[PATCH 5/8] FIT: move handle->verify check to fit_verify_hash()
Sascha Hauer
s.hauer at pengutronix.de
Wed Jan 31 03:11:13 PST 2018
Preparation for the next step which will allow to open
images which are not part of a configuration.
This has one change inside: We used to iterate over all
subnodes of a image expecting all of them containing a hash,
so it could happen that we check multiple hashes if more exist
or that we falsely interpret some unrelated subnode as hash node.
With this patch we expect the hash in a subnode named "hash at 1"
as required by the FIT image format description.
Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
common/image-fit.c | 45 +++++++++++++++++++++++++--------------------
1 file changed, 25 insertions(+), 20 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 21b547a1da..9948c1fa77 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -344,13 +344,33 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit)
return ret;
}
-static int fit_verify_hash(struct device_node *hash, const void *data, int data_len)
+static int fit_verify_hash(struct fit_handle *handle, struct device_node *image,
+ const void *data, int data_len)
{
struct digest *d;
const char *algo;
const char *value_read;
char *value_calc;
int hash_len, ret;
+ struct device_node *hash;
+
+ switch (handle->verify) {
+ case BOOTM_VERIFY_NONE:
+ return 0;
+ case BOOTM_VERIFY_AVAILABLE:
+ ret = 0;
+ break;
+ default:
+ ret = -EINVAL;
+ }
+
+ hash = of_get_child_by_name(image, "hash at 1");
+ if (!hash) {
+ if (ret)
+ pr_err("image %s does not have hashes\n",
+ image->full_name);
+ return ret;
+ }
value_read = of_get_property(hash, "value", &hash_len);
if (!value_read) {
@@ -416,7 +436,7 @@ int fit_open_image(struct fit_handle *handle, void *configuration,
const char *name, const void **outdata,
unsigned long *outsize)
{
- struct device_node *image, *hash;
+ struct device_node *image;
const char *unit, *type = NULL, *desc= "(no description)";
const void *data;
int data_len;
@@ -450,24 +470,9 @@ int fit_open_image(struct fit_handle *handle, void *configuration,
return -EINVAL;
}
- if (handle->verify > BOOTM_VERIFY_NONE) {
- if (handle->verify == BOOTM_VERIFY_AVAILABLE)
- ret = 0;
- else
- ret = -EINVAL;
- for_each_child_of_node(image, hash) {
- if (handle->verbose)
- of_print_nodes(hash, 0);
- ret = fit_verify_hash(hash, data, data_len);
- if (ret < 0)
- return ret;
- }
-
- if (ret < 0) {
- pr_err("image '%s': '%s' does not have hashes\n", unit, desc);
- return ret;
- }
- }
+ ret = fit_verify_hash(handle, image, data, data_len);
+ if (ret < 0)
+ return ret;
*outdata = data;
*outsize = data_len;
--
2.15.1
More information about the barebox
mailing list