From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 3/5] rsatoc: support extracting RSA public key from X.509 SPKI format
Date: Thu, 21 Sep 2023 12:23:08 +0200 [thread overview]
Message-ID: <20230921102310.1108543-4-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20230921102310.1108543-1-a.fatoum@pengutronix.de>
In addition to PKCS#11 URIs, rsatoc supports extracting RSA public keys
out of x.509 PEM certificats, which is a base64-encoded format that begins
with the header `-----BEGIN CERTIFICATE-----'.
Another popular format for RSA public keys is the X.509 SPKI format,
which starts with the header `-----BEGIN PUBLIC KEY-----'. As public
keys are the only thing rsatoc is interested in, add support for the latter
as well.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
scripts/rsatoc.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c
index d7f6dad7f01e..f5b0ba27f9bc 100644
--- a/scripts/rsatoc.c
+++ b/scripts/rsatoc.c
@@ -58,17 +58,21 @@ static int rsa_pem_get_pub_key(const char *path, RSA **rsap)
/* Read the certificate */
cert = NULL;
if (!PEM_read_X509(f, &cert, NULL, NULL)) {
- rsa_err("Couldn't read certificate");
- ret = -EINVAL;
- goto err_cert;
- }
-
- /* Get the public key from the certificate. */
- key = X509_get_pubkey(cert);
- if (!key) {
- rsa_err("Couldn't read public key\n");
- ret = -EINVAL;
- goto err_pubkey;
+ rewind(f);
+ key = PEM_read_PUBKEY(f, NULL, NULL, NULL);
+ if (!key) {
+ rsa_err("Couldn't read certificate");
+ ret = -EINVAL;
+ goto err_cert;
+ }
+ } else {
+ /* Get the public key from the certificate. */
+ key = X509_get_pubkey(cert);
+ if (!key) {
+ rsa_err("Couldn't read public key\n");
+ ret = -EINVAL;
+ goto err_pubkey;
+ }
}
/* Convert to a RSA_style key. */
--
2.39.2
next prev parent reply other threads:[~2023-09-21 10:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-21 10:23 [PATCH 0/5] rsatoc: make useful for standalone RSA keys Ahmad Fatoum
2023-09-21 10:23 ` [PATCH 1/5] rsa: escape pkcs11 string passed to RSA command Ahmad Fatoum
2023-09-21 10:23 ` [PATCH 2/5] scripts: allow user to build rsatoc if COMPILE_HOST_TOOLS Ahmad Fatoum
2023-09-21 10:23 ` Ahmad Fatoum [this message]
2023-09-21 10:23 ` [PATCH 4/5] rsa: fix typos and missing type definitions Ahmad Fatoum
2023-09-21 10:23 ` [PATCH 5/5] rsatoc: support generating standalone keys unreferenced by FIT keyring Ahmad Fatoum
2023-09-21 12:32 ` [PATCH 0/5] rsatoc: make useful for standalone RSA keys Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230921102310.1108543-4-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox