diff mbox series

[v2,5/8] evmctl: Setup the pkcs11 engine if key has pkcs11: prefix

Message ID 20210810134557.2444863-6-stefanb@linux.vnet.ibm.com (mailing list archive)
State New, archived
Headers show
Series ima-evm-utils: Add support for signing with pkcs11 URIs | expand

Commit Message

Stefan Berger Aug. 10, 2021, 1:45 p.m. UTC 
From: Stefan Berger <stefanb@linux.ibm.com>

If the key has the pkcs11: URI prefix then setup the pkcs11 engine
if the user hasn't chosen a specific engine already.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/evmctl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Mimi Zohar Sept. 3, 2021, 12:55 p.m. UTC | #1 
Hi Stefan,

Simplify the subject line.  Perhaps something like,  "evmctl: use the
pkcs11 engine for pkcs11 prefixed URIs"?

On Tue, 2021-08-10 at 09:45 -0400, Stefan Berger wrote:
> From: Stefan Berger <stefanb@linux.ibm.com>
> 
> If the key has the pkcs11: URI prefix then setup the pkcs11 engine
> if the user hasn't chosen a specific engine already.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

thanks

Mimi
diff mbox series

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index 625a511..5178643 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2827,6 +2827,14 @@  int main(int argc, char *argv[])
 	if (!imaevm_params.keypass)
 		imaevm_params.keypass = getenv("EVMCTL_KEY_PASSWORD");
 
+	if (imaevm_params.keyfile != NULL &&
+	    imaevm_params.eng == NULL &&
+	    !strncmp(imaevm_params.keyfile, "pkcs11:", 7)) {
+		imaevm_params.eng = setup_engine("pkcs11");
+		if (!imaevm_params.eng)
+			goto error;
+	}
+
 	if (argv[optind] == NULL)
 		usage();
 	else