right now, the tool preload_check_sign may only checks an image with a pre-load header with rsa. We add the support of pre-load header with ecdsa.
Signed-off-by: Philippe Reynes <[email protected]> --- v3: - initial version tools/preload_check_sign.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tools/preload_check_sign.c b/tools/preload_check_sign.c index ebead459273..6601072be77 100644 --- a/tools/preload_check_sign.c +++ b/tools/preload_check_sign.c @@ -8,6 +8,9 @@ * complete file. The tool preload_check_sign allows to verify and authenticate * a file starting with a preload header. */ + +#define OPENSSL_API_COMPAT 0x10101000L + #include <stdio.h> #include <unistd.h> #include <openssl/pem.h> @@ -144,6 +147,27 @@ int main(int argc, char **argv) info.sig_info.key = info.key; info.sig_info.keylen = info.key_len; + /* For ecdsa key, we have to update some values */ + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + EC_KEY *ecdsa_key; + const EC_GROUP *group; + + ecdsa_key = EVP_PKEY_get1_EC_KEY(pkey); + if (!ecdsa_key) { + fprintf(stderr, "Can not extract ECDSA key\n"); + goto out; + } + + group = EC_KEY_get0_group(ecdsa_key); + if (!group) { + fprintf(stderr, "Can not extract ECDSA group\n"); + goto out; + } + + info.sig_info.keyfile = keyfile; + info.sig_size = (EC_GROUP_order_bits(group) + 7) / 8 * 2; + } + /* Check the signature */ image_pre_load_sig_set_info(&info); ret = image_pre_load_sig((ulong)buffer); -- 2.43.0
