[v3,09/15] tools: mkimage: pre-load: add support of ecdsa
Simon Glass
sjg at chromium.org
Thu Apr 2 00:12:04 CEST 2026
Hi Philippe,
On 2026-03-31T10:00:34, Philippe Reynes <philippe.reynes at softathome.com> wrote:
> diff --git a/tools/image-host.c b/tools/image-host.c
> @@ -1244,13 +1245,62 @@ err_cert:
> +static int fit_pre_load_data_key_ecdsa(const char *keydir, void *keydest,
> + int pre_load_noffset, const void *key_name,
> + const void *algo_name)
> +{
> + struct image_sign_info info;
> + int keynode;
> +
> + memset(&info, 0, sizeof(info));
> + info.keydir = keydir;
> + info.keyname = strdup(key_name);
> + info.name = strdup(algo_name);
Memory is allocated via strdup() for info.keyname and info.name but
never freed - please free these before returning.
> diff --git a/tools/image-host.c b/tools/image-host.c
> @@ -1244,13 +1245,62 @@ err_cert:
> +static int fit_pre_load_data_key_ecdsa(const char *keydir, void *keydest,
> + int pre_load_noffset, const void *key_name,
The pre_load_noffset parameter is passed in but not used - the
function re-calculates the same offset itself.
> diff --git a/tools/image-host.c b/tools/image-host.c
> @@ -1244,13 +1245,62 @@ err_cert:
> + info.required_keynode = keynode;
> +
> + ecdsa_add_verify_data(&info, keydest);
> +
> + return 0;
The return value of ecdsa_add_verify_data() is not checked. If it
fails, the error is silently ignored. Please can you check the return
value and propagate any error.
> diff --git a/tools/image-host.c b/tools/image-host.c
> @@ -1277,17 +1327,21 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
> + /* Is it a RSA or an ECDSA key */
> + name = strchr((const char *)algo_name, ',');
> + if (!name)
> + return -EINVAL;
This should use 'goto out' rather than direct return to be consistent
with the other error paths in this function.
Regards,
Simon
More information about the U-Boot
mailing list