2012-10-18 15:38:53 +00:00
|
|
|
From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Peter Jones <pjones@redhat.com>
|
|
|
|
Date: Wed, 17 Oct 2012 15:31:15 -0400
|
2012-10-19 14:24:10 +00:00
|
|
|
Subject: [PATCH 20/41] Allocate pesign_context rather than having it on the
|
2012-10-18 15:38:53 +00:00
|
|
|
stack.
|
|
|
|
|
|
|
|
This way it won't try to re-initialize cms_context when it's cleaned up.
|
|
|
|
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
---
|
|
|
|
src/pesign.c | 152 ++++++++++++++++++++++++++++++-----------------------------
|
|
|
|
1 file changed, 77 insertions(+), 75 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/src/pesign.c b/src/pesign.c
|
|
|
|
index 2ba5ef1..e22e814 100644
|
|
|
|
--- a/src/pesign.c
|
|
|
|
+++ b/src/pesign.c
|
|
|
|
@@ -426,7 +426,7 @@ main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
- pesign_context ctx, *ctxp = &ctx;
|
|
|
|
+ pesign_context *ctxp;
|
|
|
|
|
|
|
|
int list = 0;
|
|
|
|
int remove = 0;
|
|
|
|
@@ -437,40 +437,47 @@ main(int argc, char *argv[])
|
|
|
|
char *tokenname = "NSS Certificate DB";
|
|
|
|
char *certname = NULL;
|
|
|
|
|
|
|
|
+ rc = pesign_context_new(&ctxp);
|
|
|
|
+ if (rc < 0) {
|
|
|
|
+ fprintf(stderr, "Could not initialize context: %m\n");
|
|
|
|
+ exit(1);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
poptContext optCon;
|
|
|
|
struct poptOption options[] = {
|
|
|
|
{NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" },
|
|
|
|
- {"in", 'i', POPT_ARG_STRING, &ctx.infile, 0,
|
|
|
|
+ {"in", 'i', POPT_ARG_STRING, &ctxp->infile, 0,
|
|
|
|
"specify input file", "<infile>"},
|
|
|
|
- {"out", 'o', POPT_ARG_STRING, &ctx.outfile, 0,
|
|
|
|
+ {"out", 'o', POPT_ARG_STRING, &ctxp->outfile, 0,
|
|
|
|
"specify output file", "<outfile>" },
|
|
|
|
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
|
|
|
|
"specify certificate nickname",
|
|
|
|
"<certificate nickname>" },
|
|
|
|
- {"privkey", 'p', POPT_ARG_STRING, &ctx.privkeyfile, 0,
|
|
|
|
+ {"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
|
|
|
|
"specify private key file", "<privkey>" },
|
|
|
|
- {"force", 'f', POPT_ARG_VAL, &ctx.force, 1,
|
|
|
|
+ {"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
|
|
|
|
"force overwriting of output file", NULL },
|
|
|
|
- {"sign", 's', POPT_ARG_VAL, &ctx.sign, 1,
|
|
|
|
+ {"sign", 's', POPT_ARG_VAL, &ctxp->sign, 1,
|
|
|
|
"create a new signature", NULL },
|
|
|
|
- {"hash", 'h', POPT_ARG_VAL, &ctx.hash, 1, "hash binary", NULL },
|
|
|
|
+ {"hash", 'h', POPT_ARG_VAL, &ctxp->hash, 1, "hash binary", NULL },
|
|
|
|
{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
|
|
|
|
&digest_name, 0, "digest type to use for pe hash" },
|
|
|
|
{"import-signed-certificate", 'm',
|
|
|
|
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
|
|
|
|
- &ctx.insig, 0,"import signature from file", "<insig>" },
|
|
|
|
+ &ctxp->insig, 0,"import signature from file", "<insig>" },
|
|
|
|
{"export-signed-attributes", 'E',
|
|
|
|
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
|
|
|
|
- &ctx.outsattrs, 0, "export signed attributes to file",
|
|
|
|
+ &ctxp->outsattrs, 0, "export signed attributes to file",
|
|
|
|
"<signed_attributes_file>" },
|
|
|
|
{"import-signed-attributes", 'I',
|
|
|
|
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
|
|
|
|
- &ctx.insattrs, 0, "import signed attributes from file",
|
|
|
|
+ &ctxp->insattrs, 0,
|
|
|
|
+ "import signed attributes from file",
|
|
|
|
"<signed_attributes_file>" },
|
|
|
|
{"import-raw-signature", 'R',
|
|
|
|
- POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctx.rawsig,
|
|
|
|
+ POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctxp->rawsig,
|
|
|
|
0, "import raw signature from file", "<inraw>" },
|
|
|
|
- {"signature-number", 'u', POPT_ARG_INT, &ctx.signum, -1,
|
|
|
|
+ {"signature-number", 'u', POPT_ARG_INT, &ctxp->signum, -1,
|
|
|
|
"specify which signature to operate on","<sig-number>"},
|
|
|
|
{"list-signatures", 'l',
|
|
|
|
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
|
|
|
|
@@ -483,13 +490,14 @@ main(int argc, char *argv[])
|
|
|
|
"remove signature" },
|
|
|
|
{"export-signature", 'e',
|
|
|
|
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
|
|
|
|
- &ctx.outsig, 0,"export signature to file", "<outsig>" },
|
|
|
|
+ &ctxp->outsig, 0,
|
|
|
|
+ "export signature to file", "<outsig>" },
|
|
|
|
{"export-pubkey", 'K', POPT_ARG_STRING,
|
|
|
|
- &ctx.outkey, 0, "export pubkey to file", "<outkey>" },
|
|
|
|
+ &ctxp->outkey, 0, "export pubkey to file", "<outkey>" },
|
|
|
|
{"export-cert", 'C', POPT_ARG_STRING,
|
|
|
|
- &ctx.outcert, 0, "export signing cert to file",
|
|
|
|
+ &ctxp->outcert, 0, "export signing cert to file",
|
|
|
|
"<outcert>" },
|
|
|
|
- {"ascii-armor", 'a', POPT_ARG_VAL, &ctx.ascii, 1,
|
|
|
|
+ {"ascii-armor", 'a', POPT_ARG_VAL, &ctxp->ascii, 1,
|
|
|
|
"use ascii armoring", NULL },
|
|
|
|
{"daemonize", 'D', POPT_ARG_VAL, &daemon, 1,
|
|
|
|
"run as a daemon process", NULL },
|
|
|
|
@@ -509,12 +517,6 @@ main(int argc, char *argv[])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
- rc = pesign_context_init(ctxp);
|
|
|
|
- if (rc < 0) {
|
|
|
|
- fprintf(stderr, "Could not initialize context: %m\n");
|
|
|
|
- exit(1);
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
|
|
|
|
|
|
|
|
rc = poptReadDefaultConfig(optCon, 0);
|
|
|
|
@@ -571,25 +573,25 @@ main(int argc, char *argv[])
|
|
|
|
if (daemon)
|
|
|
|
action |= DAEMONIZE;
|
|
|
|
|
|
|
|
- if (ctx.rawsig)
|
|
|
|
+ if (ctxp->rawsig)
|
|
|
|
action |= IMPORT_RAW_SIGNATURE;
|
|
|
|
|
|
|
|
