@@ -100,12 +100,12 @@ struct padding_algo padding_algos[] = {
.name = "pkcs-1.5",
.verify = padding_pkcs_15_verify,
},
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
{
.name = "pss",
.verify = padding_pss_verify,
}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
};
struct checksum_algo *image_get_checksum_algo(const char *full_name)
@@ -27,9 +27,6 @@ struct fdt_region;
#include <sys/types.h>
#include <linux/kconfig.h>
-/* new uImage format support enabled on host */
-#define CONFIG_FIT_RSASSA_PSS 1
-
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
@@ -119,11 +119,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
int padding_pss_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
#else
static inline int rsa_verify_hash(struct image_sign_info *info,
const uint8_t *hash,
@@ -146,14 +146,14 @@ static inline int padding_pkcs_15_verify(struct image_sign_info *info,
return -ENXIO;
}
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
static inline int padding_pss_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len)
{
return -ENXIO;
}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
#endif
#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
@@ -442,7 +442,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
goto err_sign;
}
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
if (padding_algo && !strcmp(padding_algo->name, "pss")) {
if (EVP_PKEY_CTX_set_rsa_padding(ckey,
RSA_PKCS1_PSS_PADDING) <= 0) {
@@ -450,7 +450,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
goto err_sign;
}
}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
for (i = 0; i < region_count; i++) {
if (!EVP_DigestSignUpdate(context, region[i].data,
@@ -95,7 +95,7 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
return 0;
}
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
static void u32_i2osp(uint32_t val, uint8_t *buf)
{
buf[0] = (uint8_t)((val >> 24) & 0xff);
@@ -296,7 +296,7 @@ out:
return ret;
}
-#endif
+#endif /* FIT_RSASSA_PSS */
#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)
/**
@@ -24,6 +24,11 @@ config HOST_FIT_PRINT
help
Print the content of the FIT verbosely in the host build
+config HOST_FIT_RSASSA_PSS
+ def_bool y
+ help
+ Support the rsassa-pss signature scheme in the host build
+
config HOST_FIT_SHA1
def_bool y
help
Add a host Kconfig for FIT_RSASSA_PSS. With this we can use CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the forcing of this in the image.h header. Signed-off-by: Simon Glass <sjg@chromium.org> --- (no changes since v1) common/image-sig.c | 4 ++-- include/image.h | 3 --- include/u-boot/rsa.h | 8 ++++---- lib/rsa/rsa-sign.c | 4 ++-- lib/rsa/rsa-verify.c | 4 ++-- tools/Kconfig | 5 +++++ 6 files changed, 15 insertions(+), 13 deletions(-)