diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2024-02-13 10:18:12 +0100 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2024-02-13 12:41:23 -0800 |
commit | c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9 (patch) | |
tree | 3b16e83b1a6acfbccf6cf263c74bdc065fc2f146 /meta-oe/classes | |
parent | 399531aa095062ba9931d89a29ad4bc0d1dc6da3 (diff) | |
download | meta-openembedded-c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9.tar.gz |
signing.bbclass: make it work with eliptic curve keys
"openssl rsa" works with RSA keys only. Use "openssl pkey" instead which
is a frontend that picks the right operation automatically and works
with RSA keys, eliptic curve keys and also DSA keys.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/classes')
-rw-r--r-- | meta-oe/classes/signing.bbclass | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 79944e3fe..553d74e28 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass | |||
@@ -161,11 +161,11 @@ signing_import_pubkey_from_pem() { | |||
161 | local pem="${2}" | 161 | local pem="${2}" |
162 | 162 | ||
163 | if [ -n "${IMPORT_PASS_FILE}" ]; then | 163 | if [ -n "${IMPORT_PASS_FILE}" ]; then |
164 | openssl rsa \ | 164 | openssl pkey \ |
165 | -passin "file:${IMPORT_PASS_FILE}" \ | 165 | -passin "file:${IMPORT_PASS_FILE}" \ |
166 | -in "${pem}" -inform pem -pubout -outform der | 166 | -in "${pem}" -inform pem -pubout -outform der |
167 | else | 167 | else |
168 | openssl rsa \ | 168 | openssl pkey \ |
169 | -in "${pem}" -inform pem -pubout -outform der | 169 | -in "${pem}" -inform pem -pubout -outform der |
170 | fi | | 170 | fi | |
171 | signing_pkcs11_tool --type pubkey --write-object /proc/self/fd/0 --label "${role}" | 171 | signing_pkcs11_tool --type pubkey --write-object /proc/self/fd/0 --label "${role}" |
@@ -189,11 +189,11 @@ signing_import_privkey_from_pem() { | |||
189 | local pem="${2}" | 189 | local pem="${2}" |
190 | 190 | ||
191 | if [ -n "${IMPORT_PASS_FILE}" ]; then | 191 | if [ -n "${IMPORT_PASS_FILE}" ]; then |
192 | openssl rsa \ | 192 | openssl pkey \ |
193 | -passin "file:${IMPORT_PASS_FILE}" \ | 193 | -passin "file:${IMPORT_PASS_FILE}" \ |
194 | -in "${pem}" -inform pem -outform der | 194 | -in "${pem}" -inform pem -outform der |
195 | else | 195 | else |
196 | openssl rsa \ | 196 | openssl pkey \ |
197 | -in "${pem}" -inform pem -outform der | 197 | -in "${pem}" -inform pem -outform der |
198 | fi | | 198 | fi | |
199 | signing_pkcs11_tool --type privkey --write-object /proc/self/fd/0 --label "${role}" | 199 | signing_pkcs11_tool --type privkey --write-object /proc/self/fd/0 --label "${role}" |