ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len);
if (ret) {
- printf("Can't set hash '%s' property for '%s' node(%s)\n",
- FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL),
- fdt_strerror(ret));
+ fprintf(stderr, "Can't set hash '%s' property for '%s' node(%s)\n",
+ FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL),
+ fdt_strerror(ret));
return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
}
node_name = fit_get_name(fit, noffset, NULL);
if (fit_image_hash_get_algo(fit, noffset, &algo)) {
- printf("Can't get hash algo property for '%s' hash node in '%s' image node\n",
- node_name, image_name);
+ fprintf(stderr,
+ "Can't get hash algo property for '%s' hash node in '%s' image node\n",
+ node_name, image_name);
return -ENOENT;
}
if (calculate_hash(data, size, algo, value, &value_len)) {
- printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n",
- algo, node_name, image_name);
+ fprintf(stderr,
+ "Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n",
+ algo, node_name, image_name);
return -EPROTONOSUPPORT;
}
ret = fit_set_hash_value(fit, noffset, value, value_len);
if (ret) {
- printf("Can't set hash value for '%s' hash node in '%s' image node\n",
- node_name, image_name);
+ fprintf(stderr, "Can't set hash value for '%s' hash node in '%s' image node\n",
+ node_name, image_name);
return ret;
}
node_name = fit_get_name(fit, noffset, NULL);
if (!algo_name) {
if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
- printf("Can't get algo property for '%s' signature node in '%s' image node\n",
- node_name, image_name);
+ fprintf(stderr,
+ "Can't get algo property for '%s' signature node in '%s' image node\n",
+ node_name, image_name);
return -1;
}
}
info->require_keys = require_keys;
info->engine_id = engine_id;
if (!info->checksum || !info->crypto) {
- printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
- algo_name, node_name, image_name);
+ fprintf(stderr,
+ "Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
+ algo_name, node_name, image_name);
return -1;
}
region.size = size;
ret = info.crypto->sign(&info, ®ion, 1, &value, &value_len);
if (ret) {
- printf("Failed to sign '%s' signature node in '%s' image node: %d\n",
- node_name, image_name, ret);
+ fprintf(stderr, "Failed to sign '%s' signature node in '%s' image node: %d\n",
+ node_name, image_name, ret);
/* We allow keys to be missing */
if (ret == -ENOENT)
if (ret) {
if (ret == -FDT_ERR_NOSPACE)
return -ENOSPC;
- printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n",
- node_name, image_name, fdt_strerror(ret));
+ fprintf(stderr,
+ "Can't write signature for '%s' signature node in '%s' conf node: %s\n",
+ node_name, image_name, fdt_strerror(ret));
return -1;
}
free(value);
if (keydest) {
ret = info.crypto->add_verify_data(&info, keydest);
if (ret < 0) {
- printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
- node_name, image_name);
+ fprintf(stderr,
+ "Failed to add verification data for '%s' signature node in '%s' image node\n",
+ node_name, image_name);
return ret;
}
/* Return the node that was written to */
/* Open file */
fd = open(filename, O_RDONLY | O_BINARY);
if (fd < 0) {
- printf("Can't open file %s (err=%d => %s)\n",
- filename, errno, strerror(errno));
+ fprintf(stderr, "Can't open file %s (err=%d => %s)\n",
+ filename, errno, strerror(errno));
return -1;
}
/* Compute file size */
if (fstat(fd, &sbuf) < 0) {
- printf("Can't fstat file %s (err=%d => %s)\n",
- filename, errno, strerror(errno));
+ fprintf(stderr, "Can't fstat file %s (err=%d => %s)\n",
+ filename, errno, strerror(errno));
goto err;
}
/* Check file size */
