From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34109C7618A for ; Mon, 20 Mar 2023 18:04:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230159AbjCTSEW (ORCPT ); Mon, 20 Mar 2023 14:04:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229747AbjCTSDx (ORCPT ); Mon, 20 Mar 2023 14:03:53 -0400 Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B510F5261 for ; Mon, 20 Mar 2023 10:58:00 -0700 (PDT) Received: by mail-pj1-x102a.google.com with SMTP id h12-20020a17090aea8c00b0023d1311fab3so13322040pjz.1 for ; Mon, 20 Mar 2023 10:58:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679335059; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RgmNLjr3I8OPOH6tQ35q/VFjCbXwlCYLA+AOAf0ZDi4=; b=mVoW+PG8FI1Gjlh2hIzVzLIEBnOMzWnKn3JoN/VB5tRb/9EIT5GItRrvIJt0Cv4i1F nZtho3mwliBIbQEPO77rlZg5WXm9vRtakBGO9FdNkKaN5NeatxxiFhOLYNW8scxRdXJY rceorFDgiwSxBa1H2gsjAYn7H3L2fmQyh+Wst0+h9+K2E6PWLywWfsQsKNmjn9OfHJTP DRbd/mIjJr8nqH/RX7ckBJRgCTGpyY3BR+vkFx/splmA1B3YfZUlNlhFbXU4ZraqncVq hr+EiS/ofjFVzZd6ovyZorShqdoknUE590G95mDQBWGfPsrOYKviplLId2MGxBPNG3Dp pTPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679335059; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RgmNLjr3I8OPOH6tQ35q/VFjCbXwlCYLA+AOAf0ZDi4=; b=Y0+T1LyNinlV0NakTVuuUKIJc9OTe2K6npNYaOu5w3rj/1hnMIISLm8n0kx0cNAXti +tOQ5XAjGAqgKFienD2rlPS1Hi1oJZjnti7Sur0wrTtPrVEmkrOSD5cKUjWKCgW7ULjV /bCYi319AKFoRRg28jhYXgrYpJB8DRq6pnyLuND6MZ/A+jnpgk76T4LI41O6pPUVoH81 thWRF1h+xRHHxCanYsmh/P68KD+W12+TvAwdSOasdru8/yPtGFBeg/P9U4ijuhiAjb8l zTX+zdT3P08fPu/tov3Yeot7uRyCu3XVj7wSsYkHES2QNqsQoh1ZkXGNXA5i9gXwPyjN Y1hg== X-Gm-Message-State: AO0yUKWCCf8Ex/d3r4IBzpkWllzzV5DXBTQ6Asp7IgxqF0ovthXPf3T8 sHFDr4nxoCe8oqLGOhas9j0/jwqROpE7Xw== X-Google-Smtp-Source: AK7set80LNQkhoOVBZWe1wcTiFd6sWBCSLs75QxEwWDqwmCk7y5P0VQpKNcq5yrf9B3eyi88Wo+sbw== X-Received: by 2002:a17:902:ceca:b0:1a0:5349:6606 with SMTP id d10-20020a170902ceca00b001a053496606mr21117120plg.56.1679335059485; Mon, 20 Mar 2023 10:57:39 -0700 (PDT) Received: from f37.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id q2-20020a170902edc200b001a1a18a678csm7040042plk.148.2023.03.20.10.57.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Mar 2023 10:57:39 -0700 (PDT) From: Shreenidhi Shedi X-Google-Original-From: Shreenidhi Shedi To: gregkh@linuxfoundation.org, dhowells@redhat.com, dwmw2@infradead.org Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com Subject: [PATCH v5 3/7] sign-file: refactor argument parsing logic - 3 Date: Mon, 20 Mar 2023 23:27:27 +0530 Message-Id: <20230320175731.79709-3-sshedi@vmware.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230320175731.79709-1-sshedi@vmware.com> References: <20230320175731.79709-1-sshedi@vmware.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Shreenidhi Shedi Move file signing logic to its own function Keep the main function bare minimal and do less in main function. This patch is pre-work for bulk module signing support. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 115 +++++++++++++++++++++----------------------- 1 file changed, 54 insertions(+), 61 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index b0f340ea629b..64d5e00f08e2 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -313,10 +313,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) } while (opt != -1); } -int main(int argc, char **argv) +static int sign_single_file(struct cmd_opts *opts) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; - unsigned char buf[4096]; + unsigned char buf[4096] = {}; unsigned long module_size, sig_size; unsigned int use_signed_attrs; const EVP_MD *digest_algo; @@ -329,11 +329,6 @@ int main(int argc, char **argv) X509 *x509; BIO *bd, *bm; int n; - struct cmd_opts opts = {}; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - ERR_clear_error(); key_pass = getenv("KBUILD_SIGN_PIN"); @@ -342,34 +337,6 @@ int main(int argc, char **argv) #else use_signed_attrs = PKCS7_NOATTR; #endif - parse_args(argc, argv, &opts); - argc -= optind; - argv += optind; - - const char *raw_sig_name = opts.raw_sig_name; - const char *hash_algo = opts.hash_algo; - const char *private_key_name = opts.private_key_name; - const char *x509_name = opts.x509_name; - const char *module_name = opts.module_name; - const bool save_sig = opts.save_sig; - const bool raw_sig = opts.raw_sig; - const bool sign_only = opts.sign_only; - bool replace_orig = opts.replace_orig; - char *dest_name = opts.dest_name; -#ifndef USE_PKCS7 - const unsigned int use_keyid = opts.use_keyid; -#endif - - if (!argv[0] || argc != 1) - format(); - - if (dest_name && strcmp(argv[0], dest_name)) { - replace_orig = false; - } else { - ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, - "asprintf"); - replace_orig = true; - } #ifdef USE_PKCS7 if (strcmp(hash_algo, "sha1") != 0) { @@ -380,20 +347,20 @@ int main(int argc, char **argv) #endif /* Open the module file */ - bm = BIO_new_file(module_name, "rb"); - ERR(!bm, "%s", module_name); + bm = BIO_new_file(opts->module_name, "rb"); + ERR(!bm, "%s", opts->module_name); - if (!raw_sig) { + if (!opts->raw_sig) { /* Read the private key and the X.509 cert the PKCS#7 message * will point to. */ - private_key = read_private_key(private_key_name); - x509 = read_x509(x509_name); + private_key = read_private_key(opts->private_key_name); + x509 = read_x509(opts->x509_name); /* Digest the module data. */ OpenSSL_add_all_digests(); display_openssl_errors(__LINE__); - digest_algo = EVP_get_digestbyname(hash_algo); + digest_algo = EVP_get_digestbyname(opts->hash_algo); ERR(!digest_algo, "EVP_get_digestbyname"); #ifndef USE_PKCS7 @@ -405,7 +372,7 @@ int main(int argc, char **argv) ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, CMS_NOCERTS | CMS_BINARY | - CMS_NOSMIMECAP | use_keyid | + CMS_NOSMIMECAP | opts->use_keyid | use_signed_attrs), "CMS_add1_signer"); ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, @@ -418,11 +385,11 @@ int main(int argc, char **argv) ERR(!pkcs7, "PKCS7_sign"); #endif - if (save_sig) { + if (opts->save_sig) { char *sig_file_name; BIO *b; - ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, + ERR(asprintf(&sig_file_name, "%s.p7s", opts->module_name) < 0, "asprintf"); b = BIO_new_file(sig_file_name, "wb"); ERR(!b, "%s", sig_file_name); @@ -436,7 +403,7 @@ int main(int argc, char **argv) BIO_free(b); } - if (sign_only) { + if (opts->sign_only) { BIO_free(bm); return 0; } @@ -445,24 +412,24 @@ int main(int argc, char **argv) /* Open the destination file now so that we can shovel the module data * across as we read it. */ - bd = BIO_new_file(dest_name, "wb"); - ERR(!bd, "%s", dest_name); + bd = BIO_new_file(opts->dest_name, "wb"); + ERR(!bd, "%s", opts->dest_name); /* Append the marker and the PKCS#7 message to the destination file */ - ERR(BIO_reset(bm) < 0, "%s", module_name); + ERR(BIO_reset(bm) < 0, "%s", opts->module_name); while ((n = BIO_read(bm, buf, sizeof(buf))), n > 0) { - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); } BIO_free(bm); - ERR(n < 0, "%s", module_name); + ERR(n < 0, "%s", opts->module_name); module_size = BIO_number_written(bd); - if (!raw_sig) { + if (!opts->raw_sig) { #ifndef USE_PKCS7 - ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); + ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", opts->dest_name); #else - ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); + ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", opts->dest_name); #endif } else { BIO *b; @@ -470,23 +437,49 @@ int main(int argc, char **argv) /* Read the raw signature file and write the data to the * destination file */ - b = BIO_new_file(raw_sig_name, "rb"); - ERR(!b, "%s", raw_sig_name); + b = BIO_new_file(opts->raw_sig_name, "rb"); + ERR(!b, "%s", opts->raw_sig_name); while ((n = BIO_read(b, buf, sizeof(buf))), n > 0) - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); BIO_free(b); } sig_size = BIO_number_written(bd) - module_size; sig_info.sig_len = htonl(sig_size); - ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); - ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name); + ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", opts->dest_name); + ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", opts->dest_name); - ERR(BIO_free(bd) < 0, "%s", dest_name); + ERR(BIO_free(bd) < 0, "%s", opts->dest_name); /* Finally, if we're signing in place, replace the original. */ - if (replace_orig) - ERR(rename(dest_name, module_name) < 0, "%s", dest_name); + if (opts->replace_orig) + ERR(rename(opts->dest_name, opts->module_name) < 0, "%s", opts->dest_name); return 0; } + +int main(int argc, char **argv) +{ + struct cmd_opts opts = {}; + + parse_args(argc, argv, &opts); + argc -= optind; + argv += optind; + + if (!argv[0] || argc != 1) + format(); + + if (opts.dest_name && strcmp(argv[0], opts.dest_name)) { + opts.replace_orig = false; + } else { + ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, + "asprintf"); + opts.replace_orig = true; + } + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + ERR_clear_error(); + + return sign_single_file(&opts); +} -- 2.39.2