Hi,

I was looking at the RSA image authentication code and I'm a bit puzzled by the following line of codes in lib/rsa/rsa-verify.c (https://gitlab.denx.de/u-boot/u-boot/blob/master/lib/rsa/rsa-verify.c#L440):

436 /* See if we must use a particular key */ 437 if (info->required_keynode != -1) { 438 ret = rsa_verify_with_keynode(info, hash, sig, sig_len, 439 info->required_keynode); 440 if (!ret) 441 return ret; 442 } 443 444 /* Look for a key that matches our hint */ 445 snprintf(name, sizeof(name), "key-%s", info->keyname); 446 node = fdt_subnode_offset(blob, sig_node, name); 447 ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node); 448 if (!ret) 449 return ret;

If I understand it correctly, at Line 440 we check if verification with the required key succeeded and if so we return otherwise we continue, trying other keys.

Is that the intended behavior? Shouldn't the code return in any case (thus making the FIT verification process fail if the image couldn't be verified with the required key)? Or am I missing something?

Regards, Daniele