* [ptxdist] [PATCH] imx-cst: version bump 3.1.0 -> 3.4.1
@ 2025-03-05 11:00 Rouven Czerwinski
2025-03-07 10:15 ` Michael Olbrich
2025-03-10 8:27 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 2 replies; 5+ messages in thread
From: Rouven Czerwinski @ 2025-03-05 11:00 UTC (permalink / raw)
To: ptxdist; +Cc: Rouven Czerwinski
The CST archive from NXP now ships with a proper Makefile, all we need
to do is supply the correct host openssl library. Additionally, pkcs11
is now supported, but has to be enabled via "-b pkcs11".
In barebox recipes that means the the compile environment needs to
contain CST_EXTRA_CMDLINE_OPTIONS="-b pkcs11", to use the native pkcs11
backend.
Additionally the frontend library no longer exists.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
rules/host-imx-cst.make | 24 +++++++-----------------
1 file changed, 7 insertions(+), 17 deletions(-)
diff --git a/rules/host-imx-cst.make b/rules/host-imx-cst.make
index 42d6f667b..3850f7200 100644
--- a/rules/host-imx-cst.make
+++ b/rules/host-imx-cst.make
@@ -14,8 +14,8 @@ HOST_PACKAGES-$(PTXCONF_HOST_IMX_CST) += host-imx-cst
#
# Paths and names
#
-HOST_IMX_CST_VERSION := 3.1.0
-HOST_IMX_CST_MD5 := 89a2d6c05253c4de9a1bf9d5710bb7ae
+HOST_IMX_CST_VERSION := 3.4.1
+HOST_IMX_CST_MD5 := b23ed5983734d4812fcf1da33eac8f31
HOST_IMX_CST := cst-$(HOST_IMX_CST_VERSION)
HOST_IMX_CST_SUFFIX := tgz
HOST_IMX_CST_SOURCE := $(SRCDIR)/$(HOST_IMX_CST).$(HOST_IMX_CST_SUFFIX)
@@ -56,13 +56,9 @@ HOST_IMX_CST_CONF := NO
HOST_IMX_CST_ARCH := \
linux$(call ptx/ifeq, GNU_BUILD, x86_64-%, 64, 32)
-$(STATEDIR)/host-imx-cst.compile:
- @$(call targetinfo)
- cd $(HOST_IMX_CST_DIR)/code/back_end/src && \
- $(HOSTCC) \
- -Wall -O2 -g3 -o ../../../$(HOST_IMX_CST_ARCH)/bin/cst \
- -I ../hdr -L ../../../$(HOST_IMX_CST_ARCH)/lib *.c -lfrontend -lcrypto
- @$(call touch)
+HOST_IMX_CST_MAKE_ENV := \
+ $(HOST_ENV) \
+ OPENSSL_PATH="$(PTXDIST_SYSROOT_HOST)/usr/lib/"
# ----------------------------------------------------------------------------
# Install
@@ -71,19 +67,13 @@ $(STATEDIR)/host-imx-cst.compile:
HOST_IMX_CST_PROGS := \
cst \
srktool \
- x5092wtls
-
-HOST_IMX_CST_LIBS := \
- libfrontend.a
+ mac_dump
$(STATEDIR)/host-imx-cst.install:
@$(call targetinfo)
@$(foreach prog, $(HOST_IMX_CST_PROGS), \
- install -v -m0755 -D $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
+ install -v -m0755 -D $(HOST_IMX_CST_DIR)/build/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
$(HOST_IMX_CST_PKGDIR)/usr/bin/$(prog)$(ptx/nl))
- @$(foreach lib, $(HOST_IMX_CST_LIBS), \
- install -v -m0644 -D $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/lib/$(lib) \
- $(HOST_IMX_CST_PKGDIR)/usr/lib/imx-cst/$(lib)$(ptx/nl))
@$(call touch)
# vim: syntax=make
--
2.39.5
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH] imx-cst: version bump 3.1.0 -> 3.4.1
2025-03-05 11:00 [ptxdist] [PATCH] imx-cst: version bump 3.1.0 -> 3.4.1 Rouven Czerwinski
@ 2025-03-07 10:15 ` Michael Olbrich
2025-03-07 10:20 ` Rouven Czerwinski
2025-03-10 8:27 ` [ptxdist] [APPLIED] " Michael Olbrich
1 sibling, 1 reply; 5+ messages in thread
From: Michael Olbrich @ 2025-03-07 10:15 UTC (permalink / raw)
To: Rouven Czerwinski; +Cc: ptxdist
On Wed, Mar 05, 2025 at 12:00:34PM +0100, Rouven Czerwinski wrote:
> The CST archive from NXP now ships with a proper Makefile, all we need
> to do is supply the correct host openssl library. Additionally, pkcs11
> is now supported, but has to be enabled via "-b pkcs11".
