[v3,13/15] tools: preload_check_sign: add support of ecdsa
Simon Glass
sjg at chromium.org
Thu Apr 2 00:47:55 CEST 2026
Hi Philippe,
On 2026-03-31T10:00:34, Philippe Reynes <philippe.reynes at softathome.com> wrote:
> diff --git a/tools/preload_check_sign.c b/tools/preload_check_sign.c
> @@ -144,6 +147,27 @@ int main(int argc, char **argv)
> + /* For ecdsa key, we have to update some values */
> + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
> + EC_KEY *ecdsa_key;
> + const EC_GROUP *group;
> +
> + ecdsa_key = EVP_PKEY_get1_EC_KEY(pkey);
> + if (!ecdsa_key) {
> + fprintf(stderr, "Can not extract ECDSA key\n");
> + goto out;
> + }
EVP_PKEY_get1_EC_KEY() increments the reference count on the returned
EC_KEY, so you need to call EC_KEY_free(ecdsa_key) when done with it
(see lib/ecdsa/ecdsa-libcrypto.c for the pattern). Otherwise this
leaks memory.
> diff --git a/tools/preload_check_sign.c b/tools/preload_check_sign.c
> @@ -144,6 +147,27 @@ int main(int argc, char **argv)
> + ecdsa_key = EVP_PKEY_get1_EC_KEY(pkey);
> + if (!ecdsa_key) {
> + fprintf(stderr, "Can not extract ECDSA key\n");
> + goto out;
> + }
> +
> + group = EC_KEY_get0_group(ecdsa_key);
> + if (!group) {
> + fprintf(stderr, "Can not extract ECDSA group\n");
> + goto out;
> + }
Both error paths are missing setting ret to EXIT_FAILURE before the
goto. Without this, the tool exits with success even when these
extractions fail.
Regards,
Simon
More information about the U-Boot
mailing list