diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2018-01-29 10:50:57 +0100 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2018-02-08 08:55:58 +0100 |
| commit | 12b161a5e0e36fb5b6b1a82df3c8ddb9bc0da78d (patch) | |
| tree | b8f7603f580c5d02052108bc82bd26092509974e /common | |
| parent | 174fae19b89c6fac49bbe5de0fb4f57498ff9aac (diff) | |
| download | barebox-12b161a5e0e36fb5b6b1a82df3c8ddb9bc0da78d.tar.gz barebox-12b161a5e0e36fb5b6b1a82df3c8ddb9bc0da78d.tar.xz | |
FIT: move handle->verify check to fit_verify_hash()
Preparation for the next step which will allow to open
images which are not part of a configuration.
This has one change inside: We used to iterate over all
subnodes of a image expecting all of them containing a hash,
so it could happen that we check multiple hashes if more exist
or that we falsely interpret some unrelated subnode as hash node.
With this patch we expect the hash in a subnode named "hash@1"
as required by the FIT image format description.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'common')
| -rw-r--r-- | common/image-fit.c | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/common/image-fit.c b/common/image-fit.c index 21b547a1da..9948c1fa77 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -344,13 +344,33 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit) return ret; } -static int fit_verify_hash(struct device_node *hash, const void *data, int data_len) +static int fit_verify_hash(struct fit_handle *handle, struct device_node *image, + const void *data, int data_len) { struct digest *d; const char *algo; const char *value_read; char *value_calc; int hash_len, ret; + struct device_node *hash; + + switch (handle->verify) { + case BOOTM_VERIFY_NONE: + return 0; + case BOOTM_VERIFY_AVAILABLE: + ret = 0; + break; + default: + ret = -EINVAL; + } + + hash = of_get_child_by_name(image, "hash@1"); + if (!hash) { + if (ret) + pr_err("image %s does not have hashes\n", + image->full_name); + return ret; + } value_read = of_get_property(hash, "value", &hash_len); if (!value_read) { @@ -416,7 +436,7 @@ int fit_open_image(struct fit_handle *handle, void *configuration, const char *name, const void **outdata, unsigned long *outsize) { - struct device_node *image, *hash; + struct device_node *image; const char *unit, *type = NULL, *desc= "(no description)"; const void *data; int data_len; @@ -450,24 +470,9 @@ int fit_open_image(struct fit_handle *handle, void *configuration, return -EINVAL; } - if (handle->verify > BOOTM_VERIFY_NONE) { - if (handle->verify == BOOTM_VERIFY_AVAILABLE) - ret = 0; - else - ret = -EINVAL; - for_each_child_of_node(image, hash) { - if (handle->verbose) - of_print_nodes(hash, 0); - ret = fit_verify_hash(hash, data, data_len); - if (ret < 0) - return ret; - } - - if (ret < 0) { - pr_err("image '%s': '%s' does not have hashes\n", unit, desc); - return ret; - } - } + ret = fit_verify_hash(handle, image, data, data_len); + if (ret < 0) + return ret; *outdata = data; *outsize = data_len; |