summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>2019-06-16 20:53:38 +0300
committerTom Rini <trini@konsulko.com>2019-07-18 11:31:23 -0400
commit5b123e010954d8f6ef24dd0cb1a8cbe1d7d53851 (patch)
treecca21fad52e79da0f23dcad1e0866a3b7ad03a39 /lib
parent0e80dda32c8d724c2a98dbbfb2f1e59762788f15 (diff)
lib: rsa: add support to other openssl engine types than pkcs11
There are multiple other openssl engines used by HSMs that can be used to sign FIT images instead of forcing users to use pkcs11 type of service. Relax engine selection so that other openssl engines can be specified and use generic key id definition formula. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Cc: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/rsa/rsa-sign.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index fb5e07b56d..5b5905aeb5 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -141,6 +141,15 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=public",
name);
+ } else if (engine_id) {
+ if (keydir)
+ snprintf(key_id, sizeof(key_id),
+ "%s%s",
+ keydir, name);
+ else
+ snprintf(key_id, sizeof(key_id),
+ "%s",
+ name);
} else {
fprintf(stderr, "Engine not supported\n");
return -ENOTSUP;
@@ -252,6 +261,15 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
snprintf(key_id, sizeof(key_id),
"pkcs11:object=%s;type=private",
name);
+ } else if (engine_id) {
+ if (keydir)
+ snprintf(key_id, sizeof(key_id),
+ "%s%s",
+ keydir, name);
+ else
+ snprintf(key_id, sizeof(key_id),
+ "%s",
+ name);
} else {
fprintf(stderr, "Engine not supported\n");
return -ENOTSUP;