nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 17:08:05 -05:00
Code Issues Projects Releases Wiki Activity

need to recreate BIO mem buf object each time we want to use it

Browse Source
This commit is contained in:
Per Allansson 2013-03-08 18:08:51 +01:00
parent 4fccd43521
commit 4e11a04ed3
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
osslsigncode.c
View File

@ -748,10 +748,11 @@ static void tohex(const unsigned char *v, unsigned char *b, int len)
static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf, static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
unsigned int peheader, int pe32plus, unsigned int fileend) unsigned int peheader, int pe32plus, unsigned int fileend)
{ {
static unsigned char bfb[16*1024*1024];
EVP_MD_CTX mdctx; EVP_MD_CTX mdctx;
EVP_MD_CTX_init(&mdctx); EVP_MD_CTX_init(&mdctx);
EVP_DigestInit(&mdctx, md); EVP_DigestInit(&mdctx, md);
static unsigned char bfb[16*1024*1024];
memset(mdbuf, 0, EVP_MAX_MD_SIZE); memset(mdbuf, 0, EVP_MAX_MD_SIZE);
@ -763,12 +764,12 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
EVP_DigestUpdate(&mdctx, bfb, 60+pe32plus*16); EVP_DigestUpdate(&mdctx, bfb, 60+pe32plus*16);
BIO_read(bio, bfb, 8); BIO_read(bio, bfb, 8);
unsigned int n = BIO_tell(bio); unsigned int n = peheader + 88 + 4 + 60+pe32plus*16 + 8;
while (n < fileend) { while (n < fileend) {
int l = fileend - n; int want = fileend - n;
if (l > sizeof(bfb)) if (want > sizeof(bfb))
l = sizeof(bfb); want = sizeof(bfb);
l = BIO_read(bio, bfb, l); int l = BIO_read(bio, bfb, want);
if (l <= 0) if (l <= 0)
break; break;
EVP_DigestUpdate(&mdctx, bfb, l); EVP_DigestUpdate(&mdctx, bfb, l);
@ -852,12 +853,12 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
BIO *bio = BIO_new_mem_buf(indata, sigpos + siglen); BIO *bio = BIO_new_mem_buf(indata, sigpos + siglen);
unsigned int real_pe_checksum = calc_pe_checksum(bio, peheader); unsigned int real_pe_checksum = calc_pe_checksum(bio, peheader);
BIO_free(bio);
if (pe_checksum && pe_checksum != real_pe_checksum) if (pe_checksum && pe_checksum != real_pe_checksum)
ret = 1; ret = 1;
printf("Calculated PE checksum: %08X%s\n\n", real_pe_checksum, printf("Calculated PE checksum: %08X%s\n\n", real_pe_checksum,
ret ? " MISMATCH!!!!" : ""); ret ? " MISMATCH!!!!" : "");
if (siglen == 0) { if (siglen == 0) {
BIO_free(bio);
printf("No signature found.\n\n"); printf("No signature found.\n\n");
return ret; return ret;
} }
@ -904,7 +905,6 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
} }
if (mdtype == -1) { if (mdtype == -1) {
BIO_free(bio);
printf("Failed to extract current message digest\n\n"); printf("Failed to extract current message digest\n\n");
return; return;
} }
@ -915,14 +915,17 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
tohex(mdbuf, hexbuf, EVP_MD_size(md)); tohex(mdbuf, hexbuf, EVP_MD_size(md));
printf("Current message digest : %s\n", hexbuf); printf("Current message digest : %s\n", hexbuf);
bio = BIO_new_mem_buf(indata, sigpos + siglen);
calc_pe_digest(bio, md, mdbuf, peheader, pe32plus, sigpos); calc_pe_digest(bio, md, mdbuf, peheader, pe32plus, sigpos);
printf("Calculated message digest : %s\n\n", hexbuf);
BIO_free(bio); BIO_free(bio);
tohex(mdbuf, hexbuf, EVP_MD_size(md));
printf("Calculated message digest : %s\n\n", hexbuf);
if (phlen > 0) { if (phlen > 0) {
printf("Page hash algorithm: %s\n", OBJ_nid2sn(phtype)); printf("Page hash algorithm: %s\n", OBJ_nid2sn(phtype));
tohex(ph, hexbuf, (phlen < 32) ? phlen : 32); tohex(ph, hexbuf, (phlen < 32) ? phlen : 32);
printf("Page hash : %s ...\n\n", hexbuf); printf("Page hash : %s ...\n\n", hexbuf);
free(ph);
} }
int seqhdrlen = asn1_simple_hdr_len(p7->d.sign->contents->d.other->value.sequence->data, int seqhdrlen = asn1_simple_hdr_len(p7->d.sign->contents->d.other->value.sequence->data,
@ -931,6 +934,7 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen); p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen);
X509_STORE *store = X509_STORE_new(); X509_STORE *store = X509_STORE_new();
int verok = PKCS7_verify(p7, p7->d.sign->cert, store, bio, NULL, PKCS7_NOVERIFY); int verok = PKCS7_verify(p7, p7->d.sign->cert, store, bio, NULL, PKCS7_NOVERIFY);
BIO_free(bio);
/* XXX: add more checks here (attributes, pagehash, timestamp, etc) */ /* XXX: add more checks here (attributes, pagehash, timestamp, etc) */
printf("Signature verification: %s\n\n", verok ? "ok" : "failed"); printf("Signature verification: %s\n\n", verok ? "ok" : "failed");
if (!verok) { if (!verok) {
@ -962,7 +966,6 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
} }
X509_STORE_free(store); X509_STORE_free(store);
BIO_free(bio);
PKCS7_free(p7); PKCS7_free(p7);
printf("\n"); printf("\n");