Make X509 serial number parsing code compatible with YARA #954
Labels
Comments
xbabka01
added a commit
to xbabka01/retdec
that referenced
this issue
May 28, 2021
xbabka01
added a commit
to xbabka01/retdec
that referenced
this issue
May 28, 2021
xbabka01
added a commit
to xbabka01/retdec
that referenced
this issue
May 28, 2021
xbabka01
added a commit
to xbabka01/retdec
that referenced
this issue
May 28, 2021
metthal
pushed a commit
that referenced
this issue
Jun 3, 2021
|
As this was fixed with #955 can this issue be closed? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code in
src/fileformat/file_format/pe/authenticode/x509_certificate.cppand methodgetSerialNumberparses serial number by converting it to OpenSSL's BIGNUM. However there are discrepancies between BIGNUM representation (which usually strips leading zeroes) and the full octet representation taken out of DER encoded serial number.We would like to make this serial compatible with other tools in the industry like YARA. The point of this ticket is to make this compatible with the way YARA parses the serial numbers.
The text was updated successfully, but these errors were encountered: