diff options
Diffstat (limited to 'gnu/packages/patches/u-boot-build-without-libcrypto.patch')
| -rw-r--r-- | gnu/packages/patches/u-boot-build-without-libcrypto.patch | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/gnu/packages/patches/u-boot-build-without-libcrypto.patch b/gnu/packages/patches/u-boot-build-without-libcrypto.patch new file mode 100644 index 0000000000..d56588941c --- /dev/null +++ b/gnu/packages/patches/u-boot-build-without-libcrypto.patch @@ -0,0 +1,123 @@ +From 03e598263e3878b6f5d58f5525577903edadc644 Mon Sep 17 00:00:00 2001 +From: Paul-Erwan Rio <paulerwan.rio@gmail.com> +Date: Thu, 21 Dec 2023 08:26:11 +0100 +Subject: [PATCH] tools: fix build without LIBCRYPTO support + +Commit cb9faa6f98ae ("tools: Use a single target-independent config to +enable OpenSSL") introduced a target-independent configuration to build +crypto features in host tools. + +But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in +host tools and SPL") the build without OpenSSL is broken, due to FIT +signature/encryption features. Add missing conditional compilation +tokens to fix this. + +Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com> +Tested-by: Alexander Dahl <ada@thorsis.com> +Cc: Simon Glass <sjg@chromium.org> +Reviewed-by: Tom Rini <trini@konsulko.com> +Reviewed-by: Simon Glass <sjg@chromium.org> +--- + include/image.h | 2 +- + tools/Kconfig | 1 + + tools/fit_image.c | 2 +- + tools/image-host.c | 4 ++++ + tools/mkimage.c | 5 +++-- + 5 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/include/image.h b/include/image.h +index 432ec927b1..21de70f0c9 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -1465,7 +1465,7 @@ int calculate_hash(const void *data, int data_len, const char *algo, + * device + */ + #if defined(USE_HOSTCC) +-# if defined(CONFIG_FIT_SIGNATURE) ++# if CONFIG_IS_ENABLED(FIT_SIGNATURE) + # define IMAGE_ENABLE_SIGN 1 + # define FIT_IMAGE_ENABLE_VERIFY 1 + # include <openssl/evp.h> +diff --git a/tools/Kconfig b/tools/Kconfig +index f8632cd59d..f01ed783e6 100644 +--- a/tools/Kconfig ++++ b/tools/Kconfig +@@ -51,6 +51,7 @@ config TOOLS_FIT_RSASSA_PSS + Support the rsassa-pss signature scheme in the tools builds + + config TOOLS_FIT_SIGNATURE ++ depends on TOOLS_LIBCRYPTO + def_bool y + help + Enable signature verification of FIT uImages in the tools builds +diff --git a/tools/fit_image.c b/tools/fit_image.c +index 71e031c855..beef1fa86e 100644 +--- a/tools/fit_image.c ++++ b/tools/fit_image.c +@@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, + ret = fit_set_timestamp(ptr, 0, time); + } + +- if (!ret) ++ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret) + ret = fit_pre_load_data(params->keydir, dest_blob, ptr); + + if (!ret) { +diff --git a/tools/image-host.c b/tools/image-host.c +index ca4950312f..90bc9f905f 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -14,8 +14,10 @@ + #include <image.h> + #include <version.h> + ++#if CONFIG_IS_ENABLED(FIT_SIGNATURE) + #include <openssl/pem.h> + #include <openssl/evp.h> ++#endif + + /** + * fit_set_hash_value - set hash value in requested has node +@@ -1131,6 +1133,7 @@ static int fit_config_add_verification_data(const char *keydir, + return 0; + } + ++#if CONFIG_IS_ENABLED(FIT_SIGNATURE) + /* + * 0) open file (open) + * 1) read certificate (PEM_read_X509) +@@ -1239,6 +1242,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit) + out: + return ret; + } ++#endif + + int fit_cipher_data(const char *keydir, void *keydest, void *fit, + const char *comment, int require_keys, +diff --git a/tools/mkimage.c b/tools/mkimage.c +index 6dfe3e1d42..ac62ebbde9 100644 +--- a/tools/mkimage.c ++++ b/tools/mkimage.c +@@ -115,7 +115,7 @@ static void usage(const char *msg) + " -B => align size in hex for FIT structure and header\n" + " -b => append the device tree binary to the FIT\n" + " -t => update the timestamp in the FIT\n"); +-#ifdef CONFIG_FIT_SIGNATURE ++#if CONFIG_IS_ENABLED(FIT_SIGNATURE) + fprintf(stderr, + "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n" + " -k => set directory containing private keys\n" +@@ -130,8 +130,9 @@ static void usage(const char *msg) + " -o => algorithm to use for signing\n"); + #else + fprintf(stderr, +- "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); ++ "Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n"); + #endif ++ + fprintf(stderr, " %s -V ==> print version information and exit\n", + params.cmdname); + fprintf(stderr, "Use '-T list' to see a list of available image types\n"); +-- +2.41.0 + |