@@ -20,8 +20,6 @@ struct sgx_sigstruct_payload {
struct sgx_sigstruct_body body;
};
-static const char *sign_key_pass;
-
static bool check_crypto_errors(void)
{
int err;
@@ -50,18 +48,6 @@ static void exit_usage(const char *program)
exit(1);
}
-static int pem_passwd_cb(char *buf, int size, int rwflag, void *u)
-{
- if (!sign_key_pass)
- return -1;
-
- strncpy(buf, sign_key_pass, size);
- /* no retry */
- sign_key_pass = NULL;
-
- return strlen(buf) >= size ? size - 1 : strlen(buf);
-}
-
static inline const BIGNUM *get_modulus(RSA *key)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
@@ -85,7 +71,7 @@ static RSA *load_sign_key(const char *path)
return NULL;
}
key = RSA_new();
- if (!PEM_read_RSAPrivateKey(f, &key, pem_passwd_cb, NULL))
+ if (!PEM_read_RSAPrivateKey(f, &key, NULL, NULL))
return NULL;
fclose(f);
@@ -455,7 +441,6 @@ int main(int argc, char **argv)
#endif
ss.body.xfrm = 3,
- sign_key_pass = getenv("KBUILD_SGX_SIGN_PIN");
program = argv[0];
do {
Pass NULL as the value for @cb in PEM_read_RSAPrivateKey() and remove pem_password_cb(). According to the man page [1], when both @cb and @u are NULL, a default callback provided by OpenSSL will be used to query the password. Since our key is not sealed, this is dead functionality. Cc: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- tools/testing/selftests/x86/sgx/sgxsign.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-)