commit 9573a13bbc015c555adff1e4e0fbef2a18963111
author Sami Tolvanen <samitolvanen@google.com> Thu Nov 06 20:33:07 2014 -0800
committer Iliyan Malchev <malchev@google.com> Thu Nov 13 15:42:50 2014 -0800
tree 7a76e17ddcfd3717dbde3917a7d49c271f4c7d47
parent eb6036ac6be82dcc6e110de22574972631c8f83e

DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1

Verity metadata signatures will be switched to SHA-256. Switch
fs_mgr signature verification to use the correct algorithm.

Needs matching changes from
  https://googleplex-android-review.git.corp.google.com/#/c/579905/
  https://googleplex-android-review.git.corp.google.com/#/c/583213/
  https://googleplex-android-review.git.corp.google.com/#/c/583214/
  https://googleplex-android-review.git.corp.google.com/#/c/583233/

Bug: 15984840
Bug: 18120110
Bug: 17917515
Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2
(cherry picked from commit a3465e250cfc3c00931735711e11ad61cf84d8b2)

fs_mgr/fs_mgr_verity.c

diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index 83e8043..b2f493a 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -86,11 +86,11 @@
 static int verify_table(char *signature, char *table, int table_length)
 {
     RSAPublicKey *key;
-    uint8_t hash_buf[SHA_DIGEST_SIZE];
+    uint8_t hash_buf[SHA256_DIGEST_SIZE];
     int retval = -1;
 
     // Hash the table
-    SHA_hash((uint8_t*)table, table_length, hash_buf);
+    SHA256_hash((uint8_t*)table, table_length, hash_buf);
 
     // Now get the public key from the keyfile
     key = load_key(VERITY_TABLE_RSA_KEY);
@@ -104,7 +104,7 @@
                     (uint8_t*) signature,
                     RSANUMBYTES,
                     (uint8_t*) hash_buf,
-                    SHA_DIGEST_SIZE)) {
+                    SHA256_DIGEST_SIZE)) {
         ERROR("Couldn't verify table.");
         goto out;
     }