[PATCH] lib: rsa: Extract public key from private key if keyfile argument is used

[Chan, Donald]

If the 'keyfile' (-G) argument is used, there is little value to require
'keydir' (-k) argument since the public key can also be extracted from the
private key itself.

Signed-off-by: Donald Chan <hoiho at lab126.com>
---
 lib/rsa/rsa-sign.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index f4ed11e74a..f70f352311 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -49,16 +49,16 @@ static int rsa_err(const char *msg)
 }
 
 /**
- * rsa_pem_get_pub_key() - read a public key from a .crt file
+ * rsa_pem_get_pub_key() - read a public key from a private key file or .crt file
  *
- * @keydir:	Directory containins the key
- * @name	Name of key file (will have a .crt extension)
+ * @keydir:	Directory containing the key, can be NULL
+ * @name	Name of key file (will apply a .crt extension if keydir is not NULL)
  * @evpp	Returns EVP_PKEY object, or NULL on failure
  * @return 0 if ok, -ve on error (in which case *evpp will be set to NULL)
  */
 static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY **evpp)
 {
-	char path[1024];
+	char path[1024] = {0};
 	EVP_PKEY *key = NULL;
 	X509 *cert;
 	FILE *f;
@@ -68,7 +68,10 @@ static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY **
 		return -EINVAL;
 
 	*evpp = NULL;
-	snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
+	if (keydir && name)
+		snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
+	else if (name)
+		snprintf(path, sizeof(path), "%s", name);
 	f = fopen(path, "r");
 	if (!f) {
 		fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
@@ -76,7 +79,13 @@ static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY **
 		return -EACCES;
 	}
 
-	/* Read the certificate */
+	/* See if it contains a PEM private key? */
+	if (PEM_read_PrivateKey(f, evpp, NULL, path)) {
+		fclose(f);
+		return 0;
+	}
+
+	/* Not a PEM private key, read the certificate */
 	cert = NULL;
 	if (!PEM_read_X509(f, &cert, NULL, NULL)) {
 		rsa_err("Couldn't read certificate");
@@ -672,7 +681,12 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 		if (ret)
 			return ret;
 	}
-	ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
+	if (info->keydir && info->keyname)
+		ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
+	else if (info->keyfile)
+		ret = rsa_get_pub_key(NULL, info->keyfile, e, &pkey);
+	else
+		ret = -EINVAL;
 	if (ret)
 		goto err_get_pub_key;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-- 
2.16.6