mirror of
https://github.com/mtrojnar/osslsigncode.git
synced 2025-04-19 14:18:06 -05:00
memory cleanup
This commit is contained in:
olszomal
parent
1e4681980f
commit
7c39f73ff6
182
osslsigncode.c
182
osslsigncode.c
@ -712,7 +712,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
|
|||||||
PKCS7_SIGNER_INFO *si;
|
PKCS7_SIGNER_INFO *si;
|
||||||
|
|
||||||
if (!url)
|
if (!url)
|
||||||
return -1;
|
return 1;
|
||||||
si = sk_PKCS7_SIGNER_INFO_value(sig->d.sign->signer_info, 0);
|
si = sk_PKCS7_SIGNER_INFO_value(sig->d.sign->signer_info, 0);
|
||||||
curl = curl_easy_init();
|
curl = curl_easy_init();
|
||||||
if (proxy) {
|
if (proxy) {
|
||||||
@ -823,13 +823,13 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
|
|||||||
if (!reply) {
|
if (!reply) {
|
||||||
if (verbose)
|
if (verbose)
|
||||||
print_timestamp_error(url, http_code);
|
print_timestamp_error(url, http_code);
|
||||||
return -1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (ASN1_INTEGER_get(reply->status->status) != 0) {
|
if (ASN1_INTEGER_get(reply->status->status) != 0) {
|
||||||
if (verbose)
|
if (verbose)
|
||||||
fprintf(stderr, "Timestamping failed: %ld\n", ASN1_INTEGER_get(reply->status->status));
|
fprintf(stderr, "Timestamping failed: %ld\n", ASN1_INTEGER_get(reply->status->status));
|
||||||
TimeStampResp_free(reply);
|
TimeStampResp_free(reply);
|
||||||
return -1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (((len = i2d_PKCS7(reply->token, NULL)) <= 0) ||
|
if (((len = i2d_PKCS7(reply->token, NULL)) <= 0) ||
|
||||||
(p = OPENSSL_malloc(len)) == NULL) {
|
(p = OPENSSL_malloc(len)) == NULL) {
|
||||||
@ -838,7 +838,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
|
|||||||
ERR_print_errors_fp(stderr);
|
ERR_print_errors_fp(stderr);
|
||||||
}
|
}
|
||||||
TimeStampResp_free(reply);
|
TimeStampResp_free(reply);
|
||||||
return -1;
|
return 1;
|
||||||
}
|
}
|
||||||
len = i2d_PKCS7(reply->token, &p);
|
len = i2d_PKCS7(reply->token, &p);
|
||||||
p -= len;
|
p -= len;
|
||||||
@ -864,7 +864,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
|
|||||||
BIO_free_all(b64_bin);
|
BIO_free_all(b64_bin);
|
||||||
if (verbose)
|
if (verbose)
|
||||||
print_timestamp_error(url, http_code);
|
print_timestamp_error(url, http_code);
|
||||||
return -1;
|
return 1;
|
||||||
}
|
}
|
||||||
BIO_free_all(b64_bin);
|
BIO_free_all(b64_bin);
|
||||||
for(i = sk_X509_num(p7->d.sign->cert)-1; i>=0; i--)
|
for(i = sk_X509_num(p7->d.sign->cert)-1; i>=0; i--)
|
||||||
@ -878,7 +878,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161,
|
|||||||
ERR_print_errors_fp(stderr);
|
ERR_print_errors_fp(stderr);
|
||||||
}
|
}
|
||||||
PKCS7_free(p7);
|
PKCS7_free(p7);
|
||||||
return -1;
|
return 1;
|
||||||
}
|
}
|
||||||
len = i2d_PKCS7_SIGNER_INFO(info, &p);
|
len = i2d_PKCS7_SIGNER_INFO(info, &p);
|
||||||
p -= len;
|
p -= len;
|
||||||
@ -901,9 +901,10 @@ static int add_timestamp_authenticode(PKCS7 *sig, GLOBAL_OPTIONS *options)
|
|||||||
for (i=0; i<options->nturl; i++) {
|
for (i=0; i<options->nturl; i++) {
|
||||||
int res = add_timestamp(sig, options->turl[i], options->proxy, 0, NULL,
|
int res = add_timestamp(sig, options->turl[i], options->proxy, 0, NULL,
|
||||||
options->verbose || options->nturl == 1, options->noverifypeer);
|
options->verbose || options->nturl == 1, options->noverifypeer);
|
||||||
if (!res) return 0;
|
if (!res)
