Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-23 22:14:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

lib: rsa: Allow legacy URI specification without "pkcs11:"

Browse source 
But emit a warning for it. Then we can remove support when
everyone had time to update their scripts, docs, CI etc.

Fixes: ece85cc020 rsa: use pkcs11 uri as defined in rfc7512

Signed-off-by: Csókás Bence <csokas.bence@prolan.hu>
This commit is contained in:
Csókás Bence 2024-01-05 15:08:04 +01:00 committed by Tom Rini
parent 11ad2bbfa2
commit f055d6e8f0
1 changed files with 30 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
lib/rsa/rsa-sign.c
View file

@ -104,6 +104,8 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
const char *engine_id;
char key_id[1024];
EVP_PKEY *key = NULL;
const char *const pkcs11_schema = "pkcs11:";
const char *pkcs11_uri_prepend = "";
if (!evpp)
return -EINVAL;
@ -113,19 +115,26 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
engine_id = ENGINE_get_id(engine);
if (engine_id && !strcmp(engine_id, "pkcs11")) {
if (keydir)
if (keydir) {
// Check for legacy keydir spec and prepend
if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) {
pkcs11_uri_prepend = pkcs11_schema;
fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
}
if (strstr(keydir, "object="))
snprintf(key_id, sizeof(key_id),
"%s;type=public",
keydir);
"%s%s;type=public",
pkcs11_uri_prepend, keydir);
else
snprintf(key_id, sizeof(key_id),
"%s;object=%s;type=public",
keydir, name);
else
"%s%s;object=%s;type=public",
pkcs11_uri_prepend, keydir, name);
} else {
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=public",
name);
}
} else if (engine_id) {
if (keydir)
snprintf(key_id, sizeof(key_id),
@ -224,6 +233,8 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
const char *engine_id;
char key_id[1024];
EVP_PKEY *key = NULL;
const char *const pkcs11_schema = "pkcs11:";
const char *pkcs11_uri_prepend = "";
if (!evpp)
return -EINVAL;
@ -235,19 +246,26 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
fprintf(stderr, "Please use 'keydir' with PKCS11\n");
return -EINVAL;
}
if (keydir)
if (keydir) {
// Check for legacy keydir spec and prepend
if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) {
pkcs11_uri_prepend = pkcs11_schema;
fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
}
if (strstr(keydir, "object="))
snprintf(key_id, sizeof(key_id),
"%s;type=private",
keydir);
"%s%s;type=private",
pkcs11_uri_prepend, keydir);
else
snprintf(key_id, sizeof(key_id),
"%s;object=%s;type=private",
keydir, name);
else
"%s%s;object=%s;type=private",
pkcs11_uri_prepend, keydir, name);
} else {
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=private",
name);
}
} else if (engine_id) {
if (keydir && name)
snprintf(key_id, sizeof(key_id),