Commit de41f0ee authored by Alexandru Gagniuc's avatar Alexandru Gagniuc Committed by Tom Rini
Browse files

image: rsa: Move padding_algos to linker lists

We are not guaranteed to have the padding_pkcs_15_verify symbol since
commit 92c960bc ("lib: rsa: Remove #ifdefs from rsa.h"), and
commit 61416fe9 ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY")

The padding_algos only make sense with RSA verification, which can now
be disabled in lieu of ECDSA. In fact this will lead to build failures
because of the missing symbol mentioned earlier.

To resolve this, move the padding_algos to a linker list, with
declarations moved to rsa_verify.c. This is consistent with commit
6909edb4 ("image: rsa: Move verification algorithm to a linker list")

One could argue that the added #ifdef USE_HOSTCC is ugly, and should
be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would
be inconsistent with the "cryptos" list. This logic for was not
previously explored:

Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is
similar to something being declared. However, should #ifndef
USE_HOSTCC be part ...
parent 423e324d
......@@ -51,19 +51,6 @@ struct checksum_algo checksum_algos[] = {
};
struct padding_algo padding_algos[] = {
{
.name = "pkcs-1.5",
.verify = padding_pkcs_15_verify,
},
#ifdef CONFIG_FIT_RSASSA_PSS
{
.name = "pss",
.verify = padding_pss_verify,
}
#endif /* CONFIG_FIT_RSASSA_PSS */
};
struct checksum_algo *image_get_checksum_algo(const char *full_name)
{
int i;
......@@ -129,14 +116,16 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name)
struct padding_algo *image_get_padding_algo(const char *name)
{
int i;
struct padding_algo *padding, *end;
if (!name)
return NULL;
for (i = 0; i < ARRAY_SIZE(padding_algos); i++) {
if (!strcmp(padding_algos[i].name, name))
return &padding_algos[i];
padding = ll_entry_start(struct padding_algo, paddings);
end = ll_entry_end(struct padding_algo, paddings);
for (; padding < end; padding++) {
if (!strcmp(padding->name, name))
return padding;
}
return NULL;
......
......@@ -1312,6 +1312,10 @@ struct padding_algo {
const uint8_t *hash, int hash_len);
};
/* Declare a new U-Boot padding algorithm handler */
#define U_BOOT_PADDING_ALGO(__name) \
ll_entry_declare(struct padding_algo, __name, paddings)
/**
* image_get_checksum_algo() - Look up a checksum algorithm
*
......
......@@ -95,6 +95,13 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
return 0;
}
#ifndef USE_HOSTCC
U_BOOT_PADDING_ALGO(pkcs_15) = {
.name = "pkcs-1.5",
.verify = padding_pkcs_15_verify,
};
#endif
#ifdef CONFIG_FIT_RSASSA_PSS
static void u32_i2osp(uint32_t val, uint8_t *buf)
{
......@@ -296,6 +303,14 @@ out:
return ret;
}
#ifndef USE_HOSTCC
U_BOOT_PADDING_ALGO(pss) = {
.name = "pss",
.verify = padding_pss_verify,
};
#endif
#endif
#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment