nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-07-02 19:22:47 -05:00
Code Issues Projects Releases Wiki Activity

JavaScript support

Browse Source 
Resolves #437
This commit is contained in:
Michał Trojnara
2025-06-04 10:04:17 +02:00
parent 50c23daa4c
commit 3292b02650
2 changed files with 34 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS.md
View File

@ -2,6 +2,7 @@
### 2.10 (unreleased) ### 2.10 (unreleased)
- added JavaScript signing
- added PKCS#11 provider support (requires OpenSSL 3.0) - added PKCS#11 provider support (requires OpenSSL 3.0)
- added compatiblity with the CNG engine version 1.1 or later - added compatiblity with the CNG engine version 1.1 or later
- added the "-engineCtrl" option to control hardware and CNG engines - added the "-engineCtrl" option to control hardware and CNG engines

53
script.c
View File

@ -8,11 +8,17 @@
#include "helpers.h" #include "helpers.h"
#include "utf.h" #include "utf.h"
typedef enum {comment_hash, comment_xml, comment_c, comment_not_found} comment_style; typedef enum {
comment_hash,
comment_xml,
comment_c,
comment_js,
comment_not_found
} COMMENT_STYLE;
typedef struct { typedef struct {
const char *extension; const char *extension;
comment_style comment; COMMENT_STYLE comment;
} SCRIPT_FORMAT; } SCRIPT_FORMAT;
const SCRIPT_FORMAT supported_formats[] = { const SCRIPT_FORMAT supported_formats[] = {
@ -23,21 +29,24 @@ const SCRIPT_FORMAT supported_formats[] = {
{".psm1", comment_hash}, {".psm1", comment_hash},
{".cdxml", comment_xml}, {".cdxml", comment_xml},
{".mof", comment_c}, {".mof", comment_c},
{".js", comment_js},
{NULL, comment_not_found}, {NULL, comment_not_found},
}; };
const char *signature_header = "SIG # Begin signature block"; #define header_hash "SIG # Begin signature block"
const char *signature_footer = "SIG # End signature block"; #define footer_hash "SIG # End signature block"
#define header_js "SIG // Begin signature block"
#define footer_js "SIG // End signature block"
typedef struct { typedef struct {
const char *open; const char *open, *close, *header, *footer;
const char *close;
} SCRIPT_COMMENT; } SCRIPT_COMMENT;
const SCRIPT_COMMENT comment_text[] = { const SCRIPT_COMMENT comment_text[] = {
[comment_hash] = {"# ", ""}, [comment_hash] = {"# ", "", header_hash, footer_hash},
[comment_xml] = {"<!-- ", " -->"}, [comment_xml] = {"<!-- ", " -->", header_hash, footer_hash},
[comment_c] = {"/* ", " */"} [comment_c] = {"/* ", " */", header_hash, footer_hash},
[comment_js] = {"// ", "", header_js, footer_js}
}; };
struct script_ctx_st { struct script_ctx_st {
@ -333,8 +342,8 @@ static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx)
const char *close_tag = ctx->script_ctx->comment_text->close; const char *close_tag = ctx->script_ctx->comment_text->close;
size_t open_tag_len = strlen(open_tag); size_t open_tag_len = strlen(open_tag);
size_t close_tag_len = strlen(close_tag); size_t close_tag_len = strlen(close_tag);
size_t signature_header_len = strlen(signature_header); size_t header_len = strlen(ctx->script_ctx->comment_text->header);
size_t signature_footer_len = strlen(signature_footer); size_t footer_len = strlen(ctx->script_ctx->comment_text->footer);
PKCS7 *retval = NULL; PKCS7 *retval = NULL;
if (!script_check_file(ctx)) { if (!script_check_file(ctx)) {
@ -371,12 +380,12 @@ static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx)
} }
ptr++; ptr++;
} }
/* process signature_header and signature_footer */ /* process header and footer */
if (ptr + signature_header_len < base64_data + base64_len && if (ptr + header_len < base64_data + base64_len &&
!memcmp(ptr, signature_header, signature_header_len)) !memcmp(ptr, ctx->script_ctx->comment_text->header, header_len))
ptr += signature_header_len; ptr += header_len;
if (ptr + signature_footer_len <= base64_data + base64_len && if (ptr + footer_len <= base64_data + base64_len &&
!memcmp(ptr, signature_footer, signature_footer_len)) !memcmp(ptr, ctx->script_ctx->comment_text->footer, footer_len))
break; /* success */ break; /* success */
/* copy until the closing tag */ /* copy until the closing tag */
@ -538,7 +547,9 @@ static int script_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7)
(void)BIO_set_close(bio, BIO_NOCLOSE); (void)BIO_set_close(bio, BIO_NOCLOSE);
/* split to individual lines and write to outdata */ /* split to individual lines and write to outdata */
if (!write_commented(ctx, outdata, signature_header, strlen(signature_header))) if (!write_commented(ctx, outdata,
ctx->script_ctx->comment_text->header,
strlen(ctx->script_ctx->comment_text->header)))
goto cleanup; goto cleanup;
for (i = 0; i < buffer->length; i += 64) { for (i = 0; i < buffer->length; i += 64) {
if (!write_commented(ctx, outdata, buffer->data + i, if (!write_commented(ctx, outdata, buffer->data + i,
@ -546,7 +557,9 @@ static int script_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7)
goto cleanup; goto cleanup;
} }
} }
if (!write_commented(ctx, outdata, signature_footer, strlen(signature_footer))) if (!write_commented(ctx, outdata,
ctx->script_ctx->comment_text->footer,
strlen(ctx->script_ctx->comment_text->footer)))
goto cleanup; goto cleanup;
/* signtool expects CRLF terminator at the end of the text file */ /* signtool expects CRLF terminator at the end of the text file */
@ -612,7 +625,7 @@ static SCRIPT_CTX *script_ctx_get(char *indata, uint32_t filesize, const SCRIPT_
*ptr && commented_header_len < commented_header_size; *ptr && commented_header_len < commented_header_size;
commented_header_len++) commented_header_len++)
ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len);
for (ptr = signature_header; for (ptr = comment->header;
*ptr && commented_header_len < commented_header_size; *ptr && commented_header_len < commented_header_size;
commented_header_len++) commented_header_len++)
ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len);