Check for public key before checking for signatures
The current code is breaking the Chrome OS because in Chrome OS we can
install an unsigned payload into an image that doesn't have the update
payload's public key. The current code is checking for the existence of
signature first. But there is no point checking for the existence of
signature if there is not going to be a public key available to verify
it. So the order needs to be switched. This used to be the older
behavior.
Bug: 163153182
Test: cros flash
Change-Id: Ifa7026d2f288acdd4450017ce0d120272021267f
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index ba96047..d9efc30 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -1818,6 +1818,16 @@
return ErrorCode::kPayloadSizeMismatchError;
}
+ auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
+ if (!perform_verification) {
+ LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
+ return ErrorCode::kSuccess;
+ }
+ if (!payload_verifier) {
+ LOG(ERROR) << "Failed to create the payload verifier.";
+ return ErrorCode::kDownloadPayloadPubKeyVerificationError;
+ }
+
// Verifies the payload hash.
TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadVerificationError,
!payload_hash_calculator_.raw_hash().empty());
@@ -1831,15 +1841,6 @@
TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadPubKeyVerificationError,
hash_data.size() == kSHA256Size);
- auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
- if (!perform_verification) {
- LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
- return ErrorCode::kSuccess;
- }
- if (!payload_verifier) {
- LOG(ERROR) << "Failed to create the payload verifier.";
- return ErrorCode::kDownloadPayloadPubKeyVerificationError;
- }
if (!payload_verifier->VerifySignature(signatures_message_data_, hash_data)) {
// The autoupdate_CatchBadSignatures test checks for this string
// in log-files. Keep in sync.