diff options
author | fgalligan@chromium.org <fgalligan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-24 23:03:31 +0000 |
---|---|---|
committer | fgalligan@chromium.org <fgalligan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-24 23:03:31 +0000 |
commit | 168dcc10daf00c3ce0470f85afdaba9eb0ede171 (patch) | |
tree | 96517bde5d0f71ba6acb01305a53591865bba86d /media/crypto | |
parent | 09a756895daa66fe63c2a75b29c4473a4eeca4b3 (diff) | |
download | chromium_src-168dcc10daf00c3ce0470f85afdaba9eb0ede171.zip chromium_src-168dcc10daf00c3ce0470f85afdaba9eb0ede171.tar.gz chromium_src-168dcc10daf00c3ce0470f85afdaba9eb0ede171.tar.bz2 |
Replace memcmp() with HMAC.VerifyTruncated() in aes_decryptor.cc
BUG=138682
TEST=media_unittests --gtest_filter=AesDecryptor*
Review URL: https://chromiumcodereview.appspot.com/10800091
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148240 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'media/crypto')
-rw-r--r-- | media/crypto/aes_decryptor.cc | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/media/crypto/aes_decryptor.cc b/media/crypto/aes_decryptor.cc index e69f406..730a9b8 100644 --- a/media/crypto/aes_decryptor.cc +++ b/media/crypto/aes_decryptor.cc @@ -66,21 +66,22 @@ static bool CheckData(const DecoderBuffer& input, if (!hmac.Init(hmac_key)) return false; - // The HMAC covers the IV and the frame data. + // The component that initializes |input.GetDecryptConfig()| is responsible + // for checking that |input.GetDecryptConfig()->checksum_size()| matches + // what is defined by the format. + + // Here, check that checksum size is not greater than the hash + // algorithm's digest length. + DCHECK_LE(input.GetDecryptConfig()->checksum_size(), + static_cast<int>(hmac.DigestLength())); + base::StringPiece data_to_check( reinterpret_cast<const char*>(input.GetData()), input.GetDataSize()); + base::StringPiece digest( + reinterpret_cast<const char*>(input.GetDecryptConfig()->checksum()), + input.GetDecryptConfig()->checksum_size()); - scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]); - if (!hmac.Sign(data_to_check, calculated_hmac.get(), hmac.DigestLength())) - return false; - - DCHECK(input.GetDecryptConfig()->checksum_size() <= - static_cast<int>(hmac.DigestLength())); - if (memcmp(input.GetDecryptConfig()->checksum(), - calculated_hmac.get(), - input.GetDecryptConfig()->checksum_size()) != 0) - return false; - return true; + return hmac.VerifyTruncated(data_to_check, digest); } // Decrypts |input| using |key|. |encrypted_data_offset| is the number of bytes |