From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=RLtH=MU=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 864F6C4338F
	for <u-boot@archiver.kernel.org>; Wed, 28 Jul 2021 20:17:58 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 94A1B6054F
	for <u-boot@archiver.kernel.org>; Wed, 28 Jul 2021 20:17:57 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 94A1B6054F
Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=lab126.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 3070882CDA;
	Wed, 28 Jul 2021 22:17:55 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=fail (p=quarantine dis=none) header.from=lab126.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id F11FD82A01; Wed, 28 Jul 2021 22:17:52 +0200 (CEST)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 9FEC982A01
 for <u-boot@lists.denx.de>; Wed, 28 Jul 2021 22:17:49 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none)
 header.from=lab126.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=prvs=83648935a=hoiho@lab126.com
X-IronPort-AV: E=Sophos;i="5.84,276,1620691200"; d="scan'208";a="128577842"
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO
 email-inbound-relay-2a-90c42d1d.us-west-2.amazon.com) ([10.43.8.2])
 by smtp-border-fw-6002.iad6.amazon.com with ESMTP; 28 Jul 2021 20:17:40 +0000
Received: from EX13MTAUWB001.ant.amazon.com
 (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198])
 by email-inbound-relay-2a-90c42d1d.us-west-2.amazon.com (Postfix) with ESMTPS
 id B04CBA1D11; Wed, 28 Jul 2021 20:17:38 +0000 (UTC)
Received: from EX13D12UWA001.ant.amazon.com (10.43.160.163) by
 EX13MTAUWB001.ant.amazon.com (10.43.161.249) with Microsoft SMTP Server (TLS)
 id 15.0.1497.23; Wed, 28 Jul 2021 20:17:38 +0000
Received: from EX13D12UWA001.ant.amazon.com (10.43.160.163) by
 EX13D12UWA001.ant.amazon.com (10.43.160.163) with Microsoft SMTP Server (TLS)
 id 15.0.1497.23; Wed, 28 Jul 2021 20:17:38 +0000
Received: from EX13D12UWA001.ant.amazon.com ([10.43.160.163]) by
 EX13D12UWA001.ant.amazon.com ([10.43.160.163]) with mapi id 15.00.1497.023;
 Wed, 28 Jul 2021 20:17:38 +0000
From: "Chan, Donald" <hoiho@lab126.com>
To: Tom Rini <trini@konsulko.com>
CC: "u-boot@lists.denx.de" <u-boot@lists.denx.de>, Alexandru Gagniuc
 <mr.nuke.me@gmail.com>, Simon Glass <sjg@chromium.org>
Subject: [PATCH] lib: rsa: Extract public key from private key if keyfile
 argument is used
Thread-Topic: [PATCH] lib: rsa: Extract public key from private key if keyfile
 argument is used
Thread-Index: AQHXg+2cvxy55SvFwkiYSAxC7iNZ6g==
Date: Wed, 28 Jul 2021 20:17:37 +0000
Message-ID: <1627503457435.77119@lab126.com>
References: <CA0975DB-96AE-491F-BEA4-2D1E494D492B@lab126.com>,
 <20210728183325.GW9379@bill-the-cat>
In-Reply-To: <20210728183325.GW9379@bill-the-cat>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.160.85]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

If the 'keyfile' (-G) argument is used, there is little value to require=0A=
'keydir' (-k) argument since the public key can also be extracted from the=
=0A=
private key itself.=0A=
=0A=
Signed-off-by: Donald Chan <hoiho@lab126.com>=0A=
---=0A=
 lib/rsa/rsa-sign.c | 28 +++++++++++++++++++++-------=0A=
 1 file changed, 21 insertions(+), 7 deletions(-)=0A=
=0A=
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c=0A=
index f4ed11e74a..f70f352311 100644=0A=
--- a/lib/rsa/rsa-sign.c=0A=
+++ b/lib/rsa/rsa-sign.c=0A=
@@ -49,16 +49,16 @@ static int rsa_err(const char *msg)=0A=
 }=0A=
 =0A=
 /**=0A=
- * rsa_pem_get_pub_key() - read a public key from a .crt file=0A=
+ * rsa_pem_get_pub_key() - read a public key from a private key file or .c=
rt file=0A=
  *=0A=
- * @keydir:	Directory containins the key=0A=
- * @name	Name of key file (will have a .crt extension)=0A=
+ * @keydir:	Directory containing the key, can be NULL=0A=
+ * @name	Name of key file (will apply a .crt extension if keydir is not NU=
LL)=0A=
  * @evpp	Returns EVP_PKEY object, or NULL on failure=0A=
  * @return 0 if ok, -ve on error (in which case *evpp will be set to NULL)=
=0A=
  */=0A=
 static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_P=
KEY **evpp)=0A=
 {=0A=
-	char path[1024];=0A=
+	char path[1024] =3D {0};=0A=
 	EVP_PKEY *key =3D NULL;=0A=
 	X509 *cert;=0A=
 	FILE *f;=0A=
@@ -68,7 +68,10 @@ static int rsa_pem_get_pub_key(const char *keydir, const=
 char *name, EVP_PKEY **=0A=
 		return -EINVAL;=0A=
 =0A=
 	*evpp =3D NULL;=0A=
-	snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);=0A=
+	if (keydir && name)=0A=
+		snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);=0A=
+	else if (name)=0A=
+		snprintf(path, sizeof(path), "%s", name);=0A=
 	f =3D fopen(path, "r");=0A=
 	if (!f) {=0A=
 		fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",=0A=
@@ -76,7 +79,13 @@ static int rsa_pem_get_pub_key(const char *keydir, const=
 char *name, EVP_PKEY **=0A=
 		return -EACCES;=0A=
 	}=0A=
 =0A=
-	/* Read the certificate */=0A=
+	/* See if it contains a PEM private key? */=0A=
+	if (PEM_read_PrivateKey(f, evpp, NULL, path)) {=0A=
+		fclose(f);=0A=
+		return 0;=0A=
+	}=0A=
+=0A=
+	/* Not a PEM private key, read the certificate */=0A=
 	cert =3D NULL;=0A=
 	if (!PEM_read_X509(f, &cert, NULL, NULL)) {=0A=
 		rsa_err("Couldn't read certificate");=0A=
@@ -672,7 +681,12 @@ int rsa_add_verify_data(struct image_sign_info *info, =
void *keydest)=0A=
 		if (ret)=0A=
 			return ret;=0A=
 	}=0A=
-	ret =3D rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);=0A=
+	if (info->keydir && info->keyname)=0A=
+		ret =3D rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);=0A=
+	else if (info->keyfile)=0A=
+		ret =3D rsa_get_pub_key(NULL, info->keyfile, e, &pkey);=0A=
+	else=0A=
+		ret =3D -EINVAL;=0A=
 	if (ret)=0A=
 		goto err_get_pub_key;=0A=
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \=0A=
-- =0A=
2.16.6=0A=