more consistent code formatting and indentation

2025-04-09 10:38:05 -05:00 · 2018-12-05 22:59:41 +01:00 · 2018-12-05 22:59:41 +01:00 · 642a290343
commit 642a290343
parent fe89b08e35
1 changed files with 210 additions and 191 deletions
--- a/osslsigncode.c
+++ b/osslsigncode.c
@ -353,7 +353,6 @@ ASN1_SEQUENCE(TimeStampRequestBlob) = {
 IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequestBlob)
 typedef struct {
 	ASN1_OBJECT *type;
 	TimeStampRequestBlob *blob;
@ -464,7 +463,8 @@ static SpcSpOpusInfo* createOpus(const char *desc, const char *url)
 	return info;
 }
-static unsigned int asn1_simple_hdr_len(const unsigned char *p, unsigned int len) {
+static unsigned int asn1_simple_hdr_len(const unsigned char *p, unsigned int len)
 {
 	if (len <= 2 || p[0] > 0x31)
 		return 0;
 	return (p[1]&0x80) ? (2 + (p[1]&0x7f)) : 2;
@ -482,7 +482,7 @@ static int add_unauthenticated_blob(PKCS7 *sig)
 {
 	u_char *p = NULL;
 	int len = 1024+4;
-	char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---";  // Length data for ASN1 attribute plus prefix
+	char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; /* Length data for ASN1 attribute plus prefix */
 	char postfix[] = "---END_BLOB---";
 	PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(sig->d.sign->signer_info, 0);
@ -496,8 +496,7 @@ static int add_unauthenticated_blob(PKCS7 *sig)
 	ASN1_STRING_set(astr, p, len);
 	int nid = OBJ_create("1.3.6.1.4.1.42921.1.2.1",
-						 "unauthenticatedData",
+		"unauthenticatedData", "unauthenticatedData");
 						 "unauthenticatedData");
 	PKCS7_add_attribute (si, nid, V_ASN1_SEQUENCE, astr);
@ -512,6 +511,7 @@ static int g_verbose = 0;
 #ifdef ENABLE_CURL
 static int blob_has_nl = 0;
 static size_t curl_write(void *ptr, size_t sz, size_t nmemb, void *stream)
 {
 	if (sz*nmemb > 0 && !blob_has_nl) {
@ -559,12 +559,12 @@ static void print_timestamp_error(const char *url, long http_code)
  <signature>
  .. and it returns a base64 encoded PKCS#7 structure.
 */
-static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const EVP_MD *md, int verbose, int noverifypeer)
+static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
 	const EVP_MD *md, int verbose, int noverifypeer)
 {
 	CURL *curl;
 	struct curl_slist *slist = NULL;
@ -761,8 +761,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
 			astr = ASN1_STRING_new();
 			ASN1_STRING_set(astr, p, len);
 			OPENSSL_free(p);
-			PKCS7_add_attribute
+			PKCS7_add_attribute(si, NID_pkcs9_countersignature,
 				(si, NID_pkcs9_countersignature,
 				V_ASN1_SEQUENCE, astr);
 			PKCS7_free(p7);
@ -775,7 +774,8 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
 	return (int)c;
 }
-static int add_timestamp_authenticode(PKCS7 *sig, char **url, int nurls, char *proxy, int noverifypeer)
+static int add_timestamp_authenticode(PKCS7 *sig, char **url, int nurls,
 	char *proxy, int noverifypeer)
 {
 	int i;
 	for (i=0; i<nurls; i++) {
@ -785,7 +785,8 @@ static int add_timestamp_authenticode(PKCS7 *sig, char **url, int nurls, char *p
 	return -1;
 }
-static int add_timestamp_rfc3161(PKCS7 *sig, char **url, int nurls, char *proxy, const EVP_MD *md, int noverifypeer)
+static int add_timestamp_rfc3161(PKCS7 *sig, char **url, int nurls,
 	char *proxy, const EVP_MD *md, int noverifypeer)
 {
 	int i;
 	for (i=0; i<nurls; i++) {
@ -840,8 +841,10 @@ static void usage(const char *argv0)
 			"\t\t[ -addUnauthenticatedBlob ]\n\n"
 			"\t\t[ -nest ]\n\n"
 			"\t\t[ -verbose ]\n\n"
 #ifdef WITH_GSF
 			"\t\tMSI specific:\n"
 			"\t\t[ -add-msi-dse ]\n\n"
 #endif
 			"\t\t[ -in ] <infile> [-out ] <outfile>\n\n"
 			"\textract-signature [ -pem ] [ -in ] <infile> [ -out ] <outfile>\n\n"
 			"\tremove-signature [ -in ] <infile> [ -out ] <outfile>\n\n"
@ -917,14 +920,15 @@ static const unsigned char classid_page_hash[] = {
 	0xAE, 0x05, 0xA2, 0x17, 0xDA, 0x8E, 0x60, 0xD6
 };
-static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
+static unsigned char *calc_page_hash(char *indata, unsigned int peheader,
-									 unsigned int sigpos, int phtype, unsigned int *phlen);
+	int pe32plus, unsigned int sigpos, int phtype, unsigned int *phlen);
 DEFINE_STACK_OF(ASN1_OCTET_STRING)
 DEFINE_STACK_OF(SpcAttributeTypeAndOptionalValue)
-static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int peheader, int pe32plus, unsigned int sigpos)
+static SpcLink *get_page_hash_link(int phtype, char *indata,
 	unsigned int peheader, int pe32plus, unsigned int sigpos)
 {
 	unsigned int phlen;
 	unsigned char *ph = calc_page_hash(indata, peheader, pe32plus, sigpos, phtype, &phlen);
@ -974,9 +978,9 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int pehead
 	return link;
 }
-static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, file_type_t type,
+static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md,
-								   int pagehash, char *indata, unsigned int peheader, int pe32plus,
+	file_type_t type, int pagehash, char *indata, unsigned int peheader,
-								   unsigned int sigpos)
+	int pe32plus, unsigned int sigpos)
 {
 	static const unsigned char msistr[] = {
 		0xf1, 0x10, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -1099,7 +1103,8 @@ static void recalc_pe_checksum(BIO *bio, unsigned int peheader)
 	BIO_write(bio, buf, 4);
 }
-static unsigned char nib2val(unsigned char c) {
+static unsigned char nib2val(unsigned char c)
 {
 	if (c >= '0' && c <= '9') {
 		return c - '0';
 	} else if (c >= 'a' && c <= 'f') {
@ -1112,7 +1117,8 @@ static unsigned char nib2val(unsigned char c) {
 	return 0;
 }
-static int verify_leaf_hash(X509 *leaf, const char *leafhash) {
+static int verify_leaf_hash(X509 *leaf, const char *leafhash)
 {
 	char *lhdup = NULL;
 	char *orig = NULL;
 	char *mdid = NULL;
@ -1195,16 +1201,19 @@ out:
 	return ret;
 }
-// pkcs7_get_nested_signature exctracts a nested signature from p7.
+/*
-// The caller is responsible for freeing the returned object.
+ * pkcs7_get_nested_signature exctracts a nested signature from p7.
-//
+ * The caller is responsible for freeing the returned object.
-// If has_sig is provided, it will be set to either 1 if there is a
+ *
-// SPC_NESTED_SIGNATURE attribute in p7 at all or 0 if not.
+ * If has_sig is provided, it will be set to either 1 if there is a
-// This allows has_sig to be used to distinguish two possible scenarios
+ * SPC_NESTED_SIGNATURE attribute in p7 at all or 0 if not.
-// when the functon returns NULL: if has_sig is 1, it means d2i_PKCS7
+ * This allows has_sig to be used to distinguish two possible scenarios
-// failed to decode the nested signature. However, if has_sig is 0, it
+ * when the functon returns NULL: if has_sig is 1, it means d2i_PKCS7
-// simply means the given p7 does not have a nested signature.
+ * failed to decode the nested signature. However, if has_sig is 0, it
-static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig) {
+ * simply means the given p7 does not have a nested signature.
 */
 static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig)
 {
 	PKCS7 *ret = NULL;
 	PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0);
 	ASN1_TYPE *nestedSignature = PKCS7_get_attribute(si, OBJ_txt2nid(SPC_NESTED_SIGNATURE_OBJID));
@ -1218,9 +1227,12 @@ static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig) {
 	return ret;
 }
-// pkcs7_set_nested_signature adds the p7nest signature to p7
+/*
-// as a nested signature (SPC_NESTED_SIGNATURE).
+ * pkcs7_set_nested_signature adds the p7nest signature to p7
-static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest) {
+ * as a nested signature (SPC_NESTED_SIGNATURE).
 */
 static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest)
 {
 	u_char *p = NULL;
 	int len = 0;
@ -1395,8 +1407,8 @@ static gboolean msi_prehash(GsfInfile *infile, gchar *dirname, BIO *hash)
 		 * These are always zero. The ctime and mtime of the actual
 		 * file itself takes precedence.
