summaryrefslogtreecommitdiff
path: root/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch')
-rw-r--r--meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch152
1 files changed, 152 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
new file mode 100644
index 000000000..4f5704e7c
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
@@ -0,0 +1,152 @@
+From 82d0b38436fd44bc54372ebe3f3d3fef63835b83 Mon Sep 17 00:00:00 2001
+From: Simon Glass <sjg@chromium.org>
+Date: Tue, 31 Mar 2020 18:43:55 +0200
+Subject: [PATCH] image: Use constants for 'required' and 'key-name-hint'
+
+These are used in multiple places so update them to use a shared #define.
+
+Signed-off-by: Simon Glass <sjg@chromium.org>
+Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
+---
+ common/image-fit.c | 6 +++---
+ common/image-sig.c | 8 +++++---
+ include/image.h | 4 +++-
+ lib/rsa/rsa-sign.c | 6 +++---
+ tools/image-host.c | 6 +++---
+ 5 files changed, 17 insertions(+), 13 deletions(-)
+
+diff --git a/common/image-fit.c b/common/image-fit.c
+index 8a7c78f4c144..322fde728b50 100644
+--- a/common/image-fit.c
++++ b/common/image-fit.c
+@@ -264,7 +264,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
+ uint8_t *value;
+ int value_len;
+ char *algo;
+- int required;
++ bool required;
+ int ret, i;
+
+ debug("%s %s node: '%s'\n", p, type,
+@@ -275,8 +275,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
+ return;
+ }
+ printf("%s", algo);
+- keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+- required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
++ keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
++ required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
+ if (keyname)
+ printf(":%s", keyname);
+ if (required)
+diff --git a/common/image-sig.c b/common/image-sig.c
+index 057d654c17d4..b49732117927 100644
+--- a/common/image-sig.c
++++ b/common/image-sig.c
+@@ -156,7 +156,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
+ return -1;
+ }
+ memset(info, '\0', sizeof(*info));
+- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ info->fit = (void *)fit;
+ info->node_offset = noffset;
+ info->algo = image_get_sig_algo(algo_name);
+@@ -264,7 +264,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
+ const char *required;
+ int ret;
+
+- required = fdt_getprop(sig_blob, noffset, "required", NULL);
++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
++ NULL);
+ if (!required || strcmp(required, "image"))
+ continue;
+ ret = fit_image_verify_sig(fit, image_noffset, data, size,
+@@ -473,7 +474,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
+ const char *required;
+ int ret;
+
+- required = fdt_getprop(sig_blob, noffset, "required", NULL);
++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
++ NULL);
+ if (!required || strcmp(required, "conf"))
+ continue;
+ ret = fit_config_verify_sig(fit, conf_noffset, sig_blob,
+diff --git a/include/image.h b/include/image.h
+index b05e8552cc5b..2c6ef4de259d 100644
+--- a/include/image.h
++++ b/include/image.h
+@@ -782,12 +782,14 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
+ #define FIT_IMAGES_PATH "/images"
+ #define FIT_CONFS_PATH "/configurations"
+
+-/* hash/signature node */
++/* hash/signature/key node */
+ #define FIT_HASH_NODENAME "hash"
+ #define FIT_ALGO_PROP "algo"
+ #define FIT_VALUE_PROP "value"
+ #define FIT_IGNORE_PROP "uboot-ignore"
+ #define FIT_SIG_NODENAME "signature"
++#define FIT_KEY_REQUIRED "required"
++#define FIT_KEY_HINT "key-name-hint"
+
+ /* image node */
+ #define FIT_DATA_PROP "data"
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index 5d9716f01349..972af6b8a7e2 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -486,8 +486,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ }
+
+ if (!ret) {
+- ret = fdt_setprop_string(keydest, node, "key-name-hint",
+- info->keyname);
++ ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
++ info->keyname);
+ }
+ if (!ret)
+ ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
+@@ -509,7 +509,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ info->algo->name);
+ }
+ if (info->require_keys) {
+- ret = fdt_setprop_string(keydest, node, "required",
++ ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
+ info->require_keys);
+ }
+ done:
+diff --git a/tools/image-host.c b/tools/image-host.c
+index da374eeabf5e..afeba22a09be 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -161,7 +161,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
+
+ memset(info, '\0', sizeof(*info));
+ info->keydir = keydir;
+- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ info->fit = fit;
+ info->node_offset = noffset;
+ info->algo = image_get_sig_algo(algo_name);
+@@ -234,7 +234,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
+ free(value);
+
+ /* Get keyname again, as FDT has changed and invalidated our pointer */
+- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+
+ /* Write the public key into the supplied FDT file */
+ if (keydest && info.algo->add_verify_data(&info, keydest)) {
+@@ -605,7 +605,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
+ free(region_prop);
+
+ /* Get keyname again, as FDT has changed and invalidated our pointer */
+- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+
+ /* Write the public key into the supplied FDT file */
+ if (keydest) {
+--
+2.17.1
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-03 02:45:15 +0300