if (sbuf.st_size != expected_size) {
- printf("File %s don't have the expected size (size=%lld, expected=%d)\n",
- filename, (long long)sbuf.st_size, expected_size);
+ fprintf(stderr, "File %s don't have the expected size (size=%lld, expected=%d)\n",
+ filename, (long long)sbuf.st_size, expected_size);
goto err;
}
/* Read data */
n = read(fd, data, sbuf.st_size);
if (n < 0) {
- printf("Can't read file %s (err=%d => %s)\n",
- filename, errno, strerror(errno));
+ fprintf(stderr, "Can't read file %s (err=%d => %s)\n",
+ filename, errno, strerror(errno));
goto err;
}
/* Check that we have read all the file */
if (n != sbuf.st_size) {
- printf("Can't read all file %s (read %zd bytes, expected %lld)\n",
- filename, n, (long long)sbuf.st_size);
+ fprintf(stderr, "Can't read all file %s (read %zd bytes, expected %lld)\n",
+ filename, n, (long long)sbuf.st_size);
goto err;
}
int i, ret;
if (!tmp) {
- printf("%s: pointer data is NULL\n", __func__);
+ fprintf(stderr, "%s: pointer data is NULL\n", __func__);
ret = -1;
goto out;
}
ret = clock_gettime(CLOCK_MONOTONIC, &date);
if (ret) {
- printf("%s: clock_gettime has failed (%s)\n", __func__,
- strerror(errno));
+ fprintf(stderr, "%s: clock_gettime has failed (%s)\n", __func__,
+ strerror(errno));
goto out;
}
int ret = -1;
if (fit_image_cipher_get_algo(fit, noffset, &algo_name)) {
- printf("Can't get algo name for cipher in image '%s'\n",
- image_name);
+ fprintf(stderr, "Can't get algo name for cipher in image '%s'\n",
+ image_name);
goto out;
}
/* Read the key name */
info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
if (!info->keyname) {
- printf("Can't get key name for cipher in image '%s'\n",
- image_name);
+ fprintf(stderr, "Can't get key name for cipher in image '%s'\n",
+ image_name);
goto out;
}
info->cipher = image_get_cipher_algo(algo_name);
if (!info->cipher) {
- printf("Can't get algo for cipher '%s'\n", image_name);
+ fprintf(stderr, "Can't get algo for cipher '%s'\n", image_name);
goto out;
}
info->keydir, info->keyname, ".bin");
info->key = malloc(info->cipher->key_len);
if (!info->key) {
- printf("Can't allocate memory for key\n");
+ fprintf(stderr, "Can't allocate memory for key\n");
ret = -1;
goto out;
}
info->iv = malloc(info->cipher->iv_len);
if (!info->iv) {
- printf("Can't allocate memory for iv\n");
+ fprintf(stderr, "Can't allocate memory for iv\n");
ret = -1;
goto out;
}
goto out;
}
if (ret) {
- printf("Can't replace data with ciphered data (err = %d)\n", ret);
+ fprintf(stderr, "Can't replace data with ciphered data (err = %d)\n", ret);
goto out;
}
goto out;
}
if (ret) {
- printf("Can't add unciphered data size (err = %d)\n", ret);
+ fprintf(stderr, "Can't add unciphered data size (err = %d)\n", ret);
goto out;
}
if (keydest) {
ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset);
if (ret) {
- printf("Failed to add verification data for cipher '%s' in image '%s'\n",
- info.keyname, image_name);
+ fprintf(stderr,
+ "Failed to add verification data for cipher '%s' in image '%s'\n",
+ info.keyname, image_name);
goto out;
}
}
/* Get image name */
image_name = fit_get_name(fit, image_noffset, NULL);
if (!image_name) {
- printf("Can't get image name\n");
+ fprintf(stderr, "Can't get image name\n");
return -1;
}
/* Get image data and data length */
if (fit_image_get_data(fit, image_noffset, &data, &size)) {
- printf("Can't get image data/size\n");
+ fprintf(stderr, "Can't get image data/size\n");
return -1;
}
if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
return 0;
if (len != -FDT_ERR_NOTFOUND) {
- printf("Failure testing for data-size-unciphered\n");
+ fprintf(stderr, "Failure testing for data-size-unciphered\n");
