From: Tom Rini <trini@konsulko.com>
Date: Tue, 11 Nov 2025 20:53:33 +0000 (-0600)
Subject: Merge patch series "rsa: fix dependency, rename and relocate RSASSA PSS symbols"
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62e89de7698a637c673b08ec129941d8079a5405;p=thirdparty%2Fu-boot.git

Merge patch series "rsa: fix dependency, rename and relocate RSASSA PSS symbols"

Quentin Schulz <foss+uboot@0leil.net> says:

While historically signature verification is mostly done for FIT such
FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't
the only kind of file we can verify signatures of. It can also be done
manually with rsa_verify_hash() with an embedded public key.

Considering the impacted code is guarded by RSA_VERIFY, let's make the
symbol depend on that otherwise selecting it without RSA_VERIFY won't do
anything. The FIT_SIGNATURE dependency wasn't also enough before as it
only implied RSA_VERIFY.

Then, simply relocate the RSA SSA PSS padding with the other RSA symbols
in lib/rsa instead of in boot/ and rename it to remove the mention to
FIT.

Finally, add the PSS padding wherever PKCS1.5 padding is specified as
one or the other can be used.

Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de
---

62e89de7698a637c673b08ec129941d8079a5405