nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

code simplification

Browse Source 
Avoid re-implementing common library functions.
This commit is contained in:
Michał Trojnara 2018-12-08 21:55:15 +01:00
parent 693ac8c476
commit db559c4769
1 changed files with 24 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
osslsigncode.c
View File

@ -1153,101 +1153,60 @@ static void recalc_pe_checksum(BIO *bio, unsigned int peheader)
BIO_write(bio, buf, 4); BIO_write(bio, buf, 4);
} }
static unsigned char nib2val(unsigned char c)
{
if (c >= '0' && c <= '9') {
return c - '0';
} else if (c >= 'a' && c <= 'f') {
return c - 'a' + 10;
} else if (c >= 'A' && c <= 'F') {
return c - 'A' + 10;
}
printf("Illegal hex value: '%x'\n", c);
return 0;
}
static int verify_leaf_hash(X509 *leaf, const char *leafhash) static int verify_leaf_hash(X509 *leaf, const char *leafhash)
{ {
char *lhdup = NULL;
char *orig = NULL;
char *mdid = NULL;
char *hash = NULL;
int ret = 0; int ret = 0;
unsigned char *mdbuf = NULL;
lhdup = strdup(leafhash); /* decode the provided hash */
orig = lhdup; char *mdid = OPENSSL_strdup(leafhash);
mdid = lhdup; char *hash = index(mdid, ':');
while (lhdup != NULL && *lhdup != '\0') {
if (*lhdup == ':') {
*lhdup = '\0';
++lhdup;
hash = lhdup;
break;
}
++lhdup;
}
lhdup = orig;
if (hash == NULL) { if (hash == NULL) {
printf("Unable to parse -require-leaf-hash parameter: %s\n\n", orig); printf("Unable to parse -require-leaf-hash parameter: %s\n", leafhash);
ret = 1; ret = 1;
goto out; goto out;
} }
*hash++ = '\0';
const EVP_MD *md = EVP_get_digestbyname(mdid); const EVP_MD *md = EVP_get_digestbyname(mdid);
if (md == NULL) { if (md == NULL) {
printf("Unable to lookup digest by name '%s'\n", mdid); printf("Unable to lookup digest by name '%s'\n", mdid);
ret = 1; ret = 1;
goto out; goto out;
} }
long mdlen = 0;
unsigned long sz = EVP_MD_size(md); mdbuf = OPENSSL_hexstr2buf(hash, &mdlen);
unsigned long actual = strlen(hash); if (mdlen != EVP_MD_size(md)) {
if (actual%2 != 0) { printf("Hash length mismatch: '%s' digest must be %d bytes long (got %ld bytes)\n",
printf("Hash length mismatch: length is uneven.\n"); mdid, EVP_MD_size(md), mdlen);
ret = 1;
goto out;
}
actual /= 2;
if (actual != sz) {
printf("Hash length mismatch: '%s' digest must be %lu bytes long (got %lu bytes)\n", mdid, sz, actual);
ret = 1; ret = 1;
goto out; goto out;
} }
unsigned char mdbuf[EVP_MAX_MD_SIZE]; /* compute the leaf certificate hash */
unsigned char cmdbuf[EVP_MAX_MD_SIZE];
int i = 0, j = 0;
while (i < sz*2) {
unsigned char x;
x = nib2val(hash[i+1]);
x |= nib2val(hash[i]) << 4;
mdbuf[j] = x;
i += 2;
j += 1;
}
unsigned long certlen = i2d_X509(leaf, NULL);
unsigned char *certbuf = malloc(certlen);
unsigned char *tmp = certbuf;
i2d_X509(leaf, &tmp);
EVP_MD_CTX *ctx = EVP_MD_CTX_create(); EVP_MD_CTX *ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, md, NULL); EVP_DigestInit_ex(ctx, md, NULL);
size_t certlen = i2d_X509(leaf, NULL);
unsigned char *certbuf = OPENSSL_malloc(certlen);
unsigned char *tmp = certbuf;
i2d_X509(leaf, &tmp);
EVP_DigestUpdate(ctx, certbuf, certlen); EVP_DigestUpdate(ctx, certbuf, certlen);
OPENSSL_free(certbuf);
unsigned char cmdbuf[EVP_MAX_MD_SIZE];
EVP_DigestFinal_ex(ctx, cmdbuf, NULL); EVP_DigestFinal_ex(ctx, cmdbuf, NULL);
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx);
free(certbuf); /* compare the provided hash against the computed hash */
if (memcmp(mdbuf, cmdbuf, EVP_MD_size(md))) { if (memcmp(mdbuf, cmdbuf, EVP_MD_size(md))) {
char *hexstr = OPENSSL_buf2hexstr(cmdbuf, EVP_MD_size(md));
printf("Hash value mismatch: %s computed\n", hexstr);
OPENSSL_free(hexstr);
ret = 1; ret = 1;
goto out; goto out;
} }
out: out:
free(lhdup); OPENSSL_free(mdid);
OPENSSL_free(mdbuf);
return ret; return ret;
} }