On 01.08.24 07:57, Sascha Hauer wrote:
> When we can't open the given path as certificate, we try reading it
> as a public key. Clarify the error message accordingly and add a
> comment about this.
>
> Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
Reviewed-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> ---
> scripts/keytoc.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/scripts/keytoc.c b/scripts/keytoc.c
> index aa36ba02e1..6c5ff9403d 100644
> --- a/scripts/keytoc.c
> +++ b/scripts/keytoc.c
> @@ -57,7 +57,7 @@ static int pem_get_pub_key(const char *path, EVP_PKEY **pkey)
> *pkey = NULL;
> f = fopen(path, "r");
> if (!f) {
> - fprintf(stderr, "Couldn't open certificate: '%s': %s\n",
> + fprintf(stderr, "Couldn't open certificate '%s': %s\n",
> path, strerror(errno));
> return -EACCES;
> }
> @@ -65,10 +65,11 @@ static int pem_get_pub_key(const char *path, EVP_PKEY **pkey)
> /* Read the certificate */
> cert = NULL;
> if (!PEM_read_X509(f, &cert, NULL, NULL)) {
> + /* Can't open certificate, maybe it's a pubkey */
> rewind(f);
> key = PEM_read_PUBKEY(f, NULL, NULL, NULL);
> if (!key) {
> - openssl_error("Couldn't read certificate");
> + openssl_error("Couldn't read certificate/pubkey %s\n", path);
> ret = -EINVAL;
> goto err_cert;
> }
> @@ -76,7 +77,7 @@ static int pem_get_pub_key(const char *path, EVP_PKEY **pkey)
> /* Get the public key from the certificate. */
> key = X509_get_pubkey(cert);
> if (!key) {
> - openssl_error("Couldn't read public key\n");
> + openssl_error("Couldn't read public key from certificate\n");
> ret = -EINVAL;
> goto err_pubkey;
> }
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
