@@ -664,7 +664,7 @@ IMPLEMENT_ASN1_FUNCTIONS(TimeStampToken)
664664 * 2:d=1 hl=2 l= 2 prim: BIT STRING
665665 * 6:d=1 hl=2 l= 0 cons: SEQUENCE
666666*/
667- static const u_char java_attrs_low [] = {
667+ const u_char java_attrs_low [] = {
668668 0x30 , 0x06 , 0x03 , 0x02 , 0x00 , 0x01 , 0x30 , 0x00
669669};
670670
@@ -673,19 +673,24 @@ static const u_char java_attrs_low[] = {
673673 * 0:d=0 hl=2 l= 12 cons: SEQUENCE
674674 * 2:d=1 hl=2 l= 10 prim: OBJECT :Microsoft Individual Code Signing
675675*/
676- static u_char purpose_ind [] = {
677- 0x30 , 0x0c ,
678- 0x06 , 0x0a , 0x2b , 0x06 , 0x01 , 0x04 , 0x01 , 0x82 , 0x37 , 0x02 , 0x01 , 0x15
676+ const u_char purpose_ind [] = {
677+ 0x30 , 0x0c , 0x06 , 0x0a , 0x2b , 0x06 , 0x01 , 0x04 ,
678+ 0x01 , 0x82 , 0x37 , 0x02 , 0x01 , 0x15
679679};
680680
681681/*
682682 * $ echo -n 300c060a2b060104018237020116 | xxd -r -p | openssl asn1parse -i -inform der
683683 * 0:d=0 hl=2 l= 12 cons: SEQUENCE
684684 * 2:d=1 hl=2 l= 10 prim: OBJECT :Microsoft Commercial Code Signing
685685*/
686- static u_char purpose_comm [] = {
687- 0x30 , 0x0c ,
688- 0x06 , 0x0a , 0x2b , 0x06 , 0x01 , 0x04 , 0x01 , 0x82 , 0x37 , 0x02 , 0x01 , 0x16
686+ const u_char purpose_comm [] = {
687+ 0x30 , 0x0c , 0x06 , 0x0a , 0x2b , 0x06 , 0x01 , 0x04 ,
688+ 0x01 , 0x82 , 0x37 , 0x02 , 0x01 , 0x16
689+ };
690+
691+ const u_char classid_page_hash [] = {
692+ 0xa6 , 0xb5 , 0x86 , 0xd5 , 0xb4 , 0xa1 , 0x24 , 0x66 ,
693+ 0xae , 0x05 , 0xa2 , 0x17 , 0xda , 0x8e , 0x60 , 0xd6
689694};
690695
691696static SpcSpOpusInfo * createOpus (const char * desc , const char * url )
@@ -1448,10 +1453,11 @@ typedef enum {
14481453
14491454static SpcLink * get_obsolete_link (void )
14501455{
1451- static const u_char obsolete [] = {
1452- 0x00 , 0x3c , 0x00 , 0x3c , 0x00 , 0x3c , 0x00 , 0x4f , 0x00 , 0x62 ,
1453- 0x00 , 0x73 , 0x00 , 0x6f , 0x00 , 0x6c , 0x00 , 0x65 , 0x00 , 0x74 ,
1454- 0x00 , 0x65 , 0x00 , 0x3e , 0x00 , 0x3e , 0x00 , 0x3e
1456+ const u_char obsolete [] = {
1457+ 0x00 , 0x3c , 0x00 , 0x3c , 0x00 , 0x3c , 0x00 , 0x4f ,
1458+ 0x00 , 0x62 , 0x00 , 0x73 , 0x00 , 0x6f , 0x00 , 0x6c ,
1459+ 0x00 , 0x65 , 0x00 , 0x74 , 0x00 , 0x65 , 0x00 , 0x3e ,
1460+ 0x00 , 0x3e , 0x00 , 0x3e
14551461 };
14561462 SpcLink * link = SpcLink_new ();
14571463 link -> type = 2 ;
@@ -1462,11 +1468,6 @@ static SpcLink *get_obsolete_link(void)
14621468 return link ;
14631469}
14641470
1465- static const u_char classid_page_hash [] = {
1466- 0xA6 , 0xB5 , 0x86 , 0xD5 , 0xB4 , 0xA1 , 0x24 , 0x66 ,
1467- 0xAE , 0x05 , 0xA2 , 0x17 , 0xDA , 0x8E , 0x60 , 0xD6
1468- };
1469-
14701471static u_char * pe_calc_page_hash (char * indata , uint32_t header_size ,
14711472 int pe32plus , uint32_t sigpos , int phtype , int * rphlen )
14721473{
@@ -1609,7 +1610,7 @@ static int get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *optio
16091610 void * hash ;
16101611 ASN1_OBJECT * dtype ;
16111612 SpcIndirectDataContent * idc ;
1612- static const u_char msistr [] = {
1613+ const u_char msistr [] = {
16131614 0xf1 , 0x10 , 0x0c , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 ,
