nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

Signing Time code refactoring

Browse Source 
- Code simplification.
 - Support for the -st option while timestamps are enabled.
 - Fix for a NULL pointer dereference.
This commit is contained in:
Michał Trojnara 2019-09-10 23:03:35 +02:00
parent 5c51cab171
commit 2ffa5a9d69
1 changed files with 17 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
osslsigncode.c
View File

@ -475,10 +475,13 @@ static size_t asn1_simple_hdr_len(const unsigned char *p, size_t len)
* behaviour closer to signtool.exe (which doesn't include any non-trusted * behaviour closer to signtool.exe (which doesn't include any non-trusted
* time in this case.) * time in this case.)
*/ */
static int pkcs7_add_custom_time(PKCS7_SIGNER_INFO *si, time_t customtimeutc) static int pkcs7_add_signing_time(PKCS7_SIGNER_INFO *si, time_t signing_time)
{ {
ASN1_TIME *t = ASN1_TIME_adj(NULL, customtimeutc, 0, 0); if (signing_time == (time_t)-1) /* -st option was not specified */
return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, V_ASN1_UTCTIME, t); return 1; /* success */
return PKCS7_add_signed_attribute(si,
NID_pkcs9_signingTime, V_ASN1_UTCTIME,
ASN1_TIME_adj(NULL, signing_time, 0, 0));
} }
static void tohex(const unsigned char *v, char *b, int len) static void tohex(const unsigned char *v, char *b, int len)
@ -1263,7 +1266,7 @@ static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig)
* pkcs7_set_nested_signature adds the p7nest signature to p7 * pkcs7_set_nested_signature adds the p7nest signature to p7
* as a nested signature (SPC_NESTED_SIGNATURE). * as a nested signature (SPC_NESTED_SIGNATURE).
*/ */
static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest, int custom_ts, time_t customtimeutc) static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest, time_t signing_time)
{ {
u_char *p = NULL; u_char *p = NULL;
int len = 0; int len = 0;
@ -1279,10 +1282,7 @@ static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest, int custom_ts, t
OPENSSL_free(p); OPENSSL_free(p);
PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0); PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0);
pkcs7_add_signing_time(si, signing_time);
if (custom_ts)
pkcs7_add_custom_time(si, customtimeutc);
if (PKCS7_add_attribute(si, OBJ_txt2nid(SPC_NESTED_SIGNATURE_OBJID), V_ASN1_SEQUENCE, astr) == 0) if (PKCS7_add_attribute(si, OBJ_txt2nid(SPC_NESTED_SIGNATURE_OBJID), V_ASN1_SEQUENCE, astr) == 0)
return 0; return 0;
@ -2366,7 +2366,7 @@ int main(int argc, char **argv) {
PKCS7_SIGNER_INFO *si; PKCS7_SIGNER_INFO *si;
ASN1_STRING *astr; ASN1_STRING *astr;
const EVP_MD *md; const EVP_MD *md;
time_t customtimeutc = (time_t)0; time_t signing_time = (time_t)-1;
const char *argv0 = argv[0]; const char *argv0 = argv[0];
static char buf[64*1024]; static char buf[64*1024];
@ -2531,7 +2531,7 @@ int main(int argc, char **argv) {
url = *(++argv); url = *(++argv);
} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-st")) { } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-st")) {
if (--argc < 1) usage(argv0); if (--argc < 1) usage(argv0);
customtimeutc = (time_t)strtoul(*(++argv), NULL, 10); signing_time = (time_t)strtoul(*(++argv), NULL, 10);
#ifdef ENABLE_CURL #ifdef ENABLE_CURL
} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) { } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) {
if (--argc < 1) usage(argv0); if (--argc < 1) usage(argv0);
@ -3136,20 +3136,12 @@ int main(int argc, char **argv) {
PKCS7_set_type(sig, NID_pkcs7_signed); PKCS7_set_type(sig, NID_pkcs7_signed);
si = NULL; si = NULL;
if (cert != NULL) { if (cert != NULL)
si = PKCS7_add_signature(sig, cert, pkey, md); si = PKCS7_add_signature(sig, cert, pkey, md);
if (nturl == 0 && ntsurl == 0) for (i=0; si == NULL && i<sk_X509_num(certs); i++) {
pkcs7_add_custom_time(si, customtimeutc); X509 *signcert = sk_X509_value(certs, i);
} /* X509_print_fp(stdout, signcert); */
if (si == NULL) { si = PKCS7_add_signature(sig, signcert, pkey, md);
for (i=0; i<sk_X509_num(certs); i++) {
X509 *signcert = sk_X509_value(certs, i);
/* X509_print_fp(stdout, signcert); */
si = PKCS7_add_signature(sig, signcert, pkey, md);
if (nturl == 0 && ntsurl == 0)
pkcs7_add_custom_time(si, customtimeutc);
if (si != NULL) break;
}
} }
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
pkey = NULL; pkey = NULL;
@ -3157,6 +3149,7 @@ int main(int argc, char **argv) {
if (si == NULL) if (si == NULL)
DO_EXIT_0("Signing failed(PKCS7_add_signature)\n"); DO_EXIT_0("Signing failed(PKCS7_add_signature)\n");
pkcs7_add_signing_time(si, signing_time);
PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1)); V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1));
@ -3294,7 +3287,7 @@ add_only:
if (nest) { if (nest) {
if (cursig == NULL) if (cursig == NULL)
DO_EXIT_0("Internal error: No 'cursig' was extracted\n") DO_EXIT_0("Internal error: No 'cursig' was extracted\n")
if (pkcs7_set_nested_signature(cursig, sig, (nturl == 0 && ntsurl == 0), customtimeutc) == 0) if (pkcs7_set_nested_signature(cursig, sig, signing_time) == 0)
DO_EXIT_0("Unable to append the nested signature to the current signature\n"); DO_EXIT_0("Unable to append the nested signature to the current signature\n");
outsig = cursig; outsig = cursig;
} else { } else {