From: Csókás Bence <csokas.bence@prolan.hu>
Date: Fri, 5 Jan 2024 14:08:04 +0000 (+0100)
Subject: lib: rsa: Allow legacy URI specification without "pkcs11:"
X-Git-Tag: v2025.01-rc5-pxa1908~697^2~20
X-Git-Url: http://git.dujemihanovic.xyz/img/static/html/%7B%7B%20.RelPermalink%20%7D%7D?a=commitdiff_plain;h=f055d6e8f0d63a80d72ab5b092a26bedc652ac3b;p=u-boot.git

lib: rsa: Allow legacy URI specification without "pkcs11:"

But emit a warning for it. Then we can remove support when
everyone had time to update their scripts, docs, CI etc.

Fixes: ece85cc020 rsa: use pkcs11 uri as defined in rfc7512

Signed-off-by: Csókás Bence <csokas.bence@prolan.hu>
---

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index fd587d8deb..2304030e32 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -104,6 +104,8 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
 	const char *engine_id;
 	char key_id[1024];
 	EVP_PKEY *key = NULL;
+	const char *const pkcs11_schema = "pkcs11:";
+	const char *pkcs11_uri_prepend = "";
 
 	if (!evpp)
 		return -EINVAL;
@@ -113,19 +115,26 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
 	engine_id = ENGINE_get_id(engine);
 
 	if (engine_id && !strcmp(engine_id, "pkcs11")) {
-		if (keydir)
+		if (keydir) {
+			// Check for legacy keydir spec and prepend
+			if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) {
+				pkcs11_uri_prepend = pkcs11_schema;
+				fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
+			}
+
 			if (strstr(keydir, "object="))
 				snprintf(key_id, sizeof(key_id),
-					 "%s;type=public",
-					 keydir);
+					 "%s%s;type=public",
+					 pkcs11_uri_prepend, keydir);
 			else
 				snprintf(key_id, sizeof(key_id),
-					 "%s;object=%s;type=public",
-					 keydir, name);
-		else
+					 "%s%s;object=%s;type=public",
+					 pkcs11_uri_prepend, keydir, name);
+		} else {
 			snprintf(key_id, sizeof(key_id),
 				 "pkcs11:object=%s;type=public",
 				 name);
+		}
 	} else if (engine_id) {
 		if (keydir)
 			snprintf(key_id, sizeof(key_id),
@@ -224,6 +233,8 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
 	const char *engine_id;
 	char key_id[1024];
 	EVP_PKEY *key = NULL;
+	const char *const pkcs11_schema = "pkcs11:";
+	const char *pkcs11_uri_prepend = "";
 
 	if (!evpp)
 		return -EINVAL;
@@ -235,19 +246,26 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
 			fprintf(stderr, "Please use 'keydir' with PKCS11\n");
 			return -EINVAL;
 		}
-		if (keydir)
+		if (keydir) {
+			// Check for legacy keydir spec and prepend
+			if (strncmp(pkcs11_schema, keydir, strlen(pkcs11_schema))) {
+				pkcs11_uri_prepend = pkcs11_schema;
+				fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
+			}
+
 			if (strstr(keydir, "object="))
 				snprintf(key_id, sizeof(key_id),
-					 "%s;type=private",
-					 keydir);
+					 "%s%s;type=private",
+					 pkcs11_uri_prepend, keydir);
 			else
 				snprintf(key_id, sizeof(key_id),
-					 "%s;object=%s;type=private",
-					 keydir, name);
-		else
+					 "%s%s;object=%s;type=private",
+					 pkcs11_uri_prepend, keydir, name);
+		} else {
 			snprintf(key_id, sizeof(key_id),
 				 "pkcs11:object=%s;type=private",
 				 name);
+		}
 	} else if (engine_id) {
 		if (keydir && name)
 			snprintf(key_id, sizeof(key_id),