Skip to content

Commit 23dfbba

Browse files
mcgrofdhowells
mcgrof
authored and
dhowells
committed
sign-file: Add option to only create signature file
Make the -d option (which currently isn't actually wired to anything) write out the PKCS#7 message as per the -p option and then exit without either modifying the source or writing out a compound file of the source, signature and metadata. This will be useful when firmware signature support is added upstream as firmware will be left intact, and we'll only require the signature file. The descriptor is implicit by file extension and the file's own size. Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com> Signed-off-by: David Howells <dhowells@redhat.com>
1 parent 3f1e1be commit 23dfbba

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

scripts/sign-file.c

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,13 +86,14 @@ int main(int argc, char **argv)
8686
char *hash_algo = NULL;
8787
char *private_key_name, *x509_name, *module_name, *dest_name;
8888
bool save_pkcs7 = false, replace_orig;
89+
bool sign_only = false;
8990
unsigned char buf[4096];
9091
unsigned long module_size, pkcs7_size;
9192
const EVP_MD *digest_algo;
9293
EVP_PKEY *private_key;
9394
PKCS7 *pkcs7;
9495
X509 *x509;
95-
BIO *b, *bd, *bm;
96+
BIO *b, *bd = NULL, *bm;
9697
int opt, n;
9798

9899
ERR_load_crypto_strings();
@@ -102,6 +103,7 @@ int main(int argc, char **argv)
102103
opt = getopt(argc, argv, "dp");
103104
switch (opt) {
104105
case 'p': save_pkcs7 = true; break;
106+
case 'd': sign_only = true; save_pkcs7 = true; break;
105107
case -1: break;
106108
default: format();
107109
}
@@ -148,8 +150,10 @@ int main(int argc, char **argv)
148150
/* Open the destination file now so that we can shovel the module data
149151
* across as we read it.
150152
*/
151-
bd = BIO_new_file(dest_name, "wb");
152-
ERR(!bd, "%s", dest_name);
153+
if (!sign_only) {
154+
bd = BIO_new_file(dest_name, "wb");
155+
ERR(!bd, "%s", dest_name);
156+
}
153157

154158
/* Digest the module data. */
155159
OpenSSL_add_all_digests();
@@ -180,6 +184,9 @@ int main(int argc, char **argv)
180184
BIO_free(b);
181185
}
182186

187+
if (sign_only)
188+
return 0;
189+
183190
/* Append the marker and the PKCS#7 message to the destination file */
184191
ERR(BIO_reset(bm) < 0, "%s", module_name);
185192
while ((n = BIO_read(bm, buf, sizeof(buf))),

0 commit comments

Comments
 (0)