From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 25 Oct 2022 10:59:56 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1onFmu-001miH-4s for lore@lore.pengutronix.de; Tue, 25 Oct 2022 10:59:56 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1onFmt-0003vp-Do; Tue, 25 Oct 2022 10:59:55 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1onFmQ-0003vV-Fa; Tue, 25 Oct 2022 10:59:26 +0200 Received: from [2a0a:edc0:0:900:1d::77] (helo=ptz.office.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1onFmQ-000H99-L1; Tue, 25 Oct 2022 10:59:25 +0200 Received: from ukl by ptz.office.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1onFmO-00ATqa-VQ; Tue, 25 Oct 2022 10:59:24 +0200 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= To: ptxdist@pengutronix.de Date: Tue, 25 Oct 2022 10:59:21 +0200 Message-Id: <20221025085921.986289-1-u.kleine-koenig@pengutronix.de> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Developer-Signature: v=1; a=openpgp-sha256; l=958; i=u.kleine-koenig@pengutronix.de; h=from:subject; bh=uh8Ge96yZaoOZjRHjlCl/bt8G8yDbo06SGh7+kYnRsE=; b=owEBbQGS/pANAwAKAcH8FHityuwJAcsmYgBjV6VlhBfla5LGm3UrOmO3BPt01lBOsM4VO0A8RvOQ mb0fmOCJATMEAAEKAB0WIQR+cioWkBis/z50pAvB/BR4rcrsCQUCY1elZQAKCRDB/BR4rcrsCeaqB/ sGcEm9Ba1YyA289mDu3Wg+Sg5XBrtBTZmcasj8elCbc3qSeha+pUQ0VppMoUFgEcDA1qUSeul3M1ID iWHqDhaJ8WSQJPqJJaHwJ5eTN41zjVKKFCjxe6jDx0kF0oU3ZANxF0b4oLgvTyW6U3+vfBvppoYeaa TGQjldJVv9B4325UvjsHp5Y0eezWUblTL40HMd5zqDynL6GMafvAQv7qpqSOExK0ec8kil7mFiNERp 6O113LKwHj+0tzIQE3+Wds3qBaOl5Oc4wB18HPXkOrqImLPni6RYPHhC5WrvNpSGhTKcNMu/2bkLE7 68BgYq4+5PLOtRjgpw7elBEQmWmGsV X-Developer-Key: i=u.kleine-koenig@pengutronix.de; a=openpgp; fpr=0D2511F322BFAB1C1580266BE2DCDD9132669BD6 Content-Transfer-Encoding: 8bit Subject: [ptxdist] [PATCH] ptxd_lib_code_signing: Check for errors in cs_import_cert_from_pem() X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false cs_import_cert_from_pem() uses a pipe command to do the necessary things. If the first command in that pipe fails the whole command should be considered failing. So add a call to check_pipe_status as is done in cs_import_privkey_from_pem(). Fixes: 8f41183e0afe ("Add initial code signing support") Signed-off-by: Uwe Kleine-König --- scripts/lib/ptxd_lib_code_signing.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index 5ba1a4666af4..bafdc16544d3 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -213,6 +213,7 @@ cs_import_cert_from_pem() { "${openssl_keyopt[@]}" \ -in "${pem}" -inform pem -outform der | softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}" + check_pipe_status } export -f cs_import_cert_from_pem -- 2.37.2