The key_name_hint is merely a hint which key might fit and as such it should be optional for a key. In keytoc.c only set it when it has meaningful content and test for non NULL in barebox before dereferencing it.
Signed-off-by: Sascha Hauer <[email protected]> --- commands/keys.c | 3 ++- crypto/public-keys.c | 2 ++ scripts/keytoc.c | 10 ++++------ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/commands/keys.c b/commands/keys.c index 83c3ed533d..12cb6ea2e3 100644 --- a/commands/keys.c +++ b/commands/keys.c @@ -9,7 +9,8 @@ static int do_keys(int argc, char *argv[]) for_each_public_key(key, id) { printf("KEY: %*phN\tTYPE: %s\tKEYRING: %s\tHINT: %s\n", key->hashlen, - key->hash, public_key_type_string(key->type), key->keyring, key->key_name_hint); + key->hash, public_key_type_string(key->type), key->keyring, + key->key_name_hint ?: ""); } return 0; diff --git a/crypto/public-keys.c b/crypto/public-keys.c index ecf255bbb4..2b4bac55b7 100644 --- a/crypto/public-keys.c +++ b/crypto/public-keys.c @@ -14,6 +14,8 @@ const struct public_key *public_key_get(const char *name, const char *keyring) int id; for_each_public_key_keyring(key, id, keyring) { + if (!key->key_name_hint) + continue; if (!strcmp(key->key_name_hint, name)) return key; } diff --git a/scripts/keytoc.c b/scripts/keytoc.c index c4491fbe81..40601827b7 100644 --- a/scripts/keytoc.c +++ b/scripts/keytoc.c @@ -566,7 +566,8 @@ static int gen_key_ecdsa(EVP_PKEY *key, struct keyinfo *info) if (!standalone) { fprintf(outfilep, "\nstatic struct public_key %s_public_key = {\n", info->name_c); fprintf(outfilep, "\t.type = PUBLIC_KEY_TYPE_ECDSA,\n"); - fprintf(outfilep, "\t.key_name_hint = \"%s\",\n", info->name_hint); + if (info->name_hint) + fprintf(outfilep, "\t.key_name_hint = \"%s\",\n", info->name_hint); fprintf(outfilep, "\t.keyring = \"%s\",\n", info->keyring); fprintf(outfilep, "\t.hash = %s_hash,\n", info->name_c); fprintf(outfilep, "\t.hashlen = %u,\n", SHA256_DIGEST_LENGTH); @@ -673,7 +674,8 @@ static int gen_key_rsa(EVP_PKEY *key, struct keyinfo *info) if (!standalone) { fprintf(outfilep, "\nstatic struct public_key %s_public_key = {\n", info->name_c); fprintf(outfilep, "\t.type = PUBLIC_KEY_TYPE_RSA,\n"); - fprintf(outfilep, "\t.key_name_hint = \"%s\",\n", info->name_hint); + if (info->name_hint) + fprintf(outfilep, "\t.key_name_hint = \"%s\",\n", info->name_hint); fprintf(outfilep, "\t.keyring = \"%s\",\n", info->keyring); fprintf(outfilep, "\t.hash = %s_hash,\n", info->name_c); fprintf(outfilep, "\t.hashlen = %u,\n", SHA256_DIGEST_LENGTH); @@ -920,10 +922,6 @@ int main(int argc, char *argv[]) if (asprintf(&info->name_c, "key_%i", keys_idx + 1) < 0) enomem_exit("asprintf"); - /* unfortunately, the fit name hint is mandatory in the barebox codebase */ - if (!info->name_hint) - info->name_hint = info->name_c; - if (!info->keyring) { info->keyring = strdup("fit"); fprintf(stderr, "Warning: No keyring provided in keyspec, defaulting to keyring=fit for %s\n", info->path); -- 2.47.3
