[PATCH v4 0/8] Allow multiple keyspecs in one environment variable

[Jonas Rebmann <jre@pengutronix.de>]

This contains the actual change to keytoc as well a migration Note.

Allowing any number of public keys to be provided via a single
environment variable eases integration in more complex setups where
multiple public keys per keyring are managed externally.

During testing, it was found that handling of fit-hint env variables was
broken since 2025.12. Since this is a legacy feature this series
includes a patch that fixes the bug in the handling of fit-hint env
variables as well as a patch that removes the feature.

Before removal of the feature, the following tests where performed and
keytoc output was manually verified:

cd scripts/
gcc -g keytoc.c $(pkg-config --libs --cflags openssl) -o keytoc
export rsakey="../crypto/snakeoil-4096-development.pem"
export ecdsakey="../crypto/snakeoil-ecdsa-development.pem"
export fullspec="keyring=fit,fit-hint=__ENV__hint:$ecdsakey"
export triplekey="$rsakey $ecdsakey $fullspec"

export hint=test

diff -q <(./keytoc $ecdsakey) <(./keytoc __ENV__ecdsakey)
diff -q <(./keytoc $rsakey) <(./keytoc __ENV__rsakey)
diff -q <(./keytoc $fullspec) <(./keytoc __ENV__fullspec)
diff -q <(./keytoc __ENV__triplekey __ENV__ecdsakey __ENV__triplekey) <(./keytoc $triplekey $ecdsakey $triplekey)

Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
Changes in v4:
- split out two more preparatory patches
- add patch to remove handling of fit-hint env variables
- add patch to fix handling of fit-hint env variables
- drop unneeded strdup of argv (Thanks, Marco)
- const buffer holding getenv result to prevent modification of
  environment variable (Thanks, Marco)
- adapt commit message to explain why keyspec list is looped before
  writing stdout
- fix bug where hint and path are only expanded when keyspec is provided
  via env variable. Instead move expansion and validation into yet
  another loop over the keyspecs
- error out on empty/undefined environment variable keyspec
- fix potential out of bounds when indexing argv with listi
- use listi index variable when re-interating keys list instead of
  using argi variable earlier used when iterating both keys and args
- Link to v3: https://lore.barebox.org/barebox/20260316-keytoc-multi-env-v3-0-433591ef3198@pengutronix.de

Changes in v3:
- Where possible, split refactoring/cleanup into a preparatory commit
- Split copying strsep_unescape into a separate commit
- Link to v2: https://lore.barebox.org/barebox/20260218-keytoc-multi-env-v2-0-3ea146c95d18@pengutronix.de

Changes in v2:
- Split up the keyspec environment variables when multiple are provided
  too.
- Use strsep_unescape instead of manual split/unescape
- Remove RFC tag
- Link to v1: https://lore.barebox.org/barebox/20260206-keytoc-multi-env-v1-1-638fbf2b3634@pengutronix.de

---
Jonas Rebmann (8):
      scripts: include: Add string_util.h for strsep_unescaped
      crypto: keytoc: Improve readability
      crypto: keytoc: Move special handling of legacy pkcs11 format to parse_keyspec
      crypto: keytoc: Parse all keyspecs before writing to stdout
      crypto: keytoc: Split env-provided full keyspec on spaces
      Documentation: migration-guides: Document change in keyspec env vars
      crypto: keytoc: Allow fields to start with underscore
      crypto: keytoc: Deprecate fit-hint from env variable

 .../migration-guides/migration-master.rst          |  21 ++++
 crypto/Kconfig                                     |   7 +-
 scripts/include/string_util.h                      |  65 ++++++++++++
 scripts/keytoc.c                                   | 113 ++++++++++++++-------
 4 files changed, 165 insertions(+), 41 deletions(-)
---
base-commit: ff814eff55e898037503e942df8e0ba8f1b13222
change-id: 20260206-keytoc-multi-env-4a3300292e4a

Best regards,
--  
Jonas Rebmann <jre@pengutronix.de>