nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

more consistent code formatting and indentation

Browse Source
This commit is contained in:
Michał Trojnara 2018-12-05 22:59:41 +01:00
parent fe89b08e35
commit 642a290343
1 changed files with 210 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
osslsigncode.c
View File

@ -353,7 +353,6 @@ ASN1_SEQUENCE(TimeStampRequestBlob) = {
IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequestBlob)
typedef struct {
ASN1_OBJECT *type;
TimeStampRequestBlob *blob;
@ -464,7 +463,8 @@ static SpcSpOpusInfo* createOpus(const char *desc, const char *url)
return info;
}
static unsigned int asn1_simple_hdr_len(const unsigned char *p, unsigned int len) {
static unsigned int asn1_simple_hdr_len(const unsigned char *p, unsigned int len)
{
if (len <= 2 || p[0] > 0x31)
return 0;
return (p[1]&0x80) ? (2 + (p[1]&0x7f)) : 2;
@ -482,7 +482,7 @@ static int add_unauthenticated_blob(PKCS7 *sig)
{
u_char *p = NULL;
int len = 1024+4;
char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; // Length data for ASN1 attribute plus prefix
char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; /* Length data for ASN1 attribute plus prefix */
char postfix[] = "---END_BLOB---";
PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(sig->d.sign->signer_info, 0);
@ -496,8 +496,7 @@ static int add_unauthenticated_blob(PKCS7 *sig)
ASN1_STRING_set(astr, p, len);
int nid = OBJ_create("1.3.6.1.4.1.42921.1.2.1",
"unauthenticatedData",
"unauthenticatedData");
"unauthenticatedData", "unauthenticatedData");
PKCS7_add_attribute (si, nid, V_ASN1_SEQUENCE, astr);
@ -512,6 +511,7 @@ static int g_verbose = 0;
#ifdef ENABLE_CURL
static int blob_has_nl = 0;
static size_t curl_write(void *ptr, size_t sz, size_t nmemb, void *stream)
{
if (sz*nmemb > 0 && !blob_has_nl) {
@ -559,12 +559,12 @@ static void print_timestamp_error(const char *url, long http_code)
<signature>
.. and it returns a base64 encoded PKCS#7 structure.
*/
static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const EVP_MD *md, int verbose, int noverifypeer)
static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
const EVP_MD *md, int verbose, int noverifypeer)
{
CURL *curl;
struct curl_slist *slist = NULL;
@ -761,8 +761,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
astr = ASN1_STRING_new();
ASN1_STRING_set(astr, p, len);
OPENSSL_free(p);
PKCS7_add_attribute
(si, NID_pkcs9_countersignature,
PKCS7_add_attribute(si, NID_pkcs9_countersignature,
V_ASN1_SEQUENCE, astr);
PKCS7_free(p7);
@ -775,7 +774,8 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
return (int)c;
}
static int add_timestamp_authenticode(PKCS7 *sig, char **url, int nurls, char *proxy, int noverifypeer)
static int add_timestamp_authenticode(PKCS7 *sig, char **url, int nurls,
char *proxy, int noverifypeer)
{
int i;
for (i=0; i<nurls; i++) {
@ -785,7 +785,8 @@ static int add_timestamp_authenticode(PKCS7 *sig, char **url, int nurls, char *p
return -1;
}
static int add_timestamp_rfc3161(PKCS7 *sig, char **url, int nurls, char *proxy, const EVP_MD *md, int noverifypeer)
static int add_timestamp_rfc3161(PKCS7 *sig, char **url, int nurls,
char *proxy, const EVP_MD *md, int noverifypeer)
{
int i;
for (i=0; i<nurls; i++) {
@ -840,8 +841,10 @@ static void usage(const char *argv0)
"\t\t[ -addUnauthenticatedBlob ]\n\n"
"\t\t[ -nest ]\n\n"
"\t\t[ -verbose ]\n\n"
#ifdef WITH_GSF
"\t\tMSI specific:\n"
"\t\t[ -add-msi-dse ]\n\n"
#endif
"\t\t[ -in ] <infile> [-out ] <outfile>\n\n"
"\textract-signature [ -pem ] [ -in ] <infile> [ -out ] <outfile>\n\n"
"\tremove-signature [ -in ] <infile> [ -out ] <outfile>\n\n"
@ -917,14 +920,15 @@ static const unsigned char classid_page_hash[] = {
0xAE, 0x05, 0xA2, 0x17, 0xDA, 0x8E, 0x60, 0xD6
};
static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
unsigned int sigpos, int phtype, unsigned int *phlen);
static unsigned char *calc_page_hash(char *indata, unsigned int peheader,
int pe32plus, unsigned int sigpos, int phtype, unsigned int *phlen);
DEFINE_STACK_OF(ASN1_OCTET_STRING)
DEFINE_STACK_OF(SpcAttributeTypeAndOptionalValue)
static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int peheader, int pe32plus, unsigned int sigpos)
static SpcLink *get_page_hash_link(int phtype, char *indata,
unsigned int peheader, int pe32plus, unsigned int sigpos)
{
unsigned int phlen;
unsigned char *ph = calc_page_hash(indata, peheader, pe32plus, sigpos, phtype, &phlen);
@ -974,9 +978,9 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int pehead
return link;
}
static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, file_type_t type,
int pagehash, char *indata, unsigned int peheader, int pe32plus,
unsigned int sigpos)
static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md,
file_type_t type, int pagehash, char *indata, unsigned int peheader,
int pe32plus, unsigned int sigpos)
{
static const unsigned char msistr[] = {
0xf1, 0x10, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -1099,7 +1103,8 @@ static void recalc_pe_checksum(BIO *bio, unsigned int peheader)
BIO_write(bio, buf, 4);
}
static unsigned char nib2val(unsigned char c) {
static unsigned char nib2val(unsigned char c)
{
if (c >= '0' && c <= '9') {
return c - '0';
} else if (c >= 'a' && c <= 'f') {
@ -1112,7 +1117,8 @@ static unsigned char nib2val(unsigned char c) {
return 0;
}
static int verify_leaf_hash(X509 *leaf, const char *leafhash) {
static int verify_leaf_hash(X509 *leaf, const char *leafhash)
{
char *lhdup = NULL;
char *orig = NULL;
char *mdid = NULL;
@ -1195,16 +1201,19 @@ out:
return ret;
}
// pkcs7_get_nested_signature exctracts a nested signature from p7.
// The caller is responsible for freeing the returned object.
//
// If has_sig is provided, it will be set to either 1 if there is a
// SPC_NESTED_SIGNATURE attribute in p7 at all or 0 if not.
// This allows has_sig to be used to distinguish two possible scenarios
// when the functon returns NULL: if has_sig is 1, it means d2i_PKCS7
// failed to decode the nested signature. However, if has_sig is 0, it
// simply means the given p7 does not have a nested signature.
static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig) {
/*
* pkcs7_get_nested_signature exctracts a nested signature from p7.
* The caller is responsible for freeing the returned object.
*
* If has_sig is provided, it will be set to either 1 if there is a
* SPC_NESTED_SIGNATURE attribute in p7 at all or 0 if not.
* This allows has_sig to be used to distinguish two possible scenarios
* when the functon returns NULL: if has_sig is 1, it means d2i_PKCS7
* failed to decode the nested signature. However, if has_sig is 0, it
* simply means the given p7 does not have a nested signature.
*/
static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig)
{
PKCS7 *ret = NULL;
PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0);
ASN1_TYPE *nestedSignature = PKCS7_get_attribute(si, OBJ_txt2nid(SPC_NESTED_SIGNATURE_OBJID));
@ -1218,9 +1227,12 @@ static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig) {
return ret;
}
// pkcs7_set_nested_signature adds the p7nest signature to p7
// as a nested signature (SPC_NESTED_SIGNATURE).
static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest) {
/*
* pkcs7_set_nested_signature adds the p7nest signature to p7
* as a nested signature (SPC_NESTED_SIGNATURE).
*/
static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest)
{
u_char *p = NULL;
int len = 0;
@ -1395,8 +1407,8 @@ static gboolean msi_prehash(GsfInfile *infile, gchar *dirname, BIO *hash)
* These are always zero. The ctime and mtime of the actual
* file itself takes precedence.
