On Tue, 27 Aug 2024 at 18:52, Matthias Pritschet <[email protected]> wrote: > > From: Matthias Pritschet <[email protected]> > > If the signature/key node(s) are not yet present in the U-Boot device > tree, ecdsa_add_verify_data simply fails if it can't find the nodes. > This behaviour differs from rsa_add_verify_data, wich does add the missing > nodes and proceeds in that case. > > This change is mainly copy&paste from rsa_add_verify_data to add the > same behaviour to ecdsa_add_verify_data.
Could the duplicated code be moved out into a function shared between the two *_add_verify_data bits of code? > Signed-off-by: Matthias Pritschet <[email protected]> > --- > lib/ecdsa/ecdsa-libcrypto.c | 36 +++++++++++++++++++++++++++++------- > 1 file changed, 29 insertions(+), 7 deletions(-) > > diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c > index 5fa9be10b4..db0a828a29 100644 > --- a/lib/ecdsa/ecdsa-libcrypto.c > +++ b/lib/ecdsa/ecdsa-libcrypto.c > @@ -281,16 +281,35 @@ static int do_add(struct signer *ctx, void *fdt, const > char *key_node_name) > BIGNUM *x, *y; > > signature_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME); > - if (signature_node < 0) { > - fprintf(stderr, "Could not find 'signature node: %s\n", > + if (signature_node == -FDT_ERR_NOTFOUND) { > + signature_node = fdt_add_subnode(fdt, 0, FIT_SIG_NODENAME); > + if (signature_node < 0) { > + if (signature_node != -FDT_ERR_NOSPACE) { > + fprintf(stderr, "Couldn't create signature > node: %s\n", > + fdt_strerror(signature_node)); > + } > + return signature_node; > + } > + } else if (signature_node < 0) { > + fprintf(stderr, "Cannot select keys signature_node: %s\n", > fdt_strerror(signature_node)); > return signature_node; > } > > - key_node = fdt_add_subnode(fdt, signature_node, key_node_name); > - if (key_node < 0) { > - fprintf(stderr, "Could not create '%s' node: %s\n", > - key_node_name, fdt_strerror(key_node)); > + /* Either create or overwrite the named key node */ > + key_node = fdt_subnode_offset(fdt, signature_node, key_node_name); > + if (key_node == -FDT_ERR_NOTFOUND) { > + key_node = fdt_add_subnode(fdt, signature_node, > key_node_name); > + if (key_node < 0) { > + if (key_node != -FDT_ERR_NOSPACE) { > + fprintf(stderr, "Could not create key > subnode: %s\n", > + fdt_strerror(key_node)); > + } > + return key_node; > + } > + } else if (key_node < 0) { > + fprintf(stderr, "Cannot select keys key_node: %s\n", > + fdt_strerror(key_node)); > return key_node; > } > > @@ -326,8 +345,11 @@ int ecdsa_add_verify_data(struct image_sign_info *info, > void *fdt) > > fdt_key_name = info->keyname ? info->keyname : "default-key"; > ret = prepare_ctx(&ctx, info); > - if (ret >= 0) > + if (ret >= 0){ > ret = do_add(&ctx, fdt, fdt_key_name); > + if (ret < 0) > + ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; > + } > > free_ctx(&ctx); > return ret; > -- > 2.34.1 >
