From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C31A4C4708C for ; Tue, 6 Dec 2022 02:59:19 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 63508854E1; Tue, 6 Dec 2022 03:59:17 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="FJsMmapI"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E6AEA852BD; Tue, 6 Dec 2022 03:59:15 +0100 (CET) Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id CAE7385087 for ; Tue, 6 Dec 2022 03:59:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pf1-x429.google.com with SMTP id 140so13297860pfz.6 for ; Mon, 05 Dec 2022 18:59:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=0Em8iJE5NlyrHCIp6s30P7mvhHHxHo63mjBOsnIcrD4=; b=FJsMmapIcpeLubiqYdftgSqXRZx0x3leN4RM3n5rqajXqjbE7+7R//ONgDSZ/4l+tW dLItcRiod2PSGP0TqX6SsvILeBf4eQ5BsQfrkGWXw8vfBAoZZ/u9YEsIEdCzES1h8XXU Moa7isgtELSqK1LptH2g4LhVjA8arAP9PnpRavqIAFRbOzc03VBRGOIV6X18WajFd8Pq pX+hfIWyejY+rKiFxCEKbp63ZiYBXGH6w8fnKMfM7NpjegEcrz11a2EG9NsJjyb+CSxV j3wJfYdkuKN0vnc6XjJoH9BBI5+mc5bhbibjoXpR1Alz1jBzR31TlpDNQ+FoyAu52P3I /WQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0Em8iJE5NlyrHCIp6s30P7mvhHHxHo63mjBOsnIcrD4=; b=X4VXsY0QfPx610SP6UKTf8Rdh+IGNqTGh3dlmJSZESBSGl9lXknEQ4T0R46NKGIxDS /gVsXUbifFCpwBMqe3mb8EXYOidyRfhbSAsHJXgjW9XhDDZFw3Yt6O0CrbBI+5WqmhWH SScgCrDY5q2taIOag+k54pXsZZyNr+bmE7du/9nHYDSCO+L40atwNMZqpbqOF4+PhsBL Do6PKk8X6DvrPH0d44rOtroZ1zemhWel8YFIAslWNIQRcx7nn9rNhXrs3SaNNwp9n5/8 aJnOdiPlPtmkNRKsaeIePj05jDlMsW9fyJMLKC3fDSy7z0k3CtZTvsyj/hO6H7FFkqvk CwfQ== X-Gm-Message-State: ANoB5pkqIsSseg7gpGRoztLpLdZrhUrrKyg1eKvv0IvjC2SxFZGAI+2V Ts749G2E/HwfxR88sIqdCBwqOw== X-Google-Smtp-Source: AA0mqf7oXN0o3E2ZIT9SjWdjIEDmVJeRp7WZkdxcrtHEY+vm9KM6pcDFj2ku54BTKuHG099ipHxKdQ== X-Received: by 2002:a63:e954:0:b0:478:65d6:517c with SMTP id q20-20020a63e954000000b0047865d6517cmr23107371pgj.220.1670295550845; Mon, 05 Dec 2022 18:59:10 -0800 (PST) Received: from laputa ([2400:4050:c3e1:100:e0cc:b642:d398:6b7d]) by smtp.gmail.com with ESMTPSA id g5-20020a63e605000000b004785c24ffb4sm8874916pgh.26.2022.12.05.18.59.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Dec 2022 18:59:09 -0800 (PST) Date: Tue, 6 Dec 2022 11:59:06 +0900 From: AKASHI Takahiro To: Tom Rini Cc: u-boot@lists.denx.de, Simon Glass Subject: Re: [PATCHv2 010/149] rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY Message-ID: <20221206025906.GA9675@laputa> Mail-Followup-To: AKASHI Takahiro , Tom Rini , u-boot@lists.denx.de, Simon Glass References: <20221204150554.4165941-10-trini@konsulko.com> <20221204223706.176996-1-trini@konsulko.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221204223706.176996-1-trini@konsulko.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On Sun, Dec 04, 2022 at 05:37:06PM -0500, Tom Rini wrote: > While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we > cannot undef the symbol in this manner. As this ends up being a test > within another function we can use !tools_build() as a test here. > > Cc: Simon Glass > Signed-off-by: Tom Rini > --- > Changes in v2: > - Switch to !tools_build() per Simon > --- > lib/rsa/rsa-verify.c | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c > index 9605c376390a..db2aca5385a9 100644 > --- a/lib/rsa/rsa-verify.c > +++ b/lib/rsa/rsa-verify.c > @@ -23,18 +23,13 @@ > #include > #include > > -#ifndef __UBOOT__ > /* > * NOTE: > * Since host tools, like mkimage, make use of openssl library for > * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are > * of no use and should not be compiled in. > - * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY. > */ I think you can delete the whole comment here. If you think it's still helpful, please place it below in the function. -Takahiro Akashi > -#undef CONFIG_RSA_VERIFY_WITH_PKEY > -#endif > - > /* Default public exponent for backward compatibility */ > #define RSA_DEFAULT_PUBEXP 65537 > > @@ -506,7 +501,8 @@ int rsa_verify_hash(struct image_sign_info *info, > { > int ret = -EACCES; > > - if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) { > + if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && > + !info->fdt_blob) { > /* don't rely on fdt properties */ > ret = rsa_verify_with_pkey(info, hash, sig, sig_len); > if (ret) > -- > 2.25.1 >