Hi,
On 1/8/21 8:17 PM, Alexandru Gagniuc wrote:
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.
The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.
Signed-off-by: Alexandru Gagniuc <[email protected]>
---
include/u-boot/fdt-libcrypto.h | 27 +++++++++++++
lib/fdt-libcrypto.c | 72 ++++++++++++++++++++++++++++++++++
lib/rsa/rsa-sign.c | 65 +-----------------------------
tools/Makefile | 1 +
4 files changed, 101 insertions(+), 64 deletions(-)
create mode 100644 include/u-boot/fdt-libcrypto.h
create mode 100644 lib/fdt-libcrypto.c
(...)
diff --git a/tools/Makefile b/tools/Makefile
index b1595ad814..af7698fd01 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -106,6 +106,7 @@ dumpimage-mkimage-objs := aisimage.o \
socfpgaimage.o \
lib/crc16.o \
lib/hash-checksum.o \
+ lib/fdt-libcrypto.o \
lib/sha1.o \
lib/sha256.o \
lib/sha512.o \
This part cause compilation issue when CONFIG_FIT_SIGNATURE is not
defined / when openssl is not used
fdt-libcrypto.c:(.text+0x2f): undefined reference to `BN_new'
fdt-libcrypto.c:(.text+0x37): undefined reference to `BN_new'
fdt-libcrypto.c:(.text+0x44): undefined reference to `BN_new'
fdt-libcrypto.c:(.text+0x51): undefined reference to `BN_new'
fdt-libcrypto.c:(.text+0x7d): undefined reference to `BN_CTX_new'
fdt-libcrypto.c:(.text+0x9d): undefined reference to `BN_set_word'
fdt-libcrypto.c:(.text+0xaf): undefined reference to `BN_set_word'
fdt-libcrypto.c:(.text+0xc5): undefined reference to `BN_exp'
fdt-libcrypto.c:(.text+0x135): undefined reference to `BN_div'
fdt-libcrypto.c:(.text+0x13d): undefined reference to `BN_get_word'
fdt-libcrypto.c:(.text+0x172): undefined reference to `BN_rshift'
fdt-libcrypto.c:(.text+0x1a9): undefined reference to `BN_free'
fdt-libcrypto.c:(.text+0x1b3): undefined reference to `BN_free'
fdt-libcrypto.c:(.text+0x1bd): undefined reference to `BN_free'
fdt-libcrypto.c:(.text+0x1c5): undefined reference to `BN_free'
libssl not always include in mkimage, see the lines:
# MXSImage needs LibSSL
ifneq
($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),)
HOSTCFLAGS_kwbimage.o += \
$(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
HOSTLDLIBS_mkimage += \
$(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo
"-lssl -lcrypto")
=> I propose to add the added lib only when CONFIG_FIT_SIGNATURE is
activated by removing dumpimage-mkimage-objs udpate and with:
- FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o
common/image-fit-sig.o
+ FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o
common/image-fit-sig.o lib/fdt-libcrypto.o
Regards
Patrick