- if (ctx.insattrs)
|
|
|
|
+ if (ctxp->insattrs)
|
|
|
|
action |= IMPORT_SATTRS;
|
|
|
|
|
|
|
|
- if (ctx.outsattrs)
|
|
|
|
+ if (ctxp->outsattrs)
|
|
|
|
action |= EXPORT_SATTRS;
|
|
|
|
-
|
|
|
|
- if (ctx.insig)
|
|
|
|
+
|
|
|
|
+ if (ctxp->insig)
|
|
|
|
action |= IMPORT_SIGNATURE;
|
|
|
|
|
|
|
|
- if (ctx.outkey)
|
|
|
|
+ if (ctxp->outkey)
|
|
|
|
action |= EXPORT_PUBKEY;
|
|
|
|
|
|
|
|
- if (ctx.outcert)
|
|
|
|
+ if (ctxp->outcert)
|
|
|
|
action |= EXPORT_CERT;
|
|
|
|
|
|
|
|
- if (ctx.outsig)
|
|
|
|
+ if (ctxp->outsig)
|
|
|
|
action |= EXPORT_SIGNATURE;
|
|
|
|
|
|
|
|
if (remove != 0)
|
|
|
|
@@ -598,13 +600,13 @@ main(int argc, char *argv[])
|
|
|
|
if (list != 0)
|
|
|
|
action |= LIST_SIGNATURES;
|
|
|
|
|
|
|
|
- if (ctx.sign) {
|
|
|
|
+ if (ctxp->sign) {
|
|
|
|
action |= GENERATE_SIGNATURE;
|
|
|
|
if (!(action & EXPORT_SIGNATURE))
|
|
|
|
action |= IMPORT_SIGNATURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
- if (ctx.hash)
|
|
|
|
+ if (ctxp->hash)
|
|
|
|
action |= GENERATE_DIGEST|PRINT_DIGEST;
|
|
|
|
|
|
|
|
ssize_t sigspace = 0;
|
|
|
|
@@ -620,11 +622,11 @@ main(int argc, char *argv[])
|
|
|
|
*/
|
|
|
|
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
|
|
|
|
check_inputs(ctxp);
|
|
|
|
- rc = find_certificate(ctx.cms_ctx);
|
|
|
|
+ rc = find_certificate(ctxp->cms_ctx);
|
|
|
|
if (rc < 0) {
|
|
|
|
fprintf(stderr, "pesign: Could not find "
|
|
|
|
"certificate %s\n",
|
|
|
|
- ctx.cms_ctx->certname);
|
|
|
|
+ ctxp->cms_ctx->certname);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
open_rawsig_input(ctxp);
|
|
|
|
@@ -636,19 +638,19 @@ main(int argc, char *argv[])
|
|
|
|
open_input(ctxp);
|
|
|
|
open_output(ctxp);
|
|
|
|
close_input(ctxp);
|
|
|
|
- generate_digest(ctx.cms_ctx, ctx.outpe);
|
|
|
|
- sigspace = calculate_signature_space(ctx.cms_ctx,
|
|
|
|
- ctx.outpe);
|
|
|
|
- allocate_signature_space(ctx.outpe, sigspace);
|
|
|
|
- generate_signature(ctx.cms_ctx);
|
|
|
|
- insert_signature(ctx.cms_ctx, ctx.signum);
|
|
|
|
- finalize_signatures(ctx.cms_ctx, ctx.outpe);
|
|
|
|
+ generate_digest(ctxp->cms_ctx, ctxp->outpe);
|
|
|
|
+ sigspace = calculate_signature_space(ctxp->cms_ctx,
|
|
|
|
+ ctxp->outpe);
|
|
|
|
+ allocate_signature_space(ctxp->outpe, sigspace);
|
|
|
|
+ generate_signature(ctxp->cms_ctx);
|
|
|
|
+ insert_signature(ctxp->cms_ctx, ctxp->signum);
|
|
|
|
+ finalize_signatures(ctxp->cms_ctx, ctxp->outpe);
|
|
|
|
close_output(ctxp);
|
|
|
|
break;
|
|
|
|
case EXPORT_SATTRS:
|
|
|
|
open_input(ctxp);
|
|
|
|
open_sattr_output(ctxp);
|
|
|
|
- generate_digest(ctx.cms_ctx, ctx.inpe);
|
|
|
|
+ generate_digest(ctxp->cms_ctx, ctxp->inpe);
|
|
|
|
generate_sattr_blob(ctxp);
|
|
|
|
close_sattr_output(ctxp);
|
|
|
|
close_input(ctxp);
|
|
|
|
@@ -666,22 +668,22 @@ main(int argc, char *argv[])
