mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine

This patch adds the possibility to pass the PIN the OpenSSL Engine used during signing via the environment variable MKIMAGE_SIGN_PIN. This follows the approach used during kernel module signing ("KBUILD_SIGN_PIN") or UBIFS image signing ("MKIMAGE_SIGN_PIN"). Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2021-07-23 22:17:50 +02:00
parent 89795ef3b6
commit 62b27a561c
2 changed files with 13 additions and 2 deletions
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -338,6 +338,7 @@ static int rsa_init(void)

 static int rsa_engine_init(const char *engine_id, ENGINE **pe)
 {
+	const char *key_pass;
 	ENGINE *e;
 	int ret;

@@ -362,10 +363,20 @@ static int rsa_engine_init(const char *engine_id, ENGINE **pe)
 		goto err_set_rsa;
 	}

+	key_pass = getenv("MKIMAGE_SIGN_PIN");
+	if (key_pass) {
+		if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
+			fprintf(stderr, "Couldn't set PIN\n");
+			ret = -1;
+			goto err_set_pin;
+		}
+	}
+
 	*pe = e;

 	return 0;

+err_set_pin:
 err_set_rsa:
 	ENGINE_finish(e);
 err_engine_init: