[PATCH] tools: imagetool: Remove unnecessary check from toc0_verify_cert_item()
Seung-Woo Kim
sw0312.kim at samsung.com
Thu Aug 1 11:46:33 CEST 2024
Hi,
> -----Original Message-----
> From: Andre Przywara <andre.przywara at arm.com>
> Sent: Thursday, August 1, 2024 6:28 PM
> Subject: Re: [PATCH] tools: imagetool: Remove unnecessary check from
> toc0_verify_cert_item()
>
> On Thu, 1 Aug 2024 10:01:00 +0900
> Seung-Woo Kim <sw0312.kim at samsung.com> wrote:
>
> Hi,
>
> > Remove unnecessary null check from toc0_verify_cert_item() because the
> > array digest is always not null.
>
> Do you mean it's always not NULL *as currently used*? Because digest is a
> function parameter, so within the scope of this function definition can be
> NULL.
> I agree that *currently* there is only one caller, and this passes the
> addresses of a local variable from the stack, though it's never NULL.
>
> But I don't think this check hurts (looks like the compiler removes it
> anyway), and it makes the code more robust. So is there any problem with
> this check? Why do you want it to be removed?
Because in my gcc-14 environment, it gives -Wnonnull-compare warning.
tools/sunxi_toc0.c: In function 'toc0_verify_cert_item':
tools/sunxi_toc0.c:447:12: warning: 'nonnull' argument 'digest' compared to
NULL [-Wnonnull-compare]
447 | if (digest && memcmp(&extension->digest, digest,
SHA256_DIGEST_LENGTH)) {
| ^
Regards,
- Seung-Woo Kim
>
> Cheers,
> Andre
>
> >
> > Signed-off-by: Seung-Woo Kim <sw0312.kim at samsung.com>
> > ---
> > tools/sunxi_toc0.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c index
> > 292649fe90f1..76693647a095 100644
> > --- a/tools/sunxi_toc0.c
> > +++ b/tools/sunxi_toc0.c
> > @@ -444,7 +444,7 @@ static int toc0_verify_cert_item(const uint8_t
> > *buf, uint32_t len, RSA *fw_key,
> >
> > /* If a digest was provided, compare it to the embedded digest. */
> > extension = &totalSequence->mainSequence.explicit3.extension;
> > - if (digest && memcmp(&extension->digest, digest,
> SHA256_DIGEST_LENGTH)) {
> > + if (memcmp(&extension->digest, digest, SHA256_DIGEST_LENGTH)) {
> > pr_err("Wrong firmware digest in certificate\n");
> > goto err;
> > }
More information about the U-Boot
mailing list