[PATCH 010/149] rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY

Tom Rini trini at konsulko.com
Sun Dec 4 16:03:35 CET 2022


While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
cannot undef the symbol in this manner. As this ends up only being a
single location in a file that already has other checks for HOST_CC, add
one more HOST_CC check instead.

Signed-off-by: Tom Rini <trini at konsulko.com>
---
 lib/rsa/rsa-verify.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 9605c376390a..0662235be6f1 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -23,18 +23,13 @@
 #include <u-boot/rsa-mod-exp.h>
 #include <u-boot/rsa.h>
 
-#ifndef __UBOOT__
 /*
  * NOTE:
  * Since host tools, like mkimage, make use of openssl library for
  * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
  * of no use and should not be compiled in.
- * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
  */
 
-#undef CONFIG_RSA_VERIFY_WITH_PKEY
-#endif
-
 /* Default public exponent for backward compatibility */
 #define RSA_DEFAULT_PUBEXP	65537
 
@@ -506,6 +501,7 @@ int rsa_verify_hash(struct image_sign_info *info,
 {
 	int ret = -EACCES;
 
+#if !defined(USE_HOSTCC)
 	if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
 		/* don't rely on fdt properties */
 		ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
@@ -513,6 +509,7 @@ int rsa_verify_hash(struct image_sign_info *info,
 			debug("%s: rsa_verify_with_pkey() failed\n", __func__);
 		return ret;
 	}
+#endif
 
 	if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) {
 		const void *blob = info->fdt_blob;
-- 
2.25.1



More information about the U-Boot mailing list