scripts/sign-file.c

Source file repositories/reference/linux-study-clean/scripts/sign-file.c

File Facts

System
Linux kernel
Corpus path
scripts/sign-file.c
Extension
.c
Size
9078 bytes
Lines
359
Domain
Support Tooling And Documentation
Bucket
scripts
Inferred role
Support Tooling And Documentation: implementation source
Status
source implementation candidate

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

if (!info) {
			drain_openssl_errors(__LINE__, 0);
			continue;
		}
		if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
			private_key = OSSL_STORE_INFO_get1_PKEY(info);
			ERR(!private_key, "OSSL_STORE_INFO_get1_PKEY");
		}
		OSSL_STORE_INFO_free(info);
		if (private_key)
			break;
	}
	OSSL_STORE_close(store);
#elif defined(USE_PKCS11_ENGINE)
	ENGINE *e;

	ENGINE_load_builtin_engines();
	drain_openssl_errors(__LINE__, 1);
	e = ENGINE_by_id("pkcs11");
	ERR(!e, "Load PKCS#11 ENGINE");
	if (ENGINE_init(e))
		drain_openssl_errors(__LINE__, 1);
	else
		ERR(1, "ENGINE_init");
	if (key_pass)
		ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
	private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL);
	ERR(!private_key, "%s", private_key_name);
#else
	fprintf(stderr, "no pkcs11 engine/provider available\n");
	exit(1);
#endif
	return private_key;
}

static EVP_PKEY *read_private_key(const char *private_key_name)
{
	if (!strncmp(private_key_name, "pkcs11:", 7)) {
		return read_private_key_pkcs11(private_key_name);
	} else {
		EVP_PKEY *private_key;
		BIO *b;

		b = BIO_new_file(private_key_name, "rb");
		ERR(!b, "%s", private_key_name);
		private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
						      NULL);
		ERR(!private_key, "%s", private_key_name);
		BIO_free(b);

		return private_key;
	}
}

static X509 *read_x509(const char *x509_name)
{
	unsigned char buf[2];
	X509 *x509;
	BIO *b;
	int n;

	b = BIO_new_file(x509_name, "rb");
	ERR(!b, "%s", x509_name);

	/* Look at the first two bytes of the file to determine the encoding */
	n = BIO_read(b, buf, 2);
	if (n != 2) {
		if (BIO_should_retry(b)) {
			fprintf(stderr, "%s: Read wanted retry\n", x509_name);
			exit(1);
		}
		if (n >= 0) {
			fprintf(stderr, "%s: Short read\n", x509_name);
			exit(1);
		}
		ERR(1, "%s", x509_name);
	}

	ERR(BIO_reset(b) != 0, "%s", x509_name);

	if (buf[0] == 0x30 && buf[1] >= 0x81 && buf[1] <= 0x84)
		/* Assume raw DER encoded X.509 */
		x509 = d2i_X509_bio(b, NULL);
	else
		/* Assume PEM encoded X.509 */
		x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);

	BIO_free(b);
	ERR(!x509, "%s", x509_name);

Annotation

Implementation Notes