nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

Use BIO_f_md instead of EVP_MD_CTX to calculate timestamp, page hash and leaf hash

Browse Source
This commit is contained in:
olszomal 2023-02-06 09:47:31 +01:00 committed by Michał Trojnara
parent c5ad70d31a
commit bde67ec1e2
1 changed files with 51 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
osslsigncode.c
View File

@ -860,9 +860,8 @@ static BIO *encode_rfc3161_request(PKCS7 *sig, const EVP_MD *md)
{ {
PKCS7_SIGNER_INFO *si; PKCS7_SIGNER_INFO *si;
u_char mdbuf[EVP_MAX_MD_SIZE]; u_char mdbuf[EVP_MAX_MD_SIZE];
EVP_MD_CTX *mdctx;
TimeStampReq *req; TimeStampReq *req;
BIO *bout; BIO *bout, *bhash;
u_char *p; u_char *p;
int len; int len;
STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(sig); STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(sig);
@ -873,15 +872,16 @@ static BIO *encode_rfc3161_request(PKCS7 *sig, const EVP_MD *md)
if (!si) if (!si)
return NULL; /* FAILED */ return NULL; /* FAILED */
mdctx = EVP_MD_CTX_new(); bhash = BIO_new(BIO_f_md());
if (!EVP_DigestInit(mdctx, md)) { if (!BIO_set_md(bhash, md)) {
EVP_MD_CTX_free(mdctx); printf("Unable to set the message digest of BIO\n");
printf("Unable to set up the digest context\n"); BIO_free_all(bhash);
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
EVP_DigestUpdate(mdctx, si->enc_digest->data, (size_t)si->enc_digest->length); BIO_push(bhash, BIO_new(BIO_s_null()));
EVP_DigestFinal(mdctx, mdbuf, NULL); BIO_write(bhash, si->enc_digest->data, si->enc_digest->length);
EVP_MD_CTX_free(mdctx); BIO_gets(bhash, mdbuf, EVP_MD_size(md));
BIO_free_all(bhash);
req = TimeStampReq_new(); req = TimeStampReq_new();
ASN1_INTEGER_set(req->version, 1); ASN1_INTEGER_set(req->version, 1);
@ -1569,7 +1569,7 @@ static u_char *pe_calc_page_hash(char *indata, uint32_t header_size,
u_char *res, *zeroes; u_char *res, *zeroes;
char *sections; char *sections;
const EVP_MD *md = EVP_get_digestbynid(phtype); const EVP_MD *md = EVP_get_digestbynid(phtype);
EVP_MD_CTX *mdctx; BIO *bhash;
/* NumberOfSections indicates the size of the section table, /* NumberOfSections indicates the size of the section table,
* which immediately follows the headers. */ * which immediately follows the headers. */
@ -1613,21 +1613,24 @@ static u_char *pe_calc_page_hash(char *indata, uint32_t header_size,
pphlen = 4 + EVP_MD_size(md); pphlen = 4 + EVP_MD_size(md);
phlen = pphlen * (3 + (int)nsections + (int)(sigpos / pagesize)); phlen = pphlen * (3 + (int)nsections + (int)(sigpos / pagesize));
mdctx = EVP_MD_CTX_new(); bhash = BIO_new(BIO_f_md());
if (!EVP_DigestInit(mdctx, md)) { if (!BIO_set_md(bhash, md)) {
EVP_MD_CTX_free(mdctx); printf("Unable to set the message digest of BIO\n");
printf("Unable to set up the digest context\n"); BIO_free_all(bhash);
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
res = OPENSSL_malloc((size_t)phlen); res = OPENSSL_malloc((size_t)phlen);
zeroes = OPENSSL_zalloc((size_t)pagesize); zeroes = OPENSSL_zalloc((size_t)pagesize);
