From 3d030e640908efaf1a3948b9c4c4280c8d404a4c Mon Sep 17 00:00:00 2001
From: nagendra modadugu <ngm@google.com>
Date: Wed, 27 Apr 2016 08:17:11 -0700
Subject: [PATCH] CR50: remove checks on RSA key buffer size

Remove buffer size checks in _cpri__GenerateKeyRSA().

The TPM stack passes in TPM2B buffers that
may have the size field uninitialized.
Callees are expected to assume that the
buffer size is sufficient for the requested
operation.

BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=TCG test CPCTPM_TC2_2_20_03_02 reliably passes

Change-Id: I3d9bc2475b82dfaa9ed1d2617b1c333ff4df409d
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/340883
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
---
 board/cr50/tpm2/rsa.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c
index 43e7d4e23d..306eccb92d 100644
--- a/board/cr50/tpm2/rsa.c
+++ b/board/cr50/tpm2/rsa.c
@@ -307,10 +307,6 @@ CRYPT_RESULT _cpri__GenerateKeyRSA(
 
 	if (num_bits & 0xF)
 		return CRYPT_FAIL;
-	if (num_bytes / 2 > p_buf->size)
-		return CRYPT_FAIL;
-	if (N_buf->size > 0 && num_bytes > N_buf->size)
-		return CRYPT_FAIL;
 	if (num_bytes > RSA_MAX_BYTES)
 		return CRYPT_FAIL;
 	/* Seed size must be at least 2*security_strength per TPM 2.0 spec. */
@@ -320,7 +316,6 @@ CRYPT_RESULT _cpri__GenerateKeyRSA(
 	if (e_buf == 0)
 		e_buf = RSA_F4;
 
-	N_buf->size = num_bytes;
 	DCRYPTO_bn_wrap(&e, &e_buf, sizeof(e_buf));
 	DCRYPTO_bn_wrap(&p, p_buf->buffer, num_bytes / 2);
 	DCRYPTO_bn_wrap(&q, q_buf, num_bytes / 2);