @@
                        sig_data.data(),
                        sig_data.size(),
                        ec_key) == 1) {
-        EC_KEY_free(ec_key);
         return true;
       }
-      EC_KEY_free(ec_key);
     }
 
     LOG(ERROR) << "Unsupported key type " << key_type;
@@ -204,21 +199,16 @@
     const brillo::Blob& sig_data,
     const EVP_PKEY* public_key,
     brillo::Blob* out_hash_data) const {
-  // TODO(b/158580694): Switch back to get0 version and remove manual freeing of
-  // the object once the bug is resolved or gale has been moved to
-  // informational.
-  //
   // The code below executes the equivalent of:
   //
   // openssl rsautl -verify -pubin -inkey <(echo pem_public_key)
   //   -in |sig_data| -out |out_hash_data|
-  RSA* rsa = EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(public_key));
+  RSA* rsa = EVP_PKEY_get0_RSA(const_cast<EVP_PKEY*>(public_key));
 
   TEST_AND_RETURN_FALSE(rsa != nullptr);
   unsigned int keysize = RSA_size(rsa);
   if (sig_data.size() > 2 * keysize) {
     LOG(ERROR) << "Signature size is too big for public key size.";
-    RSA_free(rsa);
     return false;
   }
 
@@ -226,7 +216,6 @@
   brillo::Blob hash_data(keysize);
   int decrypt_size = RSA_public_decrypt(
       sig_data.size(), sig_data.data(), hash_data.data(), rsa, RSA_NO_PADDING);
-  RSA_free(rsa);
   TEST_AND_RETURN_FALSE(decrypt_size > 0 &&
                         decrypt_size <= static_cast<int>(hash_data.size()));
   hash_data.resize(decrypt_size);