Check for public key before checking for signatures am: f624e1167d am: 9e14d49301 am: 0db5963bd8
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1428103
Change-Id: I8e6fbf0f95b8b7f5f995a244b1cf22745054c70b
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index ba96047..d9efc30 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -1818,6 +1818,16 @@
return ErrorCode::kPayloadSizeMismatchError;
}
+ auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
+ if (!perform_verification) {
+ LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
+ return ErrorCode::kSuccess;
+ }
+ if (!payload_verifier) {
+ LOG(ERROR) << "Failed to create the payload verifier.";
+ return ErrorCode::kDownloadPayloadPubKeyVerificationError;
+ }
+
// Verifies the payload hash.
TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadVerificationError,
!payload_hash_calculator_.raw_hash().empty());
@@ -1831,15 +1841,6 @@
TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadPubKeyVerificationError,
hash_data.size() == kSHA256Size);
- auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
- if (!perform_verification) {
- LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
- return ErrorCode::kSuccess;
- }
- if (!payload_verifier) {
- LOG(ERROR) << "Failed to create the payload verifier.";
- return ErrorCode::kDownloadPayloadPubKeyVerificationError;
- }
if (!payload_verifier->VerifySignature(signatures_message_data_, hash_data)) {
// The autoupdate_CatchBadSignatures test checks for this string
// in log-files. Keep in sync.