mirror of
https://source.denx.de/u-boot/u-boot.git
synced 2025-12-20 08:52:12 +01:00
62e89de769
Quentin Schulz <foss+uboot@0leil.net> says: While historically signature verification is mostly done for FIT such FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't the only kind of file we can verify signatures of. It can also be done manually with rsa_verify_hash() with an embedded public key. Considering the impacted code is guarded by RSA_VERIFY, let's make the symbol depend on that otherwise selecting it without RSA_VERIFY won't do anything. The FIT_SIGNATURE dependency wasn't also enough before as it only implied RSA_VERIFY. Then, simply relocate the RSA SSA PSS padding with the other RSA symbols in lib/rsa instead of in boot/ and rename it to remove the mention to FIT. Finally, add the PSS padding wherever PKCS1.5 padding is specified as one or the other can be used. Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de