Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke...@gmail.com>
---
 lib/ecdsa/ecdsa-libcrypto.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 322880963f..1757a14562 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -140,8 +140,20 @@ static int read_key(struct signer *ctx, const char 
*key_name)
 /* Prepare a 'signer' context that's ready to sign and verify. */
 static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
 {
-       const char *kname = info->keydir;
        int key_len_bytes, ret;
+       char kname[1024];
+
+       memset(ctx, 0, sizeof(*ctx));
+
+       if (info->keyfile) {
+               snprintf(kname,  sizeof(kname), "%s", info->keyfile);
+       } else if (info->keydir && info->keyname) {
+               snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir,
+                        info->keyname);
+       } else {
+               fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n");
+               return -EINVAL;
+       }
 
        ret = alloc_ctx(ctx, info);
        if (ret)
-- 
2.26.2

Reply via email to