16141615 0xc0 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x46
16151616 };
@@ -1764,29 +1765,32 @@ int set_content_blob(PKCS7 *sig, PKCS7 *cursig)
17641765static int set_indirect_data_blob (PKCS7 * sig , BIO * hash , file_type_t type ,
17651766 char * indata , GLOBAL_OPTIONS * options , FILE_HEADER * header )
17661767{
1767- static u_char buf [64 * 1024 ];
17681768 u_char * p = NULL ;
17691769 int len = 0 ;
1770+ u_char * buf = OPENSSL_malloc (SIZE_64K );
17701771
17711772 if (!get_indirect_data_blob (& p , & len , options , header , type , indata ))
17721773 return 0 ; /* FAILED */
17731774 memcpy (buf , p , len );
17741775 OPENSSL_free (p );
1775- if (!set_signing_blob (sig , hash , buf , len ))
1776+ if (!set_signing_blob (sig , hash , buf , len )) {
1777+ OPENSSL_free (buf );
17761778 return 0 ; /* FAILED */
1779+ }
1780+ OPENSSL_free (buf );
1781+
17771782 return 1 ; /* OK */
17781783}
17791784
17801785static uint32_t pe_calc_checksum (BIO * bio , FILE_HEADER * header )
17811786{
17821787 uint32_t checkSum = 0 , size = 0 ;
1783- unsigned short * buf ;
17841788 int nread ;
1789+ unsigned short * buf = OPENSSL_malloc (SIZE_64K );
17851790
17861791 /* recalculate the checksum */
1787- buf = OPENSSL_malloc (65536 ); /* 2^16 */
17881792 (void )BIO_seek (bio , 0 );
1789- while ((nread = BIO_read (bio , buf , 65536 )) > 0 ) {
1793+ while ((nread = BIO_read (bio , buf , SIZE_64K )) > 0 ) {
17901794 unsigned short val ;
17911795 int i ;
17921796 for (i = 0 ; i < nread / 2 ; i ++ ) {
@@ -3208,7 +3212,7 @@ static int msi_calc_MsiDigitalSignatureEx(MSI_PARAMS *msiparams, const EVP_MD *m
32083212static int pe_calc_digest (char * indata , const EVP_MD * md , u_char * mdbuf , FILE_HEADER * header )
32093213{
32103214 BIO * bio = NULL ;
3211- static u_char bfb [ 16 * 1024 * 1024 ] ;
3215+ u_char * bfb ;
32123216 EVP_MD_CTX * mdctx ;
32133217 uint32_t n , offset ;
32143218 int ret = 0 ;
@@ -3226,6 +3230,8 @@ static int pe_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, FILE_HE
32263230 memset (mdbuf , 0 , EVP_MAX_MD_SIZE );
32273231 bio = BIO_new_mem_buf (indata , offset );
32283232 (void )BIO_seek (bio , 0 );
3233+
3234+ bfb = OPENSSL_malloc (SIZE_16M );
32293235
32303236 BIO_read (bio , bfb , header -> header_size + 88 );
32313237 EVP_DigestUpdate (mdctx , bfb , header -> header_size + 88 );
@@ -3255,6 +3261,7 @@ static int pe_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, FILE_HE
32553261 EVP_DigestUpdate (mdctx , bfb , len );
32563262 }
32573263 }
3264+ OPENSSL_free (bfb );
32583265 BIO_free (bio );
32593266 EVP_DigestFinal (mdctx , mdbuf , NULL );
32603267 ret = 1 ; /* OK */
@@ -3555,7 +3562,7 @@ static int pe_verify_header(char *indata, char *infile, uint32_t filesize, FILE_
35553562static void pe_modify_header (char * indata , FILE_HEADER * header , BIO * hash , BIO * outdata )
35563563{
35573564 int len = 0 , i ;
3558- static char buf [ 64 * 1024 ] ;
3565+ char * buf = OPENSSL_malloc ( SIZE_64K ) ;
35593566
35603567 i = header -> header_size + 88 ;
