host/lib: Decouple openssl headers from HOSTLIB
Coreboot's cbfstool (under GPLv2 license) links HOSTLIB libvboot_host.a
(under 3-Clause BSD license), which was fine, until CL:4798534 included
openssl headers (under Apache 2.0 license) in HOSTLIB
(host/lib/crypto.c), because GPLv2-only license is not compatible with
Apache 2.0.
Since openssl is needed by futility (which links UTILLIB
libvboot_util.a), solve the problem by decoupling openssl headers from
HOSTLIB. vb2_get_sig_alg(), which caused the problem, is moved from
HOSTLIB to UTILLIB (host/lib/util_misc.c).
Ideally source files for UTILLIB should be placed separately from those
for HOSTLIB. However in this patch we simply move vb2_get_sig_alg() to
an existing UTILLIB file that seems suitable for the function.
BUG=b:303171166
TEST=make hostlib
TEST=make utillib
TEST=make runtests -j
BRANCH=none
Change-Id: Ia16d1f8e30a9645f49ac518fda3d302a36e19fd8
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4918917
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
diff --git a/host/include/vboot_host.h b/host/include/vboot_host.h
index 0d4297c..90d5c56 100644
--- a/host/include/vboot_host.h
+++ b/host/include/vboot_host.h
@@ -93,16 +93,6 @@
*/
bool vb2_lookup_hash_alg(const char *str, enum vb2_hash_algorithm *hash_alg);
-/**
- * Get the signature algorithm with exponent |exp| and modulus size |bits|
- *
- * @param exp Exponent of the signature algorithm
- * @param bits Number of bits in the modulus of the signature algorithm
- * @return The signature algorithm that matches the condition, VB2_SIG_INVALID
- * otherwise.
- */
-enum vb2_signature_algorithm vb2_get_sig_alg(uint32_t exp, uint32_t bits);
-
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/host/lib/crypto.c b/host/lib/crypto.c
index 5d032b1..ed98546 100644
--- a/host/lib/crypto.c
+++ b/host/lib/crypto.c
@@ -7,7 +7,6 @@
#include <strings.h>
#include "vboot_host.h"
-#include "openssl_compat.h"
static int lookup_helper(const char *str, const char *table[], size_t size,
unsigned int *out)
@@ -43,31 +42,3 @@
{
return lookup_helper(str, vb2_hash_names, VB2_HASH_ALG_COUNT, hash_alg);
}
-
-enum vb2_signature_algorithm vb2_get_sig_alg(uint32_t exp, uint32_t bits)
-{
- switch (exp) {
- case RSA_3:
- switch (bits) {
- case 2048:
- return VB2_SIG_RSA2048_EXP3;
- case 3072:
- return VB2_SIG_RSA3072_EXP3;
- }
- break;
- case RSA_F4:
- switch (bits) {
- case 1024:
- return VB2_SIG_RSA1024;
- case 2048:
- return VB2_SIG_RSA2048;
- case 4096:
- return VB2_SIG_RSA4096;
- case 8192:
- return VB2_SIG_RSA8192;
- }
- }
-
- /* no clue */
- return VB2_SIG_INVALID;
-}
diff --git a/host/lib/host_p11.c b/host/lib/host_p11.c
index 73c40f0..2c2407e 100644
--- a/host/lib/host_p11.c
+++ b/host/lib/host_p11.c
@@ -14,6 +14,7 @@
#include "2common.h"
#include "host_p11.h"
#include "vboot_host.h"
+#include "util_misc.h"
// We only maintain one global p11 module at a time.
static CK_FUNCTION_LIST_PTR p11 = NULL;
diff --git a/host/lib/include/util_misc.h b/host/lib/include/util_misc.h
index 2a0e078..9552406 100644
--- a/host/lib/include/util_misc.h
+++ b/host/lib/include/util_misc.h
@@ -65,4 +65,14 @@
int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
uint8_t **keyb_data, uint32_t *keyb_size);
+/**
+ * Get the signature algorithm with exponent |exp| and modulus size |bits|
+ *
+ * @param exp Exponent of the signature algorithm
+ * @param bits Number of bits in the modulus of the signature algorithm
+ * @return The signature algorithm that matches the condition, VB2_SIG_INVALID
+ * otherwise.
+ */
+enum vb2_signature_algorithm vb2_get_sig_alg(uint32_t exp, uint32_t bits);
+
#endif /* VBOOT_REFERENCE_UTIL_MISC_H_ */
diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c
index 86f70cd..7d45179 100644
--- a/host/lib/util_misc.c
+++ b/host/lib/util_misc.c
@@ -175,3 +175,31 @@
return retval;
}
+
+enum vb2_signature_algorithm vb2_get_sig_alg(uint32_t exp, uint32_t bits)
+{
+ switch (exp) {
+ case RSA_3:
+ switch (bits) {
+ case 2048:
+ return VB2_SIG_RSA2048_EXP3;
+ case 3072:
+ return VB2_SIG_RSA3072_EXP3;
+ }
+ break;
+ case RSA_F4:
+ switch (bits) {
+ case 1024:
+ return VB2_SIG_RSA1024;
+ case 2048:
+ return VB2_SIG_RSA2048;
+ case 4096:
+ return VB2_SIG_RSA4096;
+ case 8192:
+ return VB2_SIG_RSA8192;
+ }
+ }
+
+ /* no clue */
+ return VB2_SIG_INVALID;
+}
diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c
index c575ddf..fadf791 100644
--- a/host/lib21/host_key.c
+++ b/host/lib21/host_key.c
@@ -18,6 +18,7 @@
#include "host_key21.h"
#include "host_misc.h"
#include "openssl_compat.h"
+#include "util_misc.h"
void vb2_private_key_free(struct vb2_private_key *key)
{