rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY

While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
cannot undef the symbol in this manner. As this ends up being a test
within another function we can use !tools_build() as a test here.

Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Tom Rini 2022-12-06 13:51:21 -05:00
parent 218ce3695b
commit 137de2cf0d

View File

@ -23,18 +23,6 @@
#include <u-boot/rsa-mod-exp.h>
#include <u-boot/rsa.h>
#ifndef __UBOOT__
/*
* NOTE:
* Since host tools, like mkimage, make use of openssl library for
* RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
* of no use and should not be compiled in.
* So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
*/
#undef CONFIG_RSA_VERIFY_WITH_PKEY
#endif
/* Default public exponent for backward compatibility */
#define RSA_DEFAULT_PUBEXP 65537
@ -506,7 +494,13 @@ int rsa_verify_hash(struct image_sign_info *info,
{
int ret = -EACCES;
if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
/*
* Since host tools, like mkimage, make use of openssl library for
* RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
* of no use and should not be compiled in.
*/
if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) &&
!info->fdt_blob) {
/* don't rely on fdt properties */
ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
if (ret)