|
|
@ -5,6 +5,7 @@ |
|
|
|
|
|
|
|
|
|
|
|
#include <getopt.h> |
|
|
|
#include <getopt.h> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <openssl/err.h> |
|
|
|
#include <openssl/evp.h> |
|
|
|
#include <openssl/evp.h> |
|
|
|
#include <openssl/pem.h> |
|
|
|
#include <openssl/pem.h> |
|
|
|
#include <openssl/ssl.h> |
|
|
|
#include <openssl/ssl.h> |
|
|
@ -175,24 +176,28 @@ int do_sign(int argc, char *argv[]) |
|
|
|
|
|
|
|
|
|
|
|
if (!(key = open_priv_key(args.key))) { |
|
|
|
if (!(key = open_priv_key(args.key))) { |
|
|
|
fprintf(stderr, "error: unable to read the private key.\n"); |
|
|
|
fprintf(stderr, "error: unable to read the private key.\n"); |
|
|
|
|
|
|
|
ERR_print_errors_fp(stderr); |
|
|
|
return -1; |
|
|
|
return -1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (!(cert = X509_open_cert(args.cert))) { |
|
|
|
if (!(cert = X509_open_cert(args.cert))) { |
|
|
|
fprintf(stderr, "error: unable to read the X509 certificate.\n"); |
|
|
|
fprintf(stderr, "error: unable to read the X509 certificate.\n"); |
|
|
|
|
|
|
|
ERR_print_errors_fp(stderr); |
|
|
|
OPENSSL_free(key); |
|
|
|
OPENSSL_free(key); |
|
|
|
return -1; |
|
|
|
return -1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (!(cn = X509_get_common_name(cert))) { |
|
|
|
if (!(cn = X509_get_common_name(cert))) { |
|
|
|
fprintf(stderr, "error: unable to get the common name.\n"); |
|
|
|
fprintf(stderr, "error: unable to get the common name.\n"); |
|
|
|
|
|
|
|
ERR_print_errors_fp(stderr); |
|
|
|
OPENSSL_free(cert); |
|
|
|
OPENSSL_free(cert); |
|
|
|
OPENSSL_free(key); |
|
|
|
OPENSSL_free(key); |
|
|
|
return -1; |
|
|
|
return -1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (sign(args.image, cn, args.digest, key) < 0) { |
|
|
|
if (sign(args.image, cn, args.digest, key) < 0) { |
|
|
|
fprintf(stderr, "error: unable to sign the payload.\n"); |
|
|
|
fprintf(stderr, "error: unable to sign the payload.\n"); |
|
|
|
|
|
|
|
ERR_print_errors_fp(stderr); |
|
|
|
OPENSSL_free(cn); |
|
|
|
OPENSSL_free(cn); |
|
|
|
OPENSSL_free(cert); |
|
|
|
OPENSSL_free(cert); |
|
|
|
OPENSSL_free(key); |
|
|
|
OPENSSL_free(key); |
|
|
|