From patchwork Sun Dec 4 15:03:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Rini X-Patchwork-Id: 1711880 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=konsulko.com header.i=@konsulko.com header.a=rsa-sha256 header.s=google header.b=ZDDFqkrw; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NQ9634QXrz23np for ; Mon, 5 Dec 2022 02:07:55 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1C7BF85424; Sun, 4 Dec 2022 16:06:24 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=konsulko.com header.i=@konsulko.com header.b="ZDDFqkrw"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1685385317; Sun, 4 Dec 2022 16:06:11 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 666948530B for ; Sun, 4 Dec 2022 16:06:08 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=trini@konsulko.com Received: by mail-ed1-x534.google.com with SMTP id c66so6302053edf.5 for ; Sun, 04 Dec 2022 07:06:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eXJQqHYqc/u0Oq0W1pWJpEtZwc24VoZ+vrA4Vvd/dac=; b=ZDDFqkrw6+dOoVA2acZ+bgRQX068TMu/FtkPdTnZdYCZDOtTnpjRWlCeMo6JxPxAZQ voxhmGAOPRzTElWg0g0F0fZ8tZXkqYBdO+/HARI4mCLxAQqSJI5F4cqZS2URdP9tfLrS kgQCmjI1/N9c9EGdln7LhL/yfVIQ6vfqp3Au8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eXJQqHYqc/u0Oq0W1pWJpEtZwc24VoZ+vrA4Vvd/dac=; b=ojFOI8XwVMrGKIiqeifvWv1sBaQ1IoL3benULfQhhyBFoZepkAf2Omb8be076ATcrA wbY4193rp19GdqqvmZKB2XAPn+RVp/n0S3ca9t+PGI/6ADr+hF1wQUpDnPI6Gpnb1Dq9 xKBTd7nHHk4f2MULk3hzqYeUrPdRmrHqCrtOe3BCHqUk3R68JxsP3AMVesXbMdmH5qvP GQO7DGrE3QIFMalyhUPol+mtVwfiTXgOQQiTpphFjfKaH7z9VMThw518kQBVx8+UUVeV W3U+U/eKgKDicYDIgGnEkhVEK/2f9IpgzhepBYOFEPVDK8eiCKa9oMHwJyU9tDPBAbuC sqaw== X-Gm-Message-State: ANoB5pkI7AzEpyrwgxgeiCkjUX+MSmc4xf/p5gU3ey4LhCkM/oDZzDpb TgPhugYAF3H5UfXpg8iu4GNp8LOOYNRDRM34 X-Google-Smtp-Source: AA0mqf5SuENBpWYeTodt1n06BlMc+XUOMqyk+zmFLwZ2RVLILv9mO8JjmVEJHhASZAxxrfiexaSR9w== X-Received: by 2002:a05:6402:2421:b0:461:524f:a8f4 with SMTP id t33-20020a056402242100b00461524fa8f4mr70690943eda.260.1670166367649; Sun, 04 Dec 2022 07:06:07 -0800 (PST) Received: from bill-the-cat.lan (2603-6081-7b00-6400-61c7-2644-b62d-0af3.res6.spectrum.com. [2603:6081:7b00:6400:61c7:2644:b62d:af3]) by smtp.gmail.com with ESMTPSA id g1-20020a17090604c100b0073dc5bb7c32sm5240058eja.64.2022.12.04.07.06.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 04 Dec 2022 07:06:07 -0800 (PST) From: Tom Rini To: u-boot@lists.denx.de Subject: [PATCH 010/149] rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY Date: Sun, 4 Dec 2022 10:03:35 -0500 Message-Id: <20221204150554.4165941-10-trini@konsulko.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221204150554.4165941-1-trini@konsulko.com> References: <20221202214251.3027264-41-trini@konsulko.com> <20221204150554.4165941-1-trini@konsulko.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we cannot undef the symbol in this manner. As this ends up only being a single location in a file that already has other checks for HOST_CC, add one more HOST_CC check instead. Signed-off-by: Tom Rini --- lib/rsa/rsa-verify.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 9605c376390a..0662235be6f1 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -23,18 +23,13 @@ #include #include -#ifndef __UBOOT__ /* * NOTE: * Since host tools, like mkimage, make use of openssl library for * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are * of no use and should not be compiled in. - * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY. */ -#undef CONFIG_RSA_VERIFY_WITH_PKEY -#endif - /* Default public exponent for backward compatibility */ #define RSA_DEFAULT_PUBEXP 65537 @@ -506,6 +501,7 @@ int rsa_verify_hash(struct image_sign_info *info, { int ret = -EACCES; +#if !defined(USE_HOSTCC) if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) { /* don't rely on fdt properties */ ret = rsa_verify_with_pkey(info, hash, sig, sig_len); @@ -513,6 +509,7 @@ int rsa_verify_hash(struct image_sign_info *info, debug("%s: rsa_verify_with_pkey() failed\n", __func__); return ret; } +#endif if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) { const void *blob = info->fdt_blob;