It is useful to know where the verification data was written. Update the
API to return this.
Signed-off-by: Simon Glass <s...@chromium.org>
---
include/image.h | 3 ++-
include/u-boot/ecdsa.h | 5 +++--
include/u-boot/rsa.h | 5 +++--
lib/ecdsa/ecdsa-libcrypto.c | 4 ++--
lib/rsa/rsa-sign.c | 5 ++++-
tools/image-host.c | 5 ++---
6 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/include/image.h b/include/image.h
index d5598cec461..0f5e037a192 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1242,7 +1242,8 @@ struct crypto_algo {
*
* @info: Specifies key and FIT information
* @keydest: Destination FDT blob for public key data
- * @return: 0, on success, -ve on error
+ * @return: node offset within the FDT blob where the data was written,
+ * or -ve on error
*/
int (*add_verify_data)(struct image_sign_info *info, void *keydest);
diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
index f6951c7346d..f1fa176d916 100644
--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@@ -44,8 +44,9 @@ int ecdsa_sign(struct image_sign_info *info, const struct
image_region region[],
*
* @info: Specifies key and FIT information
* @keydest: Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
- * other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ * success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ * value on other error
*/
int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 7556aa5b4b7..fafefeedd80 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -61,8 +61,9 @@ int rsa_sign(struct image_sign_info *info,
*
* @info: Specifies key and FIT information
* @keydest: Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
- other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ * success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ * value on other error
*/
int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 1757a145623..aa9a226d031 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -299,7 +299,7 @@ static int do_add(struct signer *ctx, void *fdt, const char
*key_node_name)
if (ret < 0)
return ret;
- return 0;
+ return key_node;
}
int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
@@ -311,7 +311,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info,
void *fdt)
fdt_key_name = info->keyname ? info->keyname : "default-key";
ret = prepare_ctx(&ctx, info);
if (ret >= 0)
- do_add(&ctx, fdt, fdt_key_name);
+ ret = do_add(&ctx, fdt, fdt_key_name);
free_ctx(&ctx);
return ret;
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 0579e5294ee..e8b06c857f2 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -701,5 +701,8 @@ err_get_pub_key:
if (info->engine_id)
rsa_engine_remove(e);
- return ret;
+ if (ret)
+ return ret;
+
+ return node;
}
diff --git a/tools/image-host.c b/tools/image-host.c
index e4322d323a2..e53fe4bbbed 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -264,7 +264,7 @@ static int fit_image_process_sig(const char *keydir, const
char *keyfile,
*/
if (keydest) {
ret = info.crypto->add_verify_data(&info, keydest);
- if (ret) {
+ if (ret < 0) {
printf("Failed to add verification data for '%s'
signature node in '%s' image node\n",
node_name, image_name);
return ret;
@@ -1030,11 +1030,10 @@ static int fit_config_process_sig(const char *keydir,
const char *keyfile,
/* Write the public key into the supplied FDT file */
if (keydest) {
ret = info.crypto->add_verify_data(&info, keydest);
- if (ret) {
+ if (ret < 0) {
printf("Failed to add verification data for '%s'
signature node in '%s' configuration node\n",
node_name, conf_name);
}
- return ret;
}
return 0;
--
2.34.0.rc1.387.gb447b232ab-goog
