nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-20 06:38:04 -05:00
Code Issues Projects Releases Wiki Activity

output format

Browse Source
This commit is contained in:
olszomal 2020-08-05 15:56:56 +02:00 committed by Michał Trojnara
parent 01b3fb5b54
commit 4fa102b5d1
1 changed files with 121 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

242
osslsigncode.c
View File

@ -686,13 +686,13 @@ static size_t curl_write(void *ptr, size_t sz, size_t nmemb, void *stream)
static void print_timestamp_error(const char *url, long http_code) static void print_timestamp_error(const char *url, long http_code)
{ {
if (http_code != -1) { if (http_code != -1) {
fprintf(stderr, "Failed to convert timestamp reply from %s; " printf("Failed to convert timestamp reply from %s; "
"HTTP status %ld\n", url, http_code); "HTTP status %ld\n", url, http_code);
} else { } else {
fprintf(stderr, "Failed to convert timestamp reply from %s; " printf("Failed to convert timestamp reply from %s; "
"no HTTP status available", url); "no HTTP status available", url);
} }
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
} }
/* /*
@ -825,7 +825,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
if (c) { if (c) {
BIO_free_all(bin); BIO_free_all(bin);
if (verbose) if (verbose)
fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(c), url); printf("CURL failure: %s %s\n", curl_easy_strerror(c), url);
} else { } else {
long http_code = -1; long http_code = -1;
(void)BIO_flush(bin); (void)BIO_flush(bin);
@ -851,15 +851,15 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
} }
if (ASN1_INTEGER_get(reply->status->status) != 0) { if (ASN1_INTEGER_get(reply->status->status) != 0) {
if (verbose) if (verbose)
fprintf(stderr, "Timestamping failed: %ld\n", ASN1_INTEGER_get(reply->status->status)); printf("Timestamping failed: %ld\n", ASN1_INTEGER_get(reply->status->status));
TimeStampResp_free(reply); TimeStampResp_free(reply);
return 1; return 1;
} }
if (((len = i2d_PKCS7(reply->token, NULL)) <= 0) || if (((len = i2d_PKCS7(reply->token, NULL)) <= 0) ||
(p = OPENSSL_malloc(len)) == NULL) { (p = OPENSSL_malloc(len)) == NULL) {
if (verbose) { if (verbose) {
fprintf(stderr, "Failed to convert pkcs7: %d\n", len); printf("Failed to convert pkcs7: %d\n", len);
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
} }
TimeStampResp_free(reply); TimeStampResp_free(reply);
return 1; return 1;
@ -899,8 +899,8 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
if (((len = i2d_PKCS7_SIGNER_INFO(info, NULL)) <= 0) || if (((len = i2d_PKCS7_SIGNER_INFO(info, NULL)) <= 0) ||
(p = OPENSSL_malloc(len)) == NULL) { (p = OPENSSL_malloc(len)) == NULL) {
if (verbose) { if (verbose) {
fprintf(stderr, "Failed to convert signer info: %d\n", len); printf("Failed to convert signer info: %d\n", len);
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
} }
PKCS7_free(p7); PKCS7_free(p7);
return 1; return 1;
@ -1255,9 +1255,9 @@ static void help_for(const char *argv0, const char *cmd)
usage(argv0, cmd); usage(argv0, cmd);
} }
#define DO_EXIT_0(x) { fprintf(stderr, x); goto err_cleanup; } #define DO_EXIT_0(x) { printf(x); goto err_cleanup; }
#define DO_EXIT_1(x, y) { fprintf(stderr, x, y); goto err_cleanup; } #define DO_EXIT_1(x, y) { printf(x, y); goto err_cleanup; }
#define DO_EXIT_2(x, y, z) { fprintf(stderr, x, y, z); goto err_cleanup; } #define DO_EXIT_2(x, y, z) { printf(x, y, z); goto err_cleanup; }
#define GET_UINT8_LE(p) ((u_char*)(p))[0] #define GET_UINT8_LE(p) ((u_char*)(p))[0]
@ -1389,7 +1389,7 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, FILE_HEADER *header
ph = pe_calc_page_hash(indata, header->header_size, header->pe32plus, \ ph = pe_calc_page_hash(indata, header->header_size, header->pe32plus, \
header->fileend, phtype, &phlen); header->fileend, phtype, &phlen);
if (!ph) { if (!ph) {
fprintf(stderr, "Failed to calculate page hash\n"); printf("Failed to calculate page hash\n");
exit(-1); exit(-1);
} }
tohex(ph, hexbuf, (phlen < 32) ? phlen : 32); tohex(ph, hexbuf, (phlen < 32) ? phlen : 32);
@ -1505,7 +1505,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *opti
dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1);
SpcSipInfo_free(si); SpcSipInfo_free(si);
} else { } else {
fprintf(stderr, "Unexpected file type: %d\n", type); printf("Unexpected file type: %d\n", type);
exit(1); exit(1);
} }
@ -1543,14 +1543,14 @@ static int set_signing_blob(PKCS7 *sig, BIO *hash, char *buf, int len)
seqhdrlen = asn1_simple_hdr_len((unsigned char*)buf, len); seqhdrlen = asn1_simple_hdr_len((unsigned char*)buf, len);
if ((sigbio = PKCS7_dataInit(sig, NULL)) == NULL) { if ((sigbio = PKCS7_dataInit(sig, NULL)) == NULL) {
fprintf(stderr, "PKCS7_dataInit failed\n"); printf("PKCS7_dataInit failed\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
BIO_write(sigbio, buf+seqhdrlen, len-seqhdrlen+mdlen); BIO_write(sigbio, buf+seqhdrlen, len-seqhdrlen+mdlen);
(void)BIO_flush(sigbio); (void)BIO_flush(sigbio);
if (!PKCS7_dataFinal(sig, sigbio)) { if (!PKCS7_dataFinal(sig, sigbio)) {
fprintf(stderr, "PKCS7_dataFinal failed\n"); printf("PKCS7_dataFinal failed\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
BIO_free_all(sigbio); BIO_free_all(sigbio);
@ -1566,7 +1566,7 @@ static int set_signing_blob(PKCS7 *sig, BIO *hash, char *buf, int len)
ASN1_STRING_set(td7->d.other->value.sequence, buf, len+mdlen); ASN1_STRING_set(td7->d.other->value.sequence, buf, len+mdlen);
if (!PKCS7_set_content(sig, td7)) { if (!PKCS7_set_content(sig, td7)) {
PKCS7_free(td7); PKCS7_free(td7);
fprintf(stderr, "PKCS7_set_content failed\n"); printf("PKCS7_set_content failed\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
return 1; /* OK */ return 1; /* OK */
@ -1764,7 +1764,7 @@ static X509 *find_signer(PKCS7 *p7, char *leafhash, int *leafok)
*/ */
signers = PKCS7_get0_signers(p7, NULL, 0); signers = PKCS7_get0_signers(p7, NULL, 0);
if (!signers || sk_X509_num(signers) != 1) { if (!signers || sk_X509_num(signers) != 1) {
fprintf(stderr, "PKCS7_get0_signers error\n"); printf("PKCS7_get0_signers error\n");
goto out; goto out;
} }
printf("Signer's certificate:\n"); printf("Signer's certificate:\n");
@ -1777,7 +1777,7 @@ static X509 *find_signer(PKCS7 *p7, char *leafhash, int *leafok)
ret = 1; /* OK */ ret = 1; /* OK */
out: out:
if (!ret) if (!ret)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
sk_X509_free(signers); sk_X509_free(signers);
return cert; return cert;
} }
@ -1874,11 +1874,11 @@ static int load_crlfile_lookup(X509_STORE *store, char *certs, char *crl)
if (!lookup) if (!lookup)
return 0; /* FAILED */ return 0; /* FAILED */
if (!X509_load_cert_file(lookup, certs, X509_FILETYPE_PEM)) { if (!X509_load_cert_file(lookup, certs, X509_FILETYPE_PEM)) {
fprintf(stderr, "\nError: no certificate found\n"); printf("\nError: no certificate found\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
if (!X509_load_crl_file(lookup, crl, X509_FILETYPE_PEM)) { if (!X509_load_crl_file(lookup, crl, X509_FILETYPE_PEM)) {
fprintf(stderr, "\nError: no CRL found in %s\n", crl); printf("\nError: no CRL found in %s\n", crl);
return 0; /* FAILED */ return 0; /* FAILED */
} }
@ -1904,7 +1904,7 @@ static int load_file_lookup(X509_STORE *store, char *certs)
if (!lookup) if (!lookup)
return 0; /* FAILED */ return 0; /* FAILED */
if (!X509_load_cert_file(lookup, certs, X509_FILETYPE_PEM)) { if (!X509_load_cert_file(lookup, certs, X509_FILETYPE_PEM)) {
fprintf(stderr, "\nError: no certificate found\n"); printf("\nError: no certificate found\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
@ -2010,7 +2010,7 @@ static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_
/* Convert PKCS7 into CMS_ContentInfo */ /* Convert PKCS7 into CMS_ContentInfo */
if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc(len)) == NULL) { if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc(len)) == NULL) {
fprintf(stderr, "Failed to convert pkcs7: %d\n", len); printf("Failed to convert pkcs7: %d\n", len);
goto out; goto out;
} }
len = i2d_PKCS7(p7, &p); len = i2d_PKCS7(p7, &p);
@ -2021,7 +2021,7 @@ static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_
out: out:
if (!cms) if (!cms)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
PKCS7_free(p7); PKCS7_free(p7);
return cms; return cms;
} }
@ -2092,11 +2092,11 @@ static int append_signature_list(STACK_OF(SIGNATURE) **signatures, PKCS7 *p7, in
signature->time = time; signature->time = time;
signature->timestamp = timestamp; signature->timestamp = timestamp;
} else { } else {
fprintf(stderr, "Error: Authenticode Timestamp could not be decoded correctly\n\n"); printf("Error: Authenticode Timestamp could not be decoded correctly\n\n");
PKCS7_SIGNER_INFO_free(countersi); PKCS7_SIGNER_INFO_free(countersi);
} }
} else { } else {
fprintf(stderr, "Error: SPC_TIMESTAMP_SIGNING_TIME_OBJID attribute not found\n\n"); printf("Error: SPC_TIMESTAMP_SIGNING_TIME_OBJID attribute not found\n\n");
PKCS7_SIGNER_INFO_free(countersi); PKCS7_SIGNER_INFO_free(countersi);
} }
} else if (!strcmp(object_txt, SPC_RFC3161_OBJID)) { } else if (!strcmp(object_txt, SPC_RFC3161_OBJID)) {
@ -2114,12 +2114,12 @@ static int append_signature_list(STACK_OF(SIGNATURE) **signatures, PKCS7 *p7, in
signature->time = time; signature->time = time;
signature->timestamp = timestamp; signature->timestamp = timestamp;
} else { } else {
fprintf(stderr, "Error: Corrupt RFC3161 Timestamp embedded content\n\n"); printf("Error: Corrupt RFC3161 Timestamp embedded content\n\n");
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
} }
} else { } else {
fprintf(stderr, "Error: RFC3161 Timestamp could not be decoded correctly\n\n"); printf("Error: RFC3161 Timestamp could not be decoded correctly\n\n");
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
} }
} else if (allownest && !strcmp(object_txt, SPC_NESTED_SIGNATURE_OBJID)) { } else if (allownest && !strcmp(object_txt, SPC_NESTED_SIGNATURE_OBJID)) {
/* Nested Signature - Policy OID: 1.3.6.1.4.1.311.2.4.1 */ /* Nested Signature - Policy OID: 1.3.6.1.4.1.311.2.4.1 */
@ -2137,7 +2137,7 @@ static int append_signature_list(STACK_OF(SIGNATURE) **signatures, PKCS7 *p7, in
/* Unauthenticated Data Blob - Policy OID: 1.3.6.1.4.1.42921.1.2.1 */ /* Unauthenticated Data Blob - Policy OID: 1.3.6.1.4.1.42921.1.2.1 */
signature->blob = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTF8STRING, NULL); signature->blob = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTF8STRING, NULL);
} else } else
fprintf(stderr, "Unsupported Policy OID: %s\n\n", object_txt); printf("Unsupported Policy OID: %s\n\n", object_txt);
} }
if (!sk_SIGNATURE_unshift(*signatures, signature)) { if (!sk_SIGNATURE_unshift(*signatures, signature)) {
@ -2186,11 +2186,11 @@ static int TST_verify(CMS_ContentInfo *timestamp, PKCS7_SIGNER_INFO *si)
/* hash->length == EVP_MD_size(md) */ /* hash->length == EVP_MD_size(md) */
if (memcmp(mdbuf, hash->data, hash->length)) { if (memcmp(mdbuf, hash->data, hash->length)) {
tohex(mdbuf, hexbuf, EVP_MD_size(md)); tohex(mdbuf, hexbuf, EVP_MD_size(md));
fprintf(stderr, "Hash value mismatch:\n\tMessage digest algorithm: %s\n", printf("Hash value mismatch:\n\tMessage digest algorithm: %s\n",
(md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid));
fprintf(stderr, "\tComputed message digest : %s\n", hexbuf); printf("\tComputed message digest : %s\n", hexbuf);
tohex(hash->data, hexbuf, hash->length); tohex(hash->data, hexbuf, hash->length);
fprintf(stderr, "\tReceived message digest : %s\n" , hexbuf); printf("\tReceived message digest : %s\n" , hexbuf);
printf("File's message digest verification: failed\n"); printf("File's message digest verification: failed\n");
TimeStampToken_free(token); TimeStampToken_free(token);
return 0; /* FAILED */ return 0; /* FAILED */
@ -2323,7 +2323,7 @@ static int verify_crl(char *ca_file, char *crl_file, X509 *signer, STACK_OF(X509
out: out:
if (!verok) if (!verok)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
/* NULL is a valid parameter value for X509_STORE_free() and X509_STORE_CTX_free() */ /* NULL is a valid parameter value for X509_STORE_free() and X509_STORE_CTX_free() */
X509_STORE_free(store); X509_STORE_free(store);
X509_STORE_CTX_free(ctx); X509_STORE_CTX_free(ctx);
@ -2354,7 +2354,7 @@ static int verify_timestamp(SIGNATURE *signature, GLOBAL_OPTIONS *options)
if (!options->timestamp_expiration) if (!options->timestamp_expiration)
/* verify timestamp against the time of its creation */ /* verify timestamp against the time of its creation */
if (!set_store_time(store, signature->time)) { if (!set_store_time(store, signature->time)) {
fprintf(stderr, "Failed to set store time\n"); printf("Failed to set store time\n");
X509_STORE_free(store); X509_STORE_free(store);
goto out; goto out;
} }
@ -2366,7 +2366,7 @@ static int verify_timestamp(SIGNATURE *signature, GLOBAL_OPTIONS *options)
/* verify a CMS SignedData structure */ /* verify a CMS SignedData structure */
if (!CMS_verify(signature->timestamp, NULL, store, 0, NULL, 0)) { if (!CMS_verify(signature->timestamp, NULL, store, 0, NULL, 0)) {
fprintf(stderr, "\nCMS_verify error\n"); printf("\nCMS_verify error\n");
X509_STORE_free(store); X509_STORE_free(store);
goto out; goto out;
} }
@ -2394,7 +2394,7 @@ static int verify_timestamp(SIGNATURE *signature, GLOBAL_OPTIONS *options)
/* check extended key usage flag XKU_TIMESTAMP */ /* check extended key usage flag XKU_TIMESTAMP */
if (!(X509_get_extended_key_usage(signer) & XKU_TIMESTAMP)) { if (!(X509_get_extended_key_usage(signer) & XKU_TIMESTAMP)) {
fprintf(stderr, "Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); printf("Unsupported Signer's certificate purpose XKU_TIMESTAMP\n");
goto out; goto out;
} }
@ -2406,7 +2406,7 @@ static int verify_timestamp(SIGNATURE *signature, GLOBAL_OPTIONS *options)
verok = 1; /* OK */ verok = 1; /* OK */
out: out:
if (!verok) if (!verok)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
return verok; return verok;
} }
@ -2421,12 +2421,12 @@ static int verify_authenticode(SIGNATURE *signature, GLOBAL_OPTIONS *options, X5
if (!store) if (!store)
goto out; goto out;
if (!load_file_lookup(store, options->cafile)) { if (!load_file_lookup(store, options->cafile)) {
fprintf(stderr, "Failed to add store lookup file\n"); printf("Failed to add store lookup file\n");
X509_STORE_free(store); X509_STORE_free(store);
goto out; goto out;
} }
if (signature->time != INVALID_TIME && !set_store_time(store, signature->time)) { if (signature->time != INVALID_TIME && !set_store_time(store, signature->time)) {
fprintf(stderr, "Failed to set store time\n"); printf("Failed to set store time\n");
X509_STORE_free(store); X509_STORE_free(store);
goto out; goto out;
} }
@ -2437,7 +2437,7 @@ static int verify_authenticode(SIGNATURE *signature, GLOBAL_OPTIONS *options, X5
bio = BIO_new_mem_buf(signature->p7->d.sign->contents->d.other->value.sequence->data + seqhdrlen, bio = BIO_new_mem_buf(signature->p7->d.sign->contents->d.other->value.sequence->data + seqhdrlen,
signature->p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen); signature->p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen);
if (!PKCS7_verify(signature->p7, NULL, store, bio, NULL, 0)) { if (!PKCS7_verify(signature->p7, NULL, store, bio, NULL, 0)) {
fprintf(stderr, "\nPKCS7_verify error\n"); printf("\nPKCS7_verify error\n");
X509_STORE_free(store); X509_STORE_free(store);
BIO_free(bio); BIO_free(bio);
goto out; goto out;
@ -2456,14 +2456,14 @@ static int verify_authenticode(SIGNATURE *signature, GLOBAL_OPTIONS *options, X5
/* check extended key usage flag XKU_CODE_SIGN */ /* check extended key usage flag XKU_CODE_SIGN */
if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) { if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) {
fprintf(stderr, "Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); printf("Unsupported Signer's certificate purpose XKU_CODE_SIGN\n");
goto out; goto out;
} }
verok = 1; /* OK */ verok = 1; /* OK */
out: out:
if (!verok) if (!verok)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
return verok; return verok;
} }
@ -2871,7 +2871,7 @@ static int msi_verify_pkcs7(SIGNATURE *signature, GsfInfile *infile, unsigned ch
ret = verify_signature(signature, options); ret = verify_signature(signature, options);
out: out:
if (!ret) if (!ret)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
return ret; return ret;
} }
@ -3097,21 +3097,21 @@ static int msi_extract_file(GsfInfile *ole, GLOBAL_OPTIONS *options)
if (options->output_pkcs7) { if (options->output_pkcs7) {
sig = msi_extract_signature_to_pkcs7(ole); sig = msi_extract_signature_to_pkcs7(ole);
if (!sig) { if (!sig) {
fprintf(stderr, "Unable to extract existing signature\n"); printf("Unable to extract existing signature\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
/* Create outdata PEM file */ /* Create outdata PEM file */
#ifdef WIN32 #ifdef WIN32
if (!access(options->outfile, R_OK)) { if (!access(options->outfile, R_OK)) {
/* outdata file exists */ /* outdata file exists */
fprintf(stderr, "Failed to create file: %s\n", options->outfile); printf("Failed to create file: %s\n", options->outfile);
PKCS7_free(sig); PKCS7_free(sig);
return 1; /* FAILED */ return 1; /* FAILED */
} }
#endif #endif
outdata = BIO_new_file(options->outfile, FILE_CREATE_MODE); outdata = BIO_new_file(options->outfile, FILE_CREATE_MODE);
if (outdata == NULL) { if (outdata == NULL) {
fprintf(stderr, "Failed to create file: %s\n", options->outfile); printf("Failed to create file: %s\n", options->outfile);
PKCS7_free(sig); PKCS7_free(sig);
return 1; /* FAILED */ return 1; /* FAILED */
} }
@ -3136,13 +3136,13 @@ static int msi_check_MsiDigitalSignatureEx(GsfInfile *ole, const EVP_MD *md)
int mdlen, has_dse = 0; int mdlen, has_dse = 0;
if (msi_extract_dse(ole, NULL, &dselen, &has_dse) != 0 && has_dse) { if (msi_extract_dse(ole, NULL, &dselen, &has_dse) != 0 && has_dse) {
fprintf(stderr, "Unable to extract MsiDigitalSignatureEx section\n\n"); printf("Unable to extract MsiDigitalSignatureEx section\n\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
if (has_dse) { if (has_dse) {
mdlen = EVP_MD_size(md); mdlen = EVP_MD_size(md);
if (dselen != (unsigned long)mdlen) { if (dselen != (unsigned long)mdlen) {
fprintf(stderr,"Unable to add nested signature with a different MD type (-h parameter) " printf("Unable to add nested signature with a different MD type (-h parameter) "
"than what exists in the MSI file already.\nThis is due to the presence of " "than what exists in the MSI file already.\nThis is due to the presence of "
"MsiDigitalSignatureEx (-add-msi-dse parameter).\n\n"); "MsiDigitalSignatureEx (-add-msi-dse parameter).\n\n");
return 0; /* FAILED */ return 0; /* FAILED */
@ -3202,7 +3202,7 @@ static int msi_calc_MsiDigitalSignatureEx(GsfInfile *ole, const EVP_MD *md,
BIO_push(prehash, BIO_new(BIO_s_null())); BIO_push(prehash, BIO_new(BIO_s_null()));
if (!msi_prehash(ole, NULL, prehash)) { if (!msi_prehash(ole, NULL, prehash)) {
fprintf(stderr, "Unable to calculate MSI pre-hash ('metadata') hash\n"); printf("Unable to calculate MSI pre-hash ('metadata') hash\n");
BIO_free_all(prehash); BIO_free_all(prehash);
return 0; /* FAILED */ return 0; /* FAILED */
} }
@ -3400,7 +3400,7 @@ static int pe_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *head
ret = verify_signature(signature, options); ret = verify_signature(signature, options);
out: out:
if (!ret) if (!ret)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
OPENSSL_free(ph); OPENSSL_free(ph);
return ret; return ret;
} }
@ -3493,7 +3493,7 @@ static int pe_extract_file(char *indata, FILE_HEADER *header, BIO *outdata, int
if (output_pkcs7) { if (output_pkcs7) {
sig = pe_extract_existing_pkcs7(indata, header); sig = pe_extract_existing_pkcs7(indata, header);
if (!sig) { if (!sig) {
fprintf(stderr, "Unable to extract existing signature\n"); printf("Unable to extract existing signature\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
ret = !PEM_write_bio_PKCS7(outdata, sig); ret = !PEM_write_bio_PKCS7(outdata, sig);
@ -3797,7 +3797,7 @@ static int cab_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *hea
ret = verify_signature(signature, options); ret = verify_signature(signature, options);
out: out:
if (!ret) if (!ret)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
return ret; return ret;
} }
@ -3861,7 +3861,7 @@ static int cab_extract_file(char *indata, FILE_HEADER *header, BIO *outdata, int
if (output_pkcs7) { if (output_pkcs7) {
sig = cab_extract_existing_pkcs7(indata, header); sig = cab_extract_existing_pkcs7(indata, header);
if (!sig) { if (!sig) {
fprintf(stderr, "Unable to extract existing signature\n"); printf("Unable to extract existing signature\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
ret = !PEM_write_bio_PKCS7(outdata, sig); ret = !PEM_write_bio_PKCS7(outdata, sig);
@ -4193,7 +4193,7 @@ static PKCS7 *create_new_signature(file_type_t type,
si = PKCS7_add_signature(sig, signcert, cparams->pkey, options->md); si = PKCS7_add_signature(sig, signcert, cparams->pkey, options->md);
} }
if (si == NULL) { if (si == NULL) {
fprintf(stderr, "PKCS7_add_signature failed\n"); printf("PKCS7_add_signature failed\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
pkcs7_add_signing_time(si, options->signing_time); pkcs7_add_signing_time(si, options->signing_time);
@ -4207,7 +4207,7 @@ static PKCS7 *create_new_signature(file_type_t type,
if ((options->desc || options->url) && if ((options->desc || options->url) &&
!add_opus_attribute(si, options->desc, options->url)) { !add_opus_attribute(si, options->desc, options->url)) {
fprintf(stderr, "Couldn't allocate memory for opus info\n"); printf("Couldn't allocate memory for opus info\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
PKCS7_content_new(sig, NID_pkcs7_data); PKCS7_content_new(sig, NID_pkcs7_data);
@ -4266,11 +4266,11 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type,
if (options->nest) { if (options->nest) {
if (cursig == NULL) { if (cursig == NULL) {
fprintf(stderr, "Internal error: No 'cursig' was extracted\n"); printf("Internal error: No 'cursig' was extracted\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
if (pkcs7_set_nested_signature(cursig, sig, options->signing_time) == 0) { if (pkcs7_set_nested_signature(cursig, sig, options->signing_time) == 0) {
fprintf(stderr, "Unable to append the nested signature to the current signature\n"); printf("Unable to append the nested signature to the current signature\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
outsig = cursig; outsig = cursig;
@ -4279,7 +4279,7 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type,
} }
/* Append signature to outfile */ /* Append signature to outfile */
if (((*len = i2d_PKCS7(outsig, NULL)) <= 0) || (p = OPENSSL_malloc(*len)) == NULL) { if (((*len = i2d_PKCS7(outsig, NULL)) <= 0) || (p = OPENSSL_malloc(*len)) == NULL) {
fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", *len); printf("i2d_PKCS memory allocation failed: %d\n", *len);
return 1; /* FAILED */ return 1; /* FAILED */
} }
i2d_PKCS7(outsig, &p); i2d_PKCS7(outsig, &p);
@ -4304,12 +4304,12 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type,
/* Only output signatures if we're signing */ /* Only output signatures if we're signing */
if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) { if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) {
if (!msi_add_DigitalSignature(gsfparams->outole, p, *len)) { if (!msi_add_DigitalSignature(gsfparams->outole, p, *len)) {
fprintf(stderr, "Failed to write MSI 'DigitalSignature' signature to %s\n", options->infile); printf("Failed to write MSI 'DigitalSignature' signature to %s\n", options->infile);
return 1; /* FAILED */ return 1; /* FAILED */
} }
if (gsfparams->p_msiex != NULL && if (gsfparams->p_msiex != NULL &&
!msi_add_MsiDigitalSignatureEx(gsfparams->outole, gsfparams)) { !msi_add_MsiDigitalSignatureEx(gsfparams->outole, gsfparams)) {
fprintf(stderr, "Failed to write MSI 'MsiDigitalSignatureEx' signature to %s\n", options->infile); printf("Failed to write MSI 'MsiDigitalSignatureEx' signature to %s\n", options->infile);
return 1; /* FAILED */ return 1; /* FAILED */
} }
} }
@ -4381,12 +4381,12 @@ static off_t get_file_size(const char *infile)
ret = stat(infile, &st); ret = stat(infile, &st);
#endif #endif
if (ret) { if (ret) {
fprintf(stderr, "Failed to open file: %s\n", infile); printf("Failed to open file: %s\n", infile);
return 0; return 0;
} }
if (st.st_size < 4) { if (st.st_size < 4) {
fprintf(stderr, "Unrecognized file type - file is too short: %s\n", infile); printf("Unrecognized file type - file is too short: %s\n", infile);
return 0; return 0;
} }
return st.st_size; return st.st_size;
@ -4420,34 +4420,34 @@ static int input_validation(file_type_t type, GLOBAL_OPTIONS *options, FILE_HEAD
{ {
if (type == FILE_TYPE_CAB) { if (type == FILE_TYPE_CAB) {
if (options->pagehash == 1) if (options->pagehash == 1)
fprintf(stderr, "Warning: -ph option is only valid for PE files\n"); printf("Warning: -ph option is only valid for PE files\n");
#ifdef WITH_GSF #ifdef WITH_GSF
if (options->add_msi_dse == 1) if (options->add_msi_dse == 1)
fprintf(stderr, "Warning: -add-msi-dse option is only valid for MSI files\n"); printf("Warning: -add-msi-dse option is only valid for MSI files\n");
#endif #endif
if (!cab_verify_header(indata, options->infile, filesize, header)) { if (!cab_verify_header(indata, options->infile, filesize, header)) {
fprintf(stderr, "Corrupt CAB file\n"); printf("Corrupt CAB file\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
} else if (type == FILE_TYPE_PE) { } else if (type == FILE_TYPE_PE) {
if (options->jp >= 0) if (options->jp >= 0)
fprintf(stderr, "Warning: -jp option is only valid for CAB files\n"); printf("Warning: -jp option is only valid for CAB files\n");
#ifdef WITH_GSF #ifdef WITH_GSF
if (options->add_msi_dse == 1) if (options->add_msi_dse == 1)
fprintf(stderr, "Warning: -add-msi-dse option is only valid for MSI files\n"); printf("Warning: -add-msi-dse option is only valid for MSI files\n");
#endif #endif
if (!pe_verify_header(indata, options->infile, filesize, header)) { if (!pe_verify_header(indata, options->infile, filesize, header)) {
fprintf(stderr, "Corrupt PE file\n"); printf("Corrupt PE file\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
} else if (type == FILE_TYPE_MSI) { } else if (type == FILE_TYPE_MSI) {
if (options->pagehash == 1) if (options->pagehash == 1)
fprintf(stderr, "Warning: -ph option is only valid for PE files\n"); printf("Warning: -ph option is only valid for PE files\n");
if (options->jp >= 0) if (options->jp >= 0)
fprintf(stderr, "Warning: -jp option is only valid for CAB files\n"); printf("Warning: -jp option is only valid for CAB files\n");
#ifndef WITH_GSF #ifndef WITH_GSF
fprintf(stderr, "libgsf is not available, msi support is disabled: %s\n", options->infile); printf("libgsf is not available, msi support is disabled: %s\n", options->infile);
return 0; /* FAILED */ return 0; /* FAILED */
#endif #endif
} }
@ -4462,39 +4462,39 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
if (type == FILE_TYPE_PE) { if (type == FILE_TYPE_PE) {
filesize = get_file_size(options->outfile); filesize = get_file_size(options->outfile);
if (!filesize) { if (!filesize) {
fprintf(stderr, "Error verifying result\n"); printf("Error verifying result\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
outdata = map_file(options->outfile, filesize); outdata = map_file(options->outfile, filesize);
if (!outdata) { if (!outdata) {
fprintf(stderr, "Error verifying result\n"); printf("Error verifying result\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
if (!pe_verify_header(outdata, options->outfile, filesize, header)) { if (!pe_verify_header(outdata, options->outfile, filesize, header)) {
fprintf(stderr, "Corrupt PE file\n"); printf("Corrupt PE file\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
if (pe_verify_file(outdata, header, options)) { if (pe_verify_file(outdata, header, options)) {
fprintf(stderr, "Signature mismatch\n"); printf("Signature mismatch\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
} else if (type == FILE_TYPE_CAB) { } else if (type == FILE_TYPE_CAB) {
filesize = get_file_size(options->outfile); filesize = get_file_size(options->outfile);
if (!filesize) { if (!filesize) {
fprintf(stderr, "Error verifying result\n"); printf("Error verifying result\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
outdata = map_file(options->outfile, filesize); outdata = map_file(options->outfile, filesize);
if (!outdata) { if (!outdata) {
fprintf(stderr, "Error verifying result\n"); printf("Error verifying result\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
if (!cab_verify_header(outdata, options->outfile, filesize, header)) { if (!cab_verify_header(outdata, options->outfile, filesize, header)) {
fprintf(stderr, "Corrupt CAB file\n"); printf("Corrupt CAB file\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
if (cab_verify_file(outdata, header, options)) { if (cab_verify_file(outdata, header, options)) {
fprintf(stderr, "Signature mismatch\n"); printf("Signature mismatch\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
} else if (type == FILE_TYPE_MSI) { } else if (type == FILE_TYPE_MSI) {
@ -4505,7 +4505,7 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
src = gsf_input_stdio_new(options->outfile, NULL); src = gsf_input_stdio_new(options->outfile, NULL);
if (!src) { if (!src) {
fprintf(stderr, "Error opening output file %s\n", options->outfile); printf("Error opening output file %s\n", options->outfile);
return 1; /* FAILED */ return 1; /* FAILED */
} }
ole = gsf_infile_msole_new(src, NULL); ole = gsf_infile_msole_new(src, NULL);
@ -4513,15 +4513,15 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
ret = msi_verify_file(ole, options); ret = msi_verify_file(ole, options);
g_object_unref(ole); g_object_unref(ole);
if (ret) { if (ret) {
fprintf(stderr, "Signature mismatch\n"); printf("Signature mismatch\n");
return 1; /* FAILED */ return 1; /* FAILED */
} }
#else #else
fprintf(stderr, "libgsf is not available, msi support is disabled: %s\n", options->infile); printf("libgsf is not available, msi support is disabled: %s\n", options->infile);
return 1; /* FAILED */ return 1; /* FAILED */
#endif #endif
} else { } else {
fprintf(stderr, "Unknown input type for file: %s\n", options->infile); printf("Unknown input type for file: %s\n", options->infile);
return 1; /* FAILED */ return 1; /* FAILED */
} }
return 0; /* OK */ return 0; /* OK */
@ -4565,14 +4565,14 @@ static char *getpassword(const char *prompt)
nfl.c_lflag |= ECHONL; nfl.c_lflag |= ECHONL;
if (tcsetattr(fileno(stdin), TCSANOW, &nfl) != 0) { if (tcsetattr(fileno(stdin), TCSANOW, &nfl) != 0) {
fprintf(stderr, "Failed to set terminal attributes\n"); printf("Failed to set terminal attributes\n");
return NULL; return NULL;
} }
p = fgets(passbuf, sizeof(passbuf), stdin); p = fgets(passbuf, sizeof(passbuf), stdin);
if (tcsetattr(fileno(stdin), TCSANOW, &ofl) != 0) if (tcsetattr(fileno(stdin), TCSANOW, &ofl) != 0)
fprintf(stderr, "Failed to restore terminal attributes\n"); printf("Failed to restore terminal attributes\n");
if (!p) { if (!p) {
fprintf(stderr, "Failed to read password\n"); printf("Failed to read password\n");
return NULL; return NULL;
} }
passbuf[strlen(passbuf)-1] = 0x00; passbuf[strlen(passbuf)-1] = 0x00;
@ -4593,13 +4593,13 @@ static int read_password(GLOBAL_OPTIONS *options)
if (options->readpass) { if (options->readpass) {
passfd = open(options->readpass, O_RDONLY); passfd = open(options->readpass, O_RDONLY);
if (passfd < 0) { if (passfd < 0) {
fprintf(stderr, "Failed to open password file: %s\n", options->readpass); printf("Failed to open password file: %s\n", options->readpass);
return 0; /* FAILED */ return 0; /* FAILED */
} }
passlen = read(passfd, passbuf, sizeof(passbuf)-1); passlen = read(passfd, passbuf, sizeof(passbuf)-1);
close(passfd); close(passfd);
if (passlen <= 0) { if (passlen <= 0) {
fprintf(stderr, "Failed to read password from file: %s\n", options->readpass); printf("Failed to read password from file: %s\n", options->readpass);
return 0; /* FAILED */ return 0; /* FAILED */
} }
passbuf[passlen] = 0x00; passbuf[passlen] = 0x00;
@ -4646,12 +4646,12 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
if (options->pkcs12file != NULL) { if (options->pkcs12file != NULL) {
if ((btmp = BIO_new_file(options->pkcs12file, "rb")) == NULL || if ((btmp = BIO_new_file(options->pkcs12file, "rb")) == NULL ||
(p12 = d2i_PKCS12_bio(btmp, NULL)) == NULL) { (p12 = d2i_PKCS12_bio(btmp, NULL)) == NULL) {
fprintf(stderr, "Failed to read PKCS#12 file: %s\n", options->pkcs12file); printf("Failed to read PKCS#12 file: %s\n", options->pkcs12file);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
if (!PKCS12_parse(p12, options->pass ? options->pass : "", &cparams->pkey, &cparams->cert, &cparams->certs)) { if (!PKCS12_parse(p12, options->pass ? options->pass : "", &cparams->pkey, &cparams->cert, &cparams->certs)) {
fprintf(stderr, "Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file); printf("Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
PKCS12_free(p12); PKCS12_free(p12);
@ -4659,7 +4659,7 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL ||
((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(cparams->certs = PEM_read_certs(btmp, "")) == NULL)) { (cparams->certs = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); printf("Failed to read certificate file: %s\n", options->certfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
@ -4667,7 +4667,7 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
((cparams->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : "")) == NULL && ((cparams->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : "")) == NULL &&
(BIO_seek(btmp, 0) == 0) && (BIO_seek(btmp, 0) == 0) &&
(cparams->pkey = b2i_PVK_bio(btmp, NULL, NULL)) == NULL)) { (cparams->pkey = b2i_PVK_bio(btmp, NULL, NULL)) == NULL)) {
fprintf(stderr, "Failed to read PVK file: %s\n", options->pvkfile); printf("Failed to read PVK file: %s\n", options->pvkfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
