[PATCH v4 09/14] tools: mkimage: pre-load: add support of ecdsa
Simon Glass
sjg at chromium.org
Mon Apr 20 04:12:17 CEST 2026
Hi Philippe,
On 2026-04-17T13:02:04, Philippe Reynes <philippe.reynes at softathome.com> wrote:
> tools: mkimage: pre-load: add support of ecdsa
>
> Right now, mkimage can only create pre-load header
> using rsa. We add the support of ecdsa.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
>
> lib/ecdsa/ecdsa-libcrypto.c | 29 +++++++++++++----
> tools/image-host.c | 79 ++++++++++++++++++++++++++++++++++++++-------
> 2 files changed, 90 insertions(+), 18 deletions(-)
> diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
> @@ -538,6 +533,26 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name,
> + if (info->required_keynode > 0) {
> + key_node = info->required_keynode;
> + } else {
Strictly speaking the check should be >= 0
> diff --git a/tools/image-host.c b/tools/image-host.c
> @@ -1244,13 +1245,61 @@ err_cert:
> +static int fit_pre_load_data_key_ecdsa(const char *keydir, void *keydest,
> + int pre_load_noffset, const void *key_name,
> + const void *algo_name)
> +{
> + struct image_sign_info info;
> + int node, ret = 0;
> +
> + memset(&info, 0, sizeof(info));
> + info.keydir = keydir;
> + info.keyname = strdup(key_name);
> + info.name = strdup(algo_name);
> + info.checksum = image_get_checksum_algo(algo_name);
> + info.crypto = image_get_crypto_algo(algo_name);
> + info.required_keynode = pre_load_noffset;
> +
> + node = ecdsa_add_verify_data(&info, keydest);
Please can you check for NULL returns from image_get_checksum_algo()
and image_get_crypto_algo()? Otherwise ecdsa_add_verify_data() ->
prepare_ctx() -> alloc_ctx() will dereference NULL
See fit_image_setup_sig_info() for an example.
Reviewed-by: Simon Glass <sjg at chromium.org>
Regards,
Simon
More information about the U-Boot
mailing list