nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-07-03 11:42:47 -05:00
Code Issues Projects Releases Wiki Activity

verbose msi file verification errors

Browse Source
This commit is contained in:
olszomal
2022-02-18 15:01:35 +01:00
committed by Michał Trojnara
parent ce196ce147
commit 4eeeec32b4
3 changed files with 109 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
osslsigncode.c
View File

@ -2903,23 +2903,23 @@ static int verify_signature(SIGNATURE *signature, GLOBAL_OPTIONS *options)
* https://msdn.microsoft.com/en-us/library/dd942138.aspx
*/
static int msi_verify_header(char *indata, uint32_t filesize, MSI_PARAMS *msiparams)
static int msi_verify_header(char *indata, uint32_t filesize, MSI_PARAMS *msiparams, int verbose)
{
int ret = 1;
MSI_ENTRY *root;
MSI_FILE_HDR *hdr;
MSI_DIRENT *root_dir = NULL;
msiparams->msi = msi_file_new(indata, filesize);
msiparams->msi = msi_file_new(indata, filesize, verbose);
if (!msiparams->msi) {
return 0; /* FAILED */
}
root = msi_root_entry_get(msiparams->msi);
root = msi_root_entry_get(msiparams->msi, verbose);
if (!root) {
printf("Failed to get file entry\n");
return 0; /* FAILED */
}
if (!msi_dirent_new(msiparams->msi, root, NULL, &root_dir)) {
if (!msi_dirent_new(msiparams->msi, root, NULL, &root_dir, verbose)) {
printf("Failed to parse MSI_DIRENT struct\n");
OPENSSL_free(root);
return 0; /* FAILED */
@ -3039,7 +3039,7 @@ static int msi_verify_pkcs7(SIGNATURE *signature, MSI_FILE *msi, MSI_DIRENT *dir
printf("Calculated MsiDigitalSignatureEx : %s\n", hexbuf);
}
if (!msi_hash_dir(msi, dirent, hash, 1)) {
if (!msi_hash_dir(msi, dirent, hash, 1, options->verbose)) {
printf("Failed to calculate DigitalSignature\n\n");
BIO_free_all(hash);
goto out;
@ -3081,7 +3081,7 @@ static int msi_verify_file(MSI_PARAMS *msiparams, GLOBAL_OPTIONS *options)
}
inlen = GET_UINT32_LE(ds->size);
indata = OPENSSL_malloc(inlen);
if (!msi_file_read(msiparams->msi, ds, 0, indata, inlen)) {
if (!msi_file_read(msiparams->msi, ds, 0, indata, inlen, options->verbose)) {
printf("DigitalSignature stream data error\n\n");
goto out;
}
@ -3090,7 +3090,7 @@ static int msi_verify_file(MSI_PARAMS *msiparams, GLOBAL_OPTIONS *options)
} else {
exlen = GET_UINT32_LE(dse->size);
exdata = OPENSSL_malloc(exlen);
if (!msi_file_read(msiparams->msi, dse, 0, exdata, exlen)) {
if (!msi_file_read(msiparams->msi, dse, 0, exdata, exlen, options->verbose)) {
printf("MsiDigitalSignatureEx stream data error\n\n");
goto out;
}
@ -3119,12 +3119,12 @@ out:
return ret;
}
static PKCS7 *msi_extract_existing_pkcs7(MSI_PARAMS *msiparams, MSI_ENTRY *ds, char **data, uint32_t len)
static PKCS7 *msi_extract_existing_pkcs7(MSI_PARAMS *msiparams, MSI_ENTRY *ds, char **data, uint32_t len, int verbose)
{
PKCS7 *p7 = NULL;
const u_char *blob;
if (!msi_file_read(msiparams->msi, ds, 0, *data, len)) {
if (!msi_file_read(msiparams->msi, ds, 0, *data, len, verbose)) {
printf("DigitalSignature stream data error\n");
return NULL;
}
@ -3137,7 +3137,7 @@ static PKCS7 *msi_extract_existing_pkcs7(MSI_PARAMS *msiparams, MSI_ENTRY *ds, c
return p7;
}
static int msi_extract_file(MSI_PARAMS *msiparams, BIO *outdata, int output_pkcs7)
static int msi_extract_file(MSI_PARAMS *msiparams, BIO *outdata, GLOBAL_OPTIONS *options)
{
int ret;
PKCS7 *sig;
@ -3152,12 +3152,12 @@ static int msi_extract_file(MSI_PARAMS *msiparams, BIO *outdata, int output_pkcs
len = GET_UINT32_LE(ds->size);
data = OPENSSL_malloc(len);
(void)BIO_reset(outdata);
sig = msi_extract_existing_pkcs7(msiparams, ds, &data, len);
sig = msi_extract_existing_pkcs7(msiparams, ds, &data, len, options->verbose);
if (!sig) {
printf("Unable to extract existing signature\n");
return 1; /* FAILED */
}
if (output_pkcs7) {
if (options->output_pkcs7) {
ret = !PEM_write_bio_PKCS7(outdata, sig);
} else {
ret = !BIO_write(outdata, data, len);
@ -4773,7 +4773,7 @@ static int input_validation(file_type_t type, GLOBAL_OPTIONS *options, FILE_HEAD
printf("Warning: -ph option is only valid for PE files\n");
if (options->jp >= 0)
printf("Warning: -jp option is only valid for CAB files\n");
if (!msi_verify_header(indata, filesize, msiparams)) {
if (!msi_verify_header(indata, filesize, msiparams, options->verbose)) {
printf("Corrupt MSI file: %s\n", options->infile);
return 0; /* FAILED */
}
@ -4836,7 +4836,7 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
printf("Error verifying result\n");
return 1; /* FAILED */
}
if (!msi_verify_header(outdata, filesize, msiparams)) {
if (!msi_verify_header(outdata, filesize, msiparams, options->verbose)) {
printf("Corrupt MSI file: %s\n", options->outfile);
return 1; /* FAILED */
}
@ -5466,7 +5466,7 @@ static PKCS7 *msi_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *he
printf("Unable to calc MsiDigitalSignatureEx\n");
return NULL; /* FAILED */
}
if (!msi_hash_dir(msiparams->msi, msiparams->dirent, hash, 1)) {
if (!msi_hash_dir(msiparams->msi, msiparams->dirent, hash, 1, options->verbose)) {
printf("Unable to msi_handle_dir()\n");
return NULL; /* FAILED */
}
@ -5485,7 +5485,7 @@ static PKCS7 *msi_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *he
}
len = GET_UINT32_LE(ds->size);
data = OPENSSL_malloc(len);
*cursig = msi_extract_existing_pkcs7(msiparams, ds, &data, len);
*cursig = msi_extract_existing_pkcs7(msiparams, ds, &data, len, options->verbose);
OPENSSL_free(data);
if (!*cursig) {
printf("Unable to extract existing signature\n");
@ -6042,7 +6042,7 @@ int main(int argc, char **argv)
if (type == FILE_TYPE_MSI) {
if (cmd == CMD_EXTRACT) {
ret = msi_extract_file(&msiparams, outdata, options.output_pkcs7);
ret = msi_extract_file(&msiparams, outdata, &options);
goto skip_signing;
} else if (cmd == CMD_VERIFY) {
ret = msi_verify_file(&msiparams, &options);