From c033dc8c0c4b744e028e124f88be4829309c75d1 Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Fri, 12 Nov 2021 12:28:11 -0700
Subject: [PATCH] image: Return destination node for add_verify_data() method

It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
---
 include/image.h             | 3 ++-
 include/u-boot/ecdsa.h      | 5 +++--
 include/u-boot/rsa.h        | 5 +++--
 lib/ecdsa/ecdsa-libcrypto.c | 4 ++--
 lib/rsa/rsa-sign.c          | 5 ++++-
 tools/image-host.c          | 5 ++---
 6 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/include/image.h b/include/image.h
index 780b624c8c..cf38aecaa9 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1243,7 +1243,8 @@ struct crypto_algo {
 	 *
 	 * @info:	Specifies key and FIT information
 	 * @keydest:	Destination FDT blob for public key data
-	 * @return: 0, on success, -ve on error
+	 * @return: node offset within the FDT blob where the data was written,
+	 *	or -ve on error
 	 */
 	int (*add_verify_data)(struct image_sign_info *info, void *keydest);
 
diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
index 0ceb0c1a08..6e0269e3ae 100644
--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@@ -44,8 +44,9 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
  *
  * @info:	Specifies key and FIT information
  * @keydest:	Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
- * other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ *	success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ *	value on other error
  */
 int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);
 
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 2ed2ac7e53..01b480d0f3 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -61,8 +61,9 @@ int rsa_sign(struct image_sign_info *info,
  *
  * @info:	Specifies key and FIT information
  * @keydest:	Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
-		other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ *	success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ *	value on other error
 */
 int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
 
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index ae6dfa0ba9..d5939af2c5 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -301,7 +301,7 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
 	if (ret < 0)
 		return ret;
 
-	return 0;
+	return key_node;
 }
 
 int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
@@ -313,7 +313,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
 	fdt_key_name = info->keyname ? info->keyname : "default-key";
 	ret = prepare_ctx(&ctx, info);
 	if (ret >= 0)
-		do_add(&ctx, fdt, fdt_key_name);
+		ret = do_add(&ctx, fdt, fdt_key_name);
 
 	free_ctx(&ctx);
 	return ret;
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index a95a3d2748..3e7b798289 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -703,5 +703,8 @@ err_get_pub_key:
 	if (info->engine_id)
 		rsa_engine_remove(e);
 
-	return ret;
+	if (ret)
+		return ret;
+
+	return node;
 }
diff --git a/tools/image-host.c b/tools/image-host.c
index f13a944136..89520915af 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -267,7 +267,7 @@ static int fit_image_process_sig(const char *keydir, const char *keyfile,
 	 */
 	if (keydest) {
 		ret = info.crypto->add_verify_data(&info, keydest);
-		if (ret) {
+		if (ret < 0) {
 			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
 			       node_name, image_name);
 			return ret;
@@ -1037,11 +1037,10 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile,
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
 		ret = info.crypto->add_verify_data(&info, keydest);
-		if (ret) {
+		if (ret < 0) {
 			printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
 			       node_name, conf_name);
 		}
-		return ret;
 	}
 
 	return 0;
-- 
2.39.5