| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Feb 2023 00:20:13 +0530
From: Shreenidhi Shedi <yesshedi@...il.com>
To: dhowells@...hat.com, dwmw2@...radead.org,
gregkh@...uxfoundation.org
Cc: linux-kernel@...r.kernel.org, Shreenidhi Shedi <sshedi@...are.com>
Subject: [PATCH v2 1/6] sign-file: refactor argument parsing logic
- Use getopt_long_only for parsing input args
- Use more easy to remember command line argument names
Signed-off-by: Shreenidhi Shedi <sshedi@...are.com>
---
scripts/sign-file.c | 156 ++++++++++++++++++++++++++++++++++----------
1 file changed, 122 insertions(+), 34 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 598ef5465f82..cf3acbb13013 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -213,15 +213,111 @@ static X509 *read_x509(const char *x509_name)
return x509;
}
+struct cmd_opts {
+ char *hash_algo;
+ char *dest_name;
+ char *private_key_name;
+ char *raw_sig_name;
+ char *x509_name;
+ char *module_name;
+ bool save_sig;
+ bool replace_orig;
+ bool raw_sig;
+ bool sign_only;
+
+#ifndef USE_PKCS7
+ unsigned int use_keyid;
+#endif
+};
+
+void parse_args(int argc, char **argv, struct cmd_opts *opts)
+{
+ struct option cmd_options[] = {
+ /* These options set a flag. */
+ {"help", no_argument, 0, 'h'},
+ {"savesig", no_argument, 0, 's'},
+ {"signonly", no_argument, 0, 'o'},
+#ifndef USE_PKCS7
+ {"usekeyid", no_argument, 0, 'k'},
+#endif
+ {"rawsig", required_argument, 0, 'r'},
+ {"privkey", required_argument, 0, 'p'},
+ {"hashalgo", required_argument, 0, 'a'},
+ {"x509", required_argument, 0, 'x'},
+ {"dest", required_argument, 0, 'd'},
+ {"replaceorig", required_argument, 0, 'l'},
+ {0, 0, 0, 0}
+ };
+
+ int opt;
+ int opt_index = 0;
+
+ do {
+#ifndef USE_PKCS7
+ opt = getopt_long_only(argc, argv, "hsobr:p:a:x:d:l:",
+ cmd_options, &opt_index);
+#else
+ opt = getopt_long_only(argc, argv, "hsobkr:p:a:x:d:l:",
+ cmd_options, &opt_index);
+#endif
+ switch (opt) {
+ case 'h':
+ format();
+ break;
+
+ case 'r':
+ opts->raw_sig = true;
+ opts->raw_sig_name = optarg;
+ break;
+
+ case 's':
+ opts->save_sig = true;
+ break;
+
+ case 'o':
+ opts->sign_only = true;
+ opts->save_sig = true;
+ break;
+
+#ifndef USE_PKCS7
+ case 'k':
+ opts->use_keyid = CMS_USE_KEYID;
+ break;
+#endif
+
+ case 'p':
+ opts->private_key_name = optarg;
+ break;
+
+ case 'a':
+ opts->hash_algo = optarg;
+ break;
+
+ case 'x':
+ opts->x509_name = optarg;
+ break;
+
+ case 'd':
+ opts->dest_name = optarg;
+ break;
+
+ case 'l':
+ opts->replace_orig = true;
+ break;
+
+ case -1:
+ break;
+
+ default:
+ format();
+ break;
+ }
+ } while (opt != -1);
+}
+
int main(int argc, char **argv)
{
struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
- char *hash_algo = NULL;
- char *private_key_name = NULL, *raw_sig_name = NULL;
- char *x509_name, *module_name, *dest_name;
- bool save_sig = false, replace_orig;
- bool sign_only = false;
- bool raw_sig = false;
unsigned char buf[4096];
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
@@ -229,13 +325,14 @@ int main(int argc, char **argv)
EVP_PKEY *private_key;
#ifndef USE_PKCS7
CMS_ContentInfo *cms = NULL;
- unsigned int use_keyid = 0;
#else
PKCS7 *pkcs7 = NULL;
#endif
X509 *x509;
BIO *bd, *bm;
- int opt, n;
+ int i, n;
+ struct cmd_opts opts = {0};
+
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_clear_error();
@@ -247,37 +344,29 @@ int main(int argc, char **argv)
#else
use_signed_attrs = PKCS7_NOATTR;
#endif
+ parse_args(argc, argv, &opts);
+ argc -= optind;
+ argv += optind;
+
+ char *hash_algo = opts.hash_algo;
+ char *dest_name = opts.dest_name;
+ char *private_key_name = opts.private_key_name;
+ char *raw_sig_name = opts.raw_sig_name;
+ char *x509_name = opts.x509_name;
+ char *module_name = opts.module_name;
+ bool save_sig = opts.save_sig;
+ bool replace_orig = opts.replace_orig;
+ bool raw_sig = opts.raw_sig;
+ bool sign_only = opts.sign_only;
- do {
- opt = getopt(argc, argv, "sdpk");
- switch (opt) {
- case 's': raw_sig = true; break;
- case 'p': save_sig = true; break;
- case 'd': sign_only = true; save_sig = true; break;
#ifndef USE_PKCS7
- case 'k': use_keyid = CMS_USE_KEYID; break;
+ unsigned int use_keyid = opts.use_keyid;
#endif
- case -1: break;
- default: format();
- }
- } while (opt != -1);
- argc -= optind;
- argv += optind;
- if (argc < 4 || argc > 5)
+ if (!argv[0] || argc != 1)
format();
- if (raw_sig) {
- raw_sig_name = argv[0];
- hash_algo = argv[1];
- } else {
- hash_algo = argv[0];
- private_key_name = argv[1];
- }
- x509_name = argv[2];
- module_name = argv[3];
- if (argc == 5 && strcmp(argv[3], argv[4]) != 0) {
- dest_name = argv[4];
+ if (dest_name && strcmp(argv[0], dest_name)) {
replace_orig = false;
} else {
ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0,
@@ -292,7 +381,6 @@ int main(int argc, char **argv)
exit(3);
}
#endif
-
/* Open the module file */
bm = BIO_new_file(module_name, "rb");
ERR(!bm, "%s", module_name);
--
2.39.1
Powered by blists - more mailing lists