Changeset 84330 in vbox for trunk/src/VBox/Runtime/common/crypto
- Timestamp:
- May 18, 2020 1:37:00 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/common/crypto/pkcs7-verify.cpp
r84310 r84330 441 441 int rc = VINF_SUCCESS; 442 442 if ( ( hSignerCertSrc == NIL_RTCRSTORE 443 || hSignerCertSrc != hTrustedCerts )443 || hSignerCertSrc != hTrustedCerts ) /** @todo 'hSignerCertSrc != hTrustedCerts' ain't making sense wrt pValidationTime */ 444 444 && !(fFlags & RTCRPKCS7VERIFY_SD_F_TRUST_ALL_CERTS) ) 445 445 { … … 659 659 { 660 660 /* 661 * Validate the signed infos. 661 * Validate the signed infos. The flags may select one particular entry. 662 662 */ 663 RTTIMESPEC const GivenValidationTime = *pValidationTime; 663 664 uint32_t fPrimaryVccFlags = !(fFlags & RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING) 664 665 ? RTCRPKCS7VCC_F_SIGNED_DATA : RTCRPKCS7VCC_F_TIMESTAMP; 666 uint32_t cItems = pSignedData->SignerInfos.cItems; 667 i = 0; 668 if (fFlags & RTCRPKCS7VERIFY_SD_F_HAS_SIGNER_INDEX) 669 { 670 i = (fFlags & RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_MASK) >> RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_SHIFT; 671 cItems = RT_MIN(cItems, i + 1); 672 } 665 673 rc = VERR_CR_PKCS7_NO_SIGNER_INFOS; 666 for ( i = 0; i < pSignedData->SignerInfos.cItems; i++)674 for (; i < cItems; i++) 667 675 { 668 676 PCRTCRPKCS7SIGNERINFO pSignerInfo = pSignedData->SignerInfos.papItems[i]; … … 699 707 rc = VINF_SUCCESS; 700 708 if (!(fFlags & RTCRPKCS7VERIFY_SD_F_USE_SIGNING_TIME_UNVERIFIED)) 701 rc = rtCrPkcs7VerifyCounterSignerInfo(pSigningTimeSigner, pSignerInfo, pSignedData, fFlags, 709 rc = rtCrPkcs7VerifyCounterSignerInfo(pSigningTimeSigner, pSignerInfo, pSignedData, 710 fFlags & ~RTCRPKCS7VERIFY_SD_F_UPDATE_VALIDATION_TIME, 702 711 hAdditionalCerts, hTrustedCerts, &ThisValidationTime, 703 712 pfnVerifyCert, RTCRPKCS7VCC_F_TIMESTAMP, pvUser, pErrInfo); … … 709 718 fDone = RT_SUCCESS(rc) 710 719 || (fFlags & RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT); 720 if ((fFlags & RTCRPKCS7VERIFY_SD_F_UPDATE_VALIDATION_TIME) && fDone) 721 *(PRTTIMESPEC)pValidationTime = ThisValidationTime; 711 722 } 712 723 else … … 743 754 fDone = RT_SUCCESS(rc) 744 755 || (fFlags & RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_MS_TIMESTAMP_IF_PRESENT); 756 if ((fFlags & RTCRPKCS7VERIFY_SD_F_UPDATE_VALIDATION_TIME) && fDone) 757 *(PRTTIMESPEC)pValidationTime = ThisValidationTime; 745 758 } 746 759 else … … 758 771 if (!fDone) 759 772 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts, hTrustedCerts, 760 pValidationTime, pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo);773 &GivenValidationTime, pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo); 761 774 RTCrDigestRelease(hThisDigest); 762 775 if (RT_FAILURE(rc)) … … 785 798 if (fFlags & RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING) 786 799 return rc; 800 /** @todo figure out if we can verify just one signer info item using OpenSSL. */ 801 if (!(fFlags & RTCRPKCS7VERIFY_SD_F_HAS_SIGNER_INDEX) && pSignedData->SignerInfos.cItems > 1) 802 return rc; 803 787 804 int rcOssl = rtCrPkcs7VerifySignedDataUsingOpenSsl(pContentInfo, fFlags, hAdditionalCerts, hTrustedCerts, 788 805 pvContent, cbContent, RT_SUCCESS(rc) ? pErrInfo : NULL);
Note:
See TracChangeset
for help on using the changeset viewer.
