[v9,3/7] sign-file: move file signing logic to its own function

Message ID	20230809172211.343677-4-yesshedi@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-kbuild-owner@vger.kernel.org> From: Shreenidhi Shedi <yesshedi@gmail.com> To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 3/7] sign-file: move file signing logic to its own function Date: Wed, 9 Aug 2023 22:52:06 +0530 Message-ID: <20230809172211.343677-4-yesshedi@gmail.com> In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	refactor file signing program \| expand [v9,0/7] refactor file signing program [v9,1/7] sign-file: use getopt_long_only for parsing input args [v9,2/7] sign-file: inntroduce few new flags to make argument processing easy. [v9,3/7] sign-file: move file signing logic to its own function [v9,4/7] sign-file: add support to sign modules in bulk [v9,5/7] sign-file: improve help message [v9,6/7] sign-file: use const with a global string constant [v9,7/7] sign-file: fix do while styling issue

diff --git a/scripts/sign-file.c b/scripts/sign-file.c index b0f340ea629b..64d5e00f08e2 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -313,10 +313,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) } while (opt != -1); } -int main(int argc, char **argv) +static int sign_single_file(struct cmd_opts *opts) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; - unsigned char buf[4096]; + unsigned char buf[4096] = {}; unsigned long module_size, sig_size; unsigned int use_signed_attrs; const EVP_MD *digest_algo; @@ -329,11 +329,6 @@ int main(int argc, char **argv) X509 *x509; BIO *bd, *bm; int n; - struct cmd_opts opts = {}; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - ERR_clear_error(); key_pass = getenv("KBUILD_SIGN_PIN"); @@ -342,34 +337,6 @@ int main(int argc, char **argv) #else use_signed_attrs = PKCS7_NOATTR; #endif - parse_args(argc, argv, &opts); - argc -= optind; - argv += optind; - - const char *raw_sig_name = opts.raw_sig_name; - const char *hash_algo = opts.hash_algo; - const char *private_key_name = opts.private_key_name; - const char *x509_name = opts.x509_name; - const char *module_name = opts.module_name; - const bool save_sig = opts.save_sig; - const bool raw_sig = opts.raw_sig; - const bool sign_only = opts.sign_only; - bool replace_orig = opts.replace_orig; - char *dest_name = opts.dest_name; -#ifndef USE_PKCS7 - const unsigned int use_keyid = opts.use_keyid; -#endif - - if (!argv[0] || argc != 1) - format(); - - if (dest_name && strcmp(argv[0], dest_name)) { - replace_orig = false; - } else { - ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, - "asprintf"); - replace_orig = true; - } #ifdef USE_PKCS7 if (strcmp(hash_algo, "sha1") != 0) { @@ -380,20 +347,20 @@ int main(int argc, char **argv) #endif /* Open the module file */ - bm = BIO_new_file(module_name, "rb"); - ERR(!bm, "%s", module_name); + bm = BIO_new_file(opts->module_name, "rb"); + ERR(!bm, "%s", opts->module_name); - if (!raw_sig) { + if (!opts->raw_sig) { /* Read the private key and the X.509 cert the PKCS#7 message * will point to. */ - private_key = read_private_key(private_key_name); - x509 = read_x509(x509_name); + private_key = read_private_key(opts->private_key_name); + x509 = read_x509(opts->x509_name); /* Digest the module data. */ OpenSSL_add_all_digests(); display_openssl_errors(__LINE__); - digest_algo = EVP_get_digestbyname(hash_algo); + digest_algo = EVP_get_digestbyname(opts->hash_algo); ERR(!digest_algo, "EVP_get_digestbyname"); #ifndef USE_PKCS7 @@ -405,7 +372,7 @@ int main(int argc, char **argv) ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, CMS_NOCERTS | CMS_BINARY | - CMS_NOSMIMECAP | use_keyid | + CMS_NOSMIMECAP | opts->use_keyid | use_signed_attrs), "CMS_add1_signer"); ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, @@ -418,11 +385,11 @@ int main(int argc, char **argv) ERR(!pkcs7, "PKCS7_sign"); #endif - if (save_sig) { + if (opts->save_sig) { char *sig_file_name; BIO *b; - ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, + ERR(asprintf(&sig_file_name, "%s.p7s", opts->module_name) < 0, "asprintf"); b = BIO_new_file(sig_file_name, "wb"); ERR(!b, "%s", sig_file_name); @@ -436,7 +403,7 @@ int main(int argc, char **argv) BIO_free(b); } - if (sign_only) { + if (opts->sign_only) { BIO_free(bm); return 0; } @@ -445,24 +412,24 @@ int main(int argc, char **argv) /* Open the destination file now so that we can shovel the module data * across as we read it. */ - bd = BIO_new_file(dest_name, "wb"); - ERR(!bd, "%s", dest_name); + bd = BIO_new_file(opts->dest_name, "wb"); + ERR(!bd, "%s", opts->dest_name); /* Append the marker and the PKCS#7 message to the destination file */ - ERR(BIO_reset(bm) < 0, "%s", module_name); + ERR(BIO_reset(bm) < 0, "%s", opts->module_name); while ((n = BIO_read(bm, buf, sizeof(buf))), n > 0) { - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); } BIO_free(bm); - ERR(n < 0, "%s", module_name); + ERR(n < 0, "%s", opts->module_name); module_size = BIO_number_written(bd); - if (!raw_sig) { + if (!opts->raw_sig) { #ifndef USE_PKCS7 - ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); + ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", opts->dest_name); #else - ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); + ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", opts->dest_name); #endif } else { BIO *b; @@ -470,23 +437,49 @@ int main(int argc, char **argv) /* Read the raw signature file and write the data to the * destination file */ - b = BIO_new_file(raw_sig_name, "rb"); - ERR(!b, "%s", raw_sig_name); + b = BIO_new_file(opts->raw_sig_name, "rb"); + ERR(!b, "%s", opts->raw_sig_name); while ((n = BIO_read(b, buf, sizeof(buf))), n > 0) - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); BIO_free(b); } sig_size = BIO_number_written(bd) - module_size; sig_info.sig_len = htonl(sig_size); - ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); - ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name); + ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", opts->dest_name); + ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", opts->dest_name); - ERR(BIO_free(bd) < 0, "%s", dest_name); + ERR(BIO_free(bd) < 0, "%s", opts->dest_name); /* Finally, if we're signing in place, replace the original. */ - if (replace_orig) - ERR(rename(dest_name, module_name) < 0, "%s", dest_name); + if (opts->replace_orig) + ERR(rename(opts->dest_name, opts->module_name) < 0, "%s", opts->dest_name); return 0; } + +int main(int argc, char **argv) +{ + struct cmd_opts opts = {}; + + parse_args(argc, argv, &opts); + argc -= optind; + argv += optind; + + if (!argv[0] || argc != 1) + format(); + + if (opts.dest_name && strcmp(argv[0], opts.dest_name)) { + opts.replace_orig = false; + } else { + ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, + "asprintf"); + opts.replace_orig = true; + } + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + ERR_clear_error(); + + return sign_single_file(&opts); +}

[v9,3/7] sign-file: move file signing logic to its own function

Commit Message

Comments

Patch