From 2bbed3ff8c7fa0c0fa3fd28a9497bf7a99e3388b Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Sat, 25 Sep 2021 19:43:23 -0600
Subject: image: Use Kconfig to enable FIT_RSASSA_PSS on host

Add a host Kconfig for FIT_RSASSA_PSS. With this we can use
CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the
forcing of this in the image.h header.

Drop the #ifdef around padding_pss_verify() too since it is not needed.
Use the compiler to check the config where possible, instead of the
preprocessor.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 lib/rsa/rsa-sign.c   |  5 ++---
 lib/rsa/rsa-verify.c | 15 ++++-----------
 2 files changed, 6 insertions(+), 14 deletions(-)

(limited to 'lib/rsa')

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index c27a784c429..0579e5294ee 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -401,15 +401,14 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
 		goto err_sign;
 	}
 
-#ifdef CONFIG_FIT_RSASSA_PSS
-	if (padding_algo && !strcmp(padding_algo->name, "pss")) {
+	if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo &&
+	    !strcmp(padding_algo->name, "pss")) {
 		if (EVP_PKEY_CTX_set_rsa_padding(ckey,
 						 RSA_PKCS1_PSS_PADDING) <= 0) {
 			ret = rsa_err("Signer padding setup failed");
 			goto err_sign;
 		}
 	}
-#endif /* CONFIG_FIT_RSASSA_PSS */
 
 	for (i = 0; i < region_count; i++) {
 		if (!EVP_DigestSignUpdate(context, region[i].data,
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index ad6d33d043a..600c93ab810 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -102,7 +102,7 @@ U_BOOT_PADDING_ALGO(pkcs_15) = {
 };
 #endif
 
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
 static void u32_i2osp(uint32_t val, uint8_t *buf)
 {
 	buf[0] = (uint8_t)((val >> 24) & 0xff);
@@ -313,7 +313,6 @@ U_BOOT_PADDING_ALGO(pss) = {
 
 #endif
 
-#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)
 /**
  * rsa_verify_key() - Verify a signature against some data using RSA Key
  *
@@ -385,9 +384,7 @@ static int rsa_verify_key(struct image_sign_info *info,
 
 	return 0;
 }
-#endif
 
-#if CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)
 /**
  * rsa_verify_with_pkey() - Verify a signature against some data using
  * only modulus and exponent as RSA key properties.
@@ -408,6 +405,9 @@ int rsa_verify_with_pkey(struct image_sign_info *info,
 	struct key_prop *prop;
 	int ret;
 
+	if (!CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY))
+		return -EACCES;
+
 	/* Public key is self-described to fill key_prop */
 	ret = rsa_gen_key_prop(info->key, info->keylen, &prop);
 	if (ret) {
@@ -422,13 +422,6 @@ int rsa_verify_with_pkey(struct image_sign_info *info,
 
 	return ret;
 }
-#else
-int rsa_verify_with_pkey(struct image_sign_info *info,
-			 const void *hash, uint8_t *sig, uint sig_len)
-{
-	return -EACCES;
-}
-#endif
 
 #if CONFIG_IS_ENABLED(FIT_SIGNATURE)
 /**
-- 
cgit v1.2.3