resolve merge conflicts of 8febafa to nyc-dev-plus-aosp
am: 6e08bff
* commit '6e08bff22b6b9019c72422e1902201d7cb4397b5':
Use BoringSSL instead of mincrypt to speed up package verification.
Change-Id: I1fce90ecfa92369b767c2d3387dfe72dced4faad
diff --git a/install.cpp b/install.cpp
index a7b59c3..7113fa2 100644
--- a/install.cpp
+++ b/install.cpp
@@ -23,6 +23,7 @@
#include <sys/wait.h>
#include <unistd.h>
+#include <chrono>
#include <vector>
#include "common.h"
@@ -228,6 +229,7 @@
return INSTALL_CORRUPT;
}
+ // Load keys.
std::vector<Certificate> loadedKeys;
if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
LOGE("Failed to load keys\n");
@@ -235,18 +237,19 @@
}
LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE);
+ // Verify package.
ui->Print("Verifying update package...\n");
-
+ auto t0 = std::chrono::system_clock::now();
int err = verify_file(map.addr, map.length, loadedKeys);
- LOGI("verify_file returned %d\n", err);
+ std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
+ ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
if (err != VERIFY_SUCCESS) {
LOGE("signature verification failed\n");
sysReleaseMap(&map);
return INSTALL_CORRUPT;
}
- /* Try to open the package.
- */
+ // Try to open the package.
ZipArchive zip;
err = mzOpenZipArchive(map.addr, map.length, &zip);
if (err != 0) {
@@ -255,8 +258,7 @@
return INSTALL_CORRUPT;
}
- /* Verify and install the contents of the package.
- */
+ // Verify and install the contents of the package.
ui->Print("Installing update...\n");
ui->SetEnableReboot(false);
int result = try_update_binary(path, &zip, wipe_cache);
diff --git a/verifier.cpp b/verifier.cpp
index 6e15812..4004b02 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -32,6 +32,8 @@
extern RecoveryUI* ui;
+static constexpr size_t MiB = 1024 * 1024;
+
/*
* Simple version of PKCS#7 SignedData extraction. This extracts the
* signature OCTET STRING to be used for signature verification.
@@ -187,8 +189,6 @@
}
}
-#define BUFFER_SIZE 4096
-
bool need_sha1 = false;
bool need_sha256 = false;
for (const auto& key : keys) {
@@ -206,8 +206,10 @@
double frac = -1.0;
size_t so_far = 0;
while (so_far < signed_len) {
- size_t size = signed_len - so_far;
- if (size > BUFFER_SIZE) size = BUFFER_SIZE;
+ // On a Nexus 9, experiment didn't show any performance improvement with
+ // larger sizes past 1MiB, and they reduce the granularity of the progress
+ // bar. http://b/28135231.
+ size_t size = std::min(signed_len - so_far, 1 * MiB);
if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size);
if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size);