summaryrefslogtreecommitdiff
path: root/lib/rsa
diff options
context:
space:
mode:
authorTom Rini <trini@konsulko.com>2022-12-06 13:51:21 -0500
committerTom Rini <trini@konsulko.com>2022-12-23 10:07:03 -0500
commit137de2cf0dc62d574de7363dd4ac7cc1f4848fcf (patch)
tree623250990d8e0fc536bc7fcd17a5592b136dc5b3 /lib/rsa
parent218ce3695bfd02f048443f888137e134dbcfcbfc (diff)
downloadu-boot-137de2cf0dc62d574de7363dd4ac7cc1f4848fcf.tar.gz
u-boot-137de2cf0dc62d574de7363dd4ac7cc1f4848fcf.tar.bz2
u-boot-137de2cf0dc62d574de7363dd4ac7cc1f4848fcf.zip
rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY
While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we cannot undef the symbol in this manner. As this ends up being a test within another function we can use !tools_build() as a test here. Cc: AKASHI Takahiro <takahiro.akashi@linaro.org> Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/rsa')
-rw-r--r--lib/rsa/rsa-verify.c20
1 files changed, 7 insertions, 13 deletions
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 9605c37639..2f3b344039 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -23,18 +23,6 @@
#include <u-boot/rsa-mod-exp.h>
#include <u-boot/rsa.h>
-#ifndef __UBOOT__
-/*
- * NOTE:
- * Since host tools, like mkimage, make use of openssl library for
- * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
- * of no use and should not be compiled in.
- * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
- */
-
-#undef CONFIG_RSA_VERIFY_WITH_PKEY
-#endif
-
/* Default public exponent for backward compatibility */
#define RSA_DEFAULT_PUBEXP 65537
@@ -506,7 +494,13 @@ int rsa_verify_hash(struct image_sign_info *info,
{
int ret = -EACCES;
- if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
+ /*
+ * Since host tools, like mkimage, make use of openssl library for
+ * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
+ * of no use and should not be compiled in.
+ */
+ if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) &&
+ !info->fdt_blob) {
/* don't rely on fdt properties */
ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
if (ret)