aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTianjie Xu2017-07-10 17:13:33 -0500
committerTianjie Xu2017-07-19 14:17:41 -0500
commitde6735e80cc65be50381388640d94f1b1d0f20fa (patch)
treebdcda7cd5a4e2baa1f45c66f6a1698df47119175 /verifier.cpp
parent8155a8ba74bce27626f3ce3f088951298c44776d (diff)
downloadplatform-bootable-recovery-de6735e80cc65be50381388640d94f1b1d0f20fa.tar.gz
platform-bootable-recovery-de6735e80cc65be50381388640d94f1b1d0f20fa.tar.xz
platform-bootable-recovery-de6735e80cc65be50381388640d94f1b1d0f20fa.zip
Fix the android-cloexec-* warnings in bootable/recovery
Add the O_CLOEXEC or 'e' accordingly. Bug: 63510015 Test: recovery tests pass Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
Diffstat (limited to 'verifier.cpp')
-rw-r--r--verifier.cpp143
1 files changed, 71 insertions, 72 deletions
diff --git a/verifier.cpp b/verifier.cpp
index 2ef9c4c3..18437fb7 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -474,81 +474,80 @@ std::unique_ptr<EC_KEY, ECKEYDeleter> parse_ec_key(FILE* file) {
474// Otherwise returns false if the file failed to parse, or if it contains zero 474// Otherwise returns false if the file failed to parse, or if it contains zero
475// keys. The contents in certs would be unspecified on failure. 475// keys. The contents in certs would be unspecified on failure.
476bool load_keys(const char* filename, std::vector<Certificate>& certs) { 476bool load_keys(const char* filename, std::vector<Certificate>& certs) {
477 std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose); 477 std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "re"), fclose);
478 if (!f) { 478 if (!f) {
479 PLOG(ERROR) << "error opening " << filename; 479 PLOG(ERROR) << "error opening " << filename;
480 return false; 480 return false;
481 } 481 }
482
483 while (true) {
484 certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
485 Certificate& cert = certs.back();
486 uint32_t exponent = 0;
487
488 char start_char;
489 if (fscanf(f.get(), " %c", &start_char) != 1) return false;
490 if (start_char == '{') {
491 // a version 1 key has no version specifier.
492 cert.key_type = Certificate::KEY_TYPE_RSA;
493 exponent = 3;
494 cert.hash_len = SHA_DIGEST_LENGTH;
495 } else if (start_char == 'v') {
496 int version;
497 if (fscanf(f.get(), "%d {", &version) != 1) return false;
498 switch (version) {
499 case 2:
500 cert.key_type = Certificate::KEY_TYPE_RSA;
501 exponent = 65537;
502 cert.hash_len = SHA_DIGEST_LENGTH;
503 break;
504 case 3:
505 cert.key_type = Certificate::KEY_TYPE_RSA;
506 exponent = 3;
507 cert.hash_len = SHA256_DIGEST_LENGTH;
508 break;
509 case 4:
510 cert.key_type = Certificate::KEY_TYPE_RSA;
511 exponent = 65537;
512 cert.hash_len = SHA256_DIGEST_LENGTH;
513 break;
514 case 5:
515 cert.key_type = Certificate::KEY_TYPE_EC;
516 cert.hash_len = SHA256_DIGEST_LENGTH;
517 break;
518 default:
519 return false;
520 }
521 }
522 482
523 if (cert.key_type == Certificate::KEY_TYPE_RSA) { 483 while (true) {
524 cert.rsa = parse_rsa_key(f.get(), exponent); 484 certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
525 if (!cert.rsa) { 485 Certificate& cert = certs.back();
526 return false; 486 uint32_t exponent = 0;
527 } 487
488 char start_char;
489 if (fscanf(f.get(), " %c", &start_char) != 1) return false;
490 if (start_char == '{') {
491 // a version 1 key has no version specifier.
492 cert.key_type = Certificate::KEY_TYPE_RSA;
493 exponent = 3;
494 cert.hash_len = SHA_DIGEST_LENGTH;
495 } else if (start_char == 'v') {
496 int version;
497 if (fscanf(f.get(), "%d {", &version) != 1) return false;
498 switch (version) {
499 case 2:
500 cert.key_type = Certificate::KEY_TYPE_RSA;
501 exponent = 65537;
502 cert.hash_len = SHA_DIGEST_LENGTH;
503 break;
504 case 3:
505 cert.key_type = Certificate::KEY_TYPE_RSA;
506 exponent = 3;
507 cert.hash_len = SHA256_DIGEST_LENGTH;
508 break;
509 case 4:
510 cert.key_type = Certificate::KEY_TYPE_RSA;
511 exponent = 65537;
512 cert.hash_len = SHA256_DIGEST_LENGTH;
513 break;
514 case 5:
515 cert.key_type = Certificate::KEY_TYPE_EC;
516 cert.hash_len = SHA256_DIGEST_LENGTH;
517 break;
518 default:
519 return false;
520 }
521 }
528 522
529 LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len; 523 if (cert.key_type == Certificate::KEY_TYPE_RSA) {
530 } else if (cert.key_type == Certificate::KEY_TYPE_EC) { 524 cert.rsa = parse_rsa_key(f.get(), exponent);
531 cert.ec = parse_ec_key(f.get()); 525 if (!cert.rsa) {
532 if (!cert.ec) { 526 return false;
533 return false; 527 }
534 }
535 } else {
536 LOG(ERROR) << "Unknown key type " << cert.key_type;
537 return false;
538 }
539 528
540 // if the line ends in a comma, this file has more keys. 529 LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len;
541 int ch = fgetc(f.get()); 530 } else if (cert.key_type == Certificate::KEY_TYPE_EC) {
542 if (ch == ',') { 531 cert.ec = parse_ec_key(f.get());
543 // more keys to come. 532 if (!cert.ec) {
544 continue; 533 return false;
545 } else if (ch == EOF) { 534 }
546 break; 535 } else {
547 } else { 536 LOG(ERROR) << "Unknown key type " << cert.key_type;
548 LOG(ERROR) << "unexpected character between keys"; 537 return false;
549 return false;
550 }
551 } 538 }
552 539
553 return true; 540 // if the line ends in a comma, this file has more keys.
541 int ch = fgetc(f.get());
542 if (ch == ',') {
543 // more keys to come.
544 continue;
545 } else if (ch == EOF) {
546 break;
547 } else {
548 LOG(ERROR) << "unexpected character between keys";
549 return false;
550 }
551 }
552 return true;
554} 553}