dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-09-01 16:52:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

lib: rsa: add support to other openssl engine types than pkcs11

Browse Source 
There are multiple other openssl engines used by HSMs that can be used to
sign FIT images instead of forcing users to use pkcs11 type of service.

Relax engine selection so that other openssl engines can be specified and
use generic key id definition formula.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Cc: Tom Rini <trini@konsulko.com>
This commit is contained in:
Vesa Jääskeläinen
2019-06-16 20:53:38 +03:00
committed by Tom Rini
parent 0e80dda32c
commit 5b123e0109
3 changed files with 52 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/rsa/rsa-sign.c
View File

@@ -141,6 +141,15 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=public",
name);
} else if (engine_id) {
if (keydir)
snprintf(key_id, sizeof(key_id),
"%s%s",
keydir, name);
else
snprintf(key_id, sizeof(key_id),
"%s",
name);
} else {
fprintf(stderr, "Engine not supported\n");
return -ENOTSUP;
@@ -252,6 +261,15 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=private",
name);
} else if (engine_id) {
if (keydir)
snprintf(key_id, sizeof(key_id),
"%s%s",
keydir, name);
else
snprintf(key_id, sizeof(key_id),
"%s",
name);
} else {
fprintf(stderr, "Engine not supported\n");
return -ENOTSUP;