return -1;
}
if (cipher_node_offset == -FDT_ERR_NOTFOUND)
return 0;
if (cipher_node_offset < 0) {
- printf("Failure getting cipher node\n");
+ fprintf(stderr, "Failure getting cipher node\n");
return -1;
}
if (!IMAGE_ENABLE_ENCRYPT || !keydir)
/* Get image data and data length */
if (fit_image_get_data(fit, image_noffset, &data, &size)) {
- printf("Can't get image data/size\n");
+ fprintf(stderr, "Can't get image data/size\n");
return -1;
}
}
if (!hash_count) {
- printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n",
- conf_name, sig_name, iname);
+ fprintf(stderr,
+ "Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n",
+ conf_name, sig_name, iname);
return -ENOMSG;
}
FIT_CIPHER_NODENAME);
if (noffset != -FDT_ERR_NOTFOUND) {
if (noffset < 0) {
- printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n",
- conf_name, sig_name, iname,
- fdt_strerror(noffset));
+ fprintf(stderr,
+ "Failed to get cipher node in configuration '%s/%s' image '%s': %s\n",
+ conf_name, sig_name, iname,
+ fdt_strerror(noffset));
return -EIO;
}
ret = fdt_get_path(fit, noffset, path, sizeof(path));
return 0;
err_mem:
- printf("Out of memory processing configuration '%s/%s'\n", conf_name,
- sig_name);
+ fprintf(stderr, "Out of memory processing configuration '%s/%s'\n", conf_name,
+ sig_name);
return -ENOMEM;
err_path:
- printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n",
- iname, conf_name, sig_name, fdt_strerror(ret));
+ fprintf(stderr, "Failed to get path for image '%s' in configuration '%s/%s': %s\n",
+ iname, conf_name, sig_name, fdt_strerror(ret));
return -ENOENT;
}
iname, index);
if (image_noffset < 0) {
- printf("Failed to find image '%s' in configuration '%s/%s'\n",
- iname, conf_name, sig_name);
+ fprintf(stderr,
+ "Failed to find image '%s' in configuration '%s/%s'\n",
+ iname, conf_name, sig_name);
if (allow_missing)
continue;
}
if (!image_count) {
- printf("Failed to find any images for configuration '%s/%s'\n",
- conf_name, sig_name);
+ fprintf(stderr, "Failed to find any images for configuration '%s/%s'\n",
+ conf_name, sig_name);
return -ENOMSG;
}
return 0;
err_mem:
- printf("Out of memory processing configuration '%s/%s'\n", conf_name,
- sig_name);
+ fprintf(stderr, "Out of memory processing configuration '%s/%s'\n", conf_name,
+ sig_name);
return -ENOMEM;
}
fdt_regions, ARRAY_SIZE(fdt_regions),
path, sizeof(path), 1);
if (count < 0) {
- printf("Failed to hash configuration '%s/%s': %s\n", conf_name,
- sig_name, fdt_strerror(ret));
+ fprintf(stderr, "Failed to hash configuration '%s/%s': %s\n", conf_name,
+ sig_name, fdt_strerror(ret));
return -EIO;
}
if (count == 0) {
- printf("No data to hash for configuration '%s/%s': %s\n",
- conf_name, sig_name, fdt_strerror(ret));
+ fprintf(stderr, "No data to hash for configuration '%s/%s': %s\n",
+ conf_name, sig_name, fdt_strerror(ret));
return -EINVAL;
}
/* Build our list of data blocks */
region = fit_region_make_list(fit, fdt_regions, count, NULL);
if (!region) {
- printf("Out of memory hashing configuration '%s/%s'\n",
- conf_name, sig_name);
+ fprintf(stderr, "Out of memory hashing configuration '%s/%s'\n",
+ conf_name, sig_name);
return -ENOMEM;
}
}
region_prop = malloc(len);
if (!region_prop) {
- printf("Out of memory setting up regions for configuration '%s/%s'\n",
- conf_name, sig_name);
+ fprintf(stderr, "Out of memory setting up regions for configuration '%s/%s'\n",
+ conf_name, sig_name);
return -ENOMEM;
}
for (i = len = 0; i < node_inc.count;
&value_len);
free(region);
if (ret) {
- printf("Failed to sign '%s' signature node in '%s' conf node\n",
- node_name, conf_name);
+ fprintf(stderr, "Failed to sign '%s' signature node in '%s' conf node\n",
+ node_name, conf_name);
/* We allow keys to be missing */
if (ret == -ENOENT)
if (ret) {
if (ret == -FDT_ERR_NOSPACE)
return -ENOSPC;
- printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n",
- node_name, conf_name, fdt_strerror(ret));
+ fprintf(stderr,
+ "Can't write signature for '%s' signature node in '%s' conf node: %s\n",
+ node_name, conf_name, fdt_strerror(ret));
return -1;
}
free(value);
if (keydest) {
ret = info.crypto->add_verify_data(&info, keydest);
if (ret < 0) {
- printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
- node_name, conf_name);
+ fprintf(stderr,
+ "Failed to add verification data for '%s' signature node in '%s' configuration node\n",
+ node_name, conf_name);
}
return ret;
}
/* Read the certificate */
cert = NULL;
if (!PEM_read_X509(f, &cert, NULL, NULL)) {
- printf("Couldn't read certificate");
+ fprintf(stderr, "Couldn't read certificate");
ret = -EINVAL;
goto err_cert;
}
/* Get the public key from the certificate. */
key = X509_get_pubkey(cert);
if (!key) {
- printf("Couldn't read public key\n");
+ fprintf(stderr, "Couldn't read public key\n");
ret = -EINVAL;
goto err_pubkey;
}
/* Get DER form */
ret = i2d_PublicKey(key, pubkey);
if (ret < 0) {
- printf("Couldn't get DER form\n");
+ fprintf(stderr, "Couldn't get DER form\n");
ret = -EINVAL;
goto err_pubkey;
}
/* Check that all mandatory properties are present */
if (!algo_name || !key_name) {
if (!algo_name)
- printf("The property algo-name is missing in the node %s\n",
- IMAGE_PRE_LOAD_PATH);
+ fprintf(stderr, "The property algo-name is missing in the node %s\n",
+ IMAGE_PRE_LOAD_PATH);
if (!key_name)
- printf("The property key-name is missing in the node %s\n",
- IMAGE_PRE_LOAD_PATH);
+ fprintf(stderr, "The property key-name is missing in the node %s\n",
+ IMAGE_PRE_LOAD_PATH);
ret = -EINVAL;
goto out;
}
ret = fdt_setprop(keydest, pre_load_noffset, "public-key",
pubkey, pubkey_len);
if (ret)
- printf("Can't set public-key in node %s (ret = %d)\n",
- IMAGE_PRE_LOAD_PATH, ret);
+ fprintf(stderr, "Can't set public-key in node %s (ret = %d)\n",
+ IMAGE_PRE_LOAD_PATH, ret);
out:
return ret;
/* Find images parent node offset */
images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
if (images_noffset < 0) {
- printf("Can't find images parent node '%s' (%s)\n",
- FIT_IMAGES_PATH, fdt_strerror(images_noffset));
+ fprintf(stderr, "Can't find images parent node '%s' (%s)\n",
+ FIT_IMAGES_PATH, fdt_strerror(images_noffset));
return images_noffset;
}
/* Find images parent node offset */
images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
if (images_noffset < 0) {
- printf("Can't find images parent node '%s' (%s)\n",
- FIT_IMAGES_PATH, fdt_strerror(images_noffset));
+ fprintf(stderr, "Can't find images parent node '%s' (%s)\n",
+ FIT_IMAGES_PATH, fdt_strerror(images_noffset));
return images_noffset;
}
fit, noffset, comment, require_keys, engine_id,
cmdname, algo_name);
if (ret) {
- printf("Can't add verification data for node '%s' (%s)\n",
- fdt_get_name(fit, noffset, NULL),
- fdt_strerror(ret));
+ fprintf(stderr, "Can't add verification data for node '%s' (%s)\n",
+ fdt_get_name(fit, noffset, NULL),
+ fdt_strerror(ret));
return ret;
}
}
/* Find configurations parent node offset */
confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
if (confs_noffset < 0) {
- printf("Can't find images parent node '%s' (%s)\n",
- FIT_CONFS_PATH, fdt_strerror(confs_noffset));
+ fprintf(stderr, "Can't find images parent node '%s' (%s)\n",
+ FIT_CONFS_PATH, fdt_strerror(confs_noffset));
return -ENOENT;
}