Changeset 86549 in vbox for trunk/include/iprt

Timestamp:

Oct 12, 2020 11:59:53 PM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

140868

Message:

SUPHardNt,IPRT: If there are nested signatures (i.e. more than one signature), don't get grumpy if there are time or cert path issues with some of them, as long as one or more checks out perfectly. (Mind, all the signature data must check out, it's just the cert path or signing time we're relaxing here.) ticketref:19743 bugref:3103

File:

• trunk/include/iprt/ldr.h (modified) (1 diff)

trunk/include/iprt/ldr.h

@@ -1208 +1208 @@
 
 /**
+ * Signature information provided by FNRTLDRVALIDATESIGNEDDATA.
+ */
+typedef struct RTLDRSIGNATUREINFO
+{
+    /** The signature number (0-based). */
+    uint16_t            iSignature;
+    /** The total number of signatures. */
+    uint16_t            cSignatures;
+    /** Sginature format type. */
+    RTLDRSIGNATURETYPE  enmType;
+    /** The signature data (formatted according to enmType). */
+    void const         *pvSignature;
+    /** The size of the buffer pvSignature points to. */
+    size_t              cbSignature;
+    /** Pointer to the signed data, if external.
+     * NULL if the data is internal to the signature structure. */
+    void const         *pvExternalData;
+    /** Size of the signed data, if external.
+     * 0 if internal to the signature structure. */
+    size_t              cbExternalData;
+} RTLDRSIGNATUREINFO;
+/** Pointer to a signature structure. */
+typedef RTLDRSIGNATUREINFO *PRTLDRSIGNATUREINFO;
+/** Pointer to a const signature structure. */
+typedef RTLDRSIGNATUREINFO const *PCRTLDRSIGNATUREINFO;
+
+/**
  * Callback used by RTLdrVerifySignature to verify the signature and associated
  * certificates.
  *
- * @returns IPRT status code.
+ * This is called multiple times when the executable contains more than one
+ * signature (PE only at the moment).  The RTLDRSIGNATUREINFO::cSignatures gives
+ * the total number of signatures (and thereby callbacks) and
+ * RTLDRSIGNATUREINFO::iSignature indicates the current one.
+ *
+ * @returns IPRT status code.  A status code other than VINF_SUCCESS will
+ *          prevent callbacks the remaining signatures (if any).
  * @param   hLdrMod         The module handle.
  * @param   enmSignature    The signature format.
- * @param   pvSignature     The signature data. Format given by @a enmSignature.
- * @param   cbSignature     The size of the buffer @a pvSignature points to.
- * @param   pvExternalData  Pointer to the signed data, if external. NULL if the
- *                          data is internal to the signature structure.
- * @param   cbExternalData Size of the signed data, if external.  0 if
- *                          internal to the signature structure.
+ * @param   pInfo           Signature information.
  * @param   pErrInfo        Pointer to an error info buffer, optional.
  * @param   pvUser          User argument.
  *
  */
-typedef DECLCALLBACKTYPE(int, FNRTLDRVALIDATESIGNEDDATA,(RTLDRMOD hLdrMod, RTLDRSIGNATURETYPE enmSignature,
-                                                         void const *pvSignature, size_t cbSignature,
-                                                         void const *pvExternalData, size_t cbExternalData,
+typedef DECLCALLBACKTYPE(int, FNRTLDRVALIDATESIGNEDDATA,(RTLDRMOD hLdrMod, PCRTLDRSIGNATUREINFO pInfo,
                                                          PRTERRINFO pErrInfo, void *pvUser));
 /** Pointer to a signature verification callback. */