>
> In barebox recipes that means the the compile environment needs to
> contain CST_EXTRA_CMDLINE_OPTIONS="-b pkcs11", to use the native pkcs11
> backend.
There is one patch "cst: Add pkcs11 support" for the old version. Does this
mean that the patch is no longer needed?
Michael
> Additionally the frontend library no longer exists.
>
> Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
> ---
> rules/host-imx-cst.make | 24 +++++++-----------------
> 1 file changed, 7 insertions(+), 17 deletions(-)
>
> diff --git a/rules/host-imx-cst.make b/rules/host-imx-cst.make
> index 42d6f667b..3850f7200 100644
> --- a/rules/host-imx-cst.make
> +++ b/rules/host-imx-cst.make
> @@ -14,8 +14,8 @@ HOST_PACKAGES-$(PTXCONF_HOST_IMX_CST) += host-imx-cst
> #
> # Paths and names
> #
> -HOST_IMX_CST_VERSION := 3.1.0
> -HOST_IMX_CST_MD5 := 89a2d6c05253c4de9a1bf9d5710bb7ae
> +HOST_IMX_CST_VERSION := 3.4.1
> +HOST_IMX_CST_MD5 := b23ed5983734d4812fcf1da33eac8f31
> HOST_IMX_CST := cst-$(HOST_IMX_CST_VERSION)
> HOST_IMX_CST_SUFFIX := tgz
> HOST_IMX_CST_SOURCE := $(SRCDIR)/$(HOST_IMX_CST).$(HOST_IMX_CST_SUFFIX)
> @@ -56,13 +56,9 @@ HOST_IMX_CST_CONF := NO
> HOST_IMX_CST_ARCH := \
> linux$(call ptx/ifeq, GNU_BUILD, x86_64-%, 64, 32)
>
> -$(STATEDIR)/host-imx-cst.compile:
> - @$(call targetinfo)
> - cd $(HOST_IMX_CST_DIR)/code/back_end/src && \
> - $(HOSTCC) \
> - -Wall -O2 -g3 -o ../../../$(HOST_IMX_CST_ARCH)/bin/cst \
> - -I ../hdr -L ../../../$(HOST_IMX_CST_ARCH)/lib *.c -lfrontend -lcrypto
> - @$(call touch)
> +HOST_IMX_CST_MAKE_ENV := \
> + $(HOST_ENV) \
> + OPENSSL_PATH="$(PTXDIST_SYSROOT_HOST)/usr/lib/"
>
> # ----------------------------------------------------------------------------
> # Install
> @@ -71,19 +67,13 @@ $(STATEDIR)/host-imx-cst.compile:
> HOST_IMX_CST_PROGS := \
> cst \
> srktool \
> - x5092wtls
> -
> -HOST_IMX_CST_LIBS := \
> - libfrontend.a
> + mac_dump
>
> $(STATEDIR)/host-imx-cst.install:
> @$(call targetinfo)
> @$(foreach prog, $(HOST_IMX_CST_PROGS), \
> - install -v -m0755 -D $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> + install -v -m0755 -D $(HOST_IMX_CST_DIR)/build/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> $(HOST_IMX_CST_PKGDIR)/usr/bin/$(prog)$(ptx/nl))
> - @$(foreach lib, $(HOST_IMX_CST_LIBS), \
> - install -v -m0644 -D $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/lib/$(lib) \
> - $(HOST_IMX_CST_PKGDIR)/usr/lib/imx-cst/$(lib)$(ptx/nl))
> @$(call touch)
>
> # vim: syntax=make
> --
> 2.39.5
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH] imx-cst: version bump 3.1.0 -> 3.4.1
2025-03-07 10:15 ` Michael Olbrich
@ 2025-03-07 10:20 ` Rouven Czerwinski
2025-03-07 10:25 ` Michael Olbrich
0 siblings, 1 reply; 5+ messages in thread
From: Rouven Czerwinski @ 2025-03-07 10:20 UTC (permalink / raw)
To: Michael Olbrich; +Cc: ptxdist
On Fri, 2025-03-07 at 11:15 +0100, Michael Olbrich wrote:
> On Wed, Mar 05, 2025 at 12:00:34PM +0100, Rouven Czerwinski wrote:
> > The CST archive from NXP now ships with a proper Makefile, all we
> > need
> > to do is supply the correct host openssl library. Additionally,
> > pkcs11
> > is now supported, but has to be enabled via "-b pkcs11".
> >
> > In barebox recipes that means the the compile environment needs to
> > contain CST_EXTRA_CMDLINE_OPTIONS="-b pkcs11", to use the native
> > pkcs11
> > backend.
>
> There is one patch "cst: Add pkcs11 support" for the old version.
> Does this
> mean that the patch is no longer needed?
Correct.
- rcz
>
> Michael
>
> > Additionally the frontend library no longer exists.
> >
> > Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
> > ---
> > rules/host-imx-cst.make | 24 +++++++-----------------
> > 1 file changed, 7 insertions(+), 17 deletions(-)
> >
> > diff --git a/rules/host-imx-cst.make b/rules/host-imx-cst.make
> > index 42d6f667b..3850f7200 100644
> > --- a/rules/host-imx-cst.make
> > +++ b/rules/host-imx-cst.make
> > @@ -14,8 +14,8 @@ HOST_PACKAGES-$(PTXCONF_HOST_IMX_CST) += host-
> > imx-cst
> > #
> > # Paths and names
> > #
> > -HOST_IMX_CST_VERSION := 3.1.0
> > -HOST_IMX_CST_MD5 := 89a2d6c05253c4de9a1bf9d5710bb7ae
> > +HOST_IMX_CST_VERSION := 3.4.1
> > +HOST_IMX_CST_MD5 := b23ed5983734d4812fcf1da33eac8f31
> > HOST_IMX_CST := cst-$(HOST_IMX_CST_VERSION)
> > HOST_IMX_CST_SUFFIX := tgz
> > HOST_IMX_CST_SOURCE :=
> > $(SRCDIR)/$(HOST_IMX_CST).$(HOST_IMX_CST_SUFFIX)
> > @@ -56,13 +56,9 @@ HOST_IMX_CST_CONF := NO
> > HOST_IMX_CST_ARCH := \
> > linux$(call ptx/ifeq, GNU_BUILD, x86_64-%, 64, 32)
> >
> > -$(STATEDIR)/host-imx-cst.compile:
> > - @$(call targetinfo)
> > - cd $(HOST_IMX_CST_DIR)/code/back_end/src && \
> > - $(HOSTCC) \
> > - -Wall -O2 -g3 -o
> > ../../../$(HOST_IMX_CST_ARCH)/bin/cst \
> > - -I ../hdr -L ../../../$(HOST_IMX_CST_ARCH)/lib *.c
> > -lfrontend -lcrypto
> > - @$(call touch)
> > +HOST_IMX_CST_MAKE_ENV := \
> > + $(HOST_ENV) \
> > + OPENSSL_PATH="$(PTXDIST_SYSROOT_HOST)/usr/lib/"
> >
> > # ----------------------------------------------------------------
> > ------------
> > # Install
> > @@ -71,19 +67,13 @@ $(STATEDIR)/host-imx-cst.compile:
> > HOST_IMX_CST_PROGS := \
> > cst \
> > srktool \
> > - x5092wtls
> > -
> > -HOST_IMX_CST_LIBS := \
> > - libfrontend.a
> > + mac_dump
> >
> > $(STATEDIR)/host-imx-cst.install:
> > @$(call targetinfo)
> > @$(foreach prog, $(HOST_IMX_CST_PROGS), \
> > - install -v -m0755 -D
> > $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> > + install -v -m0755 -D
> > $(HOST_IMX_CST_DIR)/build/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> > $(HOST_IMX_CST_PKGDIR)/usr/bin/$(prog)$(ptx/nl))
> > - @$(foreach lib, $(HOST_IMX_CST_LIBS), \
> > - install -v -m0644 -D
> > $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/lib/$(lib) \
> > - $(HOST_IMX_CST_PKGDIR)/usr/lib/imx-
> > cst/$(lib)$(ptx/nl))
> > @$(call touch)
> >
> > # vim: syntax=make
> > --
> > 2.39.5
> >
> >
> >
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH] imx-cst: version bump 3.1.0 -> 3.4.1
2025-03-07 10:20 ` Rouven Czerwinski
@ 2025-03-07 10:25 ` Michael Olbrich
0 siblings, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2025-03-07 10:25 UTC (permalink / raw)
To: Rouven Czerwinski; +Cc: ptxdist
On Fri, Mar 07, 2025 at 11:20:36AM +0100, Rouven Czerwinski wrote:
> On Fri, 2025-03-07 at 11:15 +0100, Michael Olbrich wrote:
> > On Wed, Mar 05, 2025 at 12:00:34PM +0100, Rouven Czerwinski wrote:
> > > The CST archive from NXP now ships with a proper Makefile, all we
> > > need
> > > to do is supply the correct host openssl library. Additionally,
> > > pkcs11
> > > is now supported, but has to be enabled via "-b pkcs11".
> > >
> > > In barebox recipes that means the the compile environment needs to
> > > contain CST_EXTRA_CMDLINE_OPTIONS="-b pkcs11", to use the native
> > > pkcs11
> > > backend.
> >
> > There is one patch "cst: Add pkcs11 support" for the old version.
> > Does this
> > mean that the patch is no longer needed?
>
> Correct.
Ok, I'll amend the commit remove the old patch.
Michael
> > > Additionally the frontend library no longer exists.
> > >
> > > Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
> > > ---
> > > rules/host-imx-cst.make | 24 +++++++-----------------
> > > 1 file changed, 7 insertions(+), 17 deletions(-)
> > >
> > > diff --git a/rules/host-imx-cst.make b/rules/host-imx-cst.make
> > > index 42d6f667b..3850f7200 100644
> > > --- a/rules/host-imx-cst.make
> > > +++ b/rules/host-imx-cst.make
> > > @@ -14,8 +14,8 @@ HOST_PACKAGES-$(PTXCONF_HOST_IMX_CST) += host-
> > > imx-cst
> > > #
> > > # Paths and names
> > > #
> > > -HOST_IMX_CST_VERSION := 3.1.0
> > > -HOST_IMX_CST_MD5 := 89a2d6c05253c4de9a1bf9d5710bb7ae
> > > +HOST_IMX_CST_VERSION := 3.4.1
> > > +HOST_IMX_CST_MD5 := b23ed5983734d4812fcf1da33eac8f31
> > > HOST_IMX_CST := cst-$(HOST_IMX_CST_VERSION)
> > > HOST_IMX_CST_SUFFIX := tgz
> > > HOST_IMX_CST_SOURCE :=
> > > $(SRCDIR)/$(HOST_IMX_CST).$(HOST_IMX_CST_SUFFIX)
> > > @@ -56,13 +56,9 @@ HOST_IMX_CST_CONF := NO
> > > HOST_IMX_CST_ARCH := \
> > > linux$(call ptx/ifeq, GNU_BUILD, x86_64-%, 64, 32)
> > >
> > > -$(STATEDIR)/host-imx-cst.compile:
> > > - @$(call targetinfo)
> > > - cd $(HOST_IMX_CST_DIR)/code/back_end/src && \
> > > - $(HOSTCC) \
> > > - -Wall -O2 -g3 -o
> > > ../../../$(HOST_IMX_CST_ARCH)/bin/cst \
> > > - -I ../hdr -L ../../../$(HOST_IMX_CST_ARCH)/lib *.c
> > > -lfrontend -lcrypto
> > > - @$(call touch)
> > > +HOST_IMX_CST_MAKE_ENV := \
> > > + $(HOST_ENV) \
> > > + OPENSSL_PATH="$(PTXDIST_SYSROOT_HOST)/usr/lib/"
> > >
> > > # ----------------------------------------------------------------
> > > ------------
> > > # Install
> > > @@ -71,19 +67,13 @@ $(STATEDIR)/host-imx-cst.compile:
> > > HOST_IMX_CST_PROGS := \
> > > cst \
> > > srktool \
> > > - x5092wtls
> > > -
> > > -HOST_IMX_CST_LIBS := \
> > > - libfrontend.a
> > > + mac_dump
> > >
> > > $(STATEDIR)/host-imx-cst.install:
> > > @$(call targetinfo)
> > > @$(foreach prog, $(HOST_IMX_CST_PROGS), \
> > > - install -v -m0755 -D
> > > $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> > > + install -v -m0755 -D
> > > $(HOST_IMX_CST_DIR)/build/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> > > $(HOST_IMX_CST_PKGDIR)/usr/bin/$(prog)$(ptx/nl))
> > > - @$(foreach lib, $(HOST_IMX_CST_LIBS), \
> > > - install -v -m0644 -D
> > > $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/lib/$(lib) \
> > > - $(HOST_IMX_CST_PKGDIR)/usr/lib/imx-
> > > cst/$(lib)$(ptx/nl))
> > > @$(call touch)
> > >
> > > # vim: syntax=make
> > > --
> > > 2.39.5
> > >
> > >
> > >
> >
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [APPLIED] imx-cst: version bump 3.1.0 -> 3.4.1
2025-03-05 11:00 [ptxdist] [PATCH] imx-cst: version bump 3.1.0 -> 3.4.1 Rouven Czerwinski
2025-03-07 10:15 ` Michael Olbrich
@ 2025-03-10 8:27 ` Michael Olbrich
1 sibling, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2025-03-10 8:27 UTC (permalink / raw)
To: ptxdist; +Cc: Rouven Czerwinski
Thanks, applied as 900a4e6548d9b20752cbd9d37a0bee36e5a24228.
Michael
[sent from post-receive hook]
On Mon, 10 Mar 2025 09:27:07 +0100, Rouven Czerwinski <r.czerwinski@pengutronix.de> wrote:
> The CST archive from NXP now ships with a proper Makefile, all we need
> to do is supply the correct host openssl library. Additionally, pkcs11
> is now supported, but has to be enabled via "-b pkcs11".
>
> In barebox recipes that means the the compile environment needs to
> contain CST_EXTRA_CMDLINE_OPTIONS="-b pkcs11", to use the native pkcs11
> backend.
>
> Additionally the frontend library no longer exists.
>
> Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
> Message-Id: <20250305110033.288089-1-r.czerwinski@pengutronix.de>
> [mol: remove obsolte patch]
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/cst-3.1.0/0001-cst-Add-pkcs11-support.patch b/patches/cst-3.1.0/0001-cst-Add-pkcs11-support.patch
> deleted file mode 100644
> index 1c4cf697add7..000000000000
> --- a/patches/cst-3.1.0/0001-cst-Add-pkcs11-support.patch
> +++ /dev/null
> @@ -1,162 +0,0 @@
> -From d41ca6a9afdf25c19c0a7f1d9e8ad089b2eeb46b Mon Sep 17 00:00:00 2001
> -From: Sascha Hauer <s.hauer@pengutronix.de>
> -Date: Fri, 27 Sep 2019 10:04:18 +0200
> -Subject: [PATCH] cst: Add pkcs11 support
> -
> -This adds native pkcs11 support to cst. The pkcs11 uri must be passed in
> -in environment variables. The csf file will have __ENV__foo where a
> -filename is expected and then the pkcs11 uri is read from the
> -environment variable "foo". This is necessary as the binary portion
> -of the cst tool will mangle all characters that remotely look like
> -special characters, like ':' and ';'.
> -The key pass file is read from the environment variable CST_SIGN_PIN
> -if exists.
> -
> -Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ----
> - code/back_end/src/openssl_helper.c | 85 ++++++++++++++++++++++++++++++
> - code/back_end/src/pkey.c | 4 ++
> - 2 files changed, 89 insertions(+)
> -
> -diff --git a/code/back_end/src/openssl_helper.c b/code/back_end/src/openssl_helper.c
> -index 3a54ac7..2b20a5e 100644
> ---- a/code/back_end/src/openssl_helper.c
> -+++ b/code/back_end/src/openssl_helper.c
> -@@ -35,6 +35,7 @@ without specific written permission from NXP.
> - #include <openssl/x509v3.h>
> - #include <openssl/pem.h>
> - #include <openssl/err.h>
> -+#include <openssl/engine.h>
> - #include "openssl_helper.h"
> - #include "version.h"
> - #include <openssl/rand.h>
> -@@ -408,6 +409,48 @@ write_cert_file(const char *filename, const BIO *data)
> - return CST_SUCCESS;
> - }
> -
> -+static X509*
> -+read_certificate_pkcs11(const char *uri)
> -+{
> -+ char *key_pass;
> -+ ENGINE *e;
> -+ struct {
> -+ const char *url;
> -+ X509 *cert;
> -+ } parms = {
> -+ .url = uri,
> -+ };
> -+ int err;
> -+
> -+ ENGINE_load_builtin_engines();
> -+ e = ENGINE_by_id("pkcs11");
> -+ if (!e)
> -+ {
> -+ fprintf(stderr, "Cannot Load PKCS#11 ENGINE\n");
> -+ return NULL;
> -+ }
> -+
> -+ if (!ENGINE_init(e))
> -+ {
> -+ fprintf(stderr, "Cannot ENGINE_init\n");
> -+ return NULL;
> -+ }
> -+
> -+ key_pass = getenv("CST_SIGN_PIN");
> -+ if (key_pass)
> -+ if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0))
> -+ {
> -+ fprintf(stderr, "Cannot Set PKCS#11 PIN\n");
> -+ return NULL;
> -+ }
> -+
> -+ err = ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 0);
> -+ if (!err || !parms.cert)
> -+ fprintf(stderr, "Cannot Load certificate\n");
> -+
> -+ return parms.cert;
> -+}
> -+
> - /*--------------------------
> - read_certificate
> - ---------------------------*/
> -@@ -427,6 +470,13 @@ read_certificate(const char* filename)
> - return NULL;
> - }
> -
> -+ if (!strncmp(filename, "__ENV__", 7))
> -+ filename = getenv(filename + 7);
> -+
> -+ if (!strncmp(filename, "pkcs11:", 7))
> -+ {
> -+ return read_certificate_pkcs11(filename);
> -+ } else
> - /* PEM encoded */
> - if (!strncasecmp(temp, PEM_FILE_EXTENSION, PEM_FILE_EXTENSION_BYTES))
> - {
> -@@ -482,6 +532,36 @@ int32_t get_der_encoded_certificate_data(const char* filename,
> - return ret_val;
> - }
> -
> -+static EVP_PKEY *read_private_key_pkcs11(const char *uri)
> -+{
> -+ char *key_pass;
> -+ ENGINE *e;
> -+
> -+ ENGINE_load_builtin_engines();
> -+ e = ENGINE_by_id("pkcs11");
> -+ if (!e)
> -+ {
> -+ fprintf(stderr, "Cannot Load PKCS#11 ENGINE\n");
> -+ return NULL;
> -+ }
> -+
> -+ if (!ENGINE_init(e))
> -+ {
> -+ fprintf(stderr, "Cannot ENGINE_init\n");
> -+ return NULL;
> -+ }
> -+
> -+ key_pass = getenv("CST_SIGN_PIN");
> -+ if (key_pass)
> -+ if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0))
> -+ {
> -+ fprintf(stderr, "Cannot Set PKCS#11 PIN\n");
> -+ return NULL;
> -+ }
> -+
> -+ return ENGINE_load_private_key(e, uri, NULL, NULL);
> -+}
> -+
> - /*--------------------------
> - read_private_key
> - ---------------------------*/
> -@@ -495,6 +575,11 @@ read_private_key(const char *filename, pem_password_cb *password_cb,
> - const char *temp = filename + strlen(filename) -
> - PEM_FILE_EXTENSION_BYTES;
> -
> -+ if (!strncmp(filename, "__ENV__", 7))
> -+ filename = getenv(filename + 7);
> -+ if (!strncmp(filename, "pkcs11:", 7))
> -+ return read_private_key_pkcs11(filename);
> -+
> - /* Read Private key */
> - private_key = BIO_new(BIO_s_file( ));
