From patchwork Wed May 20 21:00:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastian Germann X-Patchwork-Id: 1294779 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::437; helo=mail-wr1-x437.google.com; envelope-from=swupdate+bncbcoztveauabbb6nus33akgqepioilei@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=fishpost.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20161025 header.b=BQE+haps; dkim-atps=neutral Received: from mail-wr1-x437.google.com (mail-wr1-x437.google.com [IPv6:2a00:1450:4864:20::437]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49S4sX2SLdz9sRf for ; Thu, 21 May 2020 07:00:47 +1000 (AEST) Received: by mail-wr1-x437.google.com with SMTP id u5sf1888894wrt.22 for ; Wed, 20 May 2020 14:00:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1590008441; cv=pass; d=google.com; s=arc-20160816; b=DKgXSnSDqDOUiOz1soYRRqL/JL5IrTS+Q9Bn1fKR/8LqdSUMClMxdCjRxYdmaeZEHl 8GX9elpB7e4PFFZiMZk634URHtTHjnIwXZFJQJaNC5Z1Fuw48P1pgf5E3qNpG1GFr6ms 4q3OvTOZ0tTkjU/ps8QNifQwwPVSpGAucmzVEVCAbKnkoNzi6rD0RJXPtqnY1LzHcK5U WRnLvp3mb95gBOcZSzTFaYBSUMNG8VallRiiHHo5922B4alcRaxcCx96H+BL0/f1r5bV OrK+iifFUn95qmRMGyLPkqaJxRRyPWY5Ag9UD7LZK2WnsBZbMSLNu8YcPpMPNkx0yCwC eG8w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature; bh=3+yZNVLW6irv6A5Br/nfIS7Zv3gSHs1DOH6elGHNcO4=; b=bgjNkAr/UcZ/rMvEImHMhnFytAOJ+jF80KutTmBNRtaCzj84pVmeoVxeYkzzw8cgBa 2PgSiZiKkLxv9d/3+6Wa8zBxq7l3Yx1zICa3fmamb3PQ3CVQXUl/GH7yYEmNowftiVYZ wmlWOsdaxib71QMtM2wUiqqpmGHWwJcIdGJUYIN3rZinq00GVZr4GJVszVcHkTWoCeAq +dPVtszK5kqmnoQxj1EPqmaPatcF3guwYB90T/j5O6c8VLXApfSaiLf+OkqVo0sjcms0 6ohv5dG2nJ714hhYPQ1RnbvuA6YPmarQxhEOmzVHrKlDr/yttDKR/awILtQj1Yx1eVlF mE3Q== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@fishpost-de.20150623.gappssmtp.com header.s=20150623 header.b=YMiIEt1K; spf=neutral (google.com: 2a00:1450:4864:20::543 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) smtp.mailfrom=bastiangermann@fishpost.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=3+yZNVLW6irv6A5Br/nfIS7Zv3gSHs1DOH6elGHNcO4=; b=BQE+hapsjJ0zhurv4Qaf1uQoCqETSLov1doseAx5hxrR2sfdUvCWUmpFhpgoHRyNWP TX9Je04vl/HKbCeectwK9M8Ujt8SkB4dkzI+X+zcb4nqFBUDqC1HFCqwJigscptUUDgm 9zaZ+bdGbfmmLOdwWErjIDPp5vytEPCuB4EGep5WgzrpBZhAmAeufpD7S+92Wfu/JDvl pKwORdQN3QKanXgPqAulh16AX/faboQHIsNi0H7rFYnem6MkLAcqiN3D5pU1WZsObj31 kRA+vii9UZd6DaGZY9WGY5CFDXYpXmd/PXVkeDAgONjIP1EHQT4IhbvbB1Y8A7uxjn6u uHgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=3+yZNVLW6irv6A5Br/nfIS7Zv3gSHs1DOH6elGHNcO4=; b=oWVZtMq2Q8xhWfBDxOHNd4caWUO2loiQxfXCzTdDPIlAC67hkI73XwOrLnO5SBUI1X W7cNx9o5U8My8Lq51/qUbEP5QKvKWldiDQGP3PTUIO+w+WK7oN8F3Ol4OjIuiKTJJM7/ dfc2Bje6byjDd96BcxgOXx2AXAKcGvUkid3fC+BgVVl/XZbydd137afTcvszjAt5KZuU uWRwlRYOd8OoIjwEhg3v5s5Se3fOKXbSyJ/9uHCgv6puT7nh7H2E3PvI1kWgLq46nLRE EQ2Z6zKB4g7R4W2z832eguSvx70qsh+4dg0vz64qy0lMC9jV+4btkQBzavL0hF/8BemK up8w== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOAM5338221lLhyR5ErPnbFRtt7tP+H4NTzjgSl7xDS7XWQ5E5/XVWHE 4OLqcdIFASNP3ORkFMPH5/s= X-Google-Smtp-Source: ABdhPJxgZWQiklBGC3W/meSZfRxwZIpVEbDp8mNxmBQ6j3qDnZ74QJFJElcd1K+/OsDNm+h9a8pU1g== X-Received: by 2002:adf:f601:: with SMTP id t1mr5956870wrp.207.1590008441434; Wed, 20 May 2020 14:00:41 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:adf:b441:: with SMTP id v1ls3060748wrd.3.gmail; Wed, 20 May 2020 14:00:40 -0700 (PDT) X-Received: by 2002:a05:6000:1104:: with SMTP id z4mr6137219wrw.57.1590008440747; Wed, 20 May 2020 14:00:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590008440; cv=none; d=google.com; s=arc-20160816; b=y3zr+qy3vqIl/1YAyMg5FjOvnusNwdPnn6L/yeMiNP69R5gojfEElXKD0wGhXbdcJw LZSwufTJ/XpAGPkvAmI3q05mG2dTtPtruHtBx/tCYW0MWPEzwF3uGNBkwDXNGhD58eMr b9T9vu+L3TzqUOvkIy7IRh9sq4bVVBedh0bWErVqcjelVzUc619W6lmA8VmgxZfNbh4K 