mirror of
https://github.com/mtrojnar/osslsigncode.git
synced 2025-04-05 09:08:04 -05:00
attach_sigfile()
This commit is contained in:
olszomal
parent
47e9a2299b
commit
889679e080
@ -2894,7 +2894,7 @@ static int extract_pe_file(char *indata, size_t sigpos, size_t siglen, BIO *outd
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void sign_pe_file(char *indata, size_t i , int pe32plus, size_t *fileend, BIO *hash, BIO *outdata)
|
static void modify_pe_header(char *indata, size_t i , int pe32plus, size_t *fileend, BIO *hash, BIO *outdata)
|
||||||
{
|
{
|
||||||
int len = 0;
|
int len = 0;
|
||||||
static char buf[64*1024];
|
static char buf[64*1024];
|
||||||
@ -2919,7 +2919,6 @@ static void sign_pe_file(char *indata, size_t i , int pe32plus, size_t *fileend,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* CAB file support
|
* CAB file support
|
||||||
* https://www.file-recovery.com/cab-signature-format.htm
|
* https://www.file-recovery.com/cab-signature-format.htm
|
||||||
@ -3357,12 +3356,12 @@ static void modify_cab_header(char *indata, size_t fileend, BIO *hash, BIO *outd
|
|||||||
* u2 cbCFHeader: 36-37
|
* u2 cbCFHeader: 36-37
|
||||||
* u1 cbCFFolder: 38
|
* u1 cbCFFolder: 38
|
||||||
* u1 cbCFData: 39
|
* u1 cbCFData: 39
|
||||||
* u22 abReserve: 40-43
|
* u16 abReserve: 40-55
|
||||||
* - Additional data offset: 44-47
|
* - Additional data offset: 44-47
|
||||||
* - Additional data size: 48-51
|
* - Additional data size: 48-51
|
||||||
*/
|
*/
|
||||||
BIO_write(outdata, indata+34, 22);
|
BIO_write(outdata, indata+34, 22);
|
||||||
/* u24 abReserve: 52-59 */
|
/* u4 abReserve: 56-59 */
|
||||||
BIO_write(hash, indata+56, 4);
|
BIO_write(hash, indata+56, 4);
|
||||||
|
|
||||||
i = 60;
|
i = 60;
|
||||||
@ -3420,7 +3419,6 @@ static void add_cab_header(char *indata, size_t fileend, BIO *hash, BIO *outdata
|
|||||||
buf[4+10] = flags | FLAG_RESERVE_PRESENT;
|
buf[4+10] = flags | FLAG_RESERVE_PRESENT;
|
||||||
/* u2 setID must be the same for all cabinets in a set: 32-33 */
|
/* u2 setID must be the same for all cabinets in a set: 32-33 */
|
||||||
memcpy(buf+16, indata+32, 2);
|
memcpy(buf+16, indata+32, 2);
|
||||||
|
|
||||||
BIO_write(hash, buf+4, 14);
|
BIO_write(hash, buf+4, 14);
|
||||||
/* u2 iCabinet - number of this cabinet file in a set: 34-35 */
|
/* u2 iCabinet - number of this cabinet file in a set: 34-35 */
|
||||||
BIO_write(outdata, indata+34, 2);
|
BIO_write(outdata, indata+34, 2);
|
||||||
@ -3583,6 +3581,47 @@ static char *get_cafile(void)
|
|||||||
return cafile;
|
return cafile;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static PKCS7 *attach_sigfile(char *sigfile, file_type_t type)
|
||||||
|
{
|
||||||
|
PKCS7 *sig = NULL;
|
||||||
|
size_t sigfilesize;
|
||||||
|
char *insigdata;
|
||||||
|
BIO *sigbio;
|
||||||
|
const char pemhdr[] = "-----BEGIN PKCS7-----";
|
||||||
|
|
||||||
|
sigfilesize = get_file_size(sigfile);
|
||||||
|
if (!sigfilesize){
|
||||||
|
fprintf(stderr, "Failed to open file: %s\n", sigfile);
|
||||||
|
return NULL; /* FAILED */
|
||||||
|
}
|
||||||
|
insigdata = map_file(sigfile, sigfilesize);
|
||||||
|
if (insigdata == NULL) {
|
||||||
|
fprintf(stderr, "Failed to open file: %s\n", sigfile);
|
||||||
|
return NULL; /* FAILED */
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1)) {
|
