CR50: remove checks on RSA key buffer size

Remove buffer size checks in _cpri__GenerateKeyRSA(). The TPM stack passes in TPM2B buffers that may have the size field uninitialized. Callees are expected to assume that the buffer size is sufficient for the requested operation. BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524 TEST=TCG test CPCTPM_TC2_2_20_03_02 reliably passes Change-Id: I3d9bc2475b82dfaa9ed1d2617b1c333ff4df409d Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/340883 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2026-01-09 09:01:35 +00:00 · 2016-04-27 08:17:11 -07:00
parent 45d9f6afeb
commit 3d030e6409
1 changed files with 0 additions and 5 deletions
--- a/board/cr50/tpm2/rsa.c
+++ b/board/cr50/tpm2/rsa.c
@@ -307,10 +307,6 @@ CRYPT_RESULT _cpri__GenerateKeyRSA(

 	if (num_bits & 0xF)
 		return CRYPT_FAIL;
-	if (num_bytes / 2 > p_buf->size)
-		return CRYPT_FAIL;
-	if (N_buf->size > 0 && num_bytes > N_buf->size)
-		return CRYPT_FAIL;
 	if (num_bytes > RSA_MAX_BYTES)
 		return CRYPT_FAIL;
 	/* Seed size must be at least 2*security_strength per TPM 2.0 spec. */
@@ -320,7 +316,6 @@ CRYPT_RESULT _cpri__GenerateKeyRSA(
 	if (e_buf == 0)
 		e_buf = RSA_F4;

-	N_buf->size = num_bytes;
 	DCRYPTO_bn_wrap(&e, &e_buf, sizeof(e_buf));
 	DCRYPTO_bn_wrap(&p, p_buf->buffer, num_bytes / 2);
 	DCRYPTO_bn_wrap(&q, q_buf, num_bytes / 2);