From 11ad2bbfa2d83501a3d7b9fdbd567f55214fde0d Mon Sep 17 00:00:00 2001 From: Csókás Bence Date: Fri, 5 Jan 2024 15:08:03 +0100 Subject: lib: rsa: Fix PKCS11 URI if one is not given in `keydir` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If `keydir` is not present, we need to build a PKCS11 URI from just the key name. In this case, we *do* need 'pkcs11:' Fixes: ece85cc020 rsa: use pkcs11 uri as defined in rfc7512 Signed-off-by: Csókás Bence --- lib/rsa/rsa-sign.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 858ad92a6f6..fd587d8deb6 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -124,7 +124,7 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name, keydir, name); else snprintf(key_id, sizeof(key_id), - "object=%s;type=public", + "pkcs11:object=%s;type=public", name); } else if (engine_id) { if (keydir) @@ -246,7 +246,7 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name, keydir, name); else snprintf(key_id, sizeof(key_id), - "object=%s;type=private", + "pkcs11:object=%s;type=private", name); } else if (engine_id) { if (keydir && name) -- cgit v1.3.1 From f055d6e8f0d63a80d72ab5b092a26bedc652ac3b Mon Sep 17 00:00:00 2001 From: Csókás Bence Date: Fri, 5 Jan 2024 15:08:04 +0100 Subject: lib: rsa: Allow legacy URI specification without "pkcs11:" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit But emit a warning for it. Then we can remove support when everyone had time to update their scripts, docs, CI etc. Fixes: ece85cc020 rsa: use pkcs11 uri as defined in rfc7512 Signed-off-by: Csókás Bence --- lib/rsa/rsa-sign.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) (limited to 'lib') diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index fd587d8deb6..2304030e32f 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -104,6 +104,8 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name, const char *engine_id; char key_id[1024]; EVP_PKEY *key = NULL; + const char *const pkcs11_schema = "pkcs11:"; + const char *pkcs11_uri_prepend = ""; if (!evpp) return -EINVAL; @@ -113,19 +115,26 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name, engine_id = ENGINE_get_id(engine); if (engine_id && !strcmp(engine_id, "pkcs11")) { - if (keydir) + if (keydir) { + // Check for legacy keydir spec and prepend + if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) { + pkcs11_uri_prepend = pkcs11_schema; + fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema); + } + if (strstr(keydir, "object=")) snprintf(key_id, sizeof(key_id), - "%s;type=public", - keydir); + "%s%s;type=public", + pkcs11_uri_prepend, keydir); else snprintf(key_id, sizeof(key_id), - "%s;object=%s;type=public", - keydir, name); - else + "%s%s;object=%s;type=public", + pkcs11_uri_prepend, keydir, name); + } else { snprintf(key_id, sizeof(key_id), "pkcs11:object=%s;type=public", name); + } } else if (engine_id) { if (keydir) snprintf(key_id, sizeof(key_id), @@ -224,6 +233,8 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name, const char *engine_id; char key_id[1024]; EVP_PKEY *key = NULL; + const char *const pkcs11_schema = "pkcs11:"; + const char *pkcs11_uri_prepend = ""; if (!evpp) return -EINVAL; @@ -235,19 +246,26 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name, fprintf(stderr, "Please use 'keydir' with PKCS11\n"); return -EINVAL; } - if (keydir) + if (keydir) { + // Check for legacy keydir spec and prepend + if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) { + pkcs11_uri_prepend = pkcs11_schema; + fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema); + } + if (strstr(keydir, "object=")) snprintf(key_id, sizeof(key_id), - "%s;type=private", - keydir); + "%s%s;type=private", + pkcs11_uri_prepend, keydir); else snprintf(key_id, sizeof(key_id), - "%s;object=%s;type=private", - keydir, name); - else + "%s%s;object=%s;type=private", + pkcs11_uri_prepend, keydir, name); + } else { snprintf(key_id, sizeof(key_id), "pkcs11:object=%s;type=private", name); + } } else if (engine_id) { if (keydir && name) snprintf(key_id, sizeof(key_id), -- cgit v1.3.1 From ccefbf320d89f8ba857c57296e9502e060d7ab9c Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 11 Jan 2024 07:34:08 +0100 Subject: smbios: buffer overflow when zeroing entry point A SMBIOS 3 entry point has a different length than an SMBIOS 2.1 entry point. Fixes: 70924294f375 ("smbios: Use SMBIOS 3.0 to support an address above 4GB") Fixes: 1c5f6fa3883d ("smbios: Drop support for SMBIOS2 tables") Addresses-Coverity-ID: 477212 ("Wrong sizeof argument") Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- lib/smbios.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/smbios.c b/lib/smbios.c index 41aa936c4c4..25595f55ab7 100644 --- a/lib/smbios.c +++ b/lib/smbios.c @@ -591,8 +591,8 @@ ulong write_smbios_table(ulong addr) table_addr = (ulong)map_sysmem(tables, 0); /* now go back and write the SMBIOS3 header */ - se = map_sysmem(start_addr, sizeof(struct smbios_entry)); - memset(se, '\0', sizeof(struct smbios_entry)); + se = map_sysmem(start_addr, sizeof(struct smbios3_entry)); + memset(se, '\0', sizeof(struct smbios3_entry)); memcpy(se->anchor, "_SM3_", 5); se->length = sizeof(struct smbios3_entry); se->major_ver = SMBIOS_MAJOR_VER; -- cgit v1.3.1 From 5e2b472bd029af4a1ca85b04bd4a0c9c4b1a17b8 Mon Sep 17 00:00:00 2001 From: Ilias Apalodimas Date: Thu, 11 Jan 2024 16:39:35 +0200 Subject: smbios: shorten sysinfo_str declarations and use sysinfo_str is a bit too long and makes indentation weird. Shorten it to si_str. Signed-off-by: Ilias Apalodimas --- lib/smbios.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/smbios.c b/lib/smbios.c index 25595f55ab7..b24092df08e 100644 --- a/lib/smbios.c +++ b/lib/smbios.c @@ -48,20 +48,20 @@ DECLARE_GLOBAL_DATA_PTR; /** * struct map_sysinfo - Mapping of sysinfo strings to DT * - * @sysinfo_str: sysinfo string + * @si_str: sysinfo string * @dt_str: DT string * @max: Max index of the tokenized string to pick. Counting starts from 0 * */ struct map_sysinfo { - const char *sysinfo_str; + const char *si_str; const char *dt_str; int max; }; static const struct map_sysinfo sysinfo_to_dt[] = { - { .sysinfo_str = "product", .dt_str = "model", 2 }, - { .sysinfo_str = "manufacturer", .dt_str = "compatible", 1 }, + { .si_str = "product", .dt_str = "model", 2 }, + { .si_str = "manufacturer", .dt_str = "compatible", 1 }, }; /** @@ -108,12 +108,12 @@ struct smbios_write_method { const char *subnode_name; }; -static const struct map_sysinfo *convert_sysinfo_to_dt(const char *sysinfo_str) +static const struct map_sysinfo *convert_sysinfo_to_dt(const char *si) { int i; for (i = 0; i < ARRAY_SIZE(sysinfo_to_dt); i++) { - if (!strcmp(sysinfo_str, sysinfo_to_dt[i].sysinfo_str)) + if (!strcmp(si, sysinfo_to_dt[i].si_str)) return &sysinfo_to_dt[i]; } -- cgit v1.3.1 From b6488caa1fd1a528718e15b87dfe980f366b88b3 Mon Sep 17 00:00:00 2001 From: Ilias Apalodimas Date: Thu, 11 Jan 2024 16:39:36 +0200 Subject: smbios: fix matching issues for table types commit 738b34668f28 ("smbios: Fallback to the default DT if sysinfo nodes are missing") allowed the code to fallback and fill in SMBIOS tables with properties from the compatible and product nodes of the DT, in case the 'smbios,sysinfo' node is missing. That works fine for Type1/2 tables, but for other types we need to match the smbios,sysinfo subnode name as well. So add it to the smbios_ctx and check it during the sysinfo <-> DT mathcing Signed-off-by: Ilias Apalodimas --- lib/smbios.c | 45 ++++++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 17 deletions(-) (limited to 'lib') diff --git a/lib/smbios.c b/lib/smbios.c index b24092df08e..7bd9805fec0 100644 --- a/lib/smbios.c +++ b/lib/smbios.c @@ -54,32 +54,38 @@ DECLARE_GLOBAL_DATA_PTR; * */ struct map_sysinfo { + const char *si_node; const char *si_str; const char *dt_str; int max; }; static const struct map_sysinfo sysinfo_to_dt[] = { - { .si_str = "product", .dt_str = "model", 2 }, - { .si_str = "manufacturer", .dt_str = "compatible", 1 }, + { .si_node = "system", .si_str = "product", .dt_str = "model", 2 }, + { .si_node = "system", .si_str = "manufacturer", .dt_str = "compatible", 1 }, + { .si_node = "baseboard", .si_str = "product", .dt_str = "model", 2 }, + { .si_node = "baseboard", .si_str = "manufacturer", .dt_str = "compatible", 1 }, }; /** * struct smbios_ctx - context for writing SMBIOS tables * - * @node: node containing the information to write (ofnode_null() if none) - * @dev: sysinfo device to use (NULL if none) - * @eos: end-of-string pointer for the table being processed. This is set - * up when we start processing a table - * @next_ptr: pointer to the start of the next string to be added. When the - * table is nopt empty, this points to the byte after the \0 of the - * previous string. - * @last_str: points to the last string that was written to the table, or NULL - * if none + * @node: node containing the information to write (ofnode_null() + * if none) + * @dev: sysinfo device to use (NULL if none) + * @subnode_name: sysinfo subnode_name. Used for DT fallback + * @eos: end-of-string pointer for the table being processed. + * This is set up when we start processing a table + * @next_ptr: pointer to the start of the next string to be added. + * When the table is not empty, this points to the byte + * after the \0 of the previous string. + * @last_str: points to the last string that was written to the table, + * or NULL if none */ struct smbios_ctx { ofnode node; struct udevice *dev; + const char *subnode_name; char *eos; char *next_ptr; char *last_str; @@ -108,12 +114,13 @@ struct smbios_write_method { const char *subnode_name; }; -static const struct map_sysinfo *convert_sysinfo_to_dt(const char *si) +static const struct map_sysinfo *convert_sysinfo_to_dt(const char *node, const char *si) { int i; for (i = 0; i < ARRAY_SIZE(sysinfo_to_dt); i++) { - if (!strcmp(si, sysinfo_to_dt[i].si_str)) + if (node && !strcmp(node, sysinfo_to_dt[i].si_node) && + !strcmp(si, sysinfo_to_dt[i].si_str)) return &sysinfo_to_dt[i]; } @@ -233,7 +240,7 @@ static int smbios_add_prop_si(struct smbios_ctx *ctx, const char *prop, } else { const struct map_sysinfo *nprop; - nprop = convert_sysinfo_to_dt(prop); + nprop = convert_sysinfo_to_dt(ctx->subnode_name, prop); get_str_from_dt(nprop, str_dt, sizeof(str_dt)); str = (const char *)str_dt; } @@ -574,9 +581,13 @@ ulong write_smbios_table(ulong addr) int tmp; method = &smbios_write_funcs[i]; - if (IS_ENABLED(CONFIG_OF_CONTROL) && method->subnode_name) - ctx.node = ofnode_find_subnode(parent_node, - method->subnode_name); + ctx.subnode_name = NULL; + if (method->subnode_name) { + ctx.subnode_name = method->subnode_name; + if (IS_ENABLED(CONFIG_OF_CONTROL)) + ctx.node = ofnode_find_subnode(parent_node, + method->subnode_name); + } tmp = method->write((ulong *)&addr, handle++, &ctx); max_struct_size = max(max_struct_size, tmp); -- cgit v1.3.1