On Sun, Dec 04, 2022 at 05:37:06PM -0500, Tom Rini wrote:
While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we cannot undef the symbol in this manner. As this ends up being a test within another function we can use !tools_build() as a test here.
Cc: Simon Glass sjg@chromium.org Signed-off-by: Tom Rini trini@konsulko.com
Changes in v2:
- Switch to !tools_build() per Simon
lib/rsa/rsa-verify.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 9605c376390a..db2aca5385a9 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -23,18 +23,13 @@ #include <u-boot/rsa-mod-exp.h> #include <u-boot/rsa.h>
-#ifndef __UBOOT__ /*
- NOTE:
- Since host tools, like mkimage, make use of openssl library for
- RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
- of no use and should not be compiled in.
*/
- So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
I think you can delete the whole comment here. If you think it's still helpful, please place it below in the function.
-Takahiro Akashi
-#undef CONFIG_RSA_VERIFY_WITH_PKEY -#endif
/* Default public exponent for backward compatibility */ #define RSA_DEFAULT_PUBEXP 65537
@@ -506,7 +501,8 @@ int rsa_verify_hash(struct image_sign_info *info, { int ret = -EACCES;
- if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
- if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) &&
!info->fdt_blob) {-- 2.25.1