|
|
|
|
close_output(ctxp);
|
|
|
|
break;
|
|
|
|
case EXPORT_PUBKEY:
|
|
|
|
- rc = find_certificate(ctx.cms_ctx);
|
|
|
|
+ rc = find_certificate(ctxp->cms_ctx);
|
|
|
|
if (rc < 0) {
|
|
|
|
fprintf(stderr, "pesign: Could not find "
|
|
|
|
"certificate %s\n",
|
|
|
|
- ctx.cms_ctx->certname);
|
|
|
|
+ ctxp->cms_ctx->certname);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
open_pubkey_output(ctxp);
|
|
|
|
export_pubkey(ctxp);
|
|
|
|
break;
|
|
|
|
case EXPORT_CERT:
|
|
|
|
- rc = find_certificate(ctx.cms_ctx);
|
|
|
|
+ rc = find_certificate(ctxp->cms_ctx);
|
|
|
|
if (rc < 0) {
|
|
|
|
fprintf(stderr, "pesign: Could not find "
|
|
|
|
"certificate %s\n",
|
|
|
|
- ctx.cms_ctx->certname);
|
|
|
|
+ ctxp->cms_ctx->certname);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
open_cert_output(ctxp);
|
|
|
|
@@ -691,21 +693,21 @@ main(int argc, char *argv[])
|
|
|
|
case EXPORT_SIGNATURE:
|
|
|
|
open_input(ctxp);
|
|
|
|
open_sig_output(ctxp);
|
|
|
|
- if (ctx.signum > ctx.cms_ctx->num_signatures) {
|
|
|
|
+ if (ctxp->signum > ctxp->cms_ctx->num_signatures) {
|
|
|
|
fprintf(stderr, "Invalid signature number.\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
- if (ctx.signum < 0)
|
|
|
|
- ctx.signum = 0;
|
|
|
|
- if (ctx.signum >= ctx.cms_ctx->num_signatures) {
|
|
|
|
+ if (ctxp->signum < 0)
|
|
|
|
+ ctxp->signum = 0;
|
|
|
|
+ if (ctxp->signum >= ctxp->cms_ctx->num_signatures) {
|
|
|
|
fprintf(stderr, "No valid signature #%d.\n",
|
|
|
|
- ctx.signum);
|
|
|
|
+ ctxp->signum);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
- memcpy(&ctx.cms_ctx->newsig,
|
|
|
|
- ctx.cms_ctx->signatures[ctx.signum],
|
|
|
|
- sizeof (ctx.cms_ctx->newsig));
|
|
|
|
- export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii);
|
|
|
|
+ memcpy(&ctxp->cms_ctx->newsig,
|
|
|
|
+ ctxp->cms_ctx->signatures[ctxp->signum],
|
|
|
|
+ sizeof (ctxp->cms_ctx->newsig));
|
|
|
|
+ export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
|
|
|
|
close_input(ctxp);
|
|
|
|
close_sig_output(ctxp);
|
|
|
|
break;
|
|
|
|
@@ -715,11 +717,11 @@ main(int argc, char *argv[])
|
|
|
|
open_input(ctxp);
|
|
|
|
open_output(ctxp);
|
|
|
|
close_input(ctxp);
|
|
|
|
- if (ctx.signum > ctx.cms_ctx->num_signatures) {
|
|
|
|
+ if (ctxp->signum > ctxp->cms_ctx->num_signatures) {
|
|
|
|
fprintf(stderr, "Invalid signature number.\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
- remove_signature(&ctx);
|
|
|
|
+ remove_signature(ctxp);
|
|
|
|
close_output(ctxp);
|
|
|
|
break;
|
|
|
|
/* list signatures in the binary */
|
|
|
|
@@ -729,49 +731,49 @@ main(int argc, char *argv[])
|
|
|
|
break;
|
|
|
|
case GENERATE_DIGEST|PRINT_DIGEST:
|
|
|
|
open_input(ctxp);
|
|
|
|
- generate_digest(ctx.cms_ctx, ctx.inpe);
|
|
|
|
+ generate_digest(ctxp->cms_ctx, ctxp->inpe);
|
|
|
|
print_digest(ctxp);
|
|
|
|
break;
|
|
|
|
/* generate a signature and save it in a separate file */
|
|
|
|
case EXPORT_SIGNATURE|GENERATE_SIGNATURE:
|
|
|
|
- rc = find_certificate(ctx.cms_ctx);
|
|
|
|
+ rc = find_certificate(ctxp->cms_ctx);
|
|
|
|
if (rc < 0) {
|
|
|
|
fprintf(stderr, "pesign: Could not find "
|
|
|
|
"certificate %s\n",
|
|
|
|
- ctx.cms_ctx->certname);
|
|
|
|
+ ctxp->cms_ctx->certname);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
open_input(ctxp);
|
|
|
|
open_sig_output(ctxp);
|
|
|
|
- generate_digest(ctx.cms_ctx, ctx.inpe);
|
|
|
|
- generate_signature(ctx.cms_ctx);
|
|
|
|
- export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii);
|
|
|
|
+ generate_digest(ctxp->cms_ctx, ctxp->inpe);
|
|
|
|
+ generate_signature(ctxp->cms_ctx);
|
|
|
|
+ export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
|
|
|
|
break;
|
|
|
|
/* generate a signature and embed it in the binary */
|
|
|
|
case IMPORT_SIGNATURE|GENERATE_SIGNATURE:
|
|
|
|
check_inputs(ctxp);
|
|
|
|
- rc = find_certificate(ctx.cms_ctx);
|
|
|
|
+ rc = find_certificate(ctxp->cms_ctx);
|
|
|
|
if (rc < 0) {
|
|
|
|
fprintf(stderr, "pesign: Could not find "
|
|
|
|
"certificate %s\n",
|
|
|
|
- ctx.cms_ctx->certname);
|
|
|
|
+ ctxp->cms_ctx->certname);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
open_input(ctxp);
|
|
|
|
open_output(ctxp);
|
|
|
|
close_input(ctxp);
|
|
|
|
- generate_digest(ctx.cms_ctx, ctx.outpe);
|
|
|
|
- sigspace = calculate_signature_space(ctx.cms_ctx,
|
|
|
|
- ctx.outpe);
|
|
|
|
- allocate_signature_space(ctx.outpe, sigspace);
|
|
|
|
- generate_digest(ctx.cms_ctx, ctx.outpe);
|
|
|
|
- generate_signature(ctx.cms_ctx);
|
|
|
|
- insert_signature(ctx.cms_ctx, ctx.signum);
|
|
|
|
- finalize_signatures(ctx.cms_ctx, ctx.outpe);
|
|
|
|
+ generate_digest(ctxp->cms_ctx, ctxp->outpe);
|
|
|
|
+ sigspace = calculate_signature_space(ctxp->cms_ctx,
|
|
|
|
+ ctxp->outpe);
|
|
|
|
+ allocate_signature_space(ctxp->outpe, sigspace);
|
|
|
|
+ generate_digest(ctxp->cms_ctx, ctxp->outpe);
|
|
|
|
+ generate_signature(ctxp->cms_ctx);
|
|
|
|
+ insert_signature(ctxp->cms_ctx, ctxp->signum);
|
|
|
|
+ finalize_signatures(ctxp->cms_ctx, ctxp->outpe);
|
|
|
|
close_output(ctxp);
|
|
|
|
break;
|
|
|
|
case DAEMONIZE:
|
|
|
|
- rc = daemonize(ctx.cms_ctx, fork);
|
|
|
|
+ rc = daemonize(ctxp->cms_ctx, fork);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
fprintf(stderr, "Incompatible flags (0x%08x): ", action);
|
|
|
|
@@ -782,7 +784,7 @@ main(int argc, char *argv[])
|
|
|
|
fprintf(stderr, "\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
- pesign_context_fini(&ctx);
|
|
|
|
+ pesign_context_free(ctxp);
|
|
|
|
|
|
|
|
NSS_Shutdown();
|
|
|
|
return (rc < 0);
|
|
|
|
--
|
|
|
|
1.7.12.1
|
|
|
|
|