summaryrefslogtreecommitdiffstats
path: root/common
diff options
context:
space:
mode:
authorSascha Hauer <s.hauer@pengutronix.de>2022-05-19 13:55:44 +0200
committerSascha Hauer <s.hauer@pengutronix.de>2022-05-19 13:55:44 +0200
commitac082938497f82c4cf1aa015436a4b8261741348 (patch)
tree60339c61f3bbfbdb4cc038b8d2a559793754a605 /common
parentacef9438e94f5960064d650080270549eae27ab7 (diff)
parent66faea1edf07acd85dadbd67e208bef651ede2a0 (diff)
downloadbarebox-ac082938497f82c4cf1aa015436a4b8261741348.tar.gz
barebox-ac082938497f82c4cf1aa015436a4b8261741348.tar.xz
Merge branch 'for-next/rsa'
Diffstat (limited to 'common')
-rw-r--r--common/image-fit.c51
1 files changed, 21 insertions, 30 deletions
diff --git a/common/image-fit.c b/common/image-fit.c
index 38a372ff52..a410632d70 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -255,10 +255,8 @@ static struct digest *fit_alloc_digest(struct device_node *sig_node,
static int fit_check_rsa_signature(struct device_node *sig_node,
enum hash_algo algo, void *hash)
{
- struct rsa_public_key *key;
- const char *key_name;
- char *key_path;
- struct device_node *key_node;
+ const struct rsa_public_key *key;
+ const char *key_name = NULL;
int sig_len;
const char *sig_value;
int ret;
@@ -269,39 +267,32 @@ static int fit_check_rsa_signature(struct device_node *sig_node,
return -EINVAL;
}
- if (of_property_read_string(sig_node, "key-name-hint", &key_name)) {
- pr_err("key name not found in %s\n", sig_node->full_name);
- return -EINVAL;
- }
-
- key = rsa_get_key(key_name);
- if (IS_ERR(key)) {
- key_path = xasprintf("/signature/key-%s", key_name);
- key_node = of_find_node_by_path(key_path);
- if (!key_node) {
- pr_info("failed to find key node %s\n", key_path);
- free(key_path);
- return -ENOENT;
+ of_property_read_string(sig_node, "key-name-hint", &key_name);
+ if (key_name) {
+ key = rsa_get_key(key_name);
+ if (key) {
+ ret = rsa_verify(key, sig_value, sig_len, hash, algo);
+ if (!ret)
+ goto ok;
}
- free(key_path);
+ }
- key = rsa_of_read_key(key_node);
+ for_each_rsa_key(key) {
+ if (key_name && !strcmp(key->key_name_hint, key_name))
+ continue;
- if (IS_ERR(key)) {
- pr_info("failed to read key in %s\n", key_node->full_name);
- return -ENOENT;
- }
+ ret = rsa_verify(key, sig_value, sig_len, hash, algo);
+ if (!ret)
+ goto ok;
}
- ret = rsa_verify(key, sig_value, sig_len, hash, algo);
- if (ret)
- pr_err("image signature BAD\n");
- else
- pr_info("image signature OK\n");
+ pr_err("image signature BAD\n");
- rsa_key_free(key);
+ return -EBADMSG;
+ok:
+ pr_info("image signature OK\n");
- return ret;
+ return 0;
}
/*
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-25 00:24:58 +0000