35613568 BIO_write (hash , indata , i );
@@ -3576,6 +3583,7 @@ static void pe_modify_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *
35763583 BIO_write (hash , buf , len );
35773584 header -> fileend += len ;
35783585 }
3586+ OPENSSL_free (buf );
35793587}
35803588
35813589/*
@@ -3651,7 +3659,7 @@ static int cab_verify_header(char *indata, char *infile, uint32_t filesize, FILE
36513659static int cab_calc_digest (char * indata , const EVP_MD * md , u_char * mdbuf , FILE_HEADER * header )
36523660{
36533661 BIO * bio ;
3654- static u_char bfb [ 16 * 1024 * 1024 ] ;
3662+ u_char * bfb ;
36553663 EVP_MD_CTX * mdctx ;
36563664 uint32_t offset , coffFiles ;
36573665 int ret = 0 ;
@@ -3669,6 +3677,8 @@ static int cab_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, FILE_H
36693677 bio = BIO_new_mem_buf (indata , offset );
36703678 memset (mdbuf , 0 , EVP_MAX_MD_SIZE );
36713679 (void )BIO_seek (bio , 0 );
3680+
3681+ bfb = OPENSSL_malloc (SIZE_16M );
36723682
36733683 /* u1 signature[4] 4643534D MSCF: 0-3 */
36743684 BIO_read (bio , bfb , 4 );
@@ -3776,6 +3786,7 @@ static int cab_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, FILE_H
37763786 EVP_DigestUpdate (mdctx , bfb , l );
37773787 coffFiles += l ;
37783788 }
3789+ OPENSSL_free (bfb );
37793790 BIO_free (bio );
37803791 EVP_DigestFinal (mdctx , mdbuf , NULL );
37813792 ret = 1 ; /* OK */
@@ -3944,7 +3955,7 @@ static int cab_remove_file(char *indata, FILE_HEADER *header, uint32_t filesize,
39443955 int i ;
39453956 uint32_t tmp ;
39463957 uint16_t nfolders , flags ;
3947- static char buf [ 64 * 1024 ] ;
3958+ char * buf = OPENSSL_malloc ( SIZE_64K ) ;
39483959
39493960 /*
39503961 * u1 signature[4] 4643534D MSCF: 0-3
@@ -3996,6 +4007,7 @@ static int cab_remove_file(char *indata, FILE_HEADER *header, uint32_t filesize,
39964007 }
39974008 /* Write what's left - the compressed data bytes */
39984009 BIO_write (outdata , indata + i , filesize - header -> siglen - i );
4010+ OPENSSL_free (buf );
39994011
40004012 return 0 ; /* OK */
40014013}
@@ -4004,7 +4016,7 @@ static void cab_modify_header(char *indata, FILE_HEADER *header, BIO *hash, BIO
40044016{
40054017 int i ;
40064018 uint16_t nfolders , flags ;
4007- static char buf [64 * 1024 ] ;
4019+ const char buf [] = { 0x00 , 0x00 } ;
40084020
40094021 /* u1 signature[4] 4643534D MSCF: 0-3 */
40104022 BIO_write (hash , indata , 4 );
@@ -4061,13 +4073,14 @@ static void cab_add_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *ou
40614073 int i ;
40624074 uint32_t tmp ;
40634075 uint16_t nfolders , flags ;
4064- static char buf [64 * 1024 ];
40654076 u_char cabsigned [] = {
40664077 0x14 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x10 , 0x00 ,
40674078 0xde , 0xad , 0xbe , 0xef , /* size of cab file */
40684079 0xde , 0xad , 0xbe , 0xef , /* size of asn1 blob */
40694080 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00
40704081 };
4082+ char * buf = OPENSSL_malloc (SIZE_64K );
4083+ memset (buf , 0 , SIZE_64K );
40714084
40724085 /* u1 signature[4] 4643534D MSCF: 0-3 */
