summaryrefslogtreecommitdiffstats
path: root/patches/u-boot-2020.04/0001-lib-rsa-avoid-overriding-the-object-name-when-alread.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/u-boot-2020.04/0001-lib-rsa-avoid-overriding-the-object-name-when-alread.patch')
-rw-r--r--patches/u-boot-2020.04/0001-lib-rsa-avoid-overriding-the-object-name-when-alread.patch81
1 files changed, 81 insertions, 0 deletions
diff --git a/patches/u-boot-2020.04/0001-lib-rsa-avoid-overriding-the-object-name-when-alread.patch b/patches/u-boot-2020.04/0001-lib-rsa-avoid-overriding-the-object-name-when-alread.patch
new file mode 100644
index 000000000..5ba930fb5
--- /dev/null
+++ b/patches/u-boot-2020.04/0001-lib-rsa-avoid-overriding-the-object-name-when-alread.patch
@@ -0,0 +1,81 @@
+From: Jan Luebbe <jlu@pengutronix.de>
+Date: Mon, 16 Mar 2020 11:45:22 +0100
+Subject: [PATCH] lib: rsa: avoid overriding the object name when already
+ specified
+
+If "object=" is specified in "keydir" when using the pkcs11 engine do
+not append another "object=<key-name-hint>". This makes it possible to
+use object names other than the key name hint. These two string
+identifiers are not necessarily equal.
+
+Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
+Signed-off-by: Bastian Krause <bst@pengutronix.de>
+Reviewed-by: George McCollister <george.mccollister@gmail.com>
+Forwarded: https://lists.denx.de/pipermail/u-boot/2020-May/411892.html
+---
+ doc/uImage.FIT/signature.txt | 8 +++++---
+ lib/rsa/rsa-sign.c | 22 ++++++++++++++++------
+ 2 files changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
+index 3591225a6edd..d4afd755e9fc 100644
+--- a/doc/uImage.FIT/signature.txt
++++ b/doc/uImage.FIT/signature.txt
+@@ -481,12 +481,14 @@ openssl. This may require setting up LD_LIBRARY_PATH if engine is not installed
+ to openssl's default search paths.
+
+ PKCS11 engine support forms "key id" based on "keydir" and with
+-"key-name-hint". "key-name-hint" is used as "object" name and "keydir" if
+-defined is used to define (prefix for) which PKCS11 source is being used for
+-lookup up for the key.
++"key-name-hint". "key-name-hint" is used as "object" name (if not defined in
++keydir). "keydir" (if defined) is used to define (prefix for) which PKCS11 source
++is being used for lookup up for the key.
+
+ PKCS11 engine key ids:
+ "pkcs11:<keydir>;object=<key-name-hint>;type=<public|private>"
++or, if keydir contains "object="
++ "pkcs11:<keydir>;type=<public|private>"
+ or
+ "pkcs11:object=<key-name-hint>;type=<public|private>",
+
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index 580c74470939..1914b9641312 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -135,9 +135,14 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
+
+ if (engine_id && !strcmp(engine_id, "pkcs11")) {
+ if (keydir)
+- snprintf(key_id, sizeof(key_id),
+- "pkcs11:%s;object=%s;type=public",
+- keydir, name);
++ if (strstr(keydir, "object="))
++ snprintf(key_id, sizeof(key_id),
++ "pkcs11:%s;type=public",
++ keydir);
++ else
++ snprintf(key_id, sizeof(key_id),
++ "pkcs11:%s;object=%s;type=public",
++ keydir, name);
+ else
+ snprintf(key_id, sizeof(key_id),
+ "pkcs11:object=%s;type=public",
+@@ -255,9 +260,14 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
+
+ if (engine_id && !strcmp(engine_id, "pkcs11")) {
+ if (keydir)
+- snprintf(key_id, sizeof(key_id),
+- "pkcs11:%s;object=%s;type=private",
+- keydir, name);
++ if (strstr(keydir, "object="))
++ snprintf(key_id, sizeof(key_id),
++ "pkcs11:%s;type=private",
++ keydir);
++ else
++ snprintf(key_id, sizeof(key_id),
++ "pkcs11:%s;object=%s;type=private",
++ keydir, name);
+ else
+ snprintf(key_id, sizeof(key_id),
+ "pkcs11:object=%s;type=private",
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-28 12:34:03 +0000