Updated authenticode-parser to the latest version

avast · Jan 31, 2024 · 094a373 · 094a373
1 parent 153690d
commit 094a373
Show file tree

Hide file tree

Showing 6 changed files with 347 additions and 52 deletions.
diff --git a/deps/authenticode-parser/include/authenticode-parser/authenticode.h b/deps/authenticode-parser/include/authenticode-parser/authenticode.h
@@ -106,8 +106,8 @@ typedef struct {
     char* key_alg;            /* Name of the key algorithm */
     char* sig_alg;            /* Name of the signature algorithm */
     char* sig_alg_oid;        /* OID of the signature algorithm */
-    time_t not_before;        /* NotBefore validity */
-    time_t not_after;         /* NotAfter validity */
+    int64_t not_before;       /* NotBefore validity */
+    int64_t not_after;        /* NotAfter validity */
     char* key;                /* PEM encoded public key */
     Attributes issuer_attrs;  /* Parsed X509 Attributes of Issuer */
     Attributes subject_attrs; /* Parsed X509 Attributes of Subject */
@@ -120,7 +120,7 @@ typedef struct {
 
 typedef struct {
     int verify_flags;        /* COUNTERISGNATURE_VFY_ flag */
-    time_t sign_time;        /* Signing time of the timestamp countersignature */
+    int64_t sign_time;       /* Signing time of the timestamp countersignature */
     char* digest_alg;        /* Name of the digest algorithm used */
     ByteArray digest;        /* Stored message digest */
     CertificateArray* chain; /* Certificate chain of the signer */
@@ -190,7 +190,7 @@ AuthenticodeArray* parse_authenticode(const uint8_t* pe_data, uint64_t pe_len);
  * @param len
  * @return AuthenticodeArray*
  */
-AuthenticodeArray* authenticode_new(const uint8_t* data, long len);
+AuthenticodeArray* authenticode_new(const uint8_t* data, int32_t len);
 
 /**
  * @brief Deallocates AuthenticodeArray and all it's allocated members

diff --git a/deps/authenticode-parser/src/authenticode.c b/deps/authenticode-parser/src/authenticode.c
@@ -22,6 +22,7 @@ SOFTWARE.
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include <openssl/opensslv.h>
 #include <openssl/ossl_typ.h>
 #include <openssl/pkcs7.h>
 #include <openssl/safestack.h>
@@ -274,7 +275,8 @@ static bool authenticode_verify(PKCS7* p7, PKCS7_SIGNER_INFO* si, X509* signCert
 }
 
 /* Creates all the Authenticode objects so we can parse them with OpenSSL, is not thread-safe, needs
- * to be called once before any multi-threading environmentt - https://github.com/openssl/openssl/issues/13524 */
+ * to be called once before any multi-threading environmentt -
+ * https://github.com/openssl/openssl/issues/13524 */
 void initialize_authenticode_parser()
 {
     OBJ_create("1.3.6.1.4.1.311.2.1.12", "spcSpOpusInfo", "SPC_SP_OPUS_INFO_OBJID");
@@ -285,9 +287,9 @@ void initialize_authenticode_parser()
 
 /* Return array of Authenticode signatures stored in the data, there can be multiple
  * of signatures as Authenticode signatures are often nested through unauth attributes */
-AuthenticodeArray* authenticode_new(const uint8_t* data, long len)
+AuthenticodeArray* authenticode_new(const uint8_t* data, int32_t len)
 {
-    if (!data || len == 0)
+    if (!data || len <= 0)
         return NULL;
 
     AuthenticodeArray* result = (AuthenticodeArray*)calloc(1, sizeof(*result));
@@ -318,7 +320,7 @@ AuthenticodeArray* authenticode_new(const uint8_t* data, long len)
     }
 
     /* We expect SignedData type of PKCS7 */
-    if (!PKCS7_type_is_signed(p7)) {
+    if (!PKCS7_type_is_signed(p7) || !p7->d.sign) {
         auth->verify_flags = AUTHENTICODE_VFY_WRONG_PKCS7_TYPE;
         goto end;
     }
@@ -567,7 +569,8 @@ AuthenticodeArray* parse_authenticode(const uint8_t* pe_data, uint64_t pe_len)
     uint32_t dwLength = letoh32(*(uint32_t*)(pe_data + cert_addr));
     if (pe_len < cert_addr + dwLength)
         return NULL;
-    /* dwLength = offsetof(WIN_CERTIFICATE, bCertificate) + (size of the variable-length binary array contained within bCertificate) */
+    /* dwLength = offsetof(WIN_CERTIFICATE, bCertificate) + (size of the variable-length binary
+     * array contained within bCertificate) */
     AuthenticodeArray* auth_array = authenticode_new(pe_data + cert_addr + 0x8, dwLength - 0x8);
     if (!auth_array)
         return NULL;

diff --git a/deps/authenticode-parser/src/certificate.c b/deps/authenticode-parser/src/certificate.c
@@ -24,6 +24,7 @@ SOFTWARE.
 #include <openssl/asn1.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
+#include <openssl/opensslv.h>
 #include <openssl/sha.h>
 #include <openssl/x509.h>
 #include <string.h>
@@ -308,8 +309,8 @@ Certificate* certificate_new(X509* x509)
 
     result->version = X509_get_version(x509);
     result->serial = integer_to_serial(X509_get_serialNumber(x509));
-    result->not_after = ASN1_TIME_to_time_t(X509_get0_notAfter(x509));
-    result->not_before = ASN1_TIME_to_time_t(X509_get0_notBefore(x509));
+    result->not_after = ASN1_TIME_to_int64_t(X509_get0_notAfter(x509));
+    result->not_before = ASN1_TIME_to_int64_t(X509_get0_notBefore(x509));
     int sig_nid = X509_get_signature_nid(x509);
     result->sig_alg = strdup(OBJ_nid2ln(sig_nid));