18xkH+yA5aKpQa+h02FWnBvQmpW0zBmAiYx+Y49HpD/kdCSc95zXL0Gp4RMEVEfTjw/b P3V2J40KPiMFpnIogwj/M6DGT5BWiYzgG1T/KuklnqrgUIOeneJceAII4UJRAw4oWFrK 8xGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=fyFXmYa5w5LqvotQ719aovHprN25UAVUbE9c0OVAq6o=; b=WaehHQJB3LJc3nfKDhq7BoeqVWA+8oTY9vrrqfDTPPPqkZ7YaKQvLnc+dd+UQ8uEwi QUqqpnkhZRNd+F4BdHF++xlufYZfCIffHUyCyjXvkxJyPUlSOzFpQWz60Pd0IXZXTfFd P9wz6P5GbF6DqKPIE9B1YA5hdEeu1jQ2pXRDiS/5Cc9X8M/ywb30YyZXnOfyt1F+64xW 883p1H9yCJ1QleHKSH+jmWP6QMStj2ckSdZXwuYbONjVlHjzu0rb15chWEiEsuWL9TOT 7UMT8IknHfTR7FqAw9bVmQfL/acml5GZ5eSBiczPIZZS/0hq2O+29ufaPV8Wdp1DduJD WFog== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@fishpost-de.20150623.gappssmtp.com header.s=20150623 header.b=YMiIEt1K; spf=neutral (google.com: 2a00:1450:4864:20::543 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) smtp.mailfrom=bastiangermann@fishpost.de Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com. [2a00:1450:4864:20::543]) by gmr-mx.google.com with ESMTPS id r3si462859wmg.1.2020.05.20.14.00.40 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 20 May 2020 14:00:40 -0700 (PDT) Received-SPF: neutral (google.com: 2a00:1450:4864:20::543 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) client-ip=2a00:1450:4864:20::543; Received: by mail-ed1-x543.google.com with SMTP id e10so4706386edq.0 for ; Wed, 20 May 2020 14:00:40 -0700 (PDT) X-Received: by 2002:a50:f301:: with SMTP id p1mr5056404edm.180.1590008440222; Wed, 20 May 2020 14:00:40 -0700 (PDT) Received: from thinkbage.fritz.box (p200300d06f3a080026b7d3c47ad71f46.dip0.t-ipconnect.de. [2003:d0:6f3a:800:26b7:d3c4:7ad7:1f46]) by smtp.gmail.com with ESMTPSA id z26sm2734306edr.85.2020.05.20.14.00.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2020 14:00:39 -0700 (PDT) From: Bastian Germann To: swupdate@googlegroups.com Cc: Bastian Germann Subject: [swupdate] [PATCH 2/2] signature: ifdef for mbedtls public key operations Date: Wed, 20 May 2020 23:00:29 +0200 Message-Id: <20200520210029.1138-2-bastiangermann@fishpost.de> X-Mailer: git-send-email 2.27.0.rc0 In-Reply-To: <20200520210029.1138-1-bastiangermann@fishpost.de> References: <20200520210029.1138-1-bastiangermann@fishpost.de> MIME-Version: 1.0 X-Original-Sender: bastiangermann@fishpost.de X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@fishpost-de.20150623.gappssmtp.com header.s=20150623 header.b=YMiIEt1K; spf=neutral (google.com: 2a00:1450:4864:20::543 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) smtp.mailfrom=bastiangermann@fishpost.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , In mbedTLS's swupdate_verify_file implementation, hide the public key operations behind an ifdef, analogous to the OpenSSL based implementation. Signed-off-by: Bastian Germann Acked-by: Stefano Babic --- corelib/verify_signature_mbedtls.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/corelib/verify_signature_mbedtls.c b/corelib/verify_signature_mbedtls.c index 4c964c4..e87576b 100644 --- a/corelib/verify_signature_mbedtls.c +++ b/corelib/verify_signature_mbedtls.c @@ -109,25 +109,23 @@ int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2 int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile) { struct swupdate_digest *dgst; - int error; dgst = calloc(1, sizeof(*dgst)); if (!dgst) { return -ENOMEM; } +#ifdef CONFIG_SIGNED_IMAGES mbedtls_pk_init(&dgst->mbedtls_pk_context); - error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile); + int error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile); if (error) { ERROR("mbedtls_pk_parse_public_keyfile: %d", error); - goto fail; + free(dgst); + return -EIO; } +#endif sw->dgst = dgst; return 0; - -fail: - free(dgst); - return -EIO; }