Skip to content

Commit b0fe725

Browse files
deatildeatil
committed
fixed pkcs7 verify bug
1 parent 4729bc3 commit b0fe725

File tree

1 file changed

+14
-6
lines changed

1 file changed

+14
-6
lines changed

pkcs7/verify.go

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ func (this *PKCS7) VerifyWithChain(truststore *x509.CertPool) (err error) {
3333
}
3434

3535
for _, signer := range this.Signers {
36-
if err := verifySignature(this, signer, truststore); err != nil {
36+
if err := this.verifySignature(signer, truststore); err != nil {
3737
return err
3838
}
3939
}
@@ -53,15 +53,15 @@ func (this *PKCS7) VerifyWithChainAtTime(truststore *x509.CertPool, currentTime
5353
}
5454

5555
for _, signer := range this.Signers {
56-
if err := verifySignatureAtTime(this, signer, truststore, currentTime); err != nil {
56+
if err := this.verifySignatureAtTime(signer, truststore, currentTime); err != nil {
5757
return err
5858
}
5959
}
6060

6161
return nil
6262
}
6363

64-
func verifySignatureAtTime(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool, currentTime time.Time) (err error) {
64+
func (p7 *PKCS7) verifySignatureAtTime(signer signerInfo, truststore *x509.CertPool, currentTime time.Time) (err error) {
6565
signedData := p7.Content
6666
ee := getCertFromCertsByIssuerAndSerial(p7.Certificates, signer.IssuerAndSerialNumber)
6767
if ee == nil {
@@ -116,7 +116,7 @@ func verifySignatureAtTime(p7 *PKCS7, signer signerInfo, truststore *x509.CertPo
116116
}
117117
}
118118

119-
// sign
119+
// get sign func
120120
signFunc, err := getSignatureFunc(signer.DigestEncryptionAlgorithm.Algorithm, signer.DigestAlgorithm.Algorithm)
121121
if err != nil {
122122
return err
@@ -126,13 +126,17 @@ func verifySignatureAtTime(p7 *PKCS7, signer signerInfo, truststore *x509.CertPo
126126

127127
checkStatus, err := signFunc.Verify(pkey, signedData, signer.EncryptedDigest)
128128
if !checkStatus {
129+
if err == nil {
130+
return errors.New("go-cryptobin/pkcs7: Verify fail")
131+
}
132+
129133
return err
130134
}
131135

132136
return nil
133137
}
134138

135-
func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (err error) {
139+
func (p7 *PKCS7) verifySignature(signer signerInfo, truststore *x509.CertPool) (err error) {
136140
signedData := p7.Content
137141
ee := getCertFromCertsByIssuerAndSerial(p7.Certificates, signer.IssuerAndSerialNumber)
138142
if ee == nil {
@@ -186,7 +190,7 @@ func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (e
186190
}
187191
}
188192

189-
// sign
193+
// get sign func
190194
signFunc, err := getSignatureFunc(signer.DigestEncryptionAlgorithm.Algorithm, signer.DigestAlgorithm.Algorithm)
191195
if err != nil {
192196
return err
@@ -196,6 +200,10 @@ func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (e
196200

197201
checkStatus, err := signFunc.Verify(pkey, signedData, signer.EncryptedDigest)
198202
if !checkStatus {
203+
if err == nil {
204+
return errors.New("go-cryptobin/pkcs7: Verify fail")
205+
}
206+
199207
return err
200208
}
201209

0 commit comments

Comments
 (0)