verity: Fix the broken 'build_verity_tree -A'.
Commit 6eb049322c26431961fb69168a113bfd27016ab3 introduced a bug in
checking if there's any passed-in salt string (via '-A <salt>' or '-a
<salt>'). "salt.data()" should be "salt.empty()", which otherwise may
or may not be nullptr even if salt is empty. This CL fixes the issue.
This CL also removes the duplicate variable 'salt_size', which can be
fully covered by salt.size().
Test: m build_verity_tree;
Test: `build_verity_tree system.img verity.img` gives random root hash
and salt string across runs.
Test: `build_verity_tree -A <hex string> system.img verity.img` gives
identical results across runs.
Test: `build_verity_tree -a <string> system.img verity.img` gives
identical results across runs.
Change-Id: I377e42fc48c0f703dc33d813466f6ef60514bbe5
diff --git a/verity/build_verity_tree.cpp b/verity/build_verity_tree.cpp
index 69c761d..e841c20 100644
--- a/verity/build_verity_tree.cpp
+++ b/verity/build_verity_tree.cpp
@@ -127,7 +127,6 @@
char *data_filename;
char *verity_filename;
std::vector<unsigned char> salt;
- size_t salt_size = 0;
bool sparse = false;
size_t block_size = 4096;
uint64_t calculate_size = 0;
@@ -158,9 +157,9 @@
if(!BN_hex2bn(&bn, optarg)) {
FATAL("failed to convert salt from hex\n");
}
- salt_size = BN_num_bytes(bn);
+ size_t salt_size = BN_num_bytes(bn);
salt.resize(salt_size);
- if((size_t)BN_bn2bin(bn, salt.data()) != salt_size) {
+ if (BN_bn2bin(bn, salt.data()) != salt_size) {
FATAL("failed to convert salt to bytes\n");
}
}
@@ -207,18 +206,17 @@
size_t hash_size = EVP_MD_size(md);
assert(hash_size * 2 < block_size);
- if (salt.data() || !salt_size) {
- salt_size = hash_size;
- salt.resize(salt_size);
+ if (salt.empty()) {
+ salt.resize(hash_size);
int random_fd = open("/dev/urandom", O_RDONLY);
if (random_fd < 0) {
FATAL("failed to open /dev/urandom\n");
}
- ssize_t ret = read(random_fd, salt.data(), salt_size);
- if (ret != (ssize_t)salt_size) {
- FATAL("failed to read %zu bytes from /dev/urandom: %zd %d\n", salt_size, ret, errno);
+ ssize_t ret = read(random_fd, salt.data(), salt.size());
+ if (ret != static_cast<ssize_t>(salt.size())) {
+ FATAL("failed to read %zu bytes from /dev/urandom: %zd %d\n", salt.size(), ret, errno);
}
close(random_fd);
}
@@ -300,7 +298,7 @@
unsigned char zero_block_hash[hash_size];
unsigned char zero_block[block_size];
memset(zero_block, 0, block_size);
- hash_block(md, zero_block, block_size, salt.data(), salt_size, zero_block_hash, NULL);
+ hash_block(md, zero_block, block_size, salt.data(), salt.size(), zero_block_hash, NULL);
unsigned char root_hash[hash_size];
verity_tree_levels[levels] = root_hash;
@@ -308,7 +306,7 @@
struct sparse_hash_ctx ctx;
ctx.hashes = verity_tree_levels[0];
ctx.salt = salt.data();
- ctx.salt_size = salt_size;
+ ctx.salt_size = salt.size();
ctx.hash_size = hash_size;
ctx.block_size = block_size;
ctx.zero_block_hash = zero_block_hash;
@@ -324,7 +322,7 @@
hash_blocks(md,
verity_tree_levels[i], verity_tree_level_blocks[i] * block_size,
verity_tree_levels[i + 1], &out_size,
- salt.data(), salt_size, block_size);
+ salt.data(), salt.size(), block_size);
if (i < levels - 1) {
assert(div_round_up(out_size, block_size) == verity_tree_level_blocks[i + 1]);
} else {
@@ -336,8 +334,8 @@
printf("%02x", root_hash[i]);
}
printf(" ");
- for (size_t i = 0; i < salt_size; i++) {
- printf("%02x", salt.data()[i]);
+ for (size_t i = 0; i < salt.size(); i++) {
+ printf("%02x", salt[i]);
}
printf("\n");