rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY

While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
cannot undef the symbol in this manner. As this ends up being a test
within another function we can use !tools_build() as a test here.

Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 9605c37..2f3b344 100644 (file)
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -23,18 +23,6 @@
 #include <u-boot/rsa-mod-exp.h>
 #include <u-boot/rsa.h>
 
-#ifndef __UBOOT__
-/*
- * NOTE:
- * Since host tools, like mkimage, make use of openssl library for
- * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
- * of no use and should not be compiled in.
- * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
- */
-
-#undef CONFIG_RSA_VERIFY_WITH_PKEY
-#endif
-
 /* Default public exponent for backward compatibility */
 #define RSA_DEFAULT_PUBEXP     65537
 
@@ -506,7 +494,13 @@ int rsa_verify_hash(struct image_sign_info *info,
 {
        int ret = -EACCES;
 
-       if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
+       /*
+        * Since host tools, like mkimage, make use of openssl library for
+        * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
+        * of no use and should not be compiled in.
+        */
+       if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) &&
+                       !info->fdt_blob) {
                /* don't rely on fdt properties */
                ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
                if (ret)