Skip to content

Commit

Permalink
This fixes issue #95
Browse files Browse the repository at this point in the history 
- Certificate got another ctor which takes the flags to pass when
  formatting the X509_NAME values
- The default formatting changed to XN_FLAG_RFC2253 but can be overridden
  from the outside by defining UTHENTICODE_DEFAULT_XN_FLAGS
- This introduces an incompatibility _if_ the caller assumes that the
  issuer and subject can be compared in their string form
  • Loading branch information
@hugmyndakassi
hugmyndakassi committed Sep 30, 2024
1 parent f81d3a8 commit cd8bb0a
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 8 deletions.
12 changes: 11 additions & 1 deletion src/include/uthenticode.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,8 +156,18 @@ class Certificate {
/* TODO: Maybe add data_ and get_data(), with data_ populated from i2d_X509.
*/

#ifndef UTHENTICODE_DEFAULT_XN_FLAGS
static constexpr unsigned long const default_xn_flags =
XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
#else
static constexpr unsigned long const default_xn_flags = (UTHENTICODE_DEFAULT_XN_FLAGS);
#endif
static_assert((default_xn_flags & XN_FLAG_COMPAT) == 0,
"Logic is incompatible with XN_FLAG_COMPAT");

private:
Certificate(X509 *cert);
explicit Certificate(X509 *cert);
Certificate(X509 *cert, unsigned long xn_flags);
std::string subject_;
std::string issuer_;
std::string serial_number_;
Expand Down
26 changes: 19 additions & 7 deletions src/uthenticode.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,16 +140,28 @@ std::ostream &operator<<(std::ostream &os, checksum_kind kind) {
}
}

Certificate::Certificate(X509 *cert) {
auto subject = impl::OpenSSL_ptr(X509_NAME_oneline(X509_get_subject_name(cert), nullptr, 0),
impl::OpenSSL_free);
auto issuer = impl::OpenSSL_ptr(X509_NAME_oneline(X509_get_issuer_name(cert), nullptr, 0),
impl::OpenSSL_free);
static inline bool name_to_string(std::string &strname, X509_NAME *name, unsigned long flags) {
std::unique_ptr<BIO, decltype(&BIO_free)> name_bio(BIO_new(BIO_s_mem()), BIO_free);
if (-1 != X509_NAME_print_ex(name_bio.get(), name, 0, (flags) & ~(ASN1_STRFLGS_ESC_MSB))) {
char *data = nullptr;
auto len = BIO_get_mem_data(name_bio.get(), &data);
if (data && len) {
strname = std::string(data, len);
return true;
}
}
return false;
}

Certificate::Certificate(X509 *cert) : Certificate(cert, default_xn_flags) {
}

Certificate::Certificate(X509 *cert, unsigned long xn_flags) {
(void) name_to_string(issuer_, X509_get_issuer_name(cert), xn_flags);
(void) name_to_string(subject_, X509_get_subject_name(cert), xn_flags);
auto serial_bn = impl::BN_ptr(ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), nullptr), BN_free);
auto serial_number = impl::OpenSSL_ptr(BN_bn2hex(serial_bn.get()), impl::OpenSSL_free);

subject_ = std::string(subject.get());
issuer_ = std::string(issuer.get());
serial_number_ = std::string(serial_number.get());
}

Expand Down

0 comments on commit cd8bb0a

Please sign in to comment.