From patchwork Wed Sep 18 14:04:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1163985 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 46YMFz2wYSz9sNF for ; Thu, 19 Sep 2019 00:05:58 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 869ADC21C57; Wed, 18 Sep 2019 14:05:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 6BCD8C21DA1; Wed, 18 Sep 2019 14:05:21 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id BEE19C21C6A; Wed, 18 Sep 2019 14:05:19 +0000 (UTC) Received: from vrout10.yaziba.net (vrout10-bl2.yaziba.net [185.56.204.56]) by lists.denx.de (Postfix) with ESMTPS id A4C3BC21C2F for ; Wed, 18 Sep 2019 14:05:11 +0000 (UTC) Received: from mtaout10.int.yaziba.net (mtaout10.int.yaziba.net [10.4.20.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout10.yaziba.net (mx10.yaziba.net) with ESMTPS id D9AFA520E4; Wed, 18 Sep 2019 16:05:10 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout10.int.yaziba.net (Postfix) with ESMTP id EAA441603DB; Wed, 18 Sep 2019 16:05:10 +0200 (CEST) Received: from mtaout10.int.yaziba.net ([127.0.0.1]) by localhost (mtaout10.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 79u9B3dRLHkw; Wed, 18 Sep 2019 16:05:10 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout10.int.yaziba.net (Postfix) with ESMTPSA id D42601603DC; Wed, 18 Sep 2019 16:05:10 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, daniele.alessandrelli@gmail.com Date: Wed, 18 Sep 2019 16:04:54 +0200 Message-Id: <1568815494-24570-3-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1568815494-24570-1-git-send-email-philippe.reynes@softathome.com> References: <1568815494-24570-1-git-send-email-philippe.reynes@softathome.com> X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedufedrudekgdejudcutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecukfhppedugeelrdeirdduieeirddujedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH 2/2] rsa: Return immediately if required-key verification fails X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Daniele Alessandrelli Currently, if image verification with a required key fails, rsa_verify() code tries to find another key to verify the FIT image. This however, is not the intended behavior as the documentation says that required keys "must be verified for the image / configuration to be considered valid". This patch fixes the issue by making rsa_verify() return immediately if the verification of a required key fails. Signed-off-by: Daniele Alessandrelli Reviewed-by: Simon Glass Reviewed-by: Simon Glass --- lib/rsa/rsa-verify.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 287fcc4..82dc513 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -437,8 +437,7 @@ int rsa_verify(struct image_sign_info *info, if (info->required_keynode != -1) { ret = rsa_verify_with_keynode(info, hash, sig, sig_len, info->required_keynode); - if (!ret) - return ret; + return ret; } /* Look for a key that matches our hint */