While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
cannot undef the symbol in this manner. As this ends up being a test
within another function we can use !tools_build() as a test here.
Cc: AKASHI Takahiro <takahiro.aka...@linaro.org>
Cc: Simon Glass <s...@chromium.org>
Signed-off-by: Tom Rini <tr...@konsulko.com>
---
Changes in v3:
- Move comment, per Akashi-san
Changes in v2:
- Switch to !tools_build() per Simon
---
lib/rsa/rsa-verify.c | 20 +++++++-------------
1 file changed, 7 insertions(+), 13 deletions(-)
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 9605c376390a..2f3b34403913 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -23,18 +23,6 @@
#include <u-boot/rsa-mod-exp.h>
#include <u-boot/rsa.h>
-#ifndef __UBOOT__
-/*
- * NOTE:
- * Since host tools, like mkimage, make use of openssl library for
- * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
- * of no use and should not be compiled in.
- * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
- */
-
-#undef CONFIG_RSA_VERIFY_WITH_PKEY
-#endif
-
/* Default public exponent for backward compatibility */
#define RSA_DEFAULT_PUBEXP 65537
@@ -506,7 +494,13 @@ int rsa_verify_hash(struct image_sign_info *info,
{
int ret = -EACCES;
- if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
+ /*
+ * Since host tools, like mkimage, make use of openssl library for
+ * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
+ * of no use and should not be compiled in.
+ */
+ if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) &&
+ !info->fdt_blob) {
/* don't rely on fdt properties */
ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
if (ret)
--
2.25.1