> - if (!private_key)
> -diff --git a/code/back_end/src/pkey.c b/code/back_end/src/pkey.c
> -index 9ee5049..033954b 100644
> ---- a/code/back_end/src/pkey.c
> -+++ b/code/back_end/src/pkey.c
> -@@ -144,6 +144,10 @@ int32_t get_key_file(const char* cert_file, char* key_file)
> - to filename length */
> -
> - strcpy(key_file, cert_file);
> -+
> -+ if (!strncmp(cert_file, "__ENV__", 7))
> -+ return CAL_SUCCESS;
> -+
> - key_file[i] = 0;
> -
> - key_file[i-5] = 'y';
> ---
> -2.23.0
> -
> diff --git a/patches/cst-3.1.0/series b/patches/cst-3.1.0/series
> deleted file mode 100644
> index 78398c0d722c..000000000000
> --- a/patches/cst-3.1.0/series
> +++ /dev/null
> @@ -1 +0,0 @@
> -0001-cst-Add-pkcs11-support.patch
> diff --git a/rules/host-imx-cst.make b/rules/host-imx-cst.make
> index 42d6f667b821..3850f7200628 100644
> --- a/rules/host-imx-cst.make
> +++ b/rules/host-imx-cst.make
> @@ -14,8 +14,8 @@ HOST_PACKAGES-$(PTXCONF_HOST_IMX_CST) += host-imx-cst
> #
> # Paths and names
> #
> -HOST_IMX_CST_VERSION := 3.1.0
> -HOST_IMX_CST_MD5 := 89a2d6c05253c4de9a1bf9d5710bb7ae
> +HOST_IMX_CST_VERSION := 3.4.1
> +HOST_IMX_CST_MD5 := b23ed5983734d4812fcf1da33eac8f31
> HOST_IMX_CST := cst-$(HOST_IMX_CST_VERSION)
> HOST_IMX_CST_SUFFIX := tgz
> HOST_IMX_CST_SOURCE := $(SRCDIR)/$(HOST_IMX_CST).$(HOST_IMX_CST_SUFFIX)
> @@ -56,13 +56,9 @@ HOST_IMX_CST_CONF := NO
> HOST_IMX_CST_ARCH := \
> linux$(call ptx/ifeq, GNU_BUILD, x86_64-%, 64, 32)
>
> -$(STATEDIR)/host-imx-cst.compile:
> - @$(call targetinfo)
> - cd $(HOST_IMX_CST_DIR)/code/back_end/src && \
> - $(HOSTCC) \
> - -Wall -O2 -g3 -o ../../../$(HOST_IMX_CST_ARCH)/bin/cst \
> - -I ../hdr -L ../../../$(HOST_IMX_CST_ARCH)/lib *.c -lfrontend -lcrypto
> - @$(call touch)
> +HOST_IMX_CST_MAKE_ENV := \
> + $(HOST_ENV) \
> + OPENSSL_PATH="$(PTXDIST_SYSROOT_HOST)/usr/lib/"
>
> # ----------------------------------------------------------------------------
> # Install
> @@ -71,19 +67,13 @@ $(STATEDIR)/host-imx-cst.compile:
> HOST_IMX_CST_PROGS := \
> cst \
> srktool \
> - x5092wtls
> -
> -HOST_IMX_CST_LIBS := \
> - libfrontend.a
> + mac_dump
>
> $(STATEDIR)/host-imx-cst.install:
> @$(call targetinfo)
> @$(foreach prog, $(HOST_IMX_CST_PROGS), \
> - install -v -m0755 -D $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> + install -v -m0755 -D $(HOST_IMX_CST_DIR)/build/$(HOST_IMX_CST_ARCH)/bin/$(prog) \
> $(HOST_IMX_CST_PKGDIR)/usr/bin/$(prog)$(ptx/nl))
> - @$(foreach lib, $(HOST_IMX_CST_LIBS), \
> - install -v -m0644 -D $(HOST_IMX_CST_DIR)/$(HOST_IMX_CST_ARCH)/lib/$(lib) \
> - $(HOST_IMX_CST_PKGDIR)/usr/lib/imx-cst/$(lib)$(ptx/nl))
> @$(call touch)
>
> # vim: syntax=make
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-03-10 8:27 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-05 11:00 [ptxdist] [PATCH] imx-cst: version bump 3.1.0 -> 3.4.1 Rouven Czerwinski
2025-03-07 10:15 ` Michael Olbrich
2025-03-07 10:20 ` Rouven Czerwinski
2025-03-07 10:25 ` Michael Olbrich
2025-03-10 8:27 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox