path: root/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch

From b7249b8a036200cd461d0676a330b865f7309231 Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Tue, 31 Mar 2020 18:43:55 +0200
Subject: [PATCH] image: Use constants for 'required' and 'key-name-hint'

These are used in multiple places so update them to use a shared #define.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
---
 common/image-fit.c | 6 +++---
 common/image-sig.c | 8 +++++---
 include/image.h    | 4 +++-
 lib/rsa/rsa-sign.c | 6 +++---
 tools/image-host.c | 6 +++---
 5 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/common/image-fit.c b/common/image-fit.c
index 58923cbc9371..b2f41ba408be 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -166,7 +166,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
 	int value_len;
 	char *algo;
 	const char *padding;
-	int required;
+	bool required;
 	int ret, i;
 
 	debug("%s  %s node:    '%s'\n", p, type,
@@ -177,8 +177,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
 		return;
 	}
 	printf("%s", algo);
-	keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
-	required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
+	keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+	required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
 	if (keyname)
 		printf(":%s", keyname);
 	if (required)
diff --git a/common/image-sig.c b/common/image-sig.c
index 4526c82acf75..e0987af4f5e8 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -200,7 +200,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
 		padding_name = RSA_DEFAULT_PADDING_NAME;
 
 	memset(info, '\0', sizeof(*info));
-	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+	info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
 	info->fit = (void *)fit;
 	info->node_offset = noffset;
 	info->name = algo_name;
@@ -311,7 +311,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
 		const char *required;
 		int ret;
 
-		required = fdt_getprop(sig_blob, noffset, "required", NULL);
+		required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
+				       NULL);
 		if (!required || strcmp(required, "image"))
 			continue;
 		ret = fit_image_verify_sig(fit, image_noffset, data, size,
@@ -528,7 +529,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
 		const char *required;
 		int ret;
 
-		required = fdt_getprop(sig_blob, noffset, "required", NULL);
+		required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
+				       NULL);
 		if (!required || strcmp(required, "conf"))
 			continue;
 		ret = fit_config_verify_sig(fit, conf_noffset, sig_blob,
diff --git a/include/image.h b/include/image.h
index 4b764d11c70d..afb9bea17c34 100644
--- a/include/image.h
+++ b/include/image.h
@@ -903,12 +903,14 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong *size,
 #define FIT_IMAGES_PATH		"/images"
 #define FIT_CONFS_PATH		"/configurations"
 
-/* hash/signature node */
+/* hash/signature/key node */
 #define FIT_HASH_NODENAME	"hash"
 #define FIT_ALGO_PROP		"algo"
 #define FIT_VALUE_PROP		"value"
 #define FIT_IGNORE_PROP		"uboot-ignore"
 #define FIT_SIG_NODENAME	"signature"
+#define FIT_KEY_REQUIRED	"required"
+#define FIT_KEY_HINT		"key-name-hint"
 
 /* image node */
 #define FIT_DATA_PROP		"data"
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index fb5e07b56d8a..5f0f27d2f6f9 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -773,8 +773,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 	}
 
 	if (!ret) {
-		ret = fdt_setprop_string(keydest, node, "key-name-hint",
-				 info->keyname);
+		ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
+					 info->keyname);
 	}
 	if (!ret)
 		ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
@@ -796,7 +796,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 					 info->name);
 	}
 	if (!ret && info->require_keys) {
-		ret = fdt_setprop_string(keydest, node, "required",
+		ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
 					 info->require_keys);
 	}
 done:
diff --git a/tools/image-host.c b/tools/image-host.c
index 28474bc7fc8b..3396d8234e52 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -170,7 +170,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
 
 	memset(info, '\0', sizeof(*info));
 	info->keydir = keydir;
-	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+	info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
 	info->fit = fit;
 	info->node_offset = noffset;
 	info->name = strdup(algo_name);
@@ -249,7 +249,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
 	free(value);
 
 	/* Get keyname again, as FDT has changed and invalidated our pointer */
-	info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+	info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
 
 	/*
 	 * Write the public key into the supplied FDT file; this might fail
@@ -630,7 +630,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
 	free(region_prop);
 
 	/* Get keyname again, as FDT has changed and invalidated our pointer */
-	info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+	info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
 
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
-- 
2.17.1