/*
* Copyright (c) 2013, Google Inc.
*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- * MA 02111-1307 USA
+ * SPDX-License-Identifier: GPL-2.0+
*/
#include "mkimage.h"
EVP_cleanup();
}
-static int rsa_sign_with_key(RSA *rsa, const struct image_region region[],
- int region_count, uint8_t **sigp, uint *sig_size)
+static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
+ const struct image_region region[], int region_count,
+ uint8_t **sigp, uint *sig_size)
{
EVP_PKEY *key;
EVP_MD_CTX *context;
goto err_create;
}
EVP_MD_CTX_init(context);
- if (!EVP_SignInit(context, EVP_sha1())) {
+ if (!EVP_SignInit(context, checksum_algo->calculate_sign())) {
ret = rsa_err("Signer setup failed");
goto err_sign;
}
ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa);
if (ret)
goto err_priv;
- ret = rsa_sign_with_key(rsa, region, region_count, sigp, sig_len);
+ ret = rsa_sign_with_key(rsa, info->algo->checksum, region,
+ region_count, sigp, sig_len);
if (ret)
goto err_sign;
if (parent == -FDT_ERR_NOTFOUND) {
parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME);
if (parent < 0) {
- fprintf(stderr, "Couldn't create signature node: %s\n",
- fdt_strerror(parent));
- return -EINVAL;
+ ret = parent;
+ if (ret != -FDT_ERR_NOSPACE) {
+ fprintf(stderr, "Couldn't create signature node: %s\n",
+ fdt_strerror(parent));
+ }
}
}
+ if (ret)
+ goto done;
/* Either create or overwrite the named key node */
snprintf(name, sizeof(name), "key-%s", info->keyname);
if (node == -FDT_ERR_NOTFOUND) {
node = fdt_add_subnode(keydest, parent, name);
if (node < 0) {
- fprintf(stderr, "Could not create key subnode: %s\n",
- fdt_strerror(node));
- return -EINVAL;
+ ret = node;
+ if (ret != -FDT_ERR_NOSPACE) {
+ fprintf(stderr, "Could not create key subnode: %s\n",
+ fdt_strerror(node));
+ }
}
} else if (node < 0) {
fprintf(stderr, "Cannot select keys parent: %s\n",
fdt_strerror(node));
- return -ENOSPC;
+ ret = node;
}
- ret = fdt_setprop_string(keydest, node, "key-name-hint",
+ if (!ret) {
+ ret = fdt_setprop_string(keydest, node, "key-name-hint",
info->keyname);
- ret |= fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
- ret |= fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv);
- ret |= fdt_add_bignum(keydest, node, "rsa,modulus", modulus, bits);
- ret |= fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared, bits);
- ret |= fdt_setprop_string(keydest, node, FIT_ALGO_PROP,
- info->algo->name);
+ }
+ if (!ret)
+ ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
+ if (!ret)
+ ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv);
+ if (!ret) {
+ ret = fdt_add_bignum(keydest, node, "rsa,modulus", modulus,
+ bits);
+ }
+ if (!ret) {
+ ret = fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared,
+ bits);
+ }
+ if (!ret) {
+ ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP,
+ info->algo->name);
+ }
if (info->require_keys) {
- fdt_setprop_string(keydest, node, "required",
- info->require_keys);
+ ret = fdt_setprop_string(keydest, node, "required",
+ info->require_keys);
}
+done:
BN_free(modulus);
BN_free(r_squared);
if (ret)
- return -EIO;
+ return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
return 0;
}