[PATCH] crypto: keytoc: fix env parsing after keyring support

[PATCH] crypto: keytoc: fix env parsing after keyring support

[Michael Grzeschik]

Since the support for keyrings was added for keytoc the parsing of
pkcs11 keydescriptions that are set from environment variables is
broken. Fix this by adding the necessary try_resolve_env call before
working with the key description.

Fixes: 9b6abf4928 ("crypto: Add support for keyrings")
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
---
 scripts/keytoc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/keytoc.c b/scripts/keytoc.c
index ade924298a3169c6ac52b781deac94f706a14203..77ada3af451983722f40e5bb40f8e2789884a898 100644
--- a/scripts/keytoc.c
+++ b/scripts/keytoc.c
@@ -856,7 +856,7 @@ int main(int argc, char *argv[])
 	keylist = calloc(sizeof(struct keyinfo), keycount);
 
 	for (i = 0; i < keycount; i++) {
-		const char *keyspec = argv[optind + i];
+		const char *keyspec = try_resolve_env(argv[optind + i]);
 		struct keyinfo *info = &keylist[i];
 
 		if (!keyspec)

---
base-commit: 5d89bec4985d850d59813e34c6b5213d8e8f48f0
change-id: 20251128-keytoc-aaade89fe842

Best regards,
-- 
Michael Grzeschik <m.grzeschik@pengutronix.de>

Re: [PATCH] crypto: keytoc: fix env parsing after keyring support

[Jonas Rebmann]

Hi Michael,

On 28/11/2025 09.22, Michael Grzeschik wrote:
> Since the support for keyrings was added for keytoc the parsing of
> pkcs11 keydescriptions that are set from environment variables is
> broken. Fix this by adding the necessary try_resolve_env call before
> working with the key description.

Indeed it does not work as documented in crypto/Kconfig. When I made
those changes, I only tested the case

CONFIG_CRYPTO_PUBLIC_KEYS="keyring=fit,fit-hint=__ENV__myhint:__ENV__myname"

but I can now confirm this case is broken:

CONFIG_CRYPTO_PUBLIC_KEYS="__ENV__mykey"


And your patch fixes that, thanks!

> Fixes: 9b6abf4928 ("crypto: Add support for keyrings")
> Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
> ---
>   scripts/keytoc.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/scripts/keytoc.c b/scripts/keytoc.c
> index ade924298a3169c6ac52b781deac94f706a14203..77ada3af451983722f40e5bb40f8e2789884a898 100644
> --- a/scripts/keytoc.c
> +++ b/scripts/keytoc.c
> @@ -856,7 +856,7 @@ int main(int argc, char *argv[])
>   	keylist = calloc(sizeof(struct keyinfo), keycount);
>   
>   	for (i = 0; i < keycount; i++) {
> -		const char *keyspec = argv[optind + i];
> +		const char *keyspec = try_resolve_env(argv[optind + i]);
>   		struct keyinfo *info = &keylist[i];
>   
>   		if (!keyspec)
> 
> ---
> base-commit: 5d89bec4985d850d59813e34c6b5213d8e8f48f0
> change-id: 20251128-keytoc-aaade89fe842
> 
> Best regards,

Reviewed-by: Jonas Rebmann <jre@pengutronix.de>

-- 
Pengutronix e.K.                          | Jonas Rebmann               |
Steuerwalder Str. 21                      | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                 | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686          | Fax:   +49-5121-206917-9    |

Re: [PATCH] crypto: keytoc: fix env parsing after keyring support

[Sascha Hauer]

On Fri, 28 Nov 2025 09:22:01 +0100, Michael Grzeschik wrote:
> Since the support for keyrings was added for keytoc the parsing of
> pkcs11 keydescriptions that are set from environment variables is
> broken. Fix this by adding the necessary try_resolve_env call before
> working with the key description.
> 
> 

Applied, thanks!

[1/1] crypto: keytoc: fix env parsing after keyring support
      https://git.pengutronix.de/cgit/barebox/commit/?id=04941314c35c (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>