signing.bbclass: make it work with eliptic curve keys

"openssl rsa" works with RSA keys only. Use "openssl pkey" instead which is a frontend that picks the right operation automatically and works with RSA keys, eliptic curve keys and also DSA keys. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Sascha Hauer <s.hauer@pengutronix.de> 2024-02-13 10:18:12 +0100
committer: Khem Raj <raj.khem@gmail.com> 2024-02-13 12:41:23 -0800
commit: c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9 (patch)
tree: 3b16e83b1a6acfbccf6cf263c74bdc065fc2f146
parent: 399531aa095062ba9931d89a29ad4bc0d1dc6da3 (diff)
download: meta-openembedded-c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index 79944e3fe9..553d74e283 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -161,11 +161,11 @@ signing_import_pubkey_from_pem() {
    local pem="${2}"
    if [ -n "${IMPORT_PASS_FILE}" ]; then
-        openssl rsa \
+        openssl pkey \
            -passin "file:${IMPORT_PASS_FILE}" \
            -in "${pem}" -inform pem -pubout -outform der
    else
-        openssl rsa \
+        openssl pkey \
            -in "${pem}" -inform pem -pubout -outform der
    fi |
    signing_pkcs11_tool --type pubkey --write-object /proc/self/fd/0 --label "${role}"
@@ -189,11 +189,11 @@ signing_import_privkey_from_pem() {
    local pem="${2}"
    if [ -n "${IMPORT_PASS_FILE}" ]; then
-        openssl rsa \
+        openssl pkey \
            -passin "file:${IMPORT_PASS_FILE}" \
            -in "${pem}" -inform pem -outform der
    else
-        openssl rsa \
+        openssl pkey \
            -in "${pem}" -inform pem -outform der
    fi |
    signing_pkcs11_tool --type privkey --write-object /proc/self/fd/0 --label "${role}"
author	Sascha Hauer <s.hauer@pengutronix.de>	2024-02-13 10:18:12 +0100
committer	Khem Raj <raj.khem@gmail.com>	2024-02-13 12:41:23 -0800
commit	c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9 (patch)
tree	3b16e83b1a6acfbccf6cf263c74bdc065fc2f146
parent	399531aa095062ba9931d89a29ad4bc0d1dc6da3 (diff)
download	meta-openembedded-c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9.tar.gz

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 79944e3fe9..553d74e283 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass
@@ -161,11 +161,11 @@ signing_import_pubkey_from_pem() {
161	local pem="${2}"	161	local pem="${2}"
162		162
163	if [ -n "${IMPORT_PASS_FILE}" ]; then	163	if [ -n "${IMPORT_PASS_FILE}" ]; then
164	openssl rsa \	164	openssl pkey \
165	-passin "file:${IMPORT_PASS_FILE}" \	165	-passin "file:${IMPORT_PASS_FILE}" \
166	-in "${pem}" -inform pem -pubout -outform der	166	-in "${pem}" -inform pem -pubout -outform der
167	else	167	else
168	openssl rsa \	168	openssl pkey \
169	-in "${pem}" -inform pem -pubout -outform der	169	-in "${pem}" -inform pem -pubout -outform der
170	fi \|	170	fi \|
171	signing_pkcs11_tool --type pubkey --write-object /proc/self/fd/0 --label "${role}"	171	signing_pkcs11_tool --type pubkey --write-object /proc/self/fd/0 --label "${role}"
@@ -189,11 +189,11 @@ signing_import_privkey_from_pem() {
189	local pem="${2}"	189	local pem="${2}"
190		190
191	if [ -n "${IMPORT_PASS_FILE}" ]; then	191	if [ -n "${IMPORT_PASS_FILE}" ]; then
192	openssl rsa \	192	openssl pkey \
193	-passin "file:${IMPORT_PASS_FILE}" \	193	-passin "file:${IMPORT_PASS_FILE}" \
194	-in "${pem}" -inform pem -outform der	194	-in "${pem}" -inform pem -outform der
195	else	195	else
196	openssl rsa \	196	openssl pkey \
197	-in "${pem}" -inform pem -outform der	197	-in "${pem}" -inform pem -outform der
198	fi \|	198	fi \|
199	signing_pkcs11_tool --type privkey --write-object /proc/self/fd/0 --label "${role}"	199	signing_pkcs11_tool --type privkey --write-object /proc/self/fd/0 --label "${role}"