commit d2bcdd5cdc58e566be034f488b1dddcffd0303a4
author Willy Tu <wltu@google.com> Tue Nov 02 19:51:22 2021 -0700
committer Willy Tu <wltu@google.com> Tue Nov 02 21:00:01 2021 -0700
tree 7e3eac81dda358941c3c507d98de4d2dbbae67af
parent e077427e223363bda7bdf4991739aac981991452

Fixed prod_to_dev_downgrade_allowed logic in validate_transition

The documentation for the prod_to_dev_downgrade_allowed function pointer
reads, "If NULL, treated as if the function always returns false."

Return `LIBCR51SIGN_ERROR_DEV_DOWNGRADE_DISALLOWED` if prod_to_dev
allowed return false or is NULL.

Change-Id: I4750256d308096e706bb9e0e0266d365b6f5a026
Signed-off-by: Willy Tu <wltu@google.com>

subprojects/libcr51sign/src/libcr51sign.c

diff --git a/subprojects/libcr51sign/src/libcr51sign.c b/subprojects/libcr51sign/src/libcr51sign.c
index f5cacd4..06183d3 100644
--- a/subprojects/libcr51sign/src/libcr51sign.c
+++ b/subprojects/libcr51sign/src/libcr51sign.c
@@ -209,7 +209,7 @@
             return LIBCR51SIGN_ERROR_INVALID_IMAGE_FAMILY;
         }
 
-        if (!intf->is_production_mode)
+        if (intf->is_production_mode == NULL)
         {
             CPRINTS(ctx, "validate_transition: missing is_production_mode");
             return LIBCR51SIGN_ERROR_INVALID_INTERFACE;
@@ -219,11 +219,10 @@
         {
             CPRINTS(ctx, "validate_transition: checking exemption allowlist");
 
-            if (!intf->prod_to_dev_downgrade_allowed)
-            {
-                return LIBCR51SIGN_SUCCESS;
-            }
-            else if (!intf->prod_to_dev_downgrade_allowed())
+            // If function is NULL or if the function call return false, return
+            // error
+            if (intf->prod_to_dev_downgrade_allowed == NULL ||
+                !intf->prod_to_dev_downgrade_allowed())
             {
                 CPRINTS(ctx, "validate_transition: illegal image type");
                 return LIBCR51SIGN_ERROR_DEV_DOWNGRADE_DISALLOWED;