40734086 BIO_write (hash , indata , 4 );
@@ -4120,6 +4133,7 @@ static void cab_add_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *ou
41204133 }
41214134 /* Write what's left - the compressed data bytes */
41224135 BIO_write (hash , indata + i , header -> fileend - i );
4136+ OPENSSL_free (buf );
41234137}
41244138
41254139/*
@@ -4505,8 +4519,8 @@ static int add_unauthenticated_blob(PKCS7 *sig)
45054519 u_char * p = NULL ;
45064520 int nid , len = 1024 + 4 ;
45074521 /* Length data for ASN1 attribute plus prefix */
4508- char prefix [] = "\x0c\x82\x04\x00---BEGIN_BLOB---" ;
4509- char postfix [] = "---END_BLOB---" ;
4522+ const char prefix [] = "\x0c\x82\x04\x00---BEGIN_BLOB---" ;
4523+ const char postfix [] = "---END_BLOB---" ;
45104524 STACK_OF (PKCS7_SIGNER_INFO ) * signer_info = PKCS7_get_signer_info (sig );
45114525
45124526 if (!signer_info )
@@ -4535,8 +4549,10 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type,
45354549 GLOBAL_OPTIONS * options , MSI_PARAMS * msiparams , int * padlen , int * len , BIO * outdata )
45364550{
45374551 u_char * p = NULL ;
4538- static char buf [64 * 1024 ];
45394552 PKCS7 * outsig = NULL ;
4553+ const char buf [] = {
4554+ 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00
4555+ };
45404556
45414557 if (type != FILE_TYPE_CAT && options -> nest ) {
45424558 if (cursig == NULL ) {
@@ -4592,7 +4608,9 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type,
45924608static void update_data_size (file_type_t type , cmd_type_t cmd , FILE_HEADER * header ,
45934609 int padlen , int len , BIO * outdata )
45944610{
4595- static char buf [64 * 1024 ];
4611+ const char buf [] = {
4612+ 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00
4613+ };
45964614
45974615 if (type == FILE_TYPE_PE ) {
45984616 if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH ) {
@@ -4814,8 +4832,9 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
48144832
48154833static int get_file_type (char * indata , char * infile , file_type_t * type )
48164834{
4817- static u_char pkcs7_signed_data [] = {
4818- 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x07 , 0x02 ,
4835+ const u_char pkcs7_signed_data [] = {
4836+ 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d ,
4837+ 0x01 , 0x07 , 0x02 ,
48194838 };
48204839
48214840 if (!memcmp (indata , "MSCF" , 4 )) {
@@ -4874,7 +4893,7 @@ static int read_password(GLOBAL_OPTIONS *options)
48744893{
48754894 char passbuf [4096 ];
48764895 int passfd , passlen ;
4877- static const u_char utf8_bom [] = {0xef , 0xbb , 0xbf };
4896+ const u_char utf8_bom [] = {0xef , 0xbb , 0xbf };
48784897
48794898 if (options -> readpass ) {
48804899 passfd = open (options -> readpass , O_RDONLY );
@@ -5074,7 +5093,7 @@ static char *find_pvk_key(GLOBAL_OPTIONS *options)
50745093{
50755094 u_char magic [4 ];
50765095 /* Microsoft Private Key format Header Hexdump */
5077- u_char pvkhdr [4 ] = { 0x1e , 0xf1 , 0xb5 , 0xb0 };
5096+ const u_char pvkhdr [4 ] = {0x1e , 0xf1 , 0xb5 , 0xb0 };
50785097 char * pvkfile = NULL ;
50795098 BIO * btmp ;
50805099
0 commit comments