From: Matthias Pritschet Date: Tue, 27 Aug 2024 16:00:54 +0000 (+0200) Subject: mkimage: ecdsa: add signature/key nodes to dtb if missing X-Git-Tag: v2025.01-rc5-pxa1908~290 X-Git-Url: http://git.dujemihanovic.xyz/img/html/%7B%7B%20%24style.RelPermalink%20%7D%7D?a=commitdiff_plain;h=b67436d31969e6d6b76b39849da276506058b900;p=u-boot.git mkimage: ecdsa: add signature/key nodes to dtb if missing If the signature/key node(s) are not yet present in the U-Boot device tree, ecdsa_add_verify_data simply fails if it can't find the nodes. This behaviour differs from rsa_add_verify_data, wich does add the missing nodes and proceeds in that case. This change is mainly copy&paste from rsa_add_verify_data to add the same behaviour to ecdsa_add_verify_data. Signed-off-by: Matthias Pritschet --- diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c index 403dfe0b97..e9aa2a1cf3 100644 --- a/lib/ecdsa/ecdsa-libcrypto.c +++ b/lib/ecdsa/ecdsa-libcrypto.c @@ -281,16 +281,35 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name) BIGNUM *x, *y; signature_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME); - if (signature_node < 0) { - fprintf(stderr, "Could not find 'signature node: %s\n", + if (signature_node == -FDT_ERR_NOTFOUND) { + signature_node = fdt_add_subnode(fdt, 0, FIT_SIG_NODENAME); + if (signature_node < 0) { + if (signature_node != -FDT_ERR_NOSPACE) { + fprintf(stderr, "Couldn't create signature node: %s\n", + fdt_strerror(signature_node)); + } + return signature_node; + } + } else if (signature_node < 0) { + fprintf(stderr, "Cannot select keys signature_node: %s\n", fdt_strerror(signature_node)); return signature_node; } - key_node = fdt_add_subnode(fdt, signature_node, key_node_name); - if (key_node < 0) { - fprintf(stderr, "Could not create '%s' node: %s\n", - key_node_name, fdt_strerror(key_node)); + /* Either create or overwrite the named key node */ + key_node = fdt_subnode_offset(fdt, signature_node, key_node_name); + if (key_node == -FDT_ERR_NOTFOUND) { + key_node = fdt_add_subnode(fdt, signature_node, key_node_name); + if (key_node < 0) { + if (key_node != -FDT_ERR_NOSPACE) { + fprintf(stderr, "Could not create key subnode: %s\n", + fdt_strerror(key_node)); + } + return key_node; + } + } else if (key_node < 0) { + fprintf(stderr, "Cannot select keys key_node: %s\n", + fdt_strerror(key_node)); return key_node; } @@ -326,8 +345,11 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt) fdt_key_name = info->keyname ? info->keyname : "default-key"; ret = prepare_ctx(&ctx, info); - if (ret >= 0) + if (ret >= 0) { ret = do_add(&ctx, fdt, fdt_key_name); + if (ret < 0) + ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; + } free_ctx(&ctx); return ret;