diff mbox

[RFC,v2,4/6] scripts/sign-file.c: add support to only create signature file

Message ID 9134.1431615745@warthog.procyon.org.uk (mailing list archive)
State Not Applicable
Headers show

Commit Message

David Howells May 14, 2015, 3:02 p.m. UTC 
Luis R. Rodriguez <mcgrof@do-not-panic.com> wrote:

> > Use "-d".  I added the flag but then never made it do anything.
> 
> Sure, but since this C file is not upstream, how about just squashing
> the commit with yours that adds the C file?

I've got various Tested-by's on that.

Anyway, I'm going to stack the attached patch on my branch if that's okay by
you...

David
---
commit 092c720a627b913918eb22f6700f189b34f70693
Author: Luis R. Rodriguez <mcgrof@suse.com>
Date:   Wed May 13 11:23:54 2015 -0700

    sign-file: Add option to only create signature file
    
    Make the -d option (which currently isn't actually wired to anything) write
    out the PKCS#7 message as per the -p option and then exit without either
    modifying the source or writing out a compound file of the source, signature
    and metadata.
    
    This will be useful when firmware signature support is added
    upstream as firmware will be left intact, and we'll only require
    the signature file. The descriptor is implicit by file extension
    and the file's own size.
    
    Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com>
    Signed-off-by: David Howells <dhowells@redhat.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Luis R. Rodriguez May 14, 2015, 3:16 p.m. UTC | #1 
On Thu, May 14, 2015 at 8:02 AM, David Howells <dhowells@redhat.com> wrote:
> I've got various Tested-by's on that.

Didn't know that would stop people from asking us from squashing them
but if so I'll try to use that some other time :)

> Anyway, I'm going to stack the attached patch on my branch if that's okay by
> you...

Sure thing. Let me know what you think about patch 2 and 5 as well, as
they might share similar fate.

  Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 5b8a6dda3235..39aaabe89388 100755
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -86,13 +86,14 @@  int main(int argc, char **argv)
 	char *hash_algo = NULL;
 	char *private_key_name, *x509_name, *module_name, *dest_name;
 	bool save_pkcs7 = false, replace_orig;
+	bool sign_only = false;
 	unsigned char buf[4096];
 	unsigned long module_size, pkcs7_size;
 	const EVP_MD *digest_algo;
 	EVP_PKEY *private_key;
 	PKCS7 *pkcs7;
 	X509 *x509;
-	BIO *b, *bd, *bm;
+	BIO *b, *bd = NULL, *bm;
 	int opt, n;
 
 	ERR_load_crypto_strings();
@@ -102,6 +103,7 @@  int main(int argc, char **argv)
 		opt = getopt(argc, argv, "dp");
 		switch (opt) {
 		case 'p': save_pkcs7 = true; break;
+		case 'd': sign_only = true; save_pkcs7 = true; break;
 		case -1: break;
 		default: format();
 		}
@@ -148,8 +150,10 @@  int main(int argc, char **argv)
 	/* Open the destination file now so that we can shovel the module data
 	 * across as we read it.
 	 */
-	bd = BIO_new_file(dest_name, "wb");
-	ERR(!bd, "%s", dest_name);
+	if (!sign_only) {
+		bd = BIO_new_file(dest_name, "wb");
+		ERR(!bd, "%s", dest_name);
+	}
 
 	/* Digest the module data. */
 	OpenSSL_add_all_digests();
@@ -180,6 +184,9 @@  int main(int argc, char **argv)
 		BIO_free(b);
 	}
 
+	if (sign_only)
+		return 0;
+
 	/* Append the marker and the PKCS#7 message to the destination file */
 	ERR(BIO_reset(bm) < 0, "%s", module_name);
 	while ((n = BIO_read(bm, buf, sizeof(buf))),