 		 */
-		BIO_write(hash, zeroes, 8); // ctime as Windows FILETIME.
+		BIO_write(hash, zeroes, 8); /* ctime as Windows FILETIME */
-		BIO_write(hash, zeroes, 8); // mtime as Windows FILETIME.
+		BIO_write(hash, zeroes, 8); /* mtime as Windows FILETIME */
 	}
 	sorted = msi_sorted_infile_children(infile);
@ -1434,8 +1446,8 @@ static gboolean msi_prehash(GsfInfile *infile, gchar *dirname, BIO *hash)
 			 * zeroed, because libgsf doesn't seem
 			 * to support outputting them.
 			 */
-			BIO_write(hash, zeroes, 8); // ctime as a Windows FILETIME
+			BIO_write(hash, zeroes, 8); /* ctime as Windows FILETIME */
-			BIO_write(hash, zeroes, 8); // mtime as a Windows FILETIME
+			BIO_write(hash, zeroes, 8); /* mtime as Windows FILETIME */
 		}
 	}
@ -1506,7 +1518,10 @@ static gboolean msi_handle_dir(GsfInfile *infile, GsfOutfile *outole, BIO *hash)
 * msi_verify_pkcs7 is a helper function for msi_verify_file.
 * It exists to make it easier to implement verification of nested signatures.
 */
-static int msi_verify_pkcs7(PKCS7 *p7, GsfInfile *infile, unsigned char *exdata, unsigned int exlen, char *leafhash, int allownest) {
+static int msi_verify_pkcs7(PKCS7 *p7, GsfInfile *infile,
 	unsigned char *exdata, unsigned int exlen, char *leafhash,
 	int allownest)
 {
 	int i = 0;
 	int ret = 0;
 	X509_STORE *store = NULL;
@ -1678,10 +1693,12 @@ static int msi_verify_pkcs7(PKCS7 *p7, GsfInfile *infile, unsigned char *exdata,
 		} else if (!p7nest && has_sig) {
 			printf("\nFailed to decode nested signature!\n");
 			ret = 1;
-		} else
+		} else {
 			printf("\n");
-	} else
+		}
 	} else {
 		printf("\n");
 	}
 out:
 	if (store)
@ -1693,7 +1710,8 @@ out:
 /*
 * msi_verify_file checks whether or not the signature of infile is valid.
 */
-static int msi_verify_file(GsfInfile *infile, char *leafhash) {
+static int msi_verify_file(GsfInfile *infile, char *leafhash)
 {
 	GsfInput *sig = NULL;
 	GsfInput *exsig = NULL;
 	unsigned char *exdata = NULL;
@ -1749,7 +1767,9 @@ out:
 	return ret;
 }
-static int msi_extract_dse(GsfInfile *infile, unsigned char **dsebuf, unsigned long *dselen, int *has_dse) {
+static int msi_extract_dse(GsfInfile *infile, unsigned char **dsebuf,
 	unsigned long *dselen, int *has_dse)
 {
 	GsfInput *exsig = NULL;
 	gchar decoded[0x40];
 	u_char *buf = NULL;
@ -1795,7 +1815,8 @@ out:
 * msi_extract_signature_to_file extracts the MSI DigitalSignaure from infile
 * to a file at the path given by outfile.
