-read(read_from, $signature, 4096) || die "pipe from openssl rsautl";
-close(read_from) || die "pipe from openssl rsautl";
+if ($signature_file) {
+ $signature = read_file($signature_file);
+} else {
+ #
+ # Generate the digest and read from openssl's stdout
+ #
+ my $digest;
+ $digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst";
+
+ #
+ # Generate the binary signature, which will be just the integer that
+ # comprises the signature with no metadata attached.
+ #
+ my $pid;
+ $pid = open2(*read_from, *write_to,
+ "openssl rsautl -sign -inkey $private_key -keyform PEM") ||
+ die "openssl rsautl";
+ binmode write_to;
+ print write_to $prologue . $digest || die "pipe to openssl rsautl";
+ close(write_to) || die "pipe to openssl rsautl";
+
+ binmode read_from;
+ read(read_from, $signature, 4096) || die "pipe from openssl rsautl";
+ close(read_from) || die "pipe from openssl rsautl";
+ waitpid($pid, 0) || die;
+ die "openssl rsautl died: $?" if ($? >> 8);
+}