From c522949a29d44d728517cc2579ed719747da3e5d Mon Sep 17 00:00:00 2001
From: Philippe Reynes <philippe.reynes@softathome.com>
Date: Wed, 29 Apr 2020 15:26:17 +0200
Subject: [PATCH] rsa: sig: fix config signature check for fit with padding

The signature check on config node is broken on fit with padding.
To compute the signature for config node, U-Boot compute the
signature on all properties of requested node for this config,
except for the property "data". But, when padding is used for
binary in a fit, there isn't a property "data" but two properties:
"data-offset" and "data-size". So to fix the check of signature,
we also don't use the properties "data-offset" and "data-size"
when checking the signature on config node.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 common/image-fit-sig.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
index 3e73578594..a3a0c61bcb 100644
--- a/common/image-fit-sig.c
+++ b/common/image-fit-sig.c
@@ -249,7 +249,7 @@ static int fit_config_check_sig(const void *fit, int noffset,
 				int required_keynode, int conf_noffset,
 				char **err_msgp)
 {
-	char * const exc_prop[] = {"data"};
+	char * const exc_prop[] = {"data", "data-size", "data-position"};
 	const char *prop, *end, *name;
 	struct image_sign_info info;
 	const uint32_t *strings;
-- 
2.39.5