diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/aes/aes-encrypt.c | 22 | ||||
| -rw-r--r-- | lib/hashtable.c | 3 | ||||
| -rw-r--r-- | lib/rsa/rsa-mod-exp.c | 11 | ||||
| -rw-r--r-- | lib/rsa/rsa-verify.c | 7 | ||||
| -rw-r--r-- | lib/time.c | 4 |
5 files changed, 36 insertions, 11 deletions
diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c index de00a836f6b..a6d1720f303 100644 --- a/lib/aes/aes-encrypt.c +++ b/lib/aes/aes-encrypt.c @@ -74,7 +74,8 @@ int image_aes_encrypt(struct image_cipher_info *info, return ret; } -int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, + void *fit, int node_noffset) { int parent, node; char name[128]; @@ -97,8 +98,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) goto done; /* Either create or overwrite the named key node */ - snprintf(name, sizeof(name), "key-%s-%s-%s", - info->name, info->keyname, info->ivname); + if (info->ivname) + snprintf(name, sizeof(name), "key-%s-%s-%s", + info->name, info->keyname, info->ivname); + else + snprintf(name, sizeof(name), "key-%s-%s", + info->name, info->keyname); + node = fdt_subnode_offset(keydest, parent, name); if (node == -FDT_ERR_NOTFOUND) { node = fdt_add_subnode(keydest, parent, name); @@ -116,9 +122,17 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) ret = node; } - if (!ret) + if (ret) + goto done; + + if (info->ivname) + /* Store the IV in the u-boot device tree */ ret = fdt_setprop(keydest, node, "iv", info->iv, info->cipher->iv_len); + else + /* Store the IV in the FIT image */ + ret = fdt_setprop(fit, node_noffset, "iv", + info->iv, info->cipher->iv_len); if (!ret) ret = fdt_setprop(keydest, node, "key", diff --git a/lib/hashtable.c b/lib/hashtable.c index 4a8c50b4b8a..7c08f5c8055 100644 --- a/lib/hashtable.c +++ b/lib/hashtable.c @@ -324,8 +324,7 @@ int hsearch_r(struct env_entry item, enum env_action action, */ unsigned hval2; - if (htab->table[idx].used == USED_DELETED - && !first_deleted) + if (htab->table[idx].used == USED_DELETED) first_deleted = idx; ret = _compare_and_overwrite_entry(item, action, retval, htab, diff --git a/lib/rsa/rsa-mod-exp.c b/lib/rsa/rsa-mod-exp.c index a437cbe26f2..78c688d14c3 100644 --- a/lib/rsa/rsa-mod-exp.c +++ b/lib/rsa/rsa-mod-exp.c @@ -25,6 +25,14 @@ #define get_unaligned_be32(a) fdt32_to_cpu(*(uint32_t *)a) #define put_unaligned_be32(a, b) (*(uint32_t *)(b) = cpu_to_fdt32(a)) +static inline uint64_t fdt64_to_cpup(const void *p) +{ + fdt64_t w; + + memcpy(&w, p, sizeof(w)); + return fdt64_to_cpu(w); +} + /* Default public exponent for backward compatibility */ #define RSA_DEFAULT_PUBEXP 65537 @@ -263,8 +271,7 @@ int rsa_mod_exp_sw(const uint8_t *sig, uint32_t sig_len, if (!prop->public_exponent) key.exponent = RSA_DEFAULT_PUBEXP; else - rsa_convert_big_endian((uint32_t *)&key.exponent, - prop->public_exponent, 2); + key.exponent = fdt64_to_cpup(prop->public_exponent); if (!key.len || !prop->modulus || !prop->rr) { debug("%s: Missing RSA key info", __func__); diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 2057f6819db..0ab0f629d0c 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -439,12 +439,17 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, struct key_prop prop; int length; int ret = 0; + const char *algo; if (node < 0) { debug("%s: Skipping invalid node", __func__); return -EBADF; } + algo = fdt_getprop(blob, node, "algo", NULL); + if (strcmp(info->name, algo)) + return -EFAULT; + prop.num_bits = fdtdec_get_int(blob, node, "rsa,num-bits", 0); prop.n0inv = fdtdec_get_int(blob, node, "rsa,n0-inverse", 0); @@ -540,7 +545,7 @@ int rsa_verify(struct image_sign_info *info, { /* Reserve memory for maximum checksum-length */ uint8_t hash[info->crypto->key_len]; - int ret = -EACCES; + int ret; /* * Verify that the checksum-length does not exceed the diff --git a/lib/time.c b/lib/time.c index 47f8c84327d..88bc50405ff 100644 --- a/lib/time.c +++ b/lib/time.c @@ -91,13 +91,13 @@ uint64_t notrace get_ticks(void) ret = dm_timer_init(); if (ret) - return ret; + panic("Could not initialize timer (err %d)\n", ret); #endif } ret = timer_get_count(gd->timer, &count); if (ret) - return ret; + panic("Could not read count from timer (err %d)\n", ret); return count; } |