From 40108db4434d8c2e0a1ad2d1dd3f5ae34b17352c Mon Sep 17 00:00:00 2001
From: "Jason M. Bills" <jason.m.bills@linux.intel.com>
Date: Mon, 3 Aug 2020 15:40:26 -0700
Subject: Update to internal 0.72

Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
---
 ...-constants-for-required-and-key-name-hint.patch | 152 +++++++++++++++++++++
 1 file changed, 152 insertions(+)
 create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch

(limited to 'meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch')

diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
new file mode 100644
index 000000000..4f5704e7c
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch
@@ -0,0 +1,152 @@
+From 82d0b38436fd44bc54372ebe3f3d3fef63835b83 Mon Sep 17 00:00:00 2001
+From: Simon Glass <sjg@chromium.org>
+Date: Tue, 31 Mar 2020 18:43:55 +0200
+Subject: [PATCH] image: Use constants for 'required' and 'key-name-hint'
+
+These are used in multiple places so update them to use a shared #define.
+
+Signed-off-by: Simon Glass <sjg@chromium.org>
+Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
+---
+ common/image-fit.c | 6 +++---
+ common/image-sig.c | 8 +++++---
+ include/image.h    | 4 +++-
+ lib/rsa/rsa-sign.c | 6 +++---
+ tools/image-host.c | 6 +++---
+ 5 files changed, 17 insertions(+), 13 deletions(-)
+
+diff --git a/common/image-fit.c b/common/image-fit.c
+index 8a7c78f4c144..322fde728b50 100644
+--- a/common/image-fit.c
++++ b/common/image-fit.c
+@@ -264,7 +264,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
+ 	uint8_t *value;
+ 	int value_len;
+ 	char *algo;
+-	int required;
++	bool required;
+ 	int ret, i;
+ 
+ 	debug("%s  %s node:    '%s'\n", p, type,
+@@ -275,8 +275,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
+ 		return;
+ 	}
+ 	printf("%s", algo);
+-	keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+-	required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
++	keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
++	required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
+ 	if (keyname)
+ 		printf(":%s", keyname);
+ 	if (required)
+diff --git a/common/image-sig.c b/common/image-sig.c
+index 057d654c17d4..b49732117927 100644
+--- a/common/image-sig.c
++++ b/common/image-sig.c
+@@ -156,7 +156,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
+ 		return -1;
+ 	}
+ 	memset(info, '\0', sizeof(*info));
+-	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++	info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ 	info->fit = (void *)fit;
+ 	info->node_offset = noffset;
+ 	info->algo = image_get_sig_algo(algo_name);
+@@ -264,7 +264,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
+ 		const char *required;
+ 		int ret;
+ 
+-		required = fdt_getprop(sig_blob, noffset, "required", NULL);
++		required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
++				       NULL);
+ 		if (!required || strcmp(required, "image"))
+ 			continue;
+ 		ret = fit_image_verify_sig(fit, image_noffset, data, size,
+@@ -473,7 +474,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
+ 		const char *required;
+ 		int ret;
+ 
+-		required = fdt_getprop(sig_blob, noffset, "required", NULL);
++		required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
++				       NULL);
+ 		if (!required || strcmp(required, "conf"))
+ 			continue;
+ 		ret = fit_config_verify_sig(fit, conf_noffset, sig_blob,
+diff --git a/include/image.h b/include/image.h
+index b05e8552cc5b..2c6ef4de259d 100644
+--- a/include/image.h
++++ b/include/image.h
+@@ -782,12 +782,14 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
+ #define FIT_IMAGES_PATH		"/images"
+ #define FIT_CONFS_PATH		"/configurations"
+ 
+-/* hash/signature node */
++/* hash/signature/key node */
+ #define FIT_HASH_NODENAME	"hash"
+ #define FIT_ALGO_PROP		"algo"
+ #define FIT_VALUE_PROP		"value"
+ #define FIT_IGNORE_PROP		"uboot-ignore"
+ #define FIT_SIG_NODENAME	"signature"
++#define FIT_KEY_REQUIRED	"required"
++#define FIT_KEY_HINT		"key-name-hint"
+ 
+ /* image node */
+ #define FIT_DATA_PROP		"data"
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index 5d9716f01349..972af6b8a7e2 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -486,8 +486,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ 	}
+ 
+ 	if (!ret) {
+-		ret = fdt_setprop_string(keydest, node, "key-name-hint",
+-				 info->keyname);
++		ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
++					 info->keyname);
+ 	}
+ 	if (!ret)
+ 		ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
+@@ -509,7 +509,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ 					 info->algo->name);
+ 	}
+ 	if (info->require_keys) {
+-		ret = fdt_setprop_string(keydest, node, "required",
++		ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
+ 					 info->require_keys);
+ 	}
+ done:
+diff --git a/tools/image-host.c b/tools/image-host.c
+index da374eeabf5e..afeba22a09be 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -161,7 +161,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
+ 
+ 	memset(info, '\0', sizeof(*info));
+ 	info->keydir = keydir;
+-	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++	info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ 	info->fit = fit;
+ 	info->node_offset = noffset;
+ 	info->algo = image_get_sig_algo(algo_name);
+@@ -234,7 +234,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
+ 	free(value);
+ 
+ 	/* Get keyname again, as FDT has changed and invalidated our pointer */
+-	info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++	info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ 
+ 	/* Write the public key into the supplied FDT file */
+ 	if (keydest && info.algo->add_verify_data(&info, keydest)) {
+@@ -605,7 +605,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
+ 	free(region_prop);
+ 
+ 	/* Get keyname again, as FDT has changed and invalidated our pointer */
+-	info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
++	info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ 
+ 	/* Write the public key into the supplied FDT file */
+ 	if (keydest) {
+-- 
+2.17.1
+
-- 
cgit v1.2.3