pesign/pesign-privkey_unneeded.diff
Gary Ching-Pang Lin 3e44889555 Accepting request 346961 from home:gary_lin:branches:Base:System
- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
  + pesign-efivar-pkgconfig.patch
  + pesign-make-efi_guid_t-const.patch
  + pesign-fix-import-sig-check.patch
  + pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
  and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch

OBS-URL: https://build.opensuse.org/request/show/346961
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=36
2015-12-01 09:03:35 +00:00

82 lines
2.6 KiB
Diff

---
src/cms_common.c | 12 ++++++++++--
src/cms_common.h | 1 +
src/pesign.c | 1 +
3 files changed, 12 insertions(+), 2 deletions(-)
Index: pesign-0.111/src/cms_common.c
===================================================================
--- pesign-0.111.orig/src/cms_common.c
+++ pesign-0.111/src/cms_common.c
@@ -280,6 +280,7 @@ struct cbdata {
CERTCertificate *cert;
PK11SlotListElement *psle;
secuPWData *pwdata;
+ int privkey_unneeded;
};
static SECStatus
@@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi
void *pwdata = cbdata->pwdata;
SECKEYPrivateKey *privkey = NULL;
+
+ if (cbdata->privkey_unneeded) {
+ cbdata->cert = cert;
+ return SECSuccess;
+ }
+
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
if (privkey != NULL) {
cbdata->cert = cert;
@@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n
}
SECStatus status;
- if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
+ if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle);
@@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n
.cert = NULL,
.psle = psle,
.pwdata = pwdata,
+ .privkey_unneeded = cms->privkey_unneeded,
};
if (needs_private_key) {
@@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms,
}
SECStatus status;
- if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
+ if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle);
Index: pesign-0.111/src/cms_common.h
===================================================================
--- pesign-0.111.orig/src/cms_common.h
+++ pesign-0.111/src/cms_common.h
@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct
typedef struct cms_context {
PRArenaPool *arena;
void *privkey;
+ int privkey_unneeded;
char *tokenname;
char *certname;
Index: pesign-0.111/src/pesign.c
===================================================================
--- pesign-0.111.orig/src/pesign.c
+++ pesign-0.111/src/pesign.c
@@ -651,6 +651,7 @@ main(int argc, char *argv[])
*/
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp);
+ ctxp->cms_ctx->privkey_unneeded = 1;
rc = find_certificate(ctxp->cms_ctx, 0);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "