nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-05-20 10:24:29 -05:00
Code Issues Projects Releases Wiki Activity

enable MsiDigitalSignatureEx

Browse Source
This commit is contained in:
olszomal 2020-03-27 15:00:47 +01:00
parent 0692db5ed3
commit 6383166189
2 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
osslsigncode.c
View File

@ -106,7 +106,7 @@ typedef unsigned char u_char;
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h> /* X509_PURPOSE_CRL_SIGN */
#include <openssl/x509v3.h> /* X509_PURPOSE */
#include <openssl/pkcs7.h>
#include <openssl/pkcs12.h>
#include <openssl/pem.h>
@ -125,6 +125,7 @@ typedef unsigned char u_char;
#include <curl/curl.h>
#define MAX_TS_SERVERS 256
#define GSF_CAN_READ_MSI_METADATA
#endif
@ -136,6 +137,7 @@ typedef unsigned char u_char;
#define TRUE 1
#endif
#if defined (HAVE_TERMIOS_H) || defined (HAVE_GETPASS)
#define PROVIDE_ASKPASS 1
#endif
@ -185,6 +187,8 @@ typedef unsigned char u_char;
*/
#define FLAG_RESERVE_PRESENT 0x0004
#define INVALID_TIME ((time_t)-1)
typedef struct {
char *infile;
char *outfile;
@ -255,8 +259,6 @@ typedef struct {
} GSF_PARAMS;
#endif
#define INVALID_TIME ((time_t)-1)
/*
ASN.1 definitions (more or less from official MS Authenticode docs)
@ -2549,7 +2551,7 @@ static int msi_verify_pkcs7(PKCS7 *p7, GsfInfile *infile, unsigned char *exdata,
#ifdef GSF_CAN_READ_MSI_METADATA
if (exdata) {
tohex(cexmdbuf, hexbuf, EVP_MD_size(md));
int exok = !memcmp(exdata, cexmdbuf, MIN(EVP_MD_size(md), exlen));
int exok = !memcmp(exdata, cexmdbuf, MIN((size_t)EVP_MD_size(md), exlen));
if (!exok) ret = 1;
printf("Calculated MsiDigitalSignatureEx : %s", hexbuf);
if (exok) {
@ -2918,13 +2920,13 @@ static int msi_add_DigitalSignature(GsfOutfile *outole, u_char *p, int len)
return ret;
}
static int msi_add_MsiDigitalSignatureEx(GsfOutfile *outole, u_char *p_msiex, int len_msiex)
static int msi_add_MsiDigitalSignatureEx(GsfOutfile *outole, GSF_PARAMS *gsfparams)
{
GsfOutput *child;
int ret = 1;
child = gsf_outfile_new_child(outole, "\05MsiDigitalSignatureEx", FALSE);
if (!gsf_output_write(child, len_msiex, p_msiex))
if (!gsf_output_write(child, gsfparams->len_msiex, gsfparams->p_msiex))
ret = 0;
gsf_output_close(child);
@ -4003,7 +4005,7 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_typ
return 0; /* FAILED */
}
if (gsfparams->p_msiex != NULL &&
!msi_add_MsiDigitalSignatureEx(gsfparams->outole, gsfparams->p_msiex, gsfparams->len_msiex)) {
!msi_add_MsiDigitalSignatureEx(gsfparams->outole, gsfparams)) {
fprintf(stderr, "Failed to write MSI 'MsiDigitalSignatureEx' signature to %s\n", options->infile);
return 0; /* FAILED */
}

3
tests/recipes/41_sign_add_msi_dse
View File

@ -25,9 +25,8 @@ if test -s "sample.msi"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_411.msi"
#"MsiDigitalSignatureEx 4d00730069004400690067006900740061006c005300690067006e0061007400750072006500450078"
verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "4d00730069004400690067006900740061006c005300690067006e0061007400750072006500450078" "UNUSED_PATTERN"
"UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"