@ -4676,54 +4676,54 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
ENGINE_load_dynamic(); ENGINE_load_dynamic();
cparams->dynamic = ENGINE_by_id("dynamic"); cparams->dynamic = ENGINE_by_id("dynamic");
if (!cparams->dynamic) { if (!cparams->dynamic) {
fprintf(stderr, "Failed to load 'dynamic' engine\n"); printf("Failed to load 'dynamic' engine\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if (1 != ENGINE_ctrl_cmd_string(cparams->dynamic, "SO_PATH", options->p11engine, CMD_MANDATORY)) { if (1 != ENGINE_ctrl_cmd_string(cparams->dynamic, "SO_PATH", options->p11engine, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn SO_PATH to '%s'\n", options->p11engine); printf("Failed to set dyn SO_PATH to '%s'\n", options->p11engine);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if (1 != ENGINE_ctrl_cmd_string(cparams->dynamic, "ID", "pkcs11", CMD_MANDATORY)) { if (1 != ENGINE_ctrl_cmd_string(cparams->dynamic, "ID", "pkcs11", CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn ID to 'pkcs11'\n"); printf("Failed to set dyn ID to 'pkcs11'\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if (1 != ENGINE_ctrl_cmd(cparams->dynamic, "LIST_ADD", 1, NULL, NULL, CMD_MANDATORY)) { if (1 != ENGINE_ctrl_cmd(cparams->dynamic, "LIST_ADD", 1, NULL, NULL, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn LIST_ADD to '1'\n"); printf("Failed to set dyn LIST_ADD to '1'\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if (1 != ENGINE_ctrl_cmd(cparams->dynamic, "LOAD", 1, NULL, NULL, CMD_MANDATORY)) { if (1 != ENGINE_ctrl_cmd(cparams->dynamic, "LOAD", 1, NULL, NULL, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn LOAD to '1'\n"); printf("Failed to set dyn LOAD to '1'\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
} else } else
ENGINE_load_builtin_engines(); ENGINE_load_builtin_engines();
cparams->pkcs11 = ENGINE_by_id("pkcs11"); cparams->pkcs11 = ENGINE_by_id("pkcs11");
if (!cparams->pkcs11) { if (!cparams->pkcs11) {
fprintf(stderr, "Failed to find and load pkcs11 engine\n"); printf("Failed to find and load pkcs11 engine\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if (1 != ENGINE_ctrl_cmd_string(cparams->pkcs11, "MODULE_PATH", options->p11module, CMD_MANDATORY)) { if (1 != ENGINE_ctrl_cmd_string(cparams->pkcs11, "MODULE_PATH", options->p11module, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module); printf("Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if (options->pass != NULL && if (options->pass != NULL &&
1 != ENGINE_ctrl_cmd_string(cparams->pkcs11, "PIN", options->pass, CMD_MANDATORY)) { 1 != ENGINE_ctrl_cmd_string(cparams->pkcs11, "PIN", options->pass, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set pkcs11 PIN\n"); printf("Failed to set pkcs11 PIN\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if (1 != ENGINE_init(cparams->pkcs11)) { if (1 != ENGINE_init(cparams->pkcs11)) {
fprintf(stderr, "Failed to initialized pkcs11 engine\n"); printf("Failed to initialized pkcs11 engine\n");
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
cparams->pkey = ENGINE_load_private_key(cparams->pkcs11, options->keyfile, NULL, NULL); cparams->pkey = ENGINE_load_private_key(cparams->pkcs11, options->keyfile, NULL, NULL);
if (cparams->pkey == NULL) { if (cparams->pkey == NULL) {
fprintf(stderr, "Failed to load private key %s\n", options->keyfile); printf("Failed to load private key %s\n", options->keyfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL ||
((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(cparams->certs = PEM_read_certs(btmp, "")) == NULL)) { (cparams->certs = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); printf("Failed to read certificate file: %s\n", options->certfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
@ -4731,7 +4731,7 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->certfile, "rb")) == NULL ||
((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7 = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(cparams->certs = PEM_read_certs(btmp, "")) == NULL)) { (cparams->certs = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); printf("Failed to read certificate file: %s\n", options->certfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
@ -4741,7 +4741,7 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
(cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : "")) == NULL && (cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : "")) == NULL &&
(BIO_seek(btmp, 0) == 0) && (BIO_seek(btmp, 0) == 0) &&
(cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) { (cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) {
fprintf(stderr, "Failed to read private key file: %s (Wrong password?)\n", options->keyfile); printf("Failed to read private key file: %s (Wrong password?)\n", options->keyfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
@ -4754,7 +4754,7 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
if ((btmp = BIO_new_file(options->xcertfile, "rb")) == NULL || if ((btmp = BIO_new_file(options->xcertfile, "rb")) == NULL ||
((p7x = d2i_PKCS7_bio(btmp, NULL)) == NULL && ((p7x = d2i_PKCS7_bio(btmp, NULL)) == NULL &&
(cparams->xcerts = PEM_read_certs(btmp, "")) == NULL)) { (cparams->xcerts = PEM_read_certs(btmp, "")) == NULL)) {
fprintf(stderr, "Failed to read cross certificate file: %s\n", options->xcertfile); printf("Failed to read cross certificate file: %s\n", options->xcertfile);
ret = 0; /* FAILED */ ret = 0; /* FAILED */
} }
BIO_free(btmp); BIO_free(btmp);
@ -4854,7 +4854,7 @@ static PKCS7 *get_sigfile(char *sigfile, file_type_t type)
} }
insigdata = map_file(sigfile, sigfilesize); insigdata = map_file(sigfile, sigfilesize);
if (!insigdata) { if (!insigdata) {
fprintf(stderr, "Failed to open file: %s\n", sigfile); printf("Failed to open file: %s\n", sigfile);
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1)) { if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1)) {
@ -4875,7 +4875,7 @@ static PKCS7 *get_sigfile(char *sigfile, file_type_t type)
const unsigned char *p = (unsigned char*)insigdata; const unsigned char *p = (unsigned char*)insigdata;
sig = d2i_PKCS7(NULL, &p, sigfilesize); sig = d2i_PKCS7(NULL, &p, sigfilesize);
#else #else
fprintf(stderr, "libgsf is not available, msi support is disabled\n"); printf("libgsf is not available, msi support is disabled\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
#endif #endif
} }
@ -4894,17 +4894,17 @@ static PKCS7 *get_pkcs7(cmd_type_t cmd, BIO *hash, file_type_t type, char *indat
if (cmd == CMD_ATTACH) { if (cmd == CMD_ATTACH) {
sig = get_sigfile(options->sigfile, type); sig = get_sigfile(options->sigfile, type);
if (!sig) { if (!sig) {
fprintf(stderr, "Unable to extract valid signature\n"); printf("Unable to extract valid signature\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
} else if (cmd == CMD_SIGN) { } else if (cmd == CMD_SIGN) {
sig = create_new_signature(type, options, cparams); sig = create_new_signature(type, options, cparams);
if (!sig) { if (!sig) {
fprintf(stderr, "Creating a new signature failed\n"); printf("Creating a new signature failed\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
if (!set_indirect_data_blob(sig, hash, type, indata, options, header)) { if (!set_indirect_data_blob(sig, hash, type, indata, options, header)) {
fprintf(stderr, "Signing failed\n"); printf("Signing failed\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
} }
@ -4926,12 +4926,12 @@ static PKCS7 *msi_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *he
/* Create outdata MSI file */ /* Create outdata MSI file */
if (!access(options->outfile, R_OK)) { if (!access(options->outfile, R_OK)) {
/* outdata file exists */ /* outdata file exists */
fprintf(stderr, "Failed to create file: %s\n", options->outfile); printf("Failed to create file: %s\n", options->outfile);
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
gsfparams->sink = gsf_output_stdio_new(options->outfile, NULL); gsfparams->sink = gsf_output_stdio_new(options->outfile, NULL);
if (!gsfparams->sink) { if (!gsfparams->sink) {
fprintf(stderr, "Failed to create file: %s\n", options->outfile); printf("Failed to create file: %s\n", options->outfile);
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
gsfparams->outole = gsf_outfile_msole_new(gsfparams->sink); gsfparams->outole = gsf_outfile_msole_new(gsfparams->sink);
@ -4940,7 +4940,7 @@ static PKCS7 *msi_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *he
if (options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ole, options->md, hash, gsfparams)) if (options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ole, options->md, hash, gsfparams))
return NULL; /* FAILED */ return NULL; /* FAILED */
if (!msi_handle_dir(ole, gsfparams->outole, hash)) { if (!msi_handle_dir(ole, gsfparams->outole, hash)) {
fprintf(stderr, "Unable to msi_handle_dir()\n"); printf("Unable to msi_handle_dir()\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
@ -4951,7 +4951,7 @@ static PKCS7 *msi_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *he
return NULL; /* FAILED */ return NULL; /* FAILED */
*cursig = msi_extract_signature_to_pkcs7(ole); *cursig = msi_extract_signature_to_pkcs7(ole);
if (*cursig == NULL) { if (*cursig == NULL) {
fprintf(stderr, "Unable to extract existing signature in -nest mode\n"); printf("Unable to extract existing signature in -nest mode\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
if (cmd == CMD_ADD) if (cmd == CMD_ADD)
@ -4976,7 +4976,7 @@ static PKCS7 *pe_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *hea
(cmd == CMD_ATTACH && options->nest) || cmd == CMD_ADD) { (cmd == CMD_ATTACH && options->nest) || cmd == CMD_ADD) {
*cursig = pe_extract_existing_pkcs7(indata, header); *cursig = pe_extract_existing_pkcs7(indata, header);
if (!*cursig) { if (!*cursig) {
fprintf(stderr, "Unable to extract existing signature\n"); printf("Unable to extract existing signature\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
if (cmd == CMD_ADD) if (cmd == CMD_ADD)
@ -5004,7 +5004,7 @@ static PKCS7 *cab_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *he
(cmd == CMD_ATTACH && options->nest) || cmd == CMD_ADD) { (cmd == CMD_ATTACH && options->nest) || cmd == CMD_ADD) {
*cursig = cab_extract_existing_pkcs7(indata, header); *cursig = cab_extract_existing_pkcs7(indata, header);
if (!*cursig) { if (!*cursig) {
fprintf(stderr, "Unable to extract existing signature\n"); printf("Unable to extract existing signature\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
if (cmd == CMD_ADD) if (cmd == CMD_ADD)
@ -5260,7 +5260,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS
(*cmd == CMD_SIGN && !((options->certfile && options->keyfile) || (*cmd == CMD_SIGN && !((options->certfile && options->keyfile) ||
options->pkcs12file || options->p11module))) { options->pkcs12file || options->p11module))) {
if (failarg) if (failarg)
fprintf(stderr, "Unknown option: %s\n", failarg); printf("Unknown option: %s\n", failarg);
usage(argv0, "all"); usage(argv0, "all");
} }
@ -5488,7 +5488,7 @@ err_cleanup:
free_crypto_params(&cparams, &options); free_crypto_params(&cparams, &options);
free_options(&options); free_options(&options);
if (ret) if (ret)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stdout);
cleanup_lib_state(); cleanup_lib_state();
printf(ret ? "Failed\n" : "Succeeded\n"); printf(ret ? "Failed\n" : "Succeeded\n");