int child(const char *inpath, const char *outpath, int pipefd, bool Vflag, bool vflag) { int error; FILE *outfp = NULL, *infp = NULL; struct executable *x; infp = checked_fopen(inpath, "r"); if (outpath != NULL) outfp = checked_fopen(outpath, "w"); error = cap_enter(); if (error != 0 && errno != ENOSYS) err(1, "cap_enter"); x = calloc(1, sizeof(*x)); if (x == NULL) err(1, "calloc"); x->x_path = inpath; x->x_fp = infp; load(x); parse(x); if (Vflag) { if (signature_size(x) == 0) errx(1, "file not signed"); printf("file contains signature\n"); if (vflag) { digest(x); show_digest(x); show_certificate(x); } } else { if (signature_size(x) != 0) errx(1, "file already signed"); digest(x); if (vflag) show_digest(x); send_digest(x, pipefd); receive_signature(x, pipefd); update(x); save(x, outfp, outpath); } return (0); }
int main(int argc, char **argv) { int ch, error; bool Vflag = false, vflag = false; const char *certpath = NULL, *keypath = NULL, *outpath = NULL, *inpath = NULL; FILE *certfp = NULL, *keyfp = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; pid_t pid; int pipefds[2]; while ((ch = getopt(argc, argv, "Vc:k:o:v")) != -1) { switch (ch) { case 'V': Vflag = true; break; case 'c': certpath = checked_strdup(optarg); break; case 'k': keypath = checked_strdup(optarg); break; case 'o': outpath = checked_strdup(optarg); break; case 'v': vflag = true; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 1) usage(); if (Vflag) { if (certpath != NULL) errx(1, "-V and -c are mutually exclusive"); if (keypath != NULL) errx(1, "-V and -k are mutually exclusive"); if (outpath != NULL) errx(1, "-V and -o are mutually exclusive"); } else { if (certpath == NULL) errx(1, "-c option is mandatory"); if (keypath == NULL) errx(1, "-k option is mandatory"); if (outpath == NULL) errx(1, "-o option is mandatory"); } inpath = argv[0]; OPENSSL_config(NULL); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); error = pipe(pipefds); if (error != 0) err(1, "pipe"); pid = fork(); if (pid < 0) err(1, "fork"); if (pid == 0) return (child(inpath, outpath, pipefds[1], Vflag, vflag)); if (!Vflag) { certfp = checked_fopen(certpath, "r"); cert = PEM_read_X509(certfp, NULL, NULL, NULL); if (cert == NULL) { ERR_print_errors_fp(stderr); errx(1, "failed to load certificate from %s", certpath); } keyfp = checked_fopen(keypath, "r"); key = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL); if (key == NULL) { ERR_print_errors_fp(stderr); errx(1, "failed to load private key from %s", keypath); } sign(cert, key, pipefds[0]); } return (wait_for_child(pid)); }