From: Tom Rini Date: Tue, 6 Dec 2022 18:51:21 +0000 (-0500) Subject: rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY X-Git-Tag: v2025.01-rc5-pxa1908~1158^2~5^2~128 X-Git-Url: http://git.dujemihanovic.xyz/%7B%7B%20%24style.RelPermalink%20%7D%7D?a=commitdiff_plain;h=137de2cf0dc62d574de7363dd4ac7cc1f4848fcf;p=u-boot.git rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we cannot undef the symbol in this manner. As this ends up being a test within another function we can use !tools_build() as a test here. Cc: AKASHI Takahiro Cc: Simon Glass Signed-off-by: Tom Rini Reviewed-by: Simon Glass --- diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 9605c37639..2f3b344039 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -23,18 +23,6 @@ #include #include -#ifndef __UBOOT__ -/* - * NOTE: - * Since host tools, like mkimage, make use of openssl library for - * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are - * of no use and should not be compiled in. - * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY. - */ - -#undef CONFIG_RSA_VERIFY_WITH_PKEY -#endif - /* Default public exponent for backward compatibility */ #define RSA_DEFAULT_PUBEXP 65537 @@ -506,7 +494,13 @@ int rsa_verify_hash(struct image_sign_info *info, { int ret = -EACCES; - if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) { + /* + * Since host tools, like mkimage, make use of openssl library for + * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are + * of no use and should not be compiled in. + */ + if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && + !info->fdt_blob) { /* don't rely on fdt properties */ ret = rsa_verify_with_pkey(info, hash, sig, sig_len); if (ret)