[PATCH 4/4] lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate
Alexandru Gagniuc
mr.nuke.me at gmail.com
Thu Feb 4 20:57:05 CET 2021
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
---
lib/ecdsa/ecdsa-libcrypto.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 322880963f..1757a14562 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -140,8 +140,20 @@ static int read_key(struct signer *ctx, const char *key_name)
/* Prepare a 'signer' context that's ready to sign and verify. */
static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
{
- const char *kname = info->keydir;
int key_len_bytes, ret;
+ char kname[1024];
+
+ memset(ctx, 0, sizeof(*ctx));
+
+ if (info->keyfile) {
+ snprintf(kname, sizeof(kname), "%s", info->keyfile);
+ } else if (info->keydir && info->keyname) {
+ snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir,
+ info->keyname);
+ } else {
+ fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n");
+ return -EINVAL;
+ }
ret = alloc_ctx(ctx, info);
if (ret)
--
2.26.2
More information about the U-Boot
mailing list