|
||||||
|
return 0; /* OK */
|
||||||
}
|
}
|
||||||
return -1;
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_timestamp_rfc3161(PKCS7 *sig, GLOBAL_OPTIONS *options)
|
static int add_timestamp_rfc3161(PKCS7 *sig, GLOBAL_OPTIONS *options)
|
||||||
@ -912,9 +913,10 @@ static int add_timestamp_rfc3161(PKCS7 *sig, GLOBAL_OPTIONS *options)
|
|||||||
for (i=0; i<options->ntsurl; i++) {
|
for (i=0; i<options->ntsurl; i++) {
|
||||||
int res = add_timestamp(sig, options->tsurl[i], options->proxy, 1, options->md,
|
int res = add_timestamp(sig, options->tsurl[i], options->proxy, 1, options->md,
|
||||||
options->verbose || options->ntsurl == 1, options->noverifypeer);
|
options->verbose || options->ntsurl == 1, options->noverifypeer);
|
||||||
if (!res) return 0;
|
if (!res)
|
||||||
|
return 0; /* OK */
|
||||||
}
|
}
|
||||||
return -1;
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* ENABLE_CURL */
|
#endif /* ENABLE_CURL */
|
||||||
@ -1682,6 +1684,7 @@ static int print_cert(X509 *cert, int i)
|
|||||||
print_time(X509_getm_notAfter(cert));
|
print_time(X509_getm_notAfter(cert));
|
||||||
OPENSSL_free(subject);
|
OPENSSL_free(subject);
|
||||||
OPENSSL_free(issuer);
|
OPENSSL_free(issuer);
|
||||||
|
OPENSSL_free(serial);
|
||||||
return 1; /* OK */
|
return 1; /* OK */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1830,6 +1833,7 @@ static ASN1_UTCTIME *print_timestamp(PKCS7_SIGNER_INFO *si)
|
|||||||
issuer = X509_NAME_oneline(si->issuer_and_serial->issuer, NULL, 0);
|
issuer = X509_NAME_oneline(si->issuer_and_serial->issuer, NULL, 0);
|
||||||
serial = BN_bn2hex(ASN1_INTEGER_to_BN(si->issuer_and_serial->serial, NULL));
|
serial = BN_bn2hex(ASN1_INTEGER_to_BN(si->issuer_and_serial->serial, NULL));
|
||||||
printf("Timestamp Verified by:\n\t\tIssuer : %s\n\t\tSerial : %s\n", issuer, serial);
|
printf("Timestamp Verified by:\n\t\tIssuer : %s\n\t\tSerial : %s\n", issuer, serial);
|
||||||
|
OPENSSL_free(serial);
|
||||||
return timestamp_time; /* OK */
|
return timestamp_time; /* OK */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2865,7 +2869,6 @@ static int msi_calc_MsiDigitalSignatureEx(GsfInfile *ole, const EVP_MD *md,
|
|||||||
BIO_write(hash, gsfparams->p_msiex, gsfparams->len_msiex);
|
BIO_write(hash, gsfparams->p_msiex, gsfparams->len_msiex);
|
||||||
return 1; /* OK */
|
return 1; /* OK */
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
static int msi_add_DigitalSignature(GsfOutfile *outole, u_char *p, int len)
|
static int msi_add_DigitalSignature(GsfOutfile *outole, u_char *p, int len)
|
||||||
{
|
{
|
||||||
@ -2891,6 +2894,9 @@ static int msi_add_MsiDigitalSignatureEx(GsfOutfile *outole, GSF_PARAMS *gsfpara
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PE file support
|
* PE file support
|
||||||
*/
|
*/
|
||||||
@ -3011,7 +3017,7 @@ static int pe_verify_pkcs7(PKCS7 *p7, char *indata, FILE_HEADER *header,
|
|||||||
}
|
}
|
||||||
if (mdtype == -1) {
|
if (mdtype == -1) {
|
||||||
printf("Failed to extract current message digest\n\n");
|
printf("Failed to extract current message digest\n\n");
|
||||||
return -1;
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype));
|
printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype));
|
||||||
|
|
||||||
@ -3112,7 +3118,7 @@ static int pe_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *opt
|
|||||||
p7 = pe_extract_existing_pkcs7(indata, header);
|
p7 = pe_extract_existing_pkcs7(indata, header);
|
||||||
if (!p7) {
|
if (!p7) {
|
||||||
printf("Failed to extract PKCS7 data\n\n");
|
printf("Failed to extract PKCS7 data\n\n");
|
||||||
return -1;
|
return 1;
|
||||||
}
|
}
|
||||||
ret = pe_verify_pkcs7(p7, indata, header, 1, options);
|
ret = pe_verify_pkcs7(p7, indata, header, 1, options);
|
||||||
PKCS7_free(p7);
|
PKCS7_free(p7);
|
||||||
@ -3413,7 +3419,7 @@ static int cab_verify_pkcs7(PKCS7 *p7, char *indata, FILE_HEADER *header,
|
|||||||
}
|
}
|
||||||
if (mdtype == -1) {
|
if (mdtype == -1) {
|
||||||
printf("Failed to extract current message digest\n\n");
|
printf("Failed to extract current message digest\n\n");
|
||||||
return -1; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype));
|
printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype));
|
||||||
|
|
||||||
@ -3471,7 +3477,7 @@ static int cab_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *op
|
|||||||
p7 = cab_extract_existing_pkcs7(indata, header);
|
p7 = cab_extract_existing_pkcs7(indata, header);
|
||||||
if (!p7) {
|
if (!p7) {
|
||||||
printf("Failed to extract PKCS7 data\n\n");
|
printf("Failed to extract PKCS7 data\n\n");
|
||||||
return -1; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
ret |= cab_verify_pkcs7(p7, indata, header, 1, options);
|
ret |= cab_verify_pkcs7(p7, indata, header, 1, options);
|
||||||
PKCS7_free(p7);
|
PKCS7_free(p7);
|
||||||
@ -3538,7 +3544,7 @@ static void cab_optional_names(size_t flags, char *indata, BIO *outdata, int *le
|
|||||||
*len = i;
|
*len = i;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void cab_remove_file(char *indata, FILE_HEADER *header, size_t filesize, BIO *outdata)
|
static int cab_remove_file(char *indata, FILE_HEADER *header, size_t filesize, BIO *outdata)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
unsigned short nfolders;
|
unsigned short nfolders;
|
||||||
@ -3595,6 +3601,8 @@ static void cab_remove_file(char *indata, FILE_HEADER *header, size_t filesize,
|
|||||||
}
|
}
|
||||||
/* Write what's left - the compressed data bytes */
|
/* Write what's left - the compressed data bytes */
|
||||||
BIO_write(outdata, indata + i, filesize - header->siglen - i);
|
BIO_write(outdata, indata + i, filesize - header->siglen - i);
|
||||||
|
|
||||||
|
return 0; /* OK */
|
||||||
}
|
}
|
||||||
|
|
||||||
static void cab_modify_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *outdata)
|
static void cab_modify_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *outdata)
|
||||||
@ -3815,9 +3823,6 @@ static PKCS7 *create_new_signature(file_type_t type,
|
|||||||
/* X509_print_fp(stdout, signcert); */
|
/* X509_print_fp(stdout, signcert); */
|
||||||
si = PKCS7_add_signature(sig, signcert, cparams->pkey, options->md);
|
si = PKCS7_add_signature(sig, signcert, cparams->pkey, options->md);
|
||||||
}
|
}
|
||||||
EVP_PKEY_free(cparams->pkey);
|
|
||||||
cparams->pkey = NULL;
|
|
||||||
|
|
||||||
if (si == NULL) {
|
if (si == NULL) {
|
||||||
fprintf(stderr, "PKCS7_add_signature failed\n");
|
fprintf(stderr, "PKCS7_add_signature failed\n");
|
||||||
return NULL; /* FAILED */
|
return NULL; /* FAILED */
|
||||||
@ -3838,11 +3843,8 @@ static PKCS7 *create_new_signature(file_type_t type,
|
|||||||
}
|
}
|
||||||
PKCS7_content_new(sig, NID_pkcs7_data);
|
PKCS7_content_new(sig, NID_pkcs7_data);
|
||||||
|
|
||||||
if (cparams->cert != NULL) {
|
if (cparams->cert != NULL)
|
||||||
PKCS7_add_certificate(sig, cparams->cert);
|
PKCS7_add_certificate(sig, cparams->cert);
|
||||||
X509_free(cparams->cert);
|
|
||||||
cparams->cert = NULL;
|
|
||||||
}
|
|
||||||
if (cparams->xcerts) {
|
if (cparams->xcerts) {
|
||||||
for(i = sk_X509_num(cparams->xcerts)-1; i>=0; i--)
|
for(i = sk_X509_num(cparams->xcerts)-1; i>=0; i--)
|
||||||
PKCS7_add_certificate(sig, sk_X509_value(cparams->xcerts, i));
|
PKCS7_add_certificate(sig, sk_X509_value(cparams->xcerts, i));
|
||||||
@ -3850,14 +3852,6 @@ static PKCS7 *create_new_signature(file_type_t type,
|
|||||||
for (i = sk_X509_num(cparams->certs)-1; i>=0; i--)
|
for (i = sk_X509_num(cparams->certs)-1; i>=0; i--)
|
||||||
PKCS7_add_certificate(sig, sk_X509_value(cparams->certs, i));
|
PKCS7_add_certificate(sig, sk_X509_value(cparams->certs, i));
|
||||||
|
|
||||||
if (cparams->certs) {
|
|
||||||
sk_X509_free(cparams->certs);
|
|
||||||
cparams->certs = NULL;
|
|
||||||
}
|
|
||||||
if (cparams->xcerts) {
|
|
||||||
sk_X509_free(cparams->xcerts);
|
|
||||||
cparams->xcerts = NULL;
|
|
||||||
}
|
|
||||||
return sig; /* OK */
|
return sig; /* OK */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3881,7 +3875,7 @@ static int add_unauthenticated_blob(PKCS7 *sig)
|
|||||||
ASN1_STRING_set(astr, p, len);
|
ASN1_STRING_set(astr, p, len);
|
||||||
nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID,
|
nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID,
|
||||||
"unauthenticatedData", "unauthenticatedData");
|
"unauthenticatedData", "unauthenticatedData");
|
||||||
PKCS7_add_attribute (si, nid, V_ASN1_SEQUENCE, astr);
|
PKCS7_add_attribute(si, nid, V_ASN1_SEQUENCE, astr);
|
||||||
OPENSSL_free(p);
|
OPENSSL_free(p);
|
||||||
return 0; /* OK */
|
return 0; /* OK */
|
||||||
}
|
}
|
||||||
@ -3893,7 +3887,7 @@ static int add_unauthenticated_blob(PKCS7 *sig)
|
|||||||
static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_type_t cmd,
|
static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_type_t cmd,
|
||||||
GLOBAL_OPTIONS *options, size_t *padlen, int *len, BIO *outdata, GSF_PARAMS *gsfparams)
|
GLOBAL_OPTIONS *options, size_t *padlen, int *len, BIO *outdata, GSF_PARAMS *gsfparams)
|
||||||
#else
|
#else
|
||||||
static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_type_t cmd,
|
static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type,
|
||||||
GLOBAL_OPTIONS *options, size_t *padlen, int *len, BIO *outdata)
|
GLOBAL_OPTIONS *options, size_t *padlen, int *len, BIO *outdata)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
@ -3904,11 +3898,11 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_typ
|
|||||||
if (options->nest) {
|
if (options->nest) {
|
||||||
if (cursig == NULL) {
|
if (cursig == NULL) {
|
||||||
fprintf(stderr, "Internal error: No 'cursig' was extracted\n");
|
fprintf(stderr, "Internal error: No 'cursig' was extracted\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
if (pkcs7_set_nested_signature(cursig, sig, options->signing_time) == 0) {
|
if (pkcs7_set_nested_signature(cursig, sig, options->signing_time) == 0) {
|
||||||
fprintf(stderr, "Unable to append the nested signature to the current signature\n");
|
fprintf(stderr, "Unable to append the nested signature to the current signature\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
outsig = cursig;
|
outsig = cursig;
|
||||||
} else {
|
} else {
|
||||||
@ -3917,7 +3911,7 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_typ
|
|||||||
/* Append signature to outfile */
|
/* Append signature to outfile */
|
||||||
if (((*len = i2d_PKCS7(outsig, NULL)) <= 0) || (p = OPENSSL_malloc(*len)) == NULL) {
|
if (((*len = i2d_PKCS7(outsig, NULL)) <= 0) || (p = OPENSSL_malloc(*len)) == NULL) {
|
||||||
fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", *len);
|
fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", *len);
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
i2d_PKCS7(outsig, &p);
|
i2d_PKCS7(outsig, &p);
|
||||||
p -= *len;
|
p -= *len;
|
||||||
@ -3942,18 +3936,18 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_typ
|
|||||||
if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) {
|
if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) {
|
||||||
if (!msi_add_DigitalSignature(gsfparams->outole, p, *len)) {
|
if (!msi_add_DigitalSignature(gsfparams->outole, p, *len)) {
|
||||||
fprintf(stderr, "Failed to write MSI 'DigitalSignature' signature to %s\n", options->infile);
|
fprintf(stderr, "Failed to write MSI 'DigitalSignature' signature to %s\n", options->infile);
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
if (gsfparams->p_msiex != NULL &&
|
if (gsfparams->p_msiex != NULL &&
|
||||||
!msi_add_MsiDigitalSignatureEx(gsfparams->outole, gsfparams)) {
|
!msi_add_MsiDigitalSignatureEx(gsfparams->outole, gsfparams)) {
|
||||||
fprintf(stderr, "Failed to write MSI 'MsiDigitalSignatureEx' signature to %s\n", options->infile);
|
fprintf(stderr, "Failed to write MSI 'MsiDigitalSignatureEx' signature to %s\n", options->infile);
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
OPENSSL_free(p);
|
OPENSSL_free(p);
|
||||||
return 1; /* OK */
|
return 0; /* OK */
|
||||||
}
|
}
|
||||||
|
|
||||||
static void update_data_size(file_type_t type, cmd_type_t cmd, FILE_HEADER *header,
|
static void update_data_size(file_type_t type, cmd_type_t cmd, FILE_HEADER *header,
|
||||||
@ -4100,39 +4094,39 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
|
|||||||
filesize = get_file_size(options->outfile);
|
filesize = get_file_size(options->outfile);
|
||||||
if (!filesize) {
|
if (!filesize) {
|
||||||
fprintf(stderr, "Error verifying result\n");
|
fprintf(stderr, "Error verifying result\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
outdata = map_file(options->outfile, filesize);
|
outdata = map_file(options->outfile, filesize);
|
||||||
if (!outdata) {
|
if (!outdata) {
|
||||||
fprintf(stderr, "Error verifying result\n");
|
fprintf(stderr, "Error verifying result\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
if (!pe_verify_header(outdata, options->outfile, filesize, header)) {
|
if (!pe_verify_header(outdata, options->outfile, filesize, header)) {
|
||||||
fprintf(stderr, "Corrupt PE file\n");
|
fprintf(stderr, "Corrupt PE file\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
if (pe_verify_file(outdata, header, options)) {
|
if (pe_verify_file(outdata, header, options)) {
|
||||||
fprintf(stderr, "Signature mismatch\n");
|
fprintf(stderr, "Signature mismatch\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
} else if (type == FILE_TYPE_CAB) {
|
} else if (type == FILE_TYPE_CAB) {
|
||||||
filesize = get_file_size(options->outfile);
|
filesize = get_file_size(options->outfile);
|
||||||
if (!filesize) {
|
if (!filesize) {
|
||||||
fprintf(stderr, "Error verifying result\n");
|
fprintf(stderr, "Error verifying result\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
outdata = map_file(options->outfile, filesize);
|
outdata = map_file(options->outfile, filesize);
|
||||||
if (!outdata) {
|
if (!outdata) {
|
||||||
fprintf(stderr, "Error verifying result\n");
|
fprintf(stderr, "Error verifying result\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
if (!cab_verify_header(outdata, options->outfile, filesize, header)) {
|
if (!cab_verify_header(outdata, options->outfile, filesize, header)) {
|
||||||
fprintf(stderr, "Corrupt CAB file\n");
|
fprintf(stderr, "Corrupt CAB file\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
if (cab_verify_file(outdata, header, options)) {
|
if (cab_verify_file(outdata, header, options)) {
|
||||||
fprintf(stderr, "Signature mismatch\n");
|
fprintf(stderr, "Signature mismatch\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
} else if (type == FILE_TYPE_MSI) {
|
} else if (type == FILE_TYPE_MSI) {
|
||||||
#ifdef WITH_GSF
|
#ifdef WITH_GSF
|
||||||
@ -4143,7 +4137,7 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
|
|||||||
src = gsf_input_stdio_new(options->outfile, NULL);
|
src = gsf_input_stdio_new(options->outfile, NULL);
|
||||||
if (!src) {
|
if (!src) {
|
||||||
fprintf(stderr, "Error opening output file %s\n", options->outfile);
|
fprintf(stderr, "Error opening output file %s\n", options->outfile);
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
ole = gsf_infile_msole_new(src, NULL);
|
ole = gsf_infile_msole_new(src, NULL);
|
||||||
g_object_unref(src);
|
g_object_unref(src);
|
||||||
@ -4151,17 +4145,17 @@ static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPT
|
|||||||
g_object_unref(ole);
|
g_object_unref(ole);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
fprintf(stderr, "Signature mismatch\n");
|
fprintf(stderr, "Signature mismatch\n");
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
fprintf(stderr, "libgsf is not available, msi support is disabled: %s\n", options->infile);
|
fprintf(stderr, "libgsf is not available, msi support is disabled: %s\n", options->infile);
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Unknown input type for file: %s\n", options->infile);
|
fprintf(stderr, "Unknown input type for file: %s\n", options->infile);
|
||||||
return 0; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
return 1; /* OK */
|
return 0; /* OK */
|
||||||
}
|
}
|
||||||
|
|
||||||
static int get_file_type(char *indata, char *infile, file_type_t *type)
|
static int get_file_type(char *indata, char *infile, file_type_t *type)
|
||||||
@ -4273,7 +4267,7 @@ static char *read_key(GLOBAL_OPTIONS *options)
|
|||||||
|
|
||||||
static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
|
static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
|
||||||
{
|
{
|
||||||
PKCS12 *p12;
|
PKCS12 *p12 = NULL;
|
||||||
PKCS7 *p7 = NULL, *p7x = NULL;
|
PKCS7 *p7 = NULL, *p7x = NULL;
|
||||||
BIO *btmp;
|
BIO *btmp;
|
||||||
const int CMD_MANDATORY = 0;
|
const int CMD_MANDATORY = 0;
|
||||||
@ -4407,16 +4401,32 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
|
|||||||
return ret; /* OK */
|
return ret; /* OK */
|
||||||
}
|
}
|
||||||
|
|
||||||
static void free_crypto_params(CRYPTO_PARAMS *cparams)
|
static void free_crypto_params(CRYPTO_PARAMS *cparams, GLOBAL_OPTIONS *options)
|
||||||
{
|
{
|
||||||
if (cparams->pkey)
|
if (options->keyfile || options->pkcs12file) {
|
||||||
EVP_PKEY_free(cparams->pkey);
|
EVP_PKEY_free(cparams->pkey);
|
||||||
if (cparams->cert)
|
cparams->pkey = NULL;
|
||||||
|
}
|
||||||
|
if (options->pkcs12file) {
|
||||||
X509_free(cparams->cert);
|
X509_free(cparams->cert);
|
||||||
if (cparams->certs)
|
cparams->cert = NULL;
|
||||||
|
}
|
||||||
|
if (options->certfile) {
|
||||||
sk_X509_free(cparams->certs);
|
sk_X509_free(cparams->certs);
|
||||||
if (cparams->xcerts)
|
cparams->certs = NULL;
|
||||||
|
}
|
||||||
|
if (options->xcertfile) {
|
||||||
sk_X509_free(cparams->xcerts);
|
sk_X509_free(cparams->xcerts);
|
||||||
|
cparams->xcerts = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void free_options(GLOBAL_OPTIONS *options)
|
||||||
|
{
|
||||||
|
OPENSSL_free(options->cafile);
|
||||||
|
OPENSSL_free(options->untrusted);
|
||||||
|
if (options->crlfile)
|
||||||
|
OPENSSL_free(options->crlfile);
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *get_cafile(void)
|
static char *get_cafile(void)
|
||||||
@ -4635,7 +4645,7 @@ static cmd_type_t get_command(char **argv)
|
|||||||
curl_version()
|
curl_version()
|
||||||
#else
|
#else
|
||||||
"no libcurl available"
|
"no libcurl available"
|
||||||
#endif
|
#endif /* ENABLE_CURL */
|
||||||
);
|
);
|
||||||
help_for(argv[0], "all");
|
help_for(argv[0], "all");
|
||||||
} else if (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version")) {
|
} else if (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version")) {
|
||||||
@ -4876,7 +4886,7 @@ int main(int argc, char **argv)
|
|||||||
BIO *hash = NULL, *outdata = NULL;
|
BIO *hash = NULL, *outdata = NULL;
|
||||||
PKCS7 *cursig = NULL, *sig = NULL;
|
PKCS7 *cursig = NULL, *sig = NULL;
|
||||||
char *indata;
|
char *indata;
|
||||||
int ret = 0, len = 0;
|
int ret = -1, len = 0;
|
||||||
size_t padlen = 0, filesize;
|
size_t padlen = 0, filesize;
|
||||||
file_type_t type;
|
file_type_t type;
|
||||||
cmd_type_t cmd = CMD_SIGN;
|
cmd_type_t cmd = CMD_SIGN;
|
||||||
@ -4947,6 +4957,7 @@ int main(int argc, char **argv)
|
|||||||
if (cmd == CMD_REMOVE) {
|
if (cmd == CMD_REMOVE) {
|
||||||
gsf_output_close(GSF_OUTPUT(gsfparams.outole));
|
gsf_output_close(GSF_OUTPUT(gsfparams.outole));
|
||||||
g_object_unref(gsfparams.sink);
|
g_object_unref(gsfparams.sink);
|
||||||
|
ret = 0;
|
||||||
goto skip_signing;
|
goto skip_signing;
|
||||||
} else if (!sig)
|
} else if (!sig)
|
||||||
goto err_cleanup;
|
goto err_cleanup;
|
||||||
@ -4970,7 +4981,7 @@ int main(int argc, char **argv)
|
|||||||
ret = cab_extract_file(indata, &header, outdata, options.output_pkcs7);
|
ret = cab_extract_file(indata, &header, outdata, options.output_pkcs7);
|
||||||
goto skip_signing;
|
goto skip_signing;
|
||||||
} else if (cmd == CMD_REMOVE) {
|
} else if (cmd == CMD_REMOVE) {
|
||||||
cab_remove_file(indata, &header, filesize, outdata);
|
ret = cab_remove_file(indata, &header, filesize, outdata);
|
||||||
goto skip_signing;
|
goto skip_signing;
|
||||||
} else if (cmd == CMD_VERIFY) {
|
} else if (cmd == CMD_VERIFY) {
|
||||||
ret = cab_verify_file(indata, &header, &options);
|
ret = cab_verify_file(indata, &header, &options);
|
||||||
@ -4993,9 +5004,10 @@ int main(int argc, char **argv)
|
|||||||
} else {
|
} else {
|
||||||
sig = pe_presign_file(type, cmd, &header, &options, &cparams, indata,
|
sig = pe_presign_file(type, cmd, &header, &options, &cparams, indata,
|
||||||
hash, outdata, &cursig);
|
hash, outdata, &cursig);
|
||||||
if (cmd == CMD_REMOVE)
|
if (cmd == CMD_REMOVE) {
|
||||||
|
ret = 0; /* OK */
|
||||||
goto skip_signing;
|
goto skip_signing;
|
||||||
else if (!sig)
|
} else if (!sig)
|
||||||
goto err_cleanup;
|
goto err_cleanup;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -5017,17 +5029,17 @@ int main(int argc, char **argv)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WITH_GSF
|
#ifdef WITH_GSF
|
||||||
if (!append_signature(sig, cursig, type, cmd, &options, &padlen, &len, outdata,
|
ret = append_signature(sig, cursig, type, cmd, &options, &padlen, &len,
|
||||||
&gsfparams))
|
outdata, &gsfparams);
|
||||||
DO_EXIT_0("Append signature to outfile failed\n");
|
|
||||||
if (type == FILE_TYPE_MSI) {
|
if (type == FILE_TYPE_MSI) {
|
||||||
gsf_output_close(GSF_OUTPUT(gsfparams.outole));
|
gsf_output_close(GSF_OUTPUT(gsfparams.outole));
|
||||||
g_object_unref(gsfparams.sink);
|
g_object_unref(gsfparams.sink);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
if (!append_signature(sig, cursig, type, cmd, &options, &padlen, &len, outdata))
|
ret = append_signature(sig, cursig, type, &options, &padlen, &len, outdata);
|
||||||
DO_EXIT_0("Append signature to outfile failed\n");
|
|
||||||
#endif /* WITH_GSF */
|
#endif /* WITH_GSF */
|
||||||
|
if (ret)
|
||||||
|
DO_EXIT_0("Append signature to outfile failed\n");
|
||||||
|
|
||||||
PKCS7_free(sig);
|
PKCS7_free(sig);
|
||||||
|
|
||||||
@ -5038,33 +5050,31 @@ skip_signing:
|
|||||||
BIO_free_all(hash);
|
BIO_free_all(hash);
|
||||||
hash = outdata = NULL;
|
hash = outdata = NULL;
|
||||||
|
|
||||||
if (cmd == CMD_ATTACH) {
|
if (!ret && cmd == CMD_ATTACH) {
|
||||||
if (check_attached_data(type, &header, &options))
|
ret = check_attached_data(type, &header, &options);
|
||||||
|
if (!ret)
|
||||||
printf("Signature successfully attached\n");
|
printf("Signature successfully attached\n");
|
||||||
else
|
/* else
|
||||||
goto err_cleanup;
|
* the new signature has been successfully appended to the outfile
|
||||||
} else
|
* but only its verification failed (incorrect verification parameters?)
|
||||||
printf(ret ? "Failed\n" : "Succeeded\n");
|
* so the output file is not deleted
|
||||||
|
*/
|
||||||
OPENSSL_free(options.cafile);
|
}
|
||||||
OPENSSL_free(options.untrusted);
|
|
||||||
if (options.crlfile)
|
|
||||||
OPENSSL_free(options.crlfile);
|
|
||||||
cleanup_lib_state();
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
err_cleanup:
|
err_cleanup:
|
||||||
|
|
||||||
ERR_print_errors_fp(stderr);
|
|
||||||
free_crypto_params(&cparams);
|
|
||||||
if (hash)
|
if (hash)
|
||||||
BIO_free_all(hash);
|
BIO_free_all(hash);
|
||||||
if (outdata)
|
if (outdata)
|
||||||
unlink(options.outfile);
|
unlink(options.outfile);
|
||||||
fprintf(stderr, "\nFailed\n");
|
free_crypto_params(&cparams, &options);
|
||||||
|
free_options(&options);
|
||||||
|
if (ret)
|
||||||
|
ERR_print_errors_fp(stderr);
|
||||||
cleanup_lib_state();
|
cleanup_lib_state();
|
||||||
return -1;
|
|
||||||
|
printf(ret ? "Failed\n" : "Succeeded\n");
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user