diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Kconfig | 17 | ||||
-rw-r--r-- | lib/Makefile | 2 | ||||
-rw-r--r-- | lib/rsa/rsa-sign.c | 24 | ||||
-rw-r--r-- | lib/rsa/rsa-verify.c | 2 |
4 files changed, 35 insertions, 10 deletions
diff --git a/lib/Kconfig b/lib/Kconfig index 868de3bf3b..c3f694afc0 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -363,7 +363,22 @@ config SHA_PROG_HW_ACCEL is performed in hardware. config MD5 - bool + bool "Support MD5 algorithm" + help + This option enables MD5 support. MD5 is an algorithm designed + in 1991 that produces a 16-byte digest (or checksum) from its input + data. It has a number of vulnerabilities which preclude its use in + security applications, but it can be useful for providing a quick + checksum of a block of data. + +config SPL_MD5 + bool "Support MD5 algorithm in SPL" + help + This option enables MD5 support in SPL. MD5 is an algorithm designed + in 1991 that produces a 16-byte digest (or checksum) from its input + data. It has a number of vulnerabilities which preclude its use in + security applications, but it can be useful for providing a quick + checksum of a block of data. config CRC32C bool diff --git a/lib/Makefile b/lib/Makefile index c6f862b0c2..6e688afa68 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -40,7 +40,6 @@ obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += smbios.o obj-$(CONFIG_IMAGE_SPARSE) += image-sparse.o obj-y += ldiv.o -obj-$(CONFIG_MD5) += md5.o obj-$(CONFIG_XXHASH) += xxhash.o obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o @@ -59,6 +58,7 @@ obj-$(CONFIG_TPM_V2) += tpm-v2.o endif obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ +obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_$(SPL_)RSA) += rsa/ obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 580c744709..40ca1e1f57 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -4,7 +4,7 @@ */ #include "mkimage.h" -#include <malloc.h> +#include <stdlib.h> #include <stdio.h> #include <string.h> #include <image.h> @@ -135,9 +135,14 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name, if (engine_id && !strcmp(engine_id, "pkcs11")) { if (keydir) - snprintf(key_id, sizeof(key_id), - "pkcs11:%s;object=%s;type=public", - keydir, name); + if (strstr(keydir, "object=")) + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;type=public", + keydir); + else + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;object=%s;type=public", + keydir, name); else snprintf(key_id, sizeof(key_id), "pkcs11:object=%s;type=public", @@ -255,9 +260,14 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name, if (engine_id && !strcmp(engine_id, "pkcs11")) { if (keydir) - snprintf(key_id, sizeof(key_id), - "pkcs11:%s;object=%s;type=private", - keydir, name); + if (strstr(keydir, "object=")) + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;type=private", + keydir); + else + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;object=%s;type=private", + keydir, name); else snprintf(key_id, sizeof(key_id), "pkcs11:object=%s;type=private", diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 80e817314b..f7ae174cb0 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -445,7 +445,7 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, prop.rr = fdt_getprop(blob, node, "rsa,r-squared", NULL); - if (!prop.num_bits || !prop.modulus) { + if (!prop.num_bits || !prop.modulus || !prop.rr) { debug("%s: Missing RSA key info", __func__); return -EFAULT; } |