Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-24 21:54:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

lib: rsa: avoid overriding the object name when already specified

Browse source 
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
This commit is contained in:
Jan Luebbe 2020-05-13 12:26:24 +02:00 committed by Tom Rini
parent 3b84809b7b
commit 24bf6e84ce
2 changed files with 21 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/uImage.FIT/signature.txt
View file

@ -481,12 +481,14 @@ openssl. This may require setting up LD_LIBRARY_PATH if engine is not installed
to openssl's default search paths.
PKCS11 engine support forms "key id" based on "keydir" and with
"key-name-hint". "key-name-hint" is used as "object" name and "keydir" if
defined is used to define (prefix for) which PKCS11 source is being used for
lookup up for the key.
"key-name-hint". "key-name-hint" is used as "object" name (if not defined in
keydir). "keydir" (if defined) is used to define (prefix for) which PKCS11 source
is being used for lookup up for the key.
PKCS11 engine key ids:
"pkcs11:<keydir>;object=<key-name-hint>;type=<public|private>"
or, if keydir contains "object="
"pkcs11:<keydir>;type=<public|private>"
or
"pkcs11:object=<key-name-hint>;type=<public|private>",

22
lib/rsa/rsa-sign.c
View file

@ -135,9 +135,14 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
if (engine_id && !strcmp(engine_id, "pkcs11")) {
if (keydir)
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;object=%s;type=public",
keydir, name);
if (strstr(keydir, "object="))
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;type=public",
keydir);
else
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;object=%s;type=public",
keydir, name);
else
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=public",
@ -255,9 +260,14 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
if (engine_id && !strcmp(engine_id, "pkcs11")) {
if (keydir)
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;object=%s;type=private",
keydir, name);
if (strstr(keydir, "object="))
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;type=private",
keydir);
else
snprintf(key_id, sizeof(key_id),
"pkcs11:%s;object=%s;type=private",
keydir, name);
else
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=private",