From patchwork Thu Aug 29 22:09:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 11122509 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0F97C112C for ; Thu, 29 Aug 2019 22:09:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E91E62166E for ; Thu, 29 Aug 2019 22:09:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726894AbfH2WJf (ORCPT ); Thu, 29 Aug 2019 18:09:35 -0400 Received: from mga18.intel.com ([134.134.136.126]:9486 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727826AbfH2WJf (ORCPT ); Thu, 29 Aug 2019 18:09:35 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Aug 2019 15:09:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,445,1559545200"; d="scan'208";a="175410001" Received: from friedlmi-mobl1.ger.corp.intel.com (HELO localhost) ([10.252.54.26]) by orsmga008.jf.intel.com with ESMTP; 29 Aug 2019 15:09:32 -0700 From: Jarkko Sakkinen To: linux-sgx@vger.kernel.org Cc: Jarkko Sakkinen , Sean Christopherson Subject: [PATCH 1/2] selftests/x86: sgxsign: Do not query RSA password Date: Fri, 30 Aug 2019 01:09:23 +0300 Message-Id: <20190829220924.12692-1-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Pass NULL as the value for @cb in PEM_read_RSAPrivateKey() and remove pem_password_cb(). According to the man page [1], when both @cb and @u are NULL, a default callback provided by OpenSSL will be used to query the password. Since our key is not sealed, this is dead functionality. Cc: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- tools/testing/selftests/x86/sgx/sgxsign.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/sgxsign.c b/tools/testing/selftests/x86/sgx/sgxsign.c index 0b89823fc703..3d9007af40c9 100644 --- a/tools/testing/selftests/x86/sgx/sgxsign.c +++ b/tools/testing/selftests/x86/sgx/sgxsign.c @@ -20,8 +20,6 @@ struct sgx_sigstruct_payload { struct sgx_sigstruct_body body; }; -static const char *sign_key_pass; - static bool check_crypto_errors(void) { int err; @@ -50,18 +48,6 @@ static void exit_usage(const char *program) exit(1); } -static int pem_passwd_cb(char *buf, int size, int rwflag, void *u) -{ - if (!sign_key_pass) - return -1; - - strncpy(buf, sign_key_pass, size); - /* no retry */ - sign_key_pass = NULL; - - return strlen(buf) >= size ? size - 1 : strlen(buf); -} - static inline const BIGNUM *get_modulus(RSA *key) { #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -85,7 +71,7 @@ static RSA *load_sign_key(const char *path) return NULL; } key = RSA_new(); - if (!PEM_read_RSAPrivateKey(f, &key, pem_passwd_cb, NULL)) + if (!PEM_read_RSAPrivateKey(f, &key, NULL, NULL)) return NULL; fclose(f); @@ -455,7 +441,6 @@ int main(int argc, char **argv) #endif ss.body.xfrm = 3, - sign_key_pass = getenv("KBUILD_SGX_SIGN_PIN"); program = argv[0]; do {