[PATCH] lib: rsa: Extract public key from private key if keyfile argument is used
Donald Chan
hoiho at lab126.com
Thu Jul 29 02:34:41 CEST 2021
If the 'keyfile' (-G) argument is used, there is little value to require
'keydir' (-k) argument since the public key can also be extracted from the
private key itself.
Signed-off-by: Donald Chan <hoiho at lab126.com>
---
lib/rsa/rsa-sign.c | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index f4ed11e74a..f70f352311 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -49,16 +49,16 @@ static int rsa_err(const char *msg)
}
/**
- * rsa_pem_get_pub_key() - read a public key from a .crt file
+ * rsa_pem_get_pub_key() - read a public key from a private key file or .crt file
*
- * @keydir: Directory containins the key
- * @name Name of key file (will have a .crt extension)
+ * @keydir: Directory containing the key, can be NULL
+ * @name Name of key file (will apply a .crt extension if keydir is not NULL)
* @evpp Returns EVP_PKEY object, or NULL on failure
* @return 0 if ok, -ve on error (in which case *evpp will be set to NULL)
*/
static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY **evpp)
{
- char path[1024];
+ char path[1024] = {0};
EVP_PKEY *key = NULL;
X509 *cert;
FILE *f;
@@ -68,7 +68,10 @@ static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY **
return -EINVAL;
*evpp = NULL;
- snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
+ if (keydir && name)
+ snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
+ else if (name)
+ snprintf(path, sizeof(path), "%s", name);
f = fopen(path, "r");
if (!f) {
fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
@@ -76,7 +79,13 @@ static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY **
return -EACCES;
}
- /* Read the certificate */
+ /* See if it contains a PEM private key? */
+ if (PEM_read_PrivateKey(f, evpp, NULL, path)) {
+ fclose(f);
+ return 0;
+ }
+
+ /* Not a PEM private key, read the certificate */
cert = NULL;
if (!PEM_read_X509(f, &cert, NULL, NULL)) {
rsa_err("Couldn't read certificate");
@@ -672,7 +681,12 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
if (ret)
return ret;
}
- ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
+ if (info->keydir && info->keyname)
+ ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
+ else if (info->keyfile)
+ ret = rsa_get_pub_key(NULL, info->keyfile, e, &pkey);
+ else
+ ret = -EINVAL;
if (ret)
goto err_get_pub_key;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
--
2.16.6
More information about the U-Boot
mailing list