Changeset 95668 in vbox for trunk/src/VBox/Runtime/common/crypto

Timestamp:

Jul 16, 2022 3:43:25 AM (3 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

152317

Message:

IPRT/RTCrPkcs7: Split out RTCrPkcs7Attributes_HashAttributes from verification. bugref:8691

Location:

trunk/src/VBox/Runtime/common/crypto

Files:

• pkcs7-core.cpp (modified) (2 diffs)
• pkcs7-verify.cpp (modified) (1 diff)

trunk/src/VBox/Runtime/common/crypto/pkcs7-core.cpp

@@ -33 +33 @@
 
 #include <iprt/errcore.h>
+#include <iprt/mem.h>
 #include <iprt/string.h>
+#include <iprt/crypto/digest.h>
 #include <iprt/crypto/tsp.h>
 
 #include "pkcs7-internal.h"
 
-
-/*
- * PCKS #7 SignerInfo
+/*
+ * PKCS #7 Attributes
+ */
+
+RTDECL(int) RTCrPkcs7Attributes_HashAttributes(PRTCRPKCS7ATTRIBUTES pAttributes, RTCRDIGEST hDigest, PRTERRINFO pErrInfo)
+{
+    /* ASSUMES that the attributes are encoded according to DER. */
+    uint8_t const  *pbData;
+    uint32_t        cbData;
+    void           *pvFree = NULL;
+    int rc = RTAsn1EncodeQueryRawBits(RTCrPkcs7Attributes_GetAsn1Core(pAttributes),
+                                      &pbData, &cbData, &pvFree, pErrInfo);
+    if (RT_SUCCESS(rc))
+    {
+        uint8_t bSetOfTag = ASN1_TAG_SET | ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED;
+        rc = RTCrDigestUpdate(hDigest, &bSetOfTag, sizeof(bSetOfTag)); /* Replace the implict tag with a SET-OF tag. */
+        if (RT_SUCCESS(rc))
+            rc = RTCrDigestUpdate(hDigest, pbData + sizeof(bSetOfTag), cbData - sizeof(bSetOfTag)); /* Skip the implicit tag. */
+        if (RT_SUCCESS(rc))
+            rc = RTCrDigestFinal(hDigest, NULL, 0);
+        else
+            RTErrInfoSet(pErrInfo, rc, "RTCrDigestUpdate failed");
+        RTMemTmpFree(pvFree);
+    }
+    return rc;
+}
+
+
+/*
+ * PKCS #7 SignerInfo
  */
 
@@ -177 +206 @@
 
 /*
- * PCKS #7 ContentInfo.
+ * PKCS #7 ContentInfo.
  */
 

trunk/src/VBox/Runtime/common/crypto/pkcs7-verify.cpp

@@ -328 +328 @@
         *phDigest = hDigest;
 
-        /* ASSUMES that the attributes are encoded according to DER. */
-        uint8_t const  *pbData;
-        uint32_t        cbData;
-        void           *pvFree = NULL;
-        rc = RTAsn1EncodeQueryRawBits(RTCrPkcs7Attributes_GetAsn1Core(&pSignerInfo->AuthenticatedAttributes),
-                                      &pbData, &cbData, &pvFree, pErrInfo);
-        if (RT_SUCCESS(rc))
-        {
-            uint8_t bSetOfTag = ASN1_TAG_SET | ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED;
-            rc = RTCrDigestUpdate(hDigest, &bSetOfTag, sizeof(bSetOfTag)); /* Replace the implict tag with a SET-OF tag. */
-            if (RT_SUCCESS(rc))
-                rc = RTCrDigestUpdate(hDigest, pbData + sizeof(bSetOfTag), cbData - sizeof(bSetOfTag)); /* Skip the implicit tag. */
-            if (RT_SUCCESS(rc))
-                rc = RTCrDigestFinal(hDigest, NULL, 0);
-            RTMemTmpFree(pvFree);
-        }
+        /** @todo The encoding step modifies the data, contradicting the const-ness
+         *        of the parameter. */
+        rc = RTCrPkcs7Attributes_HashAttributes((PRTCRPKCS7ATTRIBUTES)&pSignerInfo->AuthenticatedAttributes, hDigest, pErrInfo);
     }
     return rc;