scripts/sign-file.c
Source file repositories/reference/linux-study-clean/scripts/sign-file.c
File Facts
- System
- Linux kernel
- Corpus path
scripts/sign-file.c- Extension
.c- Size
- 9078 bytes
- Lines
- 359
- Domain
- Support Tooling And Documentation
- Bucket
- scripts
- Inferred role
- Support Tooling And Documentation: implementation source
- Status
- source implementation candidate
Why This File Exists
Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
- Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
stdio.hstdlib.hstdint.hstdbool.hstring.hgetopt.herr.harpa/inet.hopenssl/opensslv.hopenssl/bio.hopenssl/cms.hopenssl/evp.hopenssl/pem.hopenssl/err.hopenssl/provider.hopenssl/store.hopenssl/engine.hssl-common.hlinux/module_signature.h
Detected Declarations
function __attribute__function pem_pw_cbfunction main
Annotated Snippet
if (!info) {
drain_openssl_errors(__LINE__, 0);
continue;
}
if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
private_key = OSSL_STORE_INFO_get1_PKEY(info);
ERR(!private_key, "OSSL_STORE_INFO_get1_PKEY");
}
OSSL_STORE_INFO_free(info);
if (private_key)
break;
}
OSSL_STORE_close(store);
#elif defined(USE_PKCS11_ENGINE)
ENGINE *e;
ENGINE_load_builtin_engines();
drain_openssl_errors(__LINE__, 1);
e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e))
drain_openssl_errors(__LINE__, 1);
else
ERR(1, "ENGINE_init");
if (key_pass)
ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL);
ERR(!private_key, "%s", private_key_name);
#else
fprintf(stderr, "no pkcs11 engine/provider available\n");
exit(1);
#endif
return private_key;
}
static EVP_PKEY *read_private_key(const char *private_key_name)
{
if (!strncmp(private_key_name, "pkcs11:", 7)) {
return read_private_key_pkcs11(private_key_name);
} else {
EVP_PKEY *private_key;
BIO *b;
b = BIO_new_file(private_key_name, "rb");
ERR(!b, "%s", private_key_name);
private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
NULL);
ERR(!private_key, "%s", private_key_name);
BIO_free(b);
return private_key;
}
}
static X509 *read_x509(const char *x509_name)
{
unsigned char buf[2];
X509 *x509;
BIO *b;
int n;
b = BIO_new_file(x509_name, "rb");
ERR(!b, "%s", x509_name);
/* Look at the first two bytes of the file to determine the encoding */
n = BIO_read(b, buf, 2);
if (n != 2) {
if (BIO_should_retry(b)) {
fprintf(stderr, "%s: Read wanted retry\n", x509_name);
exit(1);
}
if (n >= 0) {
fprintf(stderr, "%s: Short read\n", x509_name);
exit(1);
}
ERR(1, "%s", x509_name);
}
ERR(BIO_reset(b) != 0, "%s", x509_name);
if (buf[0] == 0x30 && buf[1] >= 0x81 && buf[1] <= 0x84)
/* Assume raw DER encoded X.509 */
x509 = d2i_X509_bio(b, NULL);
else
/* Assume PEM encoded X.509 */
x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
BIO_free(b);
ERR(!x509, "%s", x509_name);
Annotation
- Immediate include surface: `stdio.h`, `stdlib.h`, `stdint.h`, `stdbool.h`, `string.h`, `getopt.h`, `err.h`, `arpa/inet.h`.
- Detected declarations: `function __attribute__`, `function pem_pw_cb`, `function main`.
- Atlas domain: Support Tooling And Documentation / scripts.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.