mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-05-06 02:58:42 +00:00
bb3b0c0b09
When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. However, it is incorrectly overwritten
later on with 'KEY_ERR_NONE' or 'KEY_ERR_LOAD'.
The latter case messes up with the key creation scenario. The
'KEY_ERR_LOAD' error leads the tool to exit, when it should attempt to
create the said key file if invoked with the --new-keys/-n option.
Note that, to complicate matters further, which of 'KEY_ERR_OPEN' or
'KEY_ERR_NONE' values is returned by key_load() depends on the version
of OpenSSL in use:
- If using v3+, KEY_ERROR_LOAD is returned.
- If using <v3, KEY_ERROR_NONE is returned as a result of the key
pair container being initialized by key_new().
This patch fixes this bug and also takes the opportunity to refactor
key_load() implementation to (hopefully) make it more straight-forward
and easier to reason about.
Fixes:
|
||
|---|---|---|
| .. | ||
| cca | ||
| dualroot | ||
| tbbr | ||
| cert.h | ||
| cmd_opt.h | ||
| debug.h | ||
| ext.h | ||
| key.h | ||
| sha.h | ||