Home
last modified time | relevance | path

Searched hist:bb3b0c0b09ff1d969ddd49b99642740ce2a07064 (Results 1 – 3 of 3) sorted by relevance

/rk3399_ARM-atf/tools/cert_create/include/
H A Dkey.hbb3b0c0b09ff1d969ddd49b99642740ce2a07064 Mon Oct 16 12:52:06 UTC 2023 Sandrine Bailleux <sandrine.bailleux@arm.com> fix(cert-create): fix key loading logic

When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. However, it is incorrectly overwritten
later on with 'KEY_ERR_NONE' or 'KEY_ERR_LOAD'.

The latter case messes up with the key creation scenario. The
'KEY_ERR_LOAD' error leads the tool to exit, when it should attempt to
create the said key file if invoked with the --new-keys/-n option.

Note that, to complicate matters further, which of 'KEY_ERR_OPEN' or
'KEY_ERR_NONE' values is returned by key_load() depends on the version
of OpenSSL in use:

- If using v3+, KEY_ERROR_LOAD is returned.

- If using <v3, KEY_ERROR_NONE is returned as a result of the key
pair container being initialized by key_new().

This patch fixes this bug and also takes the opportunity to refactor
key_load() implementation to (hopefully) make it more straight-forward
and easier to reason about.

Fixes: 616b3ce27d9a "feat(cert-create): add pkcs11 engine support"
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Reported-by: Wenchen Tan <xtaens@qq.com>
Change-Id: Ia78ff442e04c5ff98e6ced8d26becbd817a8ccb7
/rk3399_ARM-atf/tools/cert_create/src/
H A Dkey.cbb3b0c0b09ff1d969ddd49b99642740ce2a07064 Mon Oct 16 12:52:06 UTC 2023 Sandrine Bailleux <sandrine.bailleux@arm.com> fix(cert-create): fix key loading logic

When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. However, it is incorrectly overwritten
later on with 'KEY_ERR_NONE' or 'KEY_ERR_LOAD'.

The latter case messes up with the key creation scenario. The
'KEY_ERR_LOAD' error leads the tool to exit, when it should attempt to
create the said key file if invoked with the --new-keys/-n option.

Note that, to complicate matters further, which of 'KEY_ERR_OPEN' or
'KEY_ERR_NONE' values is returned by key_load() depends on the version
of OpenSSL in use:

- If using v3+, KEY_ERROR_LOAD is returned.

- If using <v3, KEY_ERROR_NONE is returned as a result of the key
pair container being initialized by key_new().

This patch fixes this bug and also takes the opportunity to refactor
key_load() implementation to (hopefully) make it more straight-forward
and easier to reason about.

Fixes: 616b3ce27d9a "feat(cert-create): add pkcs11 engine support"
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Reported-by: Wenchen Tan <xtaens@qq.com>
Change-Id: Ia78ff442e04c5ff98e6ced8d26becbd817a8ccb7
H A Dmain.cbb3b0c0b09ff1d969ddd49b99642740ce2a07064 Mon Oct 16 12:52:06 UTC 2023 Sandrine Bailleux <sandrine.bailleux@arm.com> fix(cert-create): fix key loading logic

When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. However, it is incorrectly overwritten
later on with 'KEY_ERR_NONE' or 'KEY_ERR_LOAD'.

The latter case messes up with the key creation scenario. The
'KEY_ERR_LOAD' error leads the tool to exit, when it should attempt to
create the said key file if invoked with the --new-keys/-n option.

Note that, to complicate matters further, which of 'KEY_ERR_OPEN' or
'KEY_ERR_NONE' values is returned by key_load() depends on the version
of OpenSSL in use:

- If using v3+, KEY_ERROR_LOAD is returned.

- If using <v3, KEY_ERROR_NONE is returned as a result of the key
pair container being initialized by key_new().

This patch fixes this bug and also takes the opportunity to refactor
key_load() implementation to (hopefully) make it more straight-forward
and easier to reason about.

Fixes: 616b3ce27d9a "feat(cert-create): add pkcs11 engine support"
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Reported-by: Wenchen Tan <xtaens@qq.com>
Change-Id: Ia78ff442e04c5ff98e6ced8d26becbd817a8ccb7