nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

clarifying comments

Browse Source
This commit is contained in:
olszomal 2021-05-14 11:31:28 +02:00 committed by Michał Trojnara
parent d2aa35a7f6
commit e26a50a618
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
osslsigncode.c
View File

@ -717,6 +717,9 @@ static SpcSpOpusInfo *createOpus(const char *desc, const char *url)
return info; return info;
} }
/*
* Return the header length (tag and length octets) of the ASN.1 type
*/
static size_t asn1_simple_hdr_len(const unsigned char *p, size_t len) static size_t asn1_simple_hdr_len(const unsigned char *p, size_t len)
{ {
if (len <= 2 || p[0] > 0x31) if (len <= 2 || p[0] > 0x31)
@ -2716,7 +2719,6 @@ static int verify_authenticode(SIGNATURE *signature, GLOBAL_OPTIONS *options, X5
{ {
X509_STORE *store; X509_STORE *store;
STACK_OF(X509_CRL) *crls; STACK_OF(X509_CRL) *crls;
size_t seqhdrlen = 0;
BIO *bio = NULL; BIO *bio = NULL;
int verok = 0; int verok = 0;
@ -2736,11 +2738,17 @@ static int verify_authenticode(SIGNATURE *signature, GLOBAL_OPTIONS *options, X5
/* verify a PKCS#7 signedData structure */ /* verify a PKCS#7 signedData structure */
if (signature->p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE) { if (signature->p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE) {
/* only verify the contents of the sequence */
size_t seqhdrlen;
seqhdrlen = asn1_simple_hdr_len(signature->p7->d.sign->contents->d.other->value.sequence->data, seqhdrlen = asn1_simple_hdr_len(signature->p7->d.sign->contents->d.other->value.sequence->data,
signature->p7->d.sign->contents->d.other->value.sequence->length); signature->p7->d.sign->contents->d.other->value.sequence->length);
bio = BIO_new_mem_buf(signature->p7->d.sign->contents->d.other->value.sequence->data + seqhdrlen,
signature->p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen);
} else {
/* verify the entire value */
bio = BIO_new_mem_buf(signature->p7->d.sign->contents->d.other->value.sequence->data,
signature->p7->d.sign->contents->d.other->value.sequence->length);
} }
bio = BIO_new_mem_buf(signature->p7->d.sign->contents->d.other->value.sequence->data + seqhdrlen,
signature->p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen);
if (!PKCS7_verify(signature->p7, NULL, store, bio, NULL, 0)) { if (!PKCS7_verify(signature->p7, NULL, store, bio, NULL, 0)) {
printf("\nPKCS7_verify error\n"); printf("\nPKCS7_verify error\n");
X509_STORE_free(store); X509_STORE_free(store);