diff mbox series

[2/2] signature: ifdef for mbedtls public key operations

Message ID 20200520210029.1138-2-bastiangermann@fishpost.de
State Accepted
Headers show
Series [1/2] Move swupdate_dgst_init to the right place | expand

Commit Message

Bastian Germann May 20, 2020, 9 p.m. UTC 
In mbedTLS's swupdate_verify_file implementation, hide the public key
operations behind an ifdef, analogous to the OpenSSL based
implementation.

Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
---
 corelib/verify_signature_mbedtls.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

Comments

Stefano Babic May 21, 2020, 7:27 a.m. UTC | #1 
On 20.05.20 23:00, Bastian Germann wrote:
> In mbedTLS's swupdate_verify_file implementation, hide the public key
> operations behind an ifdef, analogous to the OpenSSL based
> implementation.
> 
> Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
> ---
>  corelib/verify_signature_mbedtls.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/corelib/verify_signature_mbedtls.c b/corelib/verify_signature_mbedtls.c
> index 4c964c4..e87576b 100644
> --- a/corelib/verify_signature_mbedtls.c
> +++ b/corelib/verify_signature_mbedtls.c
> @@ -109,25 +109,23 @@ int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2
>  int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
>  {
>  	struct swupdate_digest *dgst;
> -	int error;
>  
>  	dgst = calloc(1, sizeof(*dgst));
>  	if (!dgst) {
>  		return -ENOMEM;
>  	}
>  
> +#ifdef CONFIG_SIGNED_IMAGES
>  	mbedtls_pk_init(&dgst->mbedtls_pk_context);
>  
> -	error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
> +	int error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
>  	if (error) {
>  		ERROR("mbedtls_pk_parse_public_keyfile: %d", error);
> -		goto fail;
> +		free(dgst);
> +		return -EIO;
>  	}
> +#endif
>  
>  	sw->dgst = dgst;
>  	return 0;
> -
> -fail:
> -	free(dgst);
> -	return -EIO;
>  }
> 

Acked-by: Stefano Babic <sbabic@denx.de>

Best regards,
Stefano Babic
diff mbox series

Patch

diff --git a/corelib/verify_signature_mbedtls.c b/corelib/verify_signature_mbedtls.c
index 4c964c4..e87576b 100644
--- a/corelib/verify_signature_mbedtls.c
+++ b/corelib/verify_signature_mbedtls.c
@@ -109,25 +109,23 @@  int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2
 int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
 {
 	struct swupdate_digest *dgst;
-	int error;
 
 	dgst = calloc(1, sizeof(*dgst));
 	if (!dgst) {
 		return -ENOMEM;
 	}
 
+#ifdef CONFIG_SIGNED_IMAGES
 	mbedtls_pk_init(&dgst->mbedtls_pk_context);
 
-	error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
+	int error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
 	if (error) {
 		ERROR("mbedtls_pk_parse_public_keyfile: %d", error);
-		goto fail;
+		free(dgst);
+		return -EIO;
 	}
+#endif
 
 	sw->dgst = dgst;
 	return 0;
-
-fail:
-	free(dgst);
-	return -EIO;
 }