From 24bf6e84ce22cd1b53cb79e4f89a4036af7e9c6b Mon Sep 17 00:00:00 2001 From: Jan Luebbe Date: Wed, 13 May 2020 12:26:24 +0200 Subject: lib: rsa: avoid overriding the object name when already specified If "object=" is specified in "keydir" when using the pkcs11 engine do not append another "object=". This makes it possible to use object names other than the key name hint. These two string identifiers are not necessarily equal. Signed-off-by: Jan Luebbe Signed-off-by: Bastian Krause Reviewed-by: George McCollister --- lib/rsa/rsa-sign.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 621ddc4350..40ca1e1f57 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -135,9 +135,14 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name, if (engine_id && !strcmp(engine_id, "pkcs11")) { if (keydir) - snprintf(key_id, sizeof(key_id), - "pkcs11:%s;object=%s;type=public", - keydir, name); + if (strstr(keydir, "object=")) + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;type=public", + keydir); + else + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;object=%s;type=public", + keydir, name); else snprintf(key_id, sizeof(key_id), "pkcs11:object=%s;type=public", @@ -255,9 +260,14 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name, if (engine_id && !strcmp(engine_id, "pkcs11")) { if (keydir) - snprintf(key_id, sizeof(key_id), - "pkcs11:%s;object=%s;type=private", - keydir, name); + if (strstr(keydir, "object=")) + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;type=private", + keydir); + else + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;object=%s;type=private", + keydir, name); else snprintf(key_id, sizeof(key_id), "pkcs11:object=%s;type=private", -- cgit v1.2.3