nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 17:08:05 -05:00
Code Issues Projects Releases Wiki Activity

CRYPTO_PARAMS struct

Browse Source
This commit is contained in:
olszomal 2020-03-17 11:01:37 +01:00
parent f93bdc0f98
commit 0f35d25791
1 changed files with 78 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
osslsigncode.c
View File

@ -192,6 +192,7 @@ typedef struct {
char *certfile; char *certfile;
char *xcertfile; char *xcertfile;
char *keyfile; char *keyfile;
char *pvkfile;
char *pkcs12file; char *pkcs12file;
int output_pkcs7; int output_pkcs7;
char *p11engine; char *p11engine;
@ -238,6 +239,13 @@ typedef struct {
size_t flags; size_t flags;
} FILE_HEADER; } FILE_HEADER;
typedef struct {
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *certs;
STACK_OF(X509) *xcerts;
} CRYPTO_PARAMS;
/* /*
ASN.1 definitions (more or less from official MS Authenticode docs) ASN.1 definitions (more or less from official MS Authenticode docs)
*/ */
@ -3750,8 +3758,8 @@ static int add_opus_attribute(PKCS7_SIGNER_INFO *si, char *desc, char *url)
return 1; /* OK */ return 1; /* OK */
} }
static int create_new_signature(PKCS7 *sig, STACK_OF(X509) *certs, STACK_OF(X509) *xcerts, static int create_new_signature(PKCS7 *sig, file_type_t type,
X509 *cert, EVP_PKEY *pkey, file_type_t type, GLOBAL_OPTIONS *options) GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
{ {
int i; int i;
PKCS7_SIGNER_INFO *si; PKCS7_SIGNER_INFO *si;
@ -3759,16 +3767,16 @@ static int create_new_signature(PKCS7 *sig, STACK_OF(X509) *certs, STACK_OF(X509
PKCS7_set_type(sig, NID_pkcs7_signed); PKCS7_set_type(sig, NID_pkcs7_signed);
si = NULL; si = NULL;
if (cert != NULL) if (cparams->cert != NULL)
si = PKCS7_add_signature(sig, cert, pkey, options->md); si = PKCS7_add_signature(sig, cparams->cert, cparams->pkey, options->md);
for (i=0; si == NULL && i<sk_X509_num(certs); i++) { for (i=0; si == NULL && i<sk_X509_num(cparams->certs); i++) {
signcert = sk_X509_value(certs, i); signcert = sk_X509_value(cparams->certs, i);
/* X509_print_fp(stdout, signcert); */ /* X509_print_fp(stdout, signcert); */
si = PKCS7_add_signature(sig, signcert, pkey, options->md); si = PKCS7_add_signature(sig, signcert, cparams->pkey, options->md);
} }
EVP_PKEY_free(pkey); EVP_PKEY_free(cparams->pkey);
pkey = NULL; cparams->pkey = NULL;
if (si == NULL) { if (si == NULL) {
fprintf(stderr, "PKCS7_add_signature failed\n"); fprintf(stderr, "PKCS7_add_signature failed\n");
@ -3792,25 +3800,25 @@ static int create_new_signature(PKCS7 *sig, STACK_OF(X509) *certs, STACK_OF(X509
PKCS7_content_new(sig, NID_pkcs7_data); PKCS7_content_new(sig, NID_pkcs7_data);
if (cert != NULL) { if (cparams->cert != NULL) {
PKCS7_add_certificate(sig, cert); PKCS7_add_certificate(sig, cparams->cert);
X509_free(cert); X509_free(cparams->cert);
cert = NULL; cparams->cert = NULL;
} }
if (xcerts) { if (cparams->xcerts) {
for(i = sk_X509_num(xcerts)-1; i>=0; i--) for(i = sk_X509_num(cparams->xcerts)-1; i>=0; i--)
PKCS7_add_certificate(sig, sk_X509_value(xcerts, i)); PKCS7_add_certificate(sig, sk_X509_value(cparams->xcerts, i));
} }
for (i = sk_X509_num(certs)-1; i>=0; i--) for (i = sk_X509_num(cparams->certs)-1; i>=0; i--)
PKCS7_add_certificate(sig, sk_X509_value(certs, i)); PKCS7_add_certificate(sig, sk_X509_value(cparams->certs, i));
if (certs) { if (cparams->certs) {
sk_X509_free(certs); sk_X509_free(cparams->certs);
certs = NULL; cparams->certs = NULL;
} }
if (xcerts) { if (cparams->xcerts) {
sk_X509_free(xcerts); sk_X509_free(cparams->xcerts);
xcerts = NULL; cparams->xcerts = NULL;
} }
return 1; /* OK */ return 1; /* OK */
@ -4016,8 +4024,7 @@ static char *read_key(GLOBAL_OPTIONS *options)
return NULL; return NULL;
} }
static int read_certificate(GLOBAL_OPTIONS *options, char *pvkfile, EVP_PKEY **pkey, static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
X509 **cert, STACK_OF(X509) **certs, STACK_OF(X509) **xcerts)
{ {
PKCS12 *p12; PKCS12 *p12;
PKCS7 *p7 = NULL, *p7x = NULL; PKCS7 *p7 = NULL, *p7x = NULL;
@ -4026,6 +4033,10 @@ static int read_certificate(GLOBAL_OPTIONS *options, char *pvkfile, EVP_PKEY **p
ENGINE *dyn, *pkcs11; ENGINE *dyn, *pkcs11;
