Re: [PATCH v4 2/6] lib/rsa: Make fdt_add_bignum() available outside of RSA code

Hi,

On 1/8/21 8:17 PM, Alexandru Gagniuc wrote:

fdt_add_bignum() is useful for algorithms other than just RSA. To allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com

include/u-boot/fdt-libcrypto.h | 27 +++++++++++++ lib/fdt-libcrypto.c | 72 ++++++++++++++++++++++++++++++++++ lib/rsa/rsa-sign.c | 65 +----------------------------- tools/Makefile | 1 + 4 files changed, 101 insertions(+), 64 deletions(-) create mode 100644 include/u-boot/fdt-libcrypto.h create mode 100644 lib/fdt-libcrypto.c

(...)

diff --git a/tools/Makefile b/tools/Makefile index b1595ad814..af7698fd01 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -106,6 +106,7 @@ dumpimage-mkimage-objs := aisimage.o \ socfpgaimage.o \ lib/crc16.o \ lib/hash-checksum.o \

• 	lib/fdt-libcrypto.o \
  lib/sha1.o \
  lib/sha256.o \
  lib/sha512.o \
  

This part cause compilation issue when CONFIG_FIT_SIGNATURE is not defined / when openssl is not used

fdt-libcrypto.c:(.text+0x2f): undefined reference to `BN_new' fdt-libcrypto.c:(.text+0x37): undefined reference to `BN_new' fdt-libcrypto.c:(.text+0x44): undefined reference to `BN_new' fdt-libcrypto.c:(.text+0x51): undefined reference to `BN_new' fdt-libcrypto.c:(.text+0x7d): undefined reference to `BN_CTX_new' fdt-libcrypto.c:(.text+0x9d): undefined reference to `BN_set_word' fdt-libcrypto.c:(.text+0xaf): undefined reference to `BN_set_word' fdt-libcrypto.c:(.text+0xc5): undefined reference to `BN_exp' fdt-libcrypto.c:(.text+0x135): undefined reference to `BN_div' fdt-libcrypto.c:(.text+0x13d): undefined reference to `BN_get_word' fdt-libcrypto.c:(.text+0x172): undefined reference to `BN_rshift' fdt-libcrypto.c:(.text+0x1a9): undefined reference to `BN_free' fdt-libcrypto.c:(.text+0x1b3): undefined reference to `BN_free' fdt-libcrypto.c:(.text+0x1bd): undefined reference to `BN_free' fdt-libcrypto.c:(.text+0x1c5): undefined reference to `BN_free'

libssl not always include in mkimage, see the lines:

# MXSImage needs LibSSL   ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),)   HOSTCFLAGS_kwbimage.o += \       $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")   HOSTLDLIBS_mkimage += \       $(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto")

=> I propose to add the added lib only when CONFIG_FIT_SIGNATURE is

activated by removing dumpimage-mkimage-objs udpate and with:

- FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o common/image-fit-sig.o

+ FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o common/image-fit-sig.o lib/fdt-libcrypto.o

Regards

Patrick