From: Tom Rini <trini@konsulko.com>
Date: Tue, 6 Dec 2022 18:51:21 +0000 (-0500)
Subject: rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY
X-Git-Tag: v2025.01-rc5-pxa1908~1158^2~5^2~128
X-Git-Url: http://git.dujemihanovic.xyz/img/sics.gif?a=commitdiff_plain;h=137de2cf0dc62d574de7363dd4ac7cc1f4848fcf;p=u-boot.git

rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY

While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
cannot undef the symbol in this manner. As this ends up being a test
within another function we can use !tools_build() as a test here.

Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---

diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 9605c37639..2f3b344039 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -23,18 +23,6 @@
 #include <u-boot/rsa-mod-exp.h>
 #include <u-boot/rsa.h>
 
-#ifndef __UBOOT__
-/*
- * NOTE:
- * Since host tools, like mkimage, make use of openssl library for
- * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
- * of no use and should not be compiled in.
- * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
- */
-
-#undef CONFIG_RSA_VERIFY_WITH_PKEY
-#endif
-
 /* Default public exponent for backward compatibility */
 #define RSA_DEFAULT_PUBEXP	65537
 
@@ -506,7 +494,13 @@ int rsa_verify_hash(struct image_sign_info *info,
 {
 	int ret = -EACCES;
 
-	if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
+	/*
+	 * Since host tools, like mkimage, make use of openssl library for
+	 * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
+	 * of no use and should not be compiled in.
+	 */
+	if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) &&
+			!info->fdt_blob) {
 		/* don't rely on fdt properties */
 		ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
 		if (ret)