int ret = 1; int ret = 1;
/* reset crypto */
memset(cparams, 0, sizeof(CRYPTO_PARAMS));
options->pvkfile = read_key(options);
if (options->pkcs12file != NULL) { if (options->pkcs12file != NULL) {
if ((btmp = BIO_new_file(options->pkcs12file, "rb")) == NULL || if ((btmp = BIO_new_file(options->pkcs12file, "rb")) == NULL ||
(p12 = d2i_PKCS12_bio(btmp, NULL)) == NULL) { (p12 = d2i_PKCS12_bio(btmp, NULL)) == NULL) {
@ -4033,24 +4044,24 @@ static int read_certificate(GLOBAL_OPTIONS *options, char *pvkfile, EVP_PKEY **p
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
if (!PKCS12_parse(p12, options->pass ? options->pass : "", pkey, cert, certs)) { if (!PKCS12_parse(p12, options->pass ? options->pass : "", &cparams->pkey, &cparams->cert, &cparams->certs)) {
fprintf(stderr, "Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file); fprintf(stderr, "Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
PKCS12_free(p12); PKCS12_free(p12);
} else if (pvkfile != NULL) { } else if (options->pvkfile != NULL) {
if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL ||
((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(*certs = PEM_read_certs(btmp, "")) == NULL)) { (cparams->certs = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
if ((btmp = BIO_new_file(pvkfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->pvkfile, "rb")) == NULL ||
((*pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : "")) == NULL && ((cparams->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : "")) == NULL &&
(BIO_seek(btmp, 0) == 0) && (BIO_seek(btmp, 0) == 0) &&
(*pkey = b2i_PVK_bio(btmp, NULL, NULL)) == NULL)) { (cparams->pkey = b2i_PVK_bio(btmp, NULL, NULL)) == NULL)) {
fprintf(stderr, "Failed to read PVK file: %s\n", pvkfile); fprintf(stderr, "Failed to read PVK file: %s\n", options->pvkfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
@ -4098,14 +4109,14 @@ static int read_certificate(GLOBAL_OPTIONS *options, char *pvkfile, EVP_PKEY **p
fprintf(stderr, "Failed to initialized pkcs11 engine\n"); fprintf(stderr, "Failed to initialized pkcs11 engine\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
*pkey = ENGINE_load_private_key(pkcs11, options->keyfile, NULL, NULL); cparams->pkey = ENGINE_load_private_key(pkcs11, options->keyfile, NULL, NULL);
if (*pkey == NULL) { if (cparams->pkey == NULL) {
fprintf(stderr, "Failed to load private key %s\n", options->keyfile); fprintf(stderr, "Failed to load private key %s\n", options->keyfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL ||
((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(*certs = PEM_read_certs(btmp, "")) == NULL)) { (cparams->certs = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
@ -4113,30 +4124,30 @@ static int read_certificate(GLOBAL_OPTIONS *options, char *pvkfile, EVP_PKEY **p
} else { } else {
if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL ||
((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(*certs = PEM_read_certs(btmp, "")) == NULL)) { (cparams->certs = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
if ((btmp = BIO_new_file(options->keyfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->keyfile, "rb")) == NULL ||
((*pkey = d2i_PrivateKey_bio(btmp, NULL)) == NULL && ((cparams->pkey = d2i_PrivateKey_bio(btmp, NULL)) == NULL &&
(BIO_seek(btmp, 0) == 0) && (BIO_seek(btmp, 0) == 0) &&
(*pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : "")) == NULL && (cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : "")) == NULL &&
(BIO_seek(btmp, 0) == 0) && (BIO_seek(btmp, 0) == 0) &&
(*pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) { (cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) {
fprintf(stderr, "Failed to read private key file: %s (Wrong password?)\n", options->keyfile); fprintf(stderr, "Failed to read private key file: %s (Wrong password?)\n", options->keyfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
} }
if (*certs == NULL && p7 != NULL) if (cparams->certs == NULL && p7 != NULL)
*certs = sk_X509_dup(p7->d.sign->cert); cparams->certs = sk_X509_dup(p7->d.sign->cert);
if (options->xcertfile) { if (options->xcertfile) {
