[PATCH 5/8] FIT: move handle->verify check to fit_verify_hash()

Sascha Hauer s.hauer at pengutronix.de
Wed Jan 31 03:11:13 PST 2018


Preparation for the next step which will allow to open
images which are not part of a configuration.

This has one change inside: We used to iterate over all
subnodes of a image expecting all of them containing a hash,
so it could happen that we check multiple hashes if more exist
or that we falsely interpret some unrelated subnode as hash node.
With this patch we expect the hash in a subnode named "hash at 1"
as required by the FIT image format description.

Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
 common/image-fit.c | 45 +++++++++++++++++++++++++--------------------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/common/image-fit.c b/common/image-fit.c
index 21b547a1da..9948c1fa77 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -344,13 +344,33 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit)
 	return ret;
 }
 
-static int fit_verify_hash(struct device_node *hash, const void *data, int data_len)
+static int fit_verify_hash(struct fit_handle *handle, struct device_node *image,
+			   const void *data, int data_len)
 {
 	struct digest *d;
 	const char *algo;
 	const char *value_read;
 	char *value_calc;
 	int hash_len, ret;
+	struct device_node *hash;
+
+	switch (handle->verify) {
+	case BOOTM_VERIFY_NONE:
+		return 0;
+	case BOOTM_VERIFY_AVAILABLE:
+		ret = 0;
+		break;
+	default:
+		ret = -EINVAL;
+	}
+
+	hash = of_get_child_by_name(image, "hash at 1");
+	if (!hash) {
+		if (ret)
+			pr_err("image %s does not have hashes\n",
+			       image->full_name);
+		return ret;
+	}
 
 	value_read = of_get_property(hash, "value", &hash_len);
 	if (!value_read) {
@@ -416,7 +436,7 @@ int fit_open_image(struct fit_handle *handle, void *configuration,
 		   const char *name, const void **outdata,
 		   unsigned long *outsize)
 {
-	struct device_node *image, *hash;
+	struct device_node *image;
 	const char *unit, *type = NULL, *desc= "(no description)";
 	const void *data;
 	int data_len;
@@ -450,24 +470,9 @@ int fit_open_image(struct fit_handle *handle, void *configuration,
 		return -EINVAL;
 	}
 
-	if (handle->verify > BOOTM_VERIFY_NONE) {
-		if (handle->verify == BOOTM_VERIFY_AVAILABLE)
-			ret = 0;
-		else
-			ret = -EINVAL;
-		for_each_child_of_node(image, hash) {
-			if (handle->verbose)
-				of_print_nodes(hash, 0);
-			ret = fit_verify_hash(hash, data, data_len);
-			if (ret < 0)
-				return ret;
-		}
-
-		if (ret < 0) {
-			pr_err("image '%s': '%s' does not have hashes\n", unit, desc);
-			return ret;
-		}
-	}
+	ret = fit_verify_hash(handle, image, data, data_len);
+	if (ret < 0)
+		return ret;
 
 	*outdata = data;
 	*outsize = data_len;
-- 
2.15.1




More information about the barebox mailing list