diff options
| author | Tom Rini <trini@konsulko.com> | 2024-01-19 08:46:47 -0500 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2024-01-19 08:46:47 -0500 |
| commit | f4d54865061495bdb483f9ddc81183d1940f596c (patch) | |
| tree | 203ec612e1a7b41602e5616c5f480d89caf1ff95 /lib/rsa/rsa-sign.c | |
| parent | cb493752394adec8db1d6f5e9b8fb3c43e13f10a (diff) | |
| parent | 46371f269986976b3e969c0985820169b766ff76 (diff) | |
Merge branch '2024-01-18-assorted-fixes'
- A number of OS boot related cleanups, a number of TI platform
fixes/cleanups, SMBIOS fixes, tweak get_maintainers.pl to report me
for more places, fix the "clean the build" pytest and add a bootstage
pytest, fix PKCS11 URI being omitted in some valid cases, make an iommu
problem easier to debug on new platforms, nvme and pci improvements,
refactor image-host code a bit, fix a typo in env setting, add a missing
dependency for CMD_LICENSE, and correct how we call getchar() in some
places.
Diffstat (limited to 'lib/rsa/rsa-sign.c')
| -rw-r--r-- | lib/rsa/rsa-sign.c | 46 |
1 files changed, 32 insertions, 14 deletions
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 858ad92a6f6..2304030e32f 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -104,6 +104,8 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name, const char *engine_id; char key_id[1024]; EVP_PKEY *key = NULL; + const char *const pkcs11_schema = "pkcs11:"; + const char *pkcs11_uri_prepend = ""; if (!evpp) return -EINVAL; @@ -113,19 +115,26 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name, engine_id = ENGINE_get_id(engine); if (engine_id && !strcmp(engine_id, "pkcs11")) { - if (keydir) + if (keydir) { + // Check for legacy keydir spec and prepend + if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) { + pkcs11_uri_prepend = pkcs11_schema; + fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema); + } + if (strstr(keydir, "object=")) snprintf(key_id, sizeof(key_id), - "%s;type=public", - keydir); + "%s%s;type=public", + pkcs11_uri_prepend, keydir); else snprintf(key_id, sizeof(key_id), - "%s;object=%s;type=public", - keydir, name); - else + "%s%s;object=%s;type=public", + pkcs11_uri_prepend, keydir, name); + } else { snprintf(key_id, sizeof(key_id), - "object=%s;type=public", + "pkcs11:object=%s;type=public", name); + } } else if (engine_id) { if (keydir) snprintf(key_id, sizeof(key_id), @@ -224,6 +233,8 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name, const char *engine_id; char key_id[1024]; EVP_PKEY *key = NULL; + const char *const pkcs11_schema = "pkcs11:"; + const char *pkcs11_uri_prepend = ""; if (!evpp) return -EINVAL; @@ -235,19 +246,26 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name, fprintf(stderr, "Please use 'keydir' with PKCS11\n"); return -EINVAL; } - if (keydir) + if (keydir) { + // Check for legacy keydir spec and prepend + if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) { + pkcs11_uri_prepend = pkcs11_schema; + fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema); + } + if (strstr(keydir, "object=")) snprintf(key_id, sizeof(key_id), - "%s;type=private", - keydir); + "%s%s;type=private", + pkcs11_uri_prepend, keydir); else snprintf(key_id, sizeof(key_id), - "%s;object=%s;type=private", - keydir, name); - else + "%s%s;object=%s;type=private", + pkcs11_uri_prepend, keydir, name); + } else { snprintf(key_id, sizeof(key_id), - "object=%s;type=private", + "pkcs11:object=%s;type=private", name); + } } else if (engine_id) { if (keydir && name) snprintf(key_id, sizeof(key_id), |