In addition to PKCS#11 URIs, rsatoc supports extracting RSA public keys out of x.509 PEM certificats, which is a base64-encoded format that begins with the header `-----BEGIN CERTIFICATE-----'.
Another popular format for RSA public keys is the X.509 SPKI format, which starts with the header `-----BEGIN PUBLIC KEY-----'. As public keys are the only thing rsatoc is interested in, add support for the latter as well. Signed-off-by: Ahmad Fatoum <[email protected]> --- scripts/rsatoc.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c index d7f6dad7f01e..f5b0ba27f9bc 100644 --- a/scripts/rsatoc.c +++ b/scripts/rsatoc.c @@ -58,17 +58,21 @@ static int rsa_pem_get_pub_key(const char *path, RSA **rsap) /* Read the certificate */ cert = NULL; if (!PEM_read_X509(f, &cert, NULL, NULL)) { - rsa_err("Couldn't read certificate"); - ret = -EINVAL; - goto err_cert; - } - - /* Get the public key from the certificate. */ - key = X509_get_pubkey(cert); - if (!key) { - rsa_err("Couldn't read public key\n"); - ret = -EINVAL; - goto err_pubkey; + rewind(f); + key = PEM_read_PUBKEY(f, NULL, NULL, NULL); + if (!key) { + rsa_err("Couldn't read certificate"); + ret = -EINVAL; + goto err_cert; + } + } else { + /* Get the public key from the certificate. */ + key = X509_get_pubkey(cert); + if (!key) { + rsa_err("Couldn't read public key\n"); + ret = -EINVAL; + goto err_pubkey; + } } /* Convert to a RSA_style key. */ -- 2.39.2