EVP_DigestUpdate(mdctx, indata, header_size + 88);
EVP_DigestUpdate(mdctx, indata + header_size + 92, 60 + pe32plus*16); BIO_push(bhash, BIO_new(BIO_s_null()));
EVP_DigestUpdate(mdctx, indata + header_size + 160 + pe32plus*16, BIO_write(bhash, indata, header_size + 88);
BIO_write(bhash, indata + header_size + 92, 60 + pe32plus*16);
BIO_write(bhash, indata + header_size + 160 + pe32plus*16,
hdrsize - (header_size + 160 + pe32plus*16)); hdrsize - (header_size + 160 + pe32plus*16));
EVP_DigestUpdate(mdctx, zeroes, pagesize - hdrsize); BIO_write(bhash, zeroes, pagesize - hdrsize);
memset(res, 0, 4); memset(res, 0, 4);
EVP_DigestFinal(mdctx, res + 4, NULL); BIO_gets(bhash, res + 4, EVP_MD_size(md));
BIO_free_all(bhash);
sections = indata + header_size + 24 + opthdr_size; sections = indata + header_size + 24 + opthdr_size;
for (i=0; i<nsections; i++) { for (i=0; i<nsections; i++) {
@ -1639,25 +1642,25 @@ static u_char *pe_calc_page_hash(char *indata, uint32_t header_size,
} }
for (l=0; l < rs; l+=pagesize, pi++) { for (l=0; l < rs; l+=pagesize, pi++) {
PUT_UINT32_LE(ro + l, res + pi*pphlen); PUT_UINT32_LE(ro + l, res + pi*pphlen);
if (!EVP_DigestInit(mdctx, md)) { bhash = BIO_new(BIO_f_md());
EVP_MD_CTX_free(mdctx); if (!BIO_set_md(bhash, md)) {
OPENSSL_free(res); printf("Unable to set the message digest of BIO\n");
OPENSSL_free(zeroes); BIO_free_all(bhash);
printf("Unable to set up the digest context\n"); return NULL; /* FAILED */
return NULL; /* FAILED */
} }
BIO_push(bhash, BIO_new(BIO_s_null()));
if (rs - l < pagesize) { if (rs - l < pagesize) {
EVP_DigestUpdate(mdctx, indata + ro + l, rs - l); BIO_write(bhash, indata + ro + l, rs - l);
EVP_DigestUpdate(mdctx, zeroes, pagesize - (rs - l)); BIO_write(bhash, zeroes, pagesize - (rs - l));
} else { } else {
EVP_DigestUpdate(mdctx, indata + ro + l, pagesize); BIO_write(bhash, indata + ro + l, pagesize);
} }
EVP_DigestFinal(mdctx, res + pi*pphlen + 4, NULL); BIO_gets(bhash, res + pi*pphlen + 4, EVP_MD_size(md));
} }
lastpos = ro + rs; lastpos = ro + rs;
sections += 40; sections += 40;
} }
EVP_MD_CTX_free(mdctx); BIO_free_all(bhash);
PUT_UINT32_LE(lastpos, res + pi*pphlen); PUT_UINT32_LE(lastpos, res + pi*pphlen);
memset(res + pi*pphlen + 4, 0, (size_t)EVP_MD_size(md)); memset(res + pi*pphlen + 4, 0, (size_t)EVP_MD_size(md));
pi++; pi++;
@ -2004,6 +2007,7 @@ static int verify_leaf_hash(X509 *leaf, const char *leafhash)
long mdlen = 0; long mdlen = 0;
EVP_MD_CTX *ctx; EVP_MD_CTX *ctx;
size_t certlen; size_t certlen;
BIO *bhash = BIO_new(BIO_f_md());
/* decode the provided hash */ /* decode the provided hash */
char *mdid = OPENSSL_strdup(leafhash); char *mdid = OPENSSL_strdup(leafhash);
@ -2025,29 +2029,27 @@ static int verify_leaf_hash(X509 *leaf, const char *leafhash)
goto out; goto out;
} }
/* compute the leaf certificate hash */ /* compute the leaf certificate hash */
ctx = EVP_MD_CTX_new(); if (!BIO_set_md(bhash, md)) {