if ((btmp = BIO_new_file(options->xcertfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->xcertfile, "rb")) == NULL ||
((p7x = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7x = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(*xcerts = PEM_read_certs(btmp, "")) == NULL)) { (cparams->xcerts = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read cross certificate file: %s\n", options->xcertfile); fprintf(stderr, "Failed to read cross certificate file: %s\n", options->xcertfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
@ -4153,6 +4164,18 @@ static int read_certificate(GLOBAL_OPTIONS *options, char *pvkfile, EVP_PKEY **p
return ret; /* OK */ return ret; /* OK */
} }
static void free_crypto_params(CRYPTO_PARAMS *cparams)
{
if (cparams->pkey)
EVP_PKEY_free(cparams->pkey);
if (cparams->cert)
X509_free(cparams->cert);
if (cparams->certs)
sk_X509_free(cparams->certs);
if (cparams->xcerts)
sk_X509_free(cparams->xcerts);
}
static char *get_cafile(void) static char *get_cafile(void)
{ {
const char *sslpart1, *sslpart2; const char *sslpart1, *sslpart2;
@ -4482,20 +4505,14 @@ int main(int argc, char **argv)
{ {
GLOBAL_OPTIONS options; GLOBAL_OPTIONS options;
FILE_HEADER header; FILE_HEADER header;
CRYPTO_PARAMS cparams;
BIO *hash = NULL; BIO *hash = NULL, *outdata = NULL;
BIO *outdata = NULL;
PKCS7 *cursig = NULL, *outsig = NULL, *sig = NULL; PKCS7 *cursig = NULL, *outsig = NULL, *sig = NULL;
X509 *cert = NULL;
STACK_OF(X509) *certs = NULL, *xcerts = NULL;
EVP_PKEY *pkey = NULL;
static char buf[64*1024]; static char buf[64*1024];
char *indata, *outdataverify, *pvkfile = NULL; char *indata, *outdataverify;
u_char *p = NULL; u_char *p = NULL;
int ret = 0, len = 0; int ret = 0, len = 0;
size_t padlen = 0; size_t padlen = 0, filesize, outdatasize;
size_t filesize, outdatasize;
file_type_t type; file_type_t type;
cmd_type_t cmd; cmd_type_t cmd;
@ -4521,28 +4538,22 @@ int main(int argc, char **argv)
!OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL)) !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL))
DO_EXIT_0("Failed to add objects\n"); DO_EXIT_0("Failed to add objects\n");
/* commands and options initialization */
main_configure(argc, argv, &cmd, &options); main_configure(argc, argv, &cmd, &options);
if (!read_password(&options)) if (!read_password(&options))
goto err_cleanup; goto err_cleanup;
/* read key and certificates */
if (cmd == CMD_SIGN && !read_crypto_params(&options, &cparams))
goto err_cleanup;
if (cmd == CMD_SIGN) { /* check if indata is cab or pe */
/* Read certificate and key */
pvkfile = read_key(&options);
if (!read_certificate(&options, pvkfile, &pkey, &cert, &certs, &xcerts))
goto err_cleanup;
}
/* Check if indata is cab or pe */
filesize = get_file_size(options.infile); filesize = get_file_size(options.infile);
if (filesize == 0) if (filesize == 0)
goto err_cleanup; goto err_cleanup;
indata = map_file(options.infile, filesize); indata = map_file(options.infile, filesize);
if (indata == NULL) if (indata == NULL)
DO_EXIT_1("Failed to open file: %s\n", options.infile); DO_EXIT_1("Failed to open file: %s\n", options.infile);
/* reset file header */
/* reset header */
memset(&header, 0, sizeof(FILE_HEADER)); memset(&header, 0, sizeof(FILE_HEADER));
header.fileend = filesize; header.fileend = filesize;
@ -4719,7 +4730,7 @@ int main(int argc, char **argv)
goto skip_signing; goto skip_signing;
sig = PKCS7_new(); sig = PKCS7_new();
if (!create_new_signature(sig, certs, xcerts, cert, pkey, type, &options)) if (!create_new_signature(sig, type, &options, &cparams))
DO_EXIT_0("Creating a new signature failed\n"); DO_EXIT_0("Creating a new signature failed\n");
get_indirect_data_blob(&p, &len, options.md, type, options.pagehash, indata, get_indirect_data_blob(&p, &len, options.md, type, options.pagehash, indata,
@ -4885,14 +4896,7 @@ skip_signing:
err_cleanup: err_cleanup:
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
if (certs) free_crypto_params(&cparams);
sk_X509_free(certs);
if (xcerts)
sk_X509_free(xcerts);
if (cert)
X509_free(cert);
if (pkey)
EVP_PKEY_free(pkey);
if (hash) if (hash)
BIO_free_all(hash); BIO_free_all(hash);
if (outdata) if (outdata)