Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-23 13:56:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

lib: rsa: avoid overriding the object name when already specified

Browse source 
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
This commit is contained in:
Jan Luebbe 2020-05-13 12:26:24 +02:00 committed by Tom Rini
parent 3b84809b7b
commit 24bf6e84ce
2 changed files with 21 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/uImage.FIT/signature.txt
View file

@ -481,12 +481,14 @@ openssl. This may require setting up LD_LIBRARY_PATH if engine is not installed
to openssl's default search paths. to openssl's default search paths.
PKCS11 engine support forms "key id" based on "keydir" and with PKCS11 engine support forms "key id" based on "keydir" and with
"key-name-hint". "key-name-hint" is used as "object" name and "keydir" if "key-name-hint". "key-name-hint" is used as "object" name (if not defined in
defined is used to define (prefix for) which PKCS11 source is being used for keydir). "keydir" (if defined) is used to define (prefix for) which PKCS11 source
lookup up for the key. is being used for lookup up for the key.
PKCS11 engine key ids: PKCS11 engine key ids:
"pkcs11:<keydir>;object=<key-name-hint>;type=<public|private>" "pkcs11:<keydir>;object=<key-name-hint>;type=<public|private>"
or, if keydir contains "object="
"pkcs11:<keydir>;type=<public|private>"
or or
"pkcs11:object=<key-name-hint>;type=<public|private>", "pkcs11:object=<key-name-hint>;type=<public|private>",

10
lib/rsa/rsa-sign.c
View file

@ -135,6 +135,11 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
if (engine_id && !strcmp(engine_id, "pkcs11")) { if (engine_id && !strcmp(engine_id, "pkcs11")) {
if (keydir) if (keydir)
if (strstr(keydir, "object="))
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;type=public",
keydir);
else
snprintf(key_id, sizeof(key_id), snprintf(key_id, sizeof(key_id),
"pkcs11:%s;object=%s;type=public", "pkcs11:%s;object=%s;type=public",
keydir, name); keydir, name);
@ -255,6 +260,11 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
if (engine_id && !strcmp(engine_id, "pkcs11")) { if (engine_id && !strcmp(engine_id, "pkcs11")) {
if (keydir) if (keydir)
if (strstr(keydir, "object="))
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;type=private",
keydir);
else
snprintf(key_id, sizeof(key_id), snprintf(key_id, sizeof(key_id),
"pkcs11:%s;object=%s;type=private", "pkcs11:%s;object=%s;type=private",
keydir, name); keydir, name);