Changeset 52538 in vbox

Timestamp:

Aug 31, 2014 8:19:13 PM (10 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

95793

Message:

IPRT,SUP: First part of timestamp counter signatures support.

File:

• trunk/src/VBox/Runtime/tools/RTSignTool.cpp (modified) (3 diffs)

trunk/src/VBox/Runtime/tools/RTSignTool.cpp

@@ -275 +275 @@
 
 /**
- * @callback_method_impl{RTCRPKCS7VERIFYCERTCALLBACK,
+ * @callback_method_impl{FNRTCRPKCS7VERIFYCERTCALLBACK,
  * Standard code signing.  Use this for Microsoft SPC.}
  */
-static DECLCALLBACK(int) VerifyExecCertVerifyCallback(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths,
+static DECLCALLBACK(int) VerifyExecCertVerifyCallback(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths, uint32_t fFlags,
                                                       void *pvUser, PRTERRINFO pErrInfo)
 {
@@ -315 +315 @@
      * Standard code signing capabilites required.
      */
-    int rc = RTCrPkcs7VerifyCertCallbackCodeSigning(pCert, hCertPaths, NULL, pErrInfo);
-    if (RT_SUCCESS(rc))
+    int rc = RTCrPkcs7VerifyCertCallbackCodeSigning(pCert, hCertPaths, fFlags, NULL, pErrInfo);
+    if (   RT_SUCCESS(rc)
+        && (fFlags & RTCRPKCS7VCC_F_SIGNED_DATA))
     {
         /*
@@ -401 +402 @@
              * the authenticode policies into account.
              */
-            return RTCrPkcs7VerifySignedData(pContentInfo, 0, pState->hAdditionalStore, pState->hRootStore, &ValidationTime,
+            return RTCrPkcs7VerifySignedData(pContentInfo,
+                                             RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE_SIGNING_TIME_ONLY
+                                             | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT,
+                                             pState->hAdditionalStore, pState->hRootStore, &ValidationTime,
                                              VerifyExecCertVerifyCallback, pState, pErrInfo);
         }