tools: fix build without LIBCRYPTO support
Commit cb9faa6f98ae ("tools: Use a single target-independent config to
enable OpenSSL") introduced a target-independent configuration to build
crypto features in host tools.
But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in
host tools and SPL") the build without OpenSSL is broken, due to FIT
signature/encryption features. Add missing conditional compilation
tokens to fix this.
Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com>
Tested-by: Alexander Dahl <ada@thorsis.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/include/image.h b/include/image.h
index 432ec92..21de70f 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1465,7 +1465,7 @@
* device
*/
#if defined(USE_HOSTCC)
-# if defined(CONFIG_FIT_SIGNATURE)
+# if CONFIG_IS_ENABLED(FIT_SIGNATURE)
# define IMAGE_ENABLE_SIGN 1
# define FIT_IMAGE_ENABLE_VERIFY 1
# include <openssl/evp.h>
diff --git a/tools/Kconfig b/tools/Kconfig
index f8632cd..f01ed78 100644
--- a/tools/Kconfig
+++ b/tools/Kconfig
@@ -51,6 +51,7 @@
Support the rsassa-pss signature scheme in the tools builds
config TOOLS_FIT_SIGNATURE
+ depends on TOOLS_LIBCRYPTO
def_bool y
help
Enable signature verification of FIT uImages in the tools builds
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 71e031c..beef1fa 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -61,7 +61,7 @@
ret = fit_set_timestamp(ptr, 0, time);
}
- if (!ret)
+ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret)
ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
if (!ret) {
diff --git a/tools/image-host.c b/tools/image-host.c
index ca49503..90bc9f9 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -14,8 +14,10 @@
#include <image.h>
#include <version.h>
+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
#include <openssl/pem.h>
#include <openssl/evp.h>
+#endif
/**
* fit_set_hash_value - set hash value in requested has node
@@ -1131,6 +1133,7 @@
return 0;
}
+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
/*
* 0) open file (open)
* 1) read certificate (PEM_read_X509)
@@ -1239,6 +1242,7 @@
out:
return ret;
}
+#endif
int fit_cipher_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys,
diff --git a/tools/mkimage.c b/tools/mkimage.c
index 6dfe3e1..ac62ebb 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -115,7 +115,7 @@
" -B => align size in hex for FIT structure and header\n"
" -b => append the device tree binary to the FIT\n"
" -t => update the timestamp in the FIT\n");
-#ifdef CONFIG_FIT_SIGNATURE
+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
fprintf(stderr,
"Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
" -k => set directory containing private keys\n"
@@ -130,8 +130,9 @@
" -o => algorithm to use for signing\n");
#else
fprintf(stderr,
- "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
+ "Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n");
#endif
+
fprintf(stderr, " %s -V ==> print version information and exit\n",
params.cmdname);
fprintf(stderr, "Use '-T list' to see a list of available image types\n");