summaryrefslogtreecommitdiff
path: root/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch')
-rw-r--r--meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch152
1 files changed, 152 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
new file mode 100644
index 000000000..6cdaaa656
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
@@ -0,0 +1,152 @@
+From b7249b8a036200cd461d0676a330b865f7309231 Mon Sep 17 00:00:00 2001
+From: Simon Glass <sjg@chromium.org>
+Date: Tue, 31 Mar 2020 18:43:55 +0200
+Subject: [PATCH] image: Use constants for 'required' and 'key-name-hint'
+
+These are used in multiple places so update them to use a shared #define.
+
+Signed-off-by: Simon Glass <sjg@chromium.org>
+Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
+---
+ common/image-fit.c | 6 +++---
+ common/image-sig.c | 8 +++++---
+ include/image.h | 4 +++-
+ lib/rsa/rsa-sign.c | 6 +++---
+ tools/image-host.c | 6 +++---
+ 5 files changed, 17 insertions(+), 13 deletions(-)
+
+diff --git a/common/image-fit.c b/common/image-fit.c
+index 58923cbc9371..b2f41ba408be 100644
+--- a/common/image-fit.c
++++ b/common/image-fit.c
+@@ -166,7 +166,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
+ int value_len;
+ char *algo;
+ const char *padding;
+- int required;
++ bool required;
+ int ret, i;
+
+ debug("%s %s node: '%s'\n", p, type,
+@@ -177,8 +177,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
+ return;
+ }
+ printf("%s", algo);
+- keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+- required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
++ keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
++ required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
+ if (keyname)
+ printf(":%s", keyname);
+ if (required)
+diff --git a/common/image-sig.c b/common/image-sig.c
+index 4526c82acf75..e0987af4f5e8 100644
+--- a/common/image-sig.c
++++ b/common/image-sig.c
+@@ -200,7 +200,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
+ padding_name = RSA_DEFAULT_PADDING_NAME;
+
+ memset(info, '\0', sizeof(*info));
+- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ info->fit = (void *)fit;
+ info->node_offset = noffset;
+ info->name = algo_name;
+@@ -311,7 +311,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
+ const char *required;
+ int ret;
+
+- required = fdt_getprop(sig_blob, noffset, "required", NULL);
++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
++ NULL);
+ if (!required || strcmp(required, "image"))
+ continue;
+ ret = fit_image_verify_sig(fit, image_noffset, data, size,
+@@ -528,7 +529,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
+ const char *required;
+ int ret;
+
+- required = fdt_getprop(sig_blob, noffset, "required", NULL);
++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
++ NULL);
+ if (!required || strcmp(required, "conf"))
+ continue;
+ ret = fit_config_verify_sig(fit, conf_noffset, sig_blob,
+diff --git a/include/image.h b/include/image.h
+index 4b764d11c70d..afb9bea17c34 100644
+--- a/include/image.h
++++ b/include/image.h
+@@ -903,12 +903,14 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong *size,
+ #define FIT_IMAGES_PATH "/images"
+ #define FIT_CONFS_PATH "/configurations"
+
+-/* hash/signature node */
++/* hash/signature/key node */
+ #define FIT_HASH_NODENAME "hash"
+ #define FIT_ALGO_PROP "algo"
+ #define FIT_VALUE_PROP "value"
+ #define FIT_IGNORE_PROP "uboot-ignore"
+ #define FIT_SIG_NODENAME "signature"
++#define FIT_KEY_REQUIRED "required"
++#define FIT_KEY_HINT "key-name-hint"
+
+ /* image node */
+ #define FIT_DATA_PROP "data"
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index fb5e07b56d8a..5f0f27d2f6f9 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -773,8 +773,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ }
+
+ if (!ret) {
+- ret = fdt_setprop_string(keydest, node, "key-name-hint",
+- info->keyname);
++ ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
++ info->keyname);
+ }
+ if (!ret)
+ ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
+@@ -796,7 +796,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ info->name);
+ }
+ if (!ret && info->require_keys) {
+- ret = fdt_setprop_string(keydest, node, "required",
++ ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
+ info->require_keys);
+ }
+ done:
+diff --git a/tools/image-host.c b/tools/image-host.c
+index 28474bc7fc8b..3396d8234e52 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -170,7 +170,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
+
+ memset(info, '\0', sizeof(*info));
+ info->keydir = keydir;
+- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ info->fit = fit;
+ info->node_offset = noffset;
+ info->name = strdup(algo_name);
+@@ -249,7 +249,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
+ free(value);
+
+ /* Get keyname again, as FDT has changed and invalidated our pointer */
+- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+
+ /*
+ * Write the public key into the supplied FDT file; this might fail
+@@ -630,7 +630,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
+ free(region_prop);
+
+ /* Get keyname again, as FDT has changed and invalidated our pointer */
+- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+
+ /* Write the public key into the supplied FDT file */
+ if (keydest) {
+--
+2.17.1
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-01 22:36:05 +0300