if (!EVP_DigestInit(ctx, md)) { printf("Unable to set the message digest of BIO\n");
EVP_MD_CTX_free(ctx);
printf("Unable to set up the digest context\n");
goto out; goto out;
} }
BIO_push(bhash, BIO_new(BIO_s_null()));
certlen = (size_t)i2d_X509(leaf, NULL); certlen = (size_t)i2d_X509(leaf, NULL);
certbuf = OPENSSL_malloc(certlen); certbuf = OPENSSL_malloc(certlen);
tmp = certbuf; tmp = certbuf;
i2d_X509(leaf, &tmp); i2d_X509(leaf, &tmp);
EVP_DigestUpdate(ctx, certbuf, certlen); BIO_write(bhash, certbuf, certlen);
BIO_gets(bhash, cmdbuf, EVP_MD_size(md));
OPENSSL_free(certbuf); OPENSSL_free(certbuf);
EVP_DigestFinal(ctx, cmdbuf, NULL);
EVP_MD_CTX_free(ctx);
/* compare the provided hash against the computed hash */ /* compare the provided hash against the computed hash */
if (memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md))) { if (memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md))) {
print_hash("\nLeaf hash value mismatch", "computed", cmdbuf, EVP_MD_size(md)); print_hash("\nLeaf hash value mismatch", "computed", cmdbuf, EVP_MD_size(md));
goto out; goto out;
} }
ret = 0; /* OK */ ret = 0; /* OK */
out: out:
BIO_free_all(bhash);
OPENSSL_free(mdid); OPENSSL_free(mdid);
OPENSSL_free(mdbuf); OPENSSL_free(mdbuf);
return ret; return ret;
@ -2687,8 +2689,8 @@ static int TST_verify(CMS_ContentInfo *timestamp, PKCS7_SIGNER_INFO *si)
const u_char *p = NULL; const u_char *p = NULL;
u_char mdbuf[EVP_MAX_MD_SIZE]; u_char mdbuf[EVP_MAX_MD_SIZE];
const EVP_MD *md; const EVP_MD *md;
EVP_MD_CTX *mdctx;
int md_nid; int md_nid;
BIO *bhash;
pos = CMS_get0_content(timestamp); pos = CMS_get0_content(timestamp);
if (pos != NULL && *pos != NULL) { if (pos != NULL && *pos != NULL) {
@ -2698,15 +2700,16 @@ static int TST_verify(CMS_ContentInfo *timestamp, PKCS7_SIGNER_INFO *si)
/* compute a hash from the encrypted message digest value of the file */ /* compute a hash from the encrypted message digest value of the file */
md_nid = OBJ_obj2nid(token->messageImprint->digestAlgorithm->algorithm); md_nid = OBJ_obj2nid(token->messageImprint->digestAlgorithm->algorithm);
md = EVP_get_digestbynid(md_nid); md = EVP_get_digestbynid(md_nid);
mdctx = EVP_MD_CTX_new(); bhash = BIO_new(BIO_f_md());
if (!EVP_DigestInit(mdctx, md)) { if (!BIO_set_md(bhash, md)) {
EVP_MD_CTX_free(mdctx); printf("Unable to set the message digest of BIO\n");
printf("Unable to set up the digest context\n"); BIO_free_all(bhash);
return 0; /* FAILED */ return 0; /* FAILED */
} }
EVP_DigestUpdate(mdctx, si->enc_digest->data, (size_t)si->enc_digest->length); BIO_push(bhash, BIO_new(BIO_s_null()));
EVP_DigestFinal(mdctx, mdbuf, NULL); BIO_write(bhash, si->enc_digest->data, (size_t)si->enc_digest->length);
EVP_MD_CTX_free(mdctx); BIO_gets(bhash, mdbuf, EVP_MD_size(md));
BIO_free_all(bhash);
/* compare the provided hash against the computed hash */ /* compare the provided hash against the computed hash */
hash = token->messageImprint->digest; hash = token->messageImprint->digest;