morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

openssl-util: introduce openssl_extract_public_key() helper function

Browse Source 
This splits out common logic in keyutil and systemd-measure.

Note, previously d2i_PUBKEY_fp() was used, but now it is replaced with
d2i_PUBKEY(), as musl seems to not support reading from memstream.
This commit is contained in:
Yu Watanabe
2025-11-24 10:30:07 +09:00
parent 4f6ef13f43
commit da22ccf48f
4 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/keyutil/keyutil.c
View File

@@ -10,7 +10,6 @@
#include "fs-util.h"
#include "log.h"
#include "main-func.h"
#include "memstream-util.h"
#include "openssl-util.h"
#include "parse-argument.h"
#include "pretty-print.h"
@@ -303,21 +302,9 @@ static int verb_public(int argc, char *argv[], void *userdata) {
if (r < 0)
return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
_cleanup_(memstream_done) MemStream m = {};
FILE *tf = memstream_init(&m);
if (!tf)
return log_oom();
if (i2d_PUBKEY_fp(tf, private_key) != 1)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to extract public key from private key file '%s'.", arg_private_key);
fflush(tf);
rewind(tf);
if (!d2i_PUBKEY_fp(tf, &public_key))
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to parse extracted public key of private key file '%s'.", arg_private_key);
r = openssl_extract_public_key(private_key, &public_key);
if (r < 0)
return log_error_errno(r, "Failed to extract public key from private key file '%s': %m", arg_private_key);
} else
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "One of --certificate=, or --private-key= must be specified");

22
src/measure/measure-tool.c
View File

@@ -15,7 +15,6 @@
#include "hexdecoct.h"
#include "log.h"
#include "main-func.h"
#include "memstream-util.h"
#include "openssl-util.h"
#include "pager.h"
#include "parse-argument.h"
@@ -890,25 +889,10 @@ static int build_policy_digest(bool sign) {
"Failed to extract public key from certificate %s.",
arg_certificate);
} else if (sign) {
_cleanup_(memstream_done) MemStream m = {};
FILE *tf;
/* No public key was specified, let's derive it automatically, if we can, when signing */
tf = memstream_init(&m);
if (!tf)
return log_oom();
if (i2d_PUBKEY_fp(tf, privkey) != 1)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to extract public key from private key file '%s'.", arg_private_key);
fflush(tf);
rewind(tf);
if (!d2i_PUBKEY_fp(tf, &pubkey))
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to parse extracted public key of private key file '%s'.", arg_private_key);
r = openssl_extract_public_key(privkey, &pubkey);
if (r < 0)
return log_error_errno(r, "Failed to extract public key from private key file '%s': %m", arg_private_key);
}
r = pcr_states_allocate(&pcr_states);

27
src/shared/openssl-util.c
View File

@@ -1753,6 +1753,33 @@ int openssl_load_private_key(
return 0;
}
int openssl_extract_public_key(EVP_PKEY *private_key, EVP_PKEY **ret) {
int r;
assert(private_key);
assert(ret);
_cleanup_(memstream_done) MemStream m = {};
FILE *tf = memstream_init(&m);
if (!tf)
return log_oom();
if (i2d_PUBKEY_fp(tf, private_key) != 1)
return -EIO;
_cleanup_(erase_and_freep) char *buf = NULL;
size_t len;
r = memstream_finalize(&m, &buf, &len);
if (r < 0)
return r;
const unsigned char *t = (unsigned char*) buf;
if (!d2i_PUBKEY(ret, &t, len))
return -EIO;
return 0;
}
#endif
int parse_openssl_certificate_source_argument(

2
src/shared/openssl-util.h
View File

@@ -195,6 +195,8 @@ int openssl_load_private_key(
EVP_PKEY **ret_private_key,
OpenSSLAskPasswordUI **ret_user_interface);
int openssl_extract_public_key(EVP_PKEY *private_key, EVP_PKEY **ret);
struct OpenSSLAskPasswordUI {
AskPasswordRequest request;
#ifndef OPENSSL_NO_UI_CONSOLE