Pass NULL as the value for @cb in PEM_read_RSAPrivateKey() and remove pem_password_cb(). According to the man page [1], when both @cb and @u are NULL, a default callback provided by OpenSSL will be used to query the password. Since our key is not sealed, this is dead functionality. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> --- tools/testing/selftests/x86/sgx/sgxsign.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/sgxsign.c b/tools/testing/selftests/x86/sgx/sgxsign.c index 0b89823fc703..3d9007af40c9 100644 --- a/tools/testing/selftests/x86/sgx/sgxsign.c +++ b/tools/testing/selftests/x86/sgx/sgxsign.c @@ -20,8 +20,6 @@ struct sgx_sigstruct_payload { struct sgx_sigstruct_body body; }; -static const char *sign_key_pass; - static bool check_crypto_errors(void) { int err; @@ -50,18 +48,6 @@ static void exit_usage(const char *program) exit(1); } -static int pem_passwd_cb(char *buf, int size, int rwflag, void *u) -{ - if (!sign_key_pass) - return -1; - - strncpy(buf, sign_key_pass, size); - /* no retry */ - sign_key_pass = NULL; - - return strlen(buf) >= size ? size - 1 : strlen(buf); -} - static inline const BIGNUM *get_modulus(RSA *key) { #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -85,7 +71,7 @@ static RSA *load_sign_key(const char *path) return NULL; } key = RSA_new(); - if (!PEM_read_RSAPrivateKey(f, &key, pem_passwd_cb, NULL)) + if (!PEM_read_RSAPrivateKey(f, &key, NULL, NULL)) return NULL; fclose(f); @@ -455,7 +441,6 @@ int main(int argc, char **argv) #endif ss.body.xfrm = 3, - sign_key_pass = getenv("KBUILD_SGX_SIGN_PIN"); program = argv[0]; do { -- 2.20.1