diff options
author | Simon Glass <sjg@chromium.org> | 2021-11-12 12:28:11 -0700 |
---|---|---|
committer | Simon Glass <sjg@chromium.org> | 2022-01-26 08:50:44 -0700 |
commit | c033dc8c0c4b744e028e124f88be4829309c75d1 (patch) | |
tree | 8b29d79edab956df71ecf9529f34b102842b54be | |
parent | 99f844ba3a6b3ddd73742cddf7dee955bbb96c61 (diff) | |
download | u-boot-c033dc8c0c4b744e028e124f88be4829309c75d1.tar.gz |
image: Return destination node for add_verify_data() method
It is useful to know where the verification data was written. Update the
API to return this.
Signed-off-by: Simon Glass <sjg@chromium.org>
-rw-r--r-- | include/image.h | 3 | ||||
-rw-r--r-- | include/u-boot/ecdsa.h | 5 | ||||
-rw-r--r-- | include/u-boot/rsa.h | 5 | ||||
-rw-r--r-- | lib/ecdsa/ecdsa-libcrypto.c | 4 | ||||
-rw-r--r-- | lib/rsa/rsa-sign.c | 5 | ||||
-rw-r--r-- | tools/image-host.c | 5 |
6 files changed, 16 insertions, 11 deletions
diff --git a/include/image.h b/include/image.h index 780b624c8c..cf38aecaa9 100644 --- a/include/image.h +++ b/include/image.h @@ -1243,7 +1243,8 @@ struct crypto_algo { * * @info: Specifies key and FIT information * @keydest: Destination FDT blob for public key data - * @return: 0, on success, -ve on error + * @return: node offset within the FDT blob where the data was written, + * or -ve on error */ int (*add_verify_data)(struct image_sign_info *info, void *keydest); diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h index 0ceb0c1a08..6e0269e3ae 100644 --- a/include/u-boot/ecdsa.h +++ b/include/u-boot/ecdsa.h @@ -44,8 +44,9 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[], * * @info: Specifies key and FIT information * @keydest: Destination FDT blob for public key data - * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space, - * other -ve value on error + * @return: node offset within the FDT blob where the data was written on + * success, -ENOSPC if the keydest FDT blob ran out of space, other -ve + * value on other error */ int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest); diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index 2ed2ac7e53..01b480d0f3 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -61,8 +61,9 @@ int rsa_sign(struct image_sign_info *info, * * @info: Specifies key and FIT information * @keydest: Destination FDT blob for public key data - * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space, - other -ve value on error + * @return: node offset within the FDT blob where the data was written on + * success, -ENOSPC if the keydest FDT blob ran out of space, other -ve + * value on other error */ int rsa_add_verify_data(struct image_sign_info *info, void *keydest); diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c index ae6dfa0ba9..d5939af2c5 100644 --- a/lib/ecdsa/ecdsa-libcrypto.c +++ b/lib/ecdsa/ecdsa-libcrypto.c @@ -301,7 +301,7 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name) if (ret < 0) return ret; - return 0; + return key_node; } int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt) @@ -313,7 +313,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt) fdt_key_name = info->keyname ? info->keyname : "default-key"; ret = prepare_ctx(&ctx, info); if (ret >= 0) - do_add(&ctx, fdt, fdt_key_name); + ret = do_add(&ctx, fdt, fdt_key_name); free_ctx(&ctx); return ret; diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index a95a3d2748..3e7b798289 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -703,5 +703,8 @@ err_get_pub_key: if (info->engine_id) rsa_engine_remove(e); - return ret; + if (ret) + return ret; + + return node; } diff --git a/tools/image-host.c b/tools/image-host.c index f13a944136..89520915af 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -267,7 +267,7 @@ static int fit_image_process_sig(const char *keydir, const char *keyfile, */ if (keydest) { ret = info.crypto->add_verify_data(&info, keydest); - if (ret) { + if (ret < 0) { printf("Failed to add verification data for '%s' signature node in '%s' image node\n", node_name, image_name); return ret; @@ -1037,11 +1037,10 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile, /* Write the public key into the supplied FDT file */ if (keydest) { ret = info.crypto->add_verify_data(&info, keydest); - if (ret) { + if (ret < 0) { printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n", node_name, conf_name); } - return ret; } return 0; |