[PATCH] lib: rsa: Extract public key from private key if keyfile argument is used

[Chan, Donald]

If the 'keyfile' (-G) argument is used, there is little value to require
'keydir' (-k) argument since the public key can also be extracted from the
private key itself.

Signed-off-by: Donald Chan <ho...@lab126.com>
---
 lib/rsa/rsa-sign.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index f4ed11e74a..f70f352311 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -49,16 +49,16 @@ static int rsa_err(const char *msg)
 }
 
 /**
- * rsa_pem_get_pub_key() - read a public key from a .crt file
+ * rsa_pem_get_pub_key() - read a public key from a private key file or .crt 
file
  *
- * @keydir:    Directory containins the key
- * @name       Name of key file (will have a .crt extension)
+ * @keydir:    Directory containing the key, can be NULL
+ * @name       Name of key file (will apply a .crt extension if keydir is not 
NULL)
  * @evpp       Returns EVP_PKEY object, or NULL on failure
  * @return 0 if ok, -ve on error (in which case *evpp will be set to NULL)
  */
 static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY 
**evpp)
 {
-       char path[1024];
+       char path[1024] = {0};
        EVP_PKEY *key = NULL;
        X509 *cert;
        FILE *f;
@@ -68,7 +68,10 @@ static int rsa_pem_get_pub_key(const char *keydir, const 
char *name, EVP_PKEY **
                return -EINVAL;
 
        *evpp = NULL;
-       snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
+       if (keydir && name)
+               snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
+       else if (name)
+               snprintf(path, sizeof(path), "%s", name);
        f = fopen(path, "r");
        if (!f) {
                fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
@@ -76,7 +79,13 @@ static int rsa_pem_get_pub_key(const char *keydir, const 
char *name, EVP_PKEY **
                return -EACCES;
        }
 
-       /* Read the certificate */
+       /* See if it contains a PEM private key? */
+       if (PEM_read_PrivateKey(f, evpp, NULL, path)) {
+               fclose(f);
+               return 0;
+       }
+
+       /* Not a PEM private key, read the certificate */
        cert = NULL;
        if (!PEM_read_X509(f, &cert, NULL, NULL)) {
                rsa_err("Couldn't read certificate");
@@ -672,7 +681,12 @@ int rsa_add_verify_data(struct image_sign_info *info, void 
*keydest)
                if (ret)
                        return ret;
        }
-       ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
+       if (info->keydir && info->keyname)
+               ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
+       else if (info->keyfile)
+               ret = rsa_get_pub_key(NULL, info->keyfile, e, &pkey);
+       else
+               ret = -EINVAL;
        if (ret)
                goto err_get_pub_key;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-- 
2.16.6