SHA256
1
0
forked from pool/pesign
pesign/pesign-privkey_unneeded.diff
Gary Ching-Pang Lin fa50606847 Accepting request 151539 from home:gary_lin:branches:Base:System
- Merge patches for FATE#314552
  + pesign-fix-export-attributes.patch: fix crash when exporting
    the signed attributes
  + pesign-privkey_unneeded.diff: Don't check the private key when
    importing the raw signature
- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
  freeing digests (bnc801653)
- Drop pesign-digestdata.diff which is no longer needed.

OBS-URL: https://build.opensuse.org/request/show/151539
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=5
2013-02-07 02:04:33 +00:00

66 lines
1.8 KiB
Diff

---
src/cms_common.c | 9 ++++++++-
src/cms_common.h | 1 +
src/pesign.c | 1 +
3 files changed, 10 insertions(+), 1 deletion(-)
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -276,6 +276,7 @@ struct cbdata {
CERTCertificate *cert;
PK11SlotListElement *psle;
secuPWData *pwdata;
+ int privkey_unneeded;
};
static SECStatus
@@ -288,6 +289,11 @@ is_valid_cert(CERTCertificate *cert, voi
SECKEYPrivateKey *privkey = NULL;
+ if (cbdata->privkey_unneeded) {
+ cbdata->cert = cert;
+ return SECSuccess;
+ }
+
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
if (privkey != NULL) {
cbdata->cert = cert;
@@ -398,7 +404,7 @@ err_slots:
goto err_slots_errmsg;
SECStatus status;
- if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
+ if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
cms->log(cms, LOG_ERR, "Authentication failed on "
@@ -425,6 +431,7 @@ err_slots:
.cert = NULL,
.psle = psle,
.pwdata = pwdata,
+ .privkey_unneeded = cms->privkey_unneeded,
};
status = PK11_TraverseCertsForNicknameInSlot(&nickname, psle->slot,
--- a/src/cms_common.h
+++ b/src/cms_common.h
@@ -37,6 +37,7 @@ typedef int (*cms_common_logger)(struct
typedef struct cms_context {
PRArenaPool *arena;
void *privkey;
+ int privkey_unneeded;
char *tokenname;
char *certname;
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -650,6 +650,7 @@ main(int argc, char *argv[])
*/
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp);
+ ctxp->cms_ctx->privkey_unneeded = 1;
rc = find_certificate(ctxp->cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "