From: Stefano Babic Date: Thu, 25 May 2023 08:18:05 +0000 (+0200) Subject: mkimage: ecdsa: password for signing from environment X-Git-Tag: v2025.01-rc5-pxa1908~950^2~8^2~8 X-Git-Url: http://git.dujemihanovic.xyz/html/static/%7B%7B%20%24.Site.BaseURL%20%7D%7Dposts/%7B%7B%20%24style.RelPermalink%20%7D%7D?a=commitdiff_plain;h=50195a23468e3a8a32cba8534d76627b5d189551;p=u-boot.git mkimage: ecdsa: password for signing from environment Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to allow the signing process to run in batch. Signed-off-by: Stefano Babic --- diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c index d5939af2c5..5fa9be10b4 100644 --- a/lib/ecdsa/ecdsa-libcrypto.c +++ b/lib/ecdsa/ecdsa-libcrypto.c @@ -111,16 +111,30 @@ static size_t ecdsa_key_size_bytes(const EC_KEY *key) return EC_GROUP_order_bits(group) / 8; } +static int default_password(char *buf, int size, int rwflag, void *u) +{ + strncpy(buf, (char *)u, size); + buf[size - 1] = '\0'; + return strlen(buf); +} + static int read_key(struct signer *ctx, const char *key_name) { FILE *f = fopen(key_name, "r"); + const char *key_pass; if (!f) { fprintf(stderr, "Can not get key file '%s'\n", key_name); return -ENOENT; } - ctx->evp_key = PEM_read_PrivateKey(f, NULL, NULL, NULL); + key_pass = getenv("MKIMAGE_SIGN_PASSWORD"); + if (key_pass) { + ctx->evp_key = PEM_read_PrivateKey(f, NULL, default_password, (void *)key_pass); + + } else { + ctx->evp_key = PEM_read_PrivateKey(f, NULL, NULL, NULL); + } fclose(f); if (!ctx->evp_key) { fprintf(stderr, "Can not read key from '%s'\n", key_name);