You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
systemd/SOURCES/0571-openssl-add-openssl_pk...

63 lines
2.1 KiB

From baa3ecd821018d699b039259ac80b999d28f88ae Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Tue, 18 Jul 2023 22:48:34 -0400
Subject: [PATCH] openssl: add openssl_pkey_from_pem()
Add function to create EVP_PKEY from PEM buffer.
(cherry picked from commit 4af788c70c985b6b87435a90594e2a301929fb5b)
Related: RHEL-16182
---
src/shared/openssl-util.c | 19 +++++++++++++++++++
src/shared/openssl-util.h | 2 ++
2 files changed, 21 insertions(+)
diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
index c7fcbd9ea4..9021d91077 100644
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@@ -1,10 +1,29 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "fd-util.h"
#include "openssl-util.h"
#include "alloc-util.h"
#include "hexdecoct.h"
#if HAVE_OPENSSL
+int openssl_pkey_from_pem(const void *pem, size_t pem_size, EVP_PKEY **ret) {
+ assert(pem);
+ assert(ret);
+
+ _cleanup_fclose_ FILE *f = NULL;
+ f = fmemopen((void*) pem, pem_size, "r");
+ if (!f)
+ return log_oom_debug();
+
+ _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = PEM_read_PUBKEY(f, NULL, NULL, NULL);
+ if (!pkey)
+ return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to parse PEM.");
+
+ *ret = TAKE_PTR(pkey);
+
+ return 0;
+}
+
int openssl_hash(const EVP_MD *alg,
const void *msg,
size_t msg_len,
diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h
index 4fa0a95966..231bcc2bf8 100644
--- a/src/shared/openssl-util.h
+++ b/src/shared/openssl-util.h
@@ -43,6 +43,8 @@ static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
sk_X509_pop_free(*sk, X509_free);
}
+int openssl_pkey_from_pem(const void *pem, size_t pem_size, EVP_PKEY **ret);
+
int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);
int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);