mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 01:24:27 +00:00
bb3b0c0b09
When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. However, it is incorrectly overwritten
later on with 'KEY_ERR_NONE' or 'KEY_ERR_LOAD'.
The latter case messes up with the key creation scenario. The
'KEY_ERR_LOAD' error leads the tool to exit, when it should attempt to
create the said key file if invoked with the --new-keys/-n option.
Note that, to complicate matters further, which of 'KEY_ERR_OPEN' or
'KEY_ERR_NONE' values is returned by key_load() depends on the version
of OpenSSL in use:
- If using v3+, KEY_ERROR_LOAD is returned.
- If using <v3, KEY_ERROR_NONE is returned as a result of the key
pair container being initialized by key_new().
This patch fixes this bug and also takes the opportunity to refactor
key_load() implementation to (hopefully) make it more straight-forward
and easier to reason about.
Fixes:
|
||
|---|---|---|
| .. | ||
| amlogic | ||
| cert_create | ||
| conventional-changelog-tf-a | ||
| encrypt_fw | ||
| fiptool | ||
| marvell/doimage | ||
| memory | ||
| nxp | ||
| renesas | ||
| sptool | ||
| stm32image | ||