On 01.08.24 07:57, Sascha Hauer wrote:
> The openssl engine is only used in engine_get_pub_key(), so initialize
> is there instead of in the caller. This is done in preparation of
> replacing the deprecated engine code with a provider.
This commit message is outdated.
> Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
With the message reworded:
Reviewed-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> ---
> scripts/rsatoc.c | 107 ++++++++++++++++++++++++-----------------------
> 1 file changed, 54 insertions(+), 53 deletions(-)
>
> diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c
> index 1d2eb48d08..0faf41bca2 100644
> --- a/scripts/rsatoc.c
> +++ b/scripts/rsatoc.c
> @@ -89,19 +89,68 @@ static int pem_get_pub_key(const char *path, EVP_PKEY **pkey)
> return ret;
> }
>
> +static int engine_init(ENGINE **pe)
> +{
> + ENGINE *e;
> + int ret;
> + const char *key_pass = getenv("KBUILD_SIGN_PIN");
> +
> + ENGINE_load_builtin_engines();
> +
> + e = ENGINE_by_id("pkcs11");
> + if (!e) {
> + fprintf(stderr, "Engine isn't available\n");
> + ret = -1;
> + goto err_engine_by_id;
> + }
> +
> + if (!ENGINE_init(e)) {
> + fprintf(stderr, "Couldn't initialize engine\n");
> + ret = -1;
> + goto err_engine_init;
> + }
> +
> + if (key_pass) {
> + if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
> + fprintf(stderr, "Cannot set PKCS#11 PIN\n");
> + goto err_set_rsa;
> + }
> + }
> +
> + *pe = e;
> +
> + return 0;
> +
> +err_set_rsa:
> + ENGINE_finish(e);
> +err_engine_init:
> + ENGINE_free(e);
> +err_engine_by_id:
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
> + ENGINE_cleanup();
> +#endif
> + return ret;
> +}
> +
> /**
> * engine_get_pub_key() - read a public key from given engine
> *
> * @keydir: Key prefix
> * @name Name of key
> - * @engine Engine to use
> * @key Returns key object, or NULL on failure
> * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
> */
> -static int engine_get_pub_key(const char *key_id,
> - ENGINE *engine, EVP_PKEY **key)
> +static int engine_get_pub_key(const char *key_id, EVP_PKEY **key)
> {
> - *key = ENGINE_load_public_key(engine, key_id, NULL, NULL);
> + ENGINE *e;
> + int ret;
> +
> + ret = engine_init(&e);
> + if (ret)
> + return ret;
> +
> + *key = ENGINE_load_public_key(e, key_id, NULL, NULL);
> if (!*key)
> return openssl_error("Failure loading public key from engine");
>
> @@ -238,50 +287,6 @@ static int rsa_get_params(EVP_PKEY *key, uint64_t *exponent, uint32_t *n0_invp,
> return ret;
> }
>
> -static int rsa_engine_init(ENGINE **pe)
> -{
> - ENGINE *e;
> - int ret;
> - const char *key_pass = getenv("KBUILD_SIGN_PIN");
> -
> - ENGINE_load_builtin_engines();
> -
> - e = ENGINE_by_id("pkcs11");
> - if (!e) {
> - fprintf(stderr, "Engine isn't available\n");
> - ret = -1;
> - goto err_engine_by_id;
> - }
> -
> - if (!ENGINE_init(e)) {
> - fprintf(stderr, "Couldn't initialize engine\n");
> - ret = -1;
> - goto err_engine_init;
> - }
> -
> - if (key_pass) {
> - if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
> - fprintf(stderr, "Cannot set PKCS#11 PIN\n");
> - goto err_set_rsa;
> - }
> - }
> -
> - *pe = e;
> -
> - return 0;
> -
> -err_set_rsa:
> - ENGINE_finish(e);
> -err_engine_init:
> - ENGINE_free(e);
> -err_engine_by_id:
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> - (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
> - ENGINE_cleanup();
> -#endif
> - return ret;
> -}
> -
> static FILE *outfilep;
>
> static int print_bignum(BIGNUM *num, int num_bits)
> @@ -362,7 +367,6 @@ static int gen_key(const char *keyname, const char *path)
> int ret;
> int bits;
> EVP_PKEY *key;
> - ENGINE *e = NULL;
> char *tmp, *key_name_c;
>
> tmp = key_name_c = strdup(keyname);
> @@ -384,10 +388,7 @@ static int gen_key(const char *keyname, const char *path)
> }
>
> if (!strncmp(path, "pkcs11:", 7)) {
> - ret = rsa_engine_init(&e);
> - if (ret)
> - exit(1);
> - ret = engine_get_pub_key(path, e, &key);
> + ret = engine_get_pub_key(path, &key);
> if (ret)
> exit(1);
> } else {
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
