diff options
author | Tom Rini <trini@konsulko.com> | 2022-12-06 13:51:21 -0500 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2022-12-23 10:07:03 -0500 |
commit | 137de2cf0dc62d574de7363dd4ac7cc1f4848fcf (patch) | |
tree | 623250990d8e0fc536bc7fcd17a5592b136dc5b3 /lib/rsa | |
parent | 218ce3695bfd02f048443f888137e134dbcfcbfc (diff) | |
download | u-boot-137de2cf0dc62d574de7363dd4ac7cc1f4848fcf.tar.gz u-boot-137de2cf0dc62d574de7363dd4ac7cc1f4848fcf.tar.bz2 u-boot-137de2cf0dc62d574de7363dd4ac7cc1f4848fcf.zip |
rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY
While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
cannot undef the symbol in this manner. As this ends up being a test
within another function we can use !tools_build() as a test here.
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/rsa')
-rw-r--r-- | lib/rsa/rsa-verify.c | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 9605c37639..2f3b344039 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -23,18 +23,6 @@ #include <u-boot/rsa-mod-exp.h> #include <u-boot/rsa.h> -#ifndef __UBOOT__ -/* - * NOTE: - * Since host tools, like mkimage, make use of openssl library for - * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are - * of no use and should not be compiled in. - * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY. - */ - -#undef CONFIG_RSA_VERIFY_WITH_PKEY -#endif - /* Default public exponent for backward compatibility */ #define RSA_DEFAULT_PUBEXP 65537 @@ -506,7 +494,13 @@ int rsa_verify_hash(struct image_sign_info *info, { int ret = -EACCES; - if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) { + /* + * Since host tools, like mkimage, make use of openssl library for + * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are + * of no use and should not be compiled in. + */ + if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && + !info->fdt_blob) { /* don't rely on fdt properties */ ret = rsa_verify_with_pkey(info, hash, sig, sig_len); if (ret) |