mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine

This patch adds the possibility to pass the PIN the OpenSSL Engine used during signing via the environment variable MKIMAGE_SIGN_PIN. This follows the approach used during kernel module signing ("KBUILD_SIGN_PIN") or UBIFS image signing ("MKIMAGE_SIGN_PIN"). Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
author: Marc Kleine-Budde 2021-07-23 22:17:50 +0200
committer: Tom Rini 2021-07-28 20:46:34 -0400
commit: 62b27a561c2868d95445905ad554297e43cc0f2b (patch)
tree: 4ed6786f1809fc6d212d157a9683a2ab6409c191 /lib/rsa
parent: 89795ef3b6b2d12cffb840a98ee374d2e806aa64 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index c64deac31f4..085dc89bf7b 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -338,6 +338,7 @@ static int rsa_init(void)
 
 static int rsa_engine_init(const char *engine_id, ENGINE **pe)
 {
+	const char *key_pass;
 	ENGINE *e;
 	int ret;
 
@@ -362,10 +363,20 @@ static int rsa_engine_init(const char *engine_id, ENGINE **pe)
 		goto err_set_rsa;
 	}
 
+	key_pass = getenv("MKIMAGE_SIGN_PIN");
+	if (key_pass) {
+		if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
+			fprintf(stderr, "Couldn't set PIN\n");
+			ret = -1;
+			goto err_set_pin;
+		}
+	}
+
 	*pe = e;
 
 	return 0;
 
+err_set_pin:
 err_set_rsa:
 	ENGINE_finish(e);
 err_engine_init:
author	Marc Kleine-Budde	2021-07-23 22:17:50 +0200
committer	Tom Rini	2021-07-28 20:46:34 -0400
commit	62b27a561c2868d95445905ad554297e43cc0f2b (patch)
tree	4ed6786f1809fc6d212d157a9683a2ab6409c191 /lib/rsa
parent	89795ef3b6b2d12cffb840a98ee374d2e806aa64 (diff)