*/
BIO_write(hash, zeroes, 8); // ctime as Windows FILETIME.
BIO_write(hash, zeroes, 8); // mtime as Windows FILETIME.
BIO_write(hash, zeroes, 8); /* ctime as Windows FILETIME */
BIO_write(hash, zeroes, 8); /* mtime as Windows FILETIME */
}
sorted = msi_sorted_infile_children(infile);
@ -1434,8 +1446,8 @@ static gboolean msi_prehash(GsfInfile *infile, gchar *dirname, BIO *hash)
* zeroed, because libgsf doesn't seem
* to support outputting them.
*/
BIO_write(hash, zeroes, 8); // ctime as a Windows FILETIME
BIO_write(hash, zeroes, 8); // mtime as a Windows FILETIME
BIO_write(hash, zeroes, 8); /* ctime as Windows FILETIME */
BIO_write(hash, zeroes, 8); /* mtime as Windows FILETIME */
}
}
@ -1506,7 +1518,10 @@ static gboolean msi_handle_dir(GsfInfile *infile, GsfOutfile *outole, BIO *hash)
* msi_verify_pkcs7 is a helper function for msi_verify_file.
* It exists to make it easier to implement verification of nested signatures.
*/
static int msi_verify_pkcs7(PKCS7 *p7, GsfInfile *infile, unsigned char *exdata, unsigned int exlen, char *leafhash, int allownest) {
static int msi_verify_pkcs7(PKCS7 *p7, GsfInfile *infile,
unsigned char *exdata, unsigned int exlen, char *leafhash,
int allownest)
{
int i = 0;
int ret = 0;
X509_STORE *store = NULL;
@ -1678,10 +1693,12 @@ static int msi_verify_pkcs7(PKCS7 *p7, GsfInfile *infile, unsigned char *exdata,
} else if (!p7nest && has_sig) {
printf("\nFailed to decode nested signature!\n");
ret = 1;
} else
} else {
printf("\n");
} else
}
} else {
printf("\n");
}
out:
if (store)
@ -1693,7 +1710,8 @@ out:
/*
* msi_verify_file checks whether or not the signature of infile is valid.
*/
static int msi_verify_file(GsfInfile *infile, char *leafhash) {
static int msi_verify_file(GsfInfile *infile, char *leafhash)
{
GsfInput *sig = NULL;
GsfInput *exsig = NULL;
unsigned char *exdata = NULL;
@ -1749,7 +1767,9 @@ out:
return ret;
}
static int msi_extract_dse(GsfInfile *infile, unsigned char **dsebuf, unsigned long *dselen, int *has_dse) {
static int msi_extract_dse(GsfInfile *infile, unsigned char **dsebuf,
unsigned long *dselen, int *has_dse)
{
GsfInput *exsig = NULL;
gchar decoded[0x40];
u_char *buf = NULL;
@ -1795,7 +1815,8 @@ out:
* msi_extract_signature_to_file extracts the MSI DigitalSignaure from infile
* to a file at the path given by outfile.
*/
static int msi_extract_signature_to_file(GsfInfile *infile, char *outfile) {
static int msi_extract_signature_to_file(GsfInfile *infile, char *outfile)
{
unsigned char hexbuf[EVP_MAX_MD_SIZE*2+1];
GsfInput *sig = NULL;
GsfInput *exsig = NULL;
@ -1862,7 +1883,8 @@ out:
return ret;
}
static PKCS7 *msi_extract_signature_to_pkcs7(GsfInfile *infile) {
static PKCS7 *msi_extract_signature_to_pkcs7(GsfInfile *infile)
{
GsfInput *sig = NULL;
gchar decoded[0x40];
PKCS7 *p7 = NULL;
@ -1932,7 +1954,6 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
EVP_MD_CTX_free(mdctx);
}
static void extract_page_hash (SpcAttributeTypeAndOptionalValue *obj,
unsigned char **ph, unsigned int *phlen, int *phtype)
{
@ -1987,8 +2008,8 @@ static void extract_page_hash (SpcAttributeTypeAndOptionalValue *obj,
SpcAttributeTypeAndOptionalValue_free(obj);
}
static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
unsigned int sigpos, int phtype, unsigned int *rphlen)
static unsigned char *calc_page_hash(char *indata, unsigned int peheader,
int pe32plus, unsigned int sigpos, int phtype, unsigned int *rphlen)
{
unsigned short nsections = GET_UINT16_LE(indata + peheader + 6);
unsigned int pagesize = GET_UINT32_LE(indata + peheader + 56);
@ -2040,9 +2061,9 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
return res;
}
static int verify_pe_pkcs7(PKCS7 *p7, char *indata, unsigned int peheader, int pe32plus,
unsigned int sigpos, unsigned int siglen, char *leafhash,
int allownest)
static int verify_pe_pkcs7(PKCS7 *p7, char *indata, unsigned int peheader,
int pe32plus, unsigned int sigpos, unsigned int siglen,
char *leafhash, int allownest)
{
int ret = 0;
int mdtype = -1, phtype = -1;
@ -2177,10 +2198,12 @@ static int verify_pe_pkcs7(PKCS7 *p7, char *indata, unsigned int peheader, int p
} else if (!p7nest && has_sig) {
printf("\nFailed to decode nested signature!\n");
ret = 1;
} else
} else {
printf("\n");
} else
}
} else {
printf("\n");
}
X509_STORE_free(store);
@ -2232,10 +2255,12 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
return ret;
}
// extract_existing_pe_pkcs7 retreives a decoded PKCS7 struct corresponding to the
// existing signature of the PE file.
static PKCS7 *extract_existing_pe_pkcs7(char *indata, unsigned int peheader, int pe32plus,
unsigned int sigpos, unsigned int siglen)
/*
* extract_existing_pe_pkcs7 retreives a decoded PKCS7 struct
* corresponding to the existing signature of the PE file.
*/
static PKCS7 *extract_existing_pe_pkcs7(char *indata, unsigned int peheader,
int pe32plus, unsigned int sigpos, unsigned int siglen)
{
unsigned int pos = 0;
PKCS7 *p7 = NULL;
@ -2289,8 +2314,7 @@ static off_t get_file_size(const char *infile)
struct stat st;
ret = stat(infile, &st);
#endif
if (ret)
{
if (ret) {
fprintf(stderr, "Failed to open file: %s\n", infile);
return 0;
}
@ -2326,7 +2350,7 @@ static char* map_file(const char *infile, const off_t size)
}
#ifdef PROVIDE_ASKPASS
char *getpassword(const char *prompt)
static char *getpassword(const char *prompt)
{
#ifdef HAVE_TERMIOS_H
struct termios ofl, nfl;
@ -2364,8 +2388,7 @@ char *getpassword(const char *prompt)
}
#endif
int main(int argc, char **argv)
{
int main(int argc, char **argv) {
BIO *btmp, *sigbio, *hash, *outdata;
PKCS12 *p12;
PKCS7 *p7 = NULL, *cursig = NULL, *outsig = NULL, *sig, *p7x = NULL;
@ -2389,13 +2412,15 @@ int main(int argc, char **argv)
int noverifypeer = 0;
#endif
int nest = 0;
#ifdef WITH_GSF
int add_msi_dse = 0;
#endif
int nturl = 0, ntsurl = 0;
int addBlob = 0;
u_char *p = NULL;
int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0, pagehash = 0;
unsigned int tmp, peheader = 0, padlen = 0;
off_t filesize, fileend, sigfilesize, sigfileend, outdatasize;
off_t filesize, fileend, sigfilesize, outdatasize;
file_type_t type;
cmd_type_t cmd = CMD_SIGN;
char *failarg = NULL;
@ -2554,8 +2579,10 @@ int main(int argc, char **argv)
nest = 1;
} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-verbose")) {
g_verbose = 1;
#ifdef WITH_GSF
} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-add-msi-dse")) {
add_msi_dse = 1;
#endif
} else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-require-leaf-hash")) {
if (--argc < 1) usage(argv0);
leafhash = (*++argv);
@ -2817,19 +2844,21 @@ int main(int argc, char **argv)
DO_EXIT_1("Unable to open %s\n\n", outfile);
ret = !PEM_write_bio_PKCS7(outdata, sig);
BIO_free_all(outdata);
}
else
} else {
ret = msi_extract_signature_to_file(ole, outfile);
}
goto skip_signing;
} else if (cmd == CMD_VERIFY) {
ret = msi_verify_file(ole, leafhash);
goto skip_signing;
} else if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) {
if (nest || cmd == CMD_ADD) {
// Perform a sanity check for the MsiDigitalSignatureEx section.
// If the file we're attempting to sign has an MsiDigitalSignatureEx
// section, we can't add a nested signature of a different MD type
// without breaking the initial signature.
/*
* Perform a sanity check for the MsiDigitalSignatureEx section.
* If the file we're attempting to sign has an MsiDigitalSignatureEx
* section, we can't add a nested signature of a different MD type
* without breaking the initial signature.
*/
{
unsigned long dselen = 0;
int has_dse = 0;
@ -3022,9 +3051,9 @@ int main(int argc, char **argv)
if (!sig)
DO_EXIT_0("Unable to extract existing signature.");
PEM_write_bio_PKCS7(outdata, sig);
}
else
} else {
BIO_write(outdata, indata + sigpos, siglen);
}
goto skip_signing;
}
@ -3073,8 +3102,7 @@ int main(int argc, char **argv)
if (cmd == CMD_ADD)
goto add_only;
if(cmd == CMD_ATTACH)
{
if (cmd == CMD_ATTACH) {
const char pemhdr[] = "-----BEGIN PKCS7-----";
sigfilesize = get_file_size(sigfile);
if (!sigfilesize)
@ -3083,17 +3111,14 @@ int main(int argc, char **argv)
if (insigdata == NULL)
DO_EXIT_1("Failed to open file: %s\n", infile);
if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1))
{
if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1)) {
sigbio = BIO_new_mem_buf(insigdata, sigfilesize);
sig = PEM_read_bio_PKCS7(sigbio, NULL, NULL, NULL);
BIO_free_all(sigbio);
}
else {
} else {
if (type == FILE_TYPE_PE) {
sig = extract_existing_pe_pkcs7(insigdata, peheader, pe32plus, 0, sigfilesize);
}
else if (type == FILE_TYPE_MSI) {
} else if (type == FILE_TYPE_MSI) {
#ifdef WITH_GSF
const unsigned char *p = (unsigned char*)insigdata;
sig = d2i_PKCS7(NULL, &p, sigfilesize);
@ -3130,8 +3155,7 @@ int main(int argc, char **argv)
if (si == NULL)
DO_EXIT_0("Signing failed(PKCS7_add_signature)\n");
PKCS7_add_signed_attribute
(si, NID_pkcs9_contentType,
PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1));
if (type == FILE_TYPE_CAB && jp >= 0) {
@ -3156,8 +3180,7 @@ int main(int argc, char **argv)
if (attrs) {
astr = ASN1_STRING_new();
ASN1_STRING_set(astr, attrs, len);
PKCS7_add_signed_attribute
(si, OBJ_txt2nid(SPC_MS_JAVA_SOMETHING),
PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_MS_JAVA_SOMETHING),
V_ASN1_SEQUENCE, astr);
}
}
@ -3362,9 +3385,7 @@ skip_signing:
if (ret) {
DO_EXIT_0("Signature mismatch.\n");
}
}
else if (type == FILE_TYPE_MSI)
{
} else if (type == FILE_TYPE_MSI) {
#ifdef WITH_GSF
GsfInput *src;
GsfInfile *ole;
@ -3382,15 +3403,13 @@ skip_signing:
#else
DO_EXIT_1("libgsf is not available, msi support is disabled: %s\n", infile);
#endif
}
else
{
} else {
DO_EXIT_1("Unknown input type for file: %s\n", infile);
}
printf("Signature successfully attached.\n");
}
else
} else {
printf(ret ? "Failed\n" : "Succeeded\n");
}
cleanup_lib_state();
return ret;
@ -3429,5 +3448,5 @@ Local Variables:
indent-tabs-mode: t
End:
vim: set ts=4 :
vim: set ts=4 noexpandtab:
*/