resolve merge conflicts of 8febafa to nyc-dev-plus-aosp
am: 6e08bff
* commit '6e08bff22b6b9019c72422e1902201d7cb4397b5':
Use BoringSSL instead of mincrypt to speed up package verification.
Change-Id: I1fce90ecfa92369b767c2d3387dfe72dced4faad
This commit is contained in:
Elliott Hughes
android-build-merger
+8
-6
@@ -23,6 +23,7 @@
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <chrono>
|
||||
#include <vector>
|
||||
|
||||
#include "common.h"
|
||||
@@ -228,6 +229,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
|
||||
return INSTALL_CORRUPT;
|
||||
}
|
||||
|
||||
// Load keys.
|
||||
std::vector<Certificate> loadedKeys;
|
||||
if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
|
||||
LOGE("Failed to load keys\n");
|
||||
@@ -235,18 +237,19 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
|
||||
}
|
||||
LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE);
|
||||
|
||||
// Verify package.
|
||||
ui->Print("Verifying update package...\n");
|
||||
|
||||
auto t0 = std::chrono::system_clock::now();
|
||||
int err = verify_file(map.addr, map.length, loadedKeys);
|
||||
LOGI("verify_file returned %d\n", err);
|
||||
std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
|
||||
ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
|
||||
if (err != VERIFY_SUCCESS) {
|
||||
LOGE("signature verification failed\n");
|
||||
sysReleaseMap(&map);
|
||||
return INSTALL_CORRUPT;
|
||||
}
|
||||
|
||||
/* Try to open the package.
|
||||
*/
|
||||
// Try to open the package.
|
||||
ZipArchive zip;
|
||||
err = mzOpenZipArchive(map.addr, map.length, &zip);
|
||||
if (err != 0) {
|
||||
@@ -255,8 +258,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
|
||||
return INSTALL_CORRUPT;
|
||||
}
|
||||
|
||||
/* Verify and install the contents of the package.
|
||||
*/
|
||||
// Verify and install the contents of the package.
|
||||
ui->Print("Installing update...\n");
|
||||
ui->SetEnableReboot(false);
|
||||
int result = try_update_binary(path, &zip, wipe_cache);
|
||||
|
||||
+6
-4
@@ -32,6 +32,8 @@
|
||||
|
||||
extern RecoveryUI* ui;
|
||||
|
||||
static constexpr size_t MiB = 1024 * 1024;
|
||||
|
||||
/*
|
||||
* Simple version of PKCS#7 SignedData extraction. This extracts the
|
||||
* signature OCTET STRING to be used for signature verification.
|
||||
@@ -187,8 +189,6 @@ int verify_file(unsigned char* addr, size_t length,
|
||||
}
|
||||
}
|
||||
|
||||
#define BUFFER_SIZE 4096
|
||||
|
||||
bool need_sha1 = false;
|
||||
bool need_sha256 = false;
|
||||
for (const auto& key : keys) {
|
||||
@@ -206,8 +206,10 @@ int verify_file(unsigned char* addr, size_t length,
|
||||
double frac = -1.0;
|
||||
size_t so_far = 0;
|
||||
while (so_far < signed_len) {
|
||||
size_t size = signed_len - so_far;
|
||||
if (size > BUFFER_SIZE) size = BUFFER_SIZE;
|
||||
// On a Nexus 9, experiment didn't show any performance improvement with
|
||||
// larger sizes past 1MiB, and they reduce the granularity of the progress
|
||||
// bar. http://b/28135231.
|
||||
size_t size = std::min(signed_len - so_far, 1 * MiB);
|
||||
|
||||
if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size);
|
||||
if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size);
|
||||
|
||||
Reference in New Issue
Block a user