lib: rsa: rsa-verify: don't look for keys in the FIT image
authorPhilippe Reynes <philippe.reynes@softathome.com>
Tue, 12 Jan 2021 18:18:54 +0000 (19:18 +0100)
committerTom Rini <trini@konsulko.com>
Wed, 27 Jan 2021 22:03:16 +0000 (17:03 -0500)
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib/rsa/rsa-verify.c

index 0ab0f62..e34d329 100644 (file)
@@ -522,10 +522,10 @@ int rsa_verify_hash(struct image_sign_info *info,
                        return ret;
 
                /* No luck, so try each of the keys in turn */
-               for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node,
+               for (ndepth = 0, noffset = fdt_next_node(blob, sig_node,
                                                         &ndepth);
                     (noffset >= 0) && (ndepth > 0);
-                    noffset = fdt_next_node(info->fit, noffset, &ndepth)) {
+                    noffset = fdt_next_node(blob, noffset, &ndepth)) {
                        if (ndepth == 1 && noffset != node) {
                                ret = rsa_verify_with_keynode(info, hash,
                                                              sig, sig_len,