From b9778c94feb2774f7ab1b2697ee952fea2c07c42 Mon Sep 17 00:00:00 2001
From: Gokul Sriram Palanisamy <quic_gokulsri@quicinc.com>
Date: Mon, 18 Jul 2022 09:21:27 +0530
Subject: [PATCH] ipq5332: TINY NOR: disable sha1, sha256 and md5

SHA1, SHA256 and MD5 are enabled by default.
Added below configs to configure them easily.

CONFIG_FIT_DISABLE_MD5
CONFIG_FIT_DISABLE_SHA1
CONFIG_FIT_DISABLE_SHA256

SHA1 hash verification was used for FIT image
verification along with CRC32. Added a check
in FIT image hash verification to skip SHA1,
if TINY profile is enabled.

Change-Id: Ie3dbcde46b30938e693e8060218aa9834513bcff
Signed-off-by: Gokul Sriram Palanisamy <quic_gokulsri@quicinc.com>
Signed-off-by: Timple Raj M <quic_timple@quicinc.com>
---
 common/image-fit.c        | 13 +++++++++++++
 include/configs/ipq5332.h |  3 +++
 include/image.h           | 15 +++++++++++++++
 3 files changed, 31 insertions(+)

diff --git a/common/image-fit.c b/common/image-fit.c
index d1b60e1a1d..68b899427d 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -914,17 +914,23 @@ int calculate_hash(const void *data, int data_len, const char *algo,
 							CHUNKSZ_CRC32);
 		*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
 		*value_len = 4;
+#ifdef CONFIG_SHA1
 	} else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
 		sha1_csum_wd((unsigned char *)data, data_len,
 			     (unsigned char *)value, CHUNKSZ_SHA1);
 		*value_len = 20;
+#endif
+#ifdef CONFIG_SHA256
 	} else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
 		sha256_csum_wd((unsigned char *)data, data_len,
 			       (unsigned char *)value, CHUNKSZ_SHA256);
 		*value_len = SHA256_SUM_LEN;
+#endif
+#ifdef CONFIG_MD5
 	} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
 		md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
 		*value_len = 16;
+#endif
 	} else {
 		debug("Unsupported hash alogrithm\n");
 		return -1;
@@ -948,6 +954,13 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data,
 		*err_msgp = "Can't get hash algo property";
 		return -1;
 	}
+
+#ifndef CONFIG_SHA1
+	if (!strncmp(algo, "sha1", 4)) {
+		debug("- skipping");
+		return 0;
+	}
+#endif
 	printf("%s", algo);
 
 	if (IMAGE_ENABLE_IGNORE) {
diff --git a/include/configs/ipq5332.h b/include/configs/ipq5332.h
index a8a72e2388..7ddeeff102 100644
--- a/include/configs/ipq5332.h
+++ b/include/configs/ipq5332.h
@@ -441,6 +441,9 @@ extern loff_t board_env_size;
 #define CONFIG_CMD_DISABLE_BOOTP
 #define CONFIG_CMD_DISABLE_CHPART
 #define CONFIG_CMD_DISABLE_FDT
+#define CONFIG_FIT_DISABLE_MD5
+#define CONFIG_FIT_DISABLE_SHA1
+#define CONFIG_FIT_DISABLE_SHA256
 #endif
 
 /*
diff --git a/include/image.h b/include/image.h
index 51fa422f09..cf60f9f262 100644
--- a/include/image.h
+++ b/include/image.h
@@ -78,6 +78,21 @@ struct lmb;
 #undef IMAGE_ENABLE_SHA256
 #endif
 
+#ifdef CONFIG_FIT_DISABLE_SHA1
+#undef CONFIG_SHA1
+#undef IMAGE_ENABLE_SHA1
+#endif
+
+#ifdef CONFIG_FIT_DISABLE_MD5
+#undef CONFIG_MD5
+#undef IMAGE_ENABLE_MD5
+#endif
+
+#ifdef CONFIG_FIT_DISABLE_CRC32
+#undef CONFIG_CRC32
+#undef IMAGE_ENABLE_CRC32
+#endif
+
 #ifndef IMAGE_ENABLE_CRC32
 #define IMAGE_ENABLE_CRC32	0
 #endif