 */
-static int msi_extract_signature_to_file(GsfInfile *infile, char *outfile) {
+static int msi_extract_signature_to_file(GsfInfile *infile, char *outfile)
 {
 	unsigned char hexbuf[EVP_MAX_MD_SIZE*2+1];
 	GsfInput *sig = NULL;
 	GsfInput *exsig = NULL;
@ -1862,7 +1883,8 @@ out:
 	return ret;
 }
-static PKCS7 *msi_extract_signature_to_pkcs7(GsfInfile *infile) {
+static PKCS7 *msi_extract_signature_to_pkcs7(GsfInfile *infile)
 {
 	GsfInput *sig = NULL;
 	gchar decoded[0x40];
 	PKCS7 *p7 = NULL;
@ -1932,7 +1954,6 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
 	EVP_MD_CTX_free(mdctx);
 }
 static void	extract_page_hash (SpcAttributeTypeAndOptionalValue *obj,
 	unsigned char **ph, unsigned int *phlen, int *phtype)
 {
@ -1987,8 +2008,8 @@ static void	extract_page_hash (SpcAttributeTypeAndOptionalValue *obj,
 	SpcAttributeTypeAndOptionalValue_free(obj);
 }
-static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
+static unsigned char *calc_page_hash(char *indata, unsigned int peheader,
-									 unsigned int sigpos, int phtype, unsigned int *rphlen)
+	int pe32plus, unsigned int sigpos, int phtype, unsigned int *rphlen)
 {
 	unsigned short nsections = GET_UINT16_LE(indata + peheader + 6);
 	unsigned int pagesize = GET_UINT32_LE(indata + peheader + 56);
@ -2040,9 +2061,9 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
 	return res;
 }
-static int verify_pe_pkcs7(PKCS7 *p7, char *indata, unsigned int peheader, int pe32plus,
+static int verify_pe_pkcs7(PKCS7 *p7, char *indata, unsigned int peheader,
-						   unsigned int sigpos, unsigned int siglen, char *leafhash,
+	int pe32plus, unsigned int sigpos, unsigned int siglen,
-						   int allownest)
+	char *leafhash, int allownest)
 {
 	int ret = 0;
 	int mdtype = -1, phtype = -1;
@ -2177,10 +2198,12 @@ static int verify_pe_pkcs7(PKCS7 *p7, char *indata, unsigned int peheader, int p
 		} else if (!p7nest && has_sig) {
 			printf("\nFailed to decode nested signature!\n");
 			ret = 1;
-		} else
+		} else {
 			printf("\n");
-	} else
+		}
 	} else {
 		printf("\n");
 	}
 	X509_STORE_free(store);
@ -2232,10 +2255,12 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
 	return ret;
 }
-// extract_existing_pe_pkcs7 retreives a decoded PKCS7 struct corresponding to the
+/*
-// existing signature of the PE file.
+ * extract_existing_pe_pkcs7 retreives a decoded PKCS7 struct
-static PKCS7 *extract_existing_pe_pkcs7(char *indata, unsigned int peheader, int pe32plus,
+ * corresponding to the existing signature of the PE file.
-									   unsigned int sigpos, unsigned int siglen)
+ */
 static PKCS7 *extract_existing_pe_pkcs7(char *indata, unsigned int peheader,
 	int pe32plus, unsigned int sigpos, unsigned int siglen)
 {
 	unsigned int pos = 0;
 	PKCS7 *p7 = NULL;
@ -2289,8 +2314,7 @@ static off_t get_file_size(const char *infile)
 	struct stat st;
 	ret = stat(infile, &st);
 #endif
-	if (ret)
+	if (ret) {
 	{
 		fprintf(stderr, "Failed to open file: %s\n", infile);
 		return 0;
 	}
@ -2326,7 +2350,7 @@ static char* map_file(const char *infile, const off_t size)
 }
 #ifdef PROVIDE_ASKPASS
-char *getpassword(const char *prompt)
+static char *getpassword(const char *prompt)
 {
 #ifdef HAVE_TERMIOS_H
 	struct termios ofl, nfl;
@ -2364,8 +2388,7 @@ char *getpassword(const char *prompt)
 }
 #endif
-int main(int argc, char **argv)
+int main(int argc, char **argv) {
 {
 	BIO *btmp, *sigbio, *hash, *outdata;
 	PKCS12 *p12;
 	PKCS7 *p7 = NULL, *cursig = NULL, *outsig = NULL, *sig, *p7x = NULL;
@ -2389,13 +2412,15 @@ int main(int argc, char **argv)
 	int noverifypeer = 0;
 #endif
 	int nest = 0;
 #ifdef WITH_GSF
 	int add_msi_dse = 0;
 #endif
 	int nturl = 0, ntsurl = 0;
 	int addBlob = 0;
 	u_char *p = NULL;
 	int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0, pagehash = 0;
 	unsigned int tmp, peheader = 0, padlen = 0;
-	off_t filesize, fileend, sigfilesize, sigfileend, outdatasize;
+	off_t filesize, fileend, sigfilesize, outdatasize;
 	file_type_t type;
 	cmd_type_t cmd = CMD_SIGN;
 	char *failarg = NULL;
@ -2554,8 +2579,10 @@ int main(int argc, char **argv)
 			nest = 1;
 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-verbose")) {
 			g_verbose = 1;
 #ifdef WITH_GSF
 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-add-msi-dse")) {
 			add_msi_dse = 1;
 #endif
 		} else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-require-leaf-hash")) {
 			if (--argc < 1) usage(argv0);
 			leafhash = (*++argv);
@ -2817,19 +2844,21 @@ int main(int argc, char **argv)
 					DO_EXIT_1("Unable to open %s\n\n", outfile);
 				ret = !PEM_write_bio_PKCS7(outdata, sig);
 				BIO_free_all(outdata);
-			}
+			} else {
 			else
 				ret = msi_extract_signature_to_file(ole, outfile);
 			}
 			goto skip_signing;
 		} else if (cmd == CMD_VERIFY) {
 			ret = msi_verify_file(ole, leafhash);
 			goto skip_signing;
 		} else if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) {
 				if (nest || cmd == CMD_ADD) {
-				// Perform a sanity check for the MsiDigitalSignatureEx section.
+				/*
-				// If the file we're attempting to sign has an MsiDigitalSignatureEx
+				 * Perform a sanity check for the MsiDigitalSignatureEx section.
-				// section, we can't add a nested signature of a different MD type
+				 * If the file we're attempting to sign has an MsiDigitalSignatureEx
-				// without breaking the initial signature.
+				 * section, we can't add a nested signature of a different MD type
 				 * without breaking the initial signature.
 				 */
 				{
 					unsigned long dselen = 0;
 					int has_dse = 0;
@ -3022,9 +3051,9 @@ int main(int argc, char **argv)
 				if (!sig)
 					DO_EXIT_0("Unable to extract existing signature.");
 				PEM_write_bio_PKCS7(outdata, sig);
-			}
+			} else {
 			else
 				BIO_write(outdata, indata + sigpos, siglen);
 			}
 			goto skip_signing;
 		}
@ -3073,8 +3102,7 @@ int main(int argc, char **argv)
 	if (cmd == CMD_ADD)
 		goto add_only;
-	if(cmd == CMD_ATTACH)
+	if (cmd == CMD_ATTACH) {
 	{
 		const char pemhdr[] = "-----BEGIN PKCS7-----";
 		sigfilesize = get_file_size(sigfile);
 		if (!sigfilesize)
@ -3083,17 +3111,14 @@ int main(int argc, char **argv)
 		if (insigdata == NULL)
 			DO_EXIT_1("Failed to open file: %s\n", infile);
-		if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1))
+		if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1)) {
 		{
 			sigbio = BIO_new_mem_buf(insigdata, sigfilesize);
 			sig = PEM_read_bio_PKCS7(sigbio, NULL, NULL, NULL);
 			BIO_free_all(sigbio);
-		}
+		} else {
 		else {
 			if (type == FILE_TYPE_PE) {
 				sig = extract_existing_pe_pkcs7(insigdata, peheader, pe32plus, 0, sigfilesize);
-			}
+			} else if (type == FILE_TYPE_MSI) {
 			else if (type == FILE_TYPE_MSI) {
 #ifdef WITH_GSF
 				const unsigned char *p = (unsigned char*)insigdata;
 				sig = d2i_PKCS7(NULL, &p, sigfilesize);
@ -3130,8 +3155,7 @@ int main(int argc, char **argv)
 	if (si == NULL)
 		DO_EXIT_0("Signing failed(PKCS7_add_signature)\n");
-	PKCS7_add_signed_attribute
+	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
 		(si, NID_pkcs9_contentType,
 		V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1));
 	if (type == FILE_TYPE_CAB && jp >= 0) {
@ -3156,8 +3180,7 @@ int main(int argc, char **argv)
 		if (attrs) {
 			astr = ASN1_STRING_new();
 			ASN1_STRING_set(astr, attrs, len);
-			PKCS7_add_signed_attribute
+			PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_MS_JAVA_SOMETHING),
 				(si, OBJ_txt2nid(SPC_MS_JAVA_SOMETHING),
 				V_ASN1_SEQUENCE, astr);
 		}
 	}
@ -3362,9 +3385,7 @@ skip_signing:
 			if (ret) {
 				DO_EXIT_0("Signature mismatch.\n");
 			}
-		}
+		} else if (type == FILE_TYPE_MSI) {
 		else if (type == FILE_TYPE_MSI)
 		{
 #ifdef WITH_GSF
 			GsfInput *src;
 			GsfInfile *ole;
@ -3382,15 +3403,13 @@ skip_signing:
 #else
 			DO_EXIT_1("libgsf is not available, msi support is disabled: %s\n", infile);
 #endif
-		}
+		} else {
 		else
 		{
 			DO_EXIT_1("Unknown input type for file: %s\n", infile);
 		}
 		printf("Signature successfully attached.\n");
-	}
+	} else {
        else
 		printf(ret ? "Failed\n" : "Succeeded\n");
 	}
 	cleanup_lib_state();
 	return ret;
@ -3429,5 +3448,5 @@ Local Variables:
   indent-tabs-mode: t
 End:
-  vim: set ts=4 :
+  vim: set ts=4 noexpandtab:
 */