...
|
...
|
@@ -108,7 +108,8 @@ int asn1_expect_algo(fmap_t *map, void **asn1data, unsigned int *asn1len, unsign
|
108
|
108
|
return 0;
|
109
|
109
|
}
|
110
|
110
|
|
111
|
|
-int asn1_expect_sha1rsa(fmap_t *map, void **asn1data, unsigned int *asn1len) {
|
|
111
|
+
|
|
112
|
+int asn1_expect_rsa(fmap_t *map, void **asn1data, unsigned int *asn1len) {
|
112
|
113
|
struct cli_asn1 obj;
|
113
|
114
|
unsigned int avail;
|
114
|
115
|
int ret;
|
...
|
...
|
@@ -120,25 +121,22 @@ int asn1_expect_sha1rsa(fmap_t *map, void **asn1data, unsigned int *asn1len) {
|
120
|
120
|
if(asn1_get_obj(map, obj.content, &avail, &obj))
|
121
|
121
|
return 1;
|
122
|
122
|
if(obj.type != 0x06 || (obj.size != 5 && obj.size != 9)) {
|
123
|
|
- cli_dbgmsg("asn1_expect_sha1rsa: expecting OID with size 5 or 9, got %02x with size %u\n", obj.type, obj.size);
|
|
123
|
+ cli_dbgmsg("asn1_expect_rsa: expecting OID with size 5 or 9, got %02x with size %u\n", obj.type, obj.size);
|
124
|
124
|
return 1;
|
125
|
125
|
}
|
126
|
126
|
if(!fmap_need_ptr_once(map, obj.content, obj.size)) {
|
127
|
|
- cli_dbgmsg("asn1_expect_sha1rsa: failed to read OID\n");
|
|
127
|
+ cli_dbgmsg("asn1_expect_rsa: failed to read OID\n");
|
128
|
128
|
return 1;
|
129
|
129
|
}
|
130
|
130
|
|
131
|
|
- if((obj.size == 5 && memcmp(obj.content, "\x2b\x0e\x03\x02\x1d", 5)) || (obj.size == 9 && memcmp(obj.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05", 9))) {
|
132
|
|
- if(obj.size == 9 && !memcmp(obj.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04", 9))
|
133
|
|
- cli_dbgmsg("asn1_expect_sha1rsa: md5 based cryptography is not supported\n");
|
134
|
|
- else
|
135
|
|
- cli_dbgmsg("asn1_expect_sha1rsa: OID mismatch\n");
|
|
131
|
+ if((obj.size == 5 && memcmp(obj.content, "\x2b\x0e\x03\x02\x1d", 5)) || (obj.size == 9 && memcmp(obj.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05", 9) && memcmp(obj.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04", 9))) {
|
|
132
|
+ cli_dbgmsg("asn1_expect_rsa: OID mismatch\n");
|
136
|
133
|
return 1;
|
137
|
134
|
}
|
138
|
135
|
if((ret = asn1_expect_obj(map, obj.next, &avail, &obj, 0x05, 0, NULL))) /* NULL */
|
139
|
136
|
return ret;
|
140
|
137
|
if(avail) {
|
141
|
|
- cli_dbgmsg("asn1_expect_sha1rsa: extra data found in SEQUENCE\n");
|
|
138
|
+ cli_dbgmsg("asn1_expect_rsa: extra data found in SEQUENCE\n");
|
142
|
139
|
return 1;
|
143
|
140
|
}
|
144
|
141
|
return 0;
|
...
|
...
|
@@ -432,7 +430,7 @@ int asn1_get_x509(fmap_t *map, void **asn1data, unsigned int *size) {
|
432
|
432
|
if(asn1_expect_objtype(map, next, &tbs.size, &obj, 0x02)) /* serialNumber */
|
433
|
433
|
return 1;
|
434
|
434
|
|
435
|
|
- if(asn1_expect_sha1rsa(map, &obj.next, &tbs.size)) /* algo = sha1WithRSAEncryption */
|
|
435
|
+ if(asn1_expect_rsa(map, &obj.next, &tbs.size)) /* algo = sha1WithRSAEncryption | md5WithRSAEncryption */
|
436
|
436
|
return 1;
|
437
|
437
|
|
438
|
438
|
if(asn1_expect_objtype(map, obj.next, &tbs.size, &obj, 0x30)) /* issuer */
|
...
|
...
|
@@ -469,7 +467,7 @@ int asn1_get_x509(fmap_t *map, void **asn1data, unsigned int *size) {
|
469
|
469
|
avail = obj.type - 0xa0;
|
470
|
470
|
}
|
471
|
471
|
|
472
|
|
- if(asn1_expect_sha1rsa(map, &tbs.next, &crt.size)) /* signature algo = sha1WithRSAEncryption */
|
|
472
|
+ if(asn1_expect_rsa(map, &tbs.next, &crt.size)) /* signature algo = sha1WithRSAEncryption | md5WithRSAEncryption */
|
473
|
473
|
return 1;
|
474
|
474
|
|
475
|
475
|
if(asn1_expect_objtype(map, tbs.next, &crt.size, &obj, 0x03)) /* signature */
|
...
|
...
|
@@ -707,10 +705,8 @@ int asn1_parse_mscat(FILE *f) {
|
707
|
707
|
if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0x04)) /* encryptedDigest */
|
708
|
708
|
break;
|
709
|
709
|
|
710
|
|
- if(size) {
|
711
|
|
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa1)) /* unauthenticatedAttributes */
|
712
|
|
- break;
|
713
|
|
- }
|
|
710
|
+ if(size && asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa1)) /* unauthenticatedAttributes */
|
|
711
|
+ break;
|
714
|
712
|
|
715
|
713
|
if(size) {
|
716
|
714
|
cli_dbgmsg("asn1_parse_mscat: extra data inside signerInfo\n");
|