||||||
|
sigbio = BIO_new_mem_buf(insigdata, sigfilesize);
|
||||||
|
sig = PEM_read_bio_PKCS7(sigbio, NULL, NULL, NULL);
|
||||||
|
BIO_free_all(sigbio);
|
||||||
|
} else {
|
||||||
|
if (type == FILE_TYPE_PE) {
|
||||||
|
sig = extract_existing_pe_pkcs7(insigdata, 0, sigfilesize);
|
||||||
|
} else if (type == FILE_TYPE_CAB) {
|
||||||
|
sig = extract_existing_cab_pkcs7(insigdata, 0, sigfilesize);
|
||||||
|
} else if (type == FILE_TYPE_MSI) {
|
||||||
|
#ifdef WITH_GSF
|
||||||
|
const unsigned char *p = (unsigned char*)insigdata;
|
||||||
|
sig = d2i_PKCS7(NULL, &p, sigfilesize);
|
||||||
|
#else
|
||||||
|
fprintf(stderr, "libgsf is not available, msi support is disabled\n");
|
||||||
|
return NULL; /* FAILED */
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return sig; /* OK */
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
BIO *btmp, *sigbio, *hash, *outdata;
|
BIO *btmp, *sigbio, *hash, *outdata;
|
||||||
PKCS12 *p12;
|
PKCS12 *p12;
|
||||||
@ -3597,7 +3636,7 @@ int main(int argc, char **argv) {
|
|||||||
|
|
||||||
const char *argv0 = argv[0];
|
const char *argv0 = argv[0];
|
||||||
static char buf[64*1024];
|
static char buf[64*1024];
|
||||||
char *xcertfile, *certfile, *keyfile, *pvkfile, *pkcs12file, *infile, *outfile, *sigfile, *desc, *url, *indata, *insigdata, *outdataverify;
|
char *xcertfile, *certfile, *keyfile, *pvkfile, *pkcs12file, *infile, *outfile, *sigfile, *desc, *url, *indata, *outdataverify;
|
||||||
char *p11engine, *p11module;
|
char *p11engine, *p11module;
|
||||||
char *pass = NULL, *readpass = NULL;
|
char *pass = NULL, *readpass = NULL;
|
||||||
int output_pkcs7 = 0;
|
int output_pkcs7 = 0;
|
||||||
@ -3620,7 +3659,7 @@ int main(int argc, char **argv) {
|
|||||||
u_char *p = NULL;
|
u_char *p = NULL;
|
||||||
int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0, pagehash = 0;
|
int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0, pagehash = 0;
|
||||||
size_t peheader = 0, padlen = 0;
|
size_t peheader = 0, padlen = 0;
|
||||||
size_t filesize, fileend, sigfilesize, outdatasize;
|
size_t filesize, fileend, outdatasize;
|
||||||
file_type_t type;
|
file_type_t type;
|
||||||
cmd_type_t cmd = CMD_SIGN;
|
cmd_type_t cmd = CMD_SIGN;
|
||||||
char *failarg = NULL;
|
char *failarg = NULL;
|
||||||
@ -4303,41 +4342,16 @@ int main(int argc, char **argv) {
|
|||||||
fileend = sigpos;
|
fileend = sigpos;
|
||||||
}
|
}
|
||||||
|
|
||||||
sign_pe_file(indata, peheader + 88, pe32plus, &fileend, hash, outdata);
|
modify_pe_header(indata, peheader + 88, pe32plus, &fileend, hash, outdata);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cmd == CMD_ADD)
|
if (cmd == CMD_ADD)
|
||||||
goto add_only;
|
goto add_only;
|
||||||
|
|
||||||
if (cmd == CMD_ATTACH) {
|
if (cmd == CMD_ATTACH) {
|
||||||
const char pemhdr[] = "-----BEGIN PKCS7-----";
|
sig = attach_sigfile(sigfile, type);
|
||||||
sigfilesize = get_file_size(sigfile);
|
|
||||||
if (!sigfilesize)
|
|
||||||
goto err_cleanup;
|
|
||||||
insigdata = map_file(sigfile, sigfilesize);
|
|
||||||
if (insigdata == NULL)
|
|
||||||
DO_EXIT_1("Failed to open file: %s\n", infile);
|
|
||||||
|
|
||||||
if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1)) {
|
|
||||||
sigbio = BIO_new_mem_buf(insigdata, sigfilesize);
|
|
||||||
sig = PEM_read_bio_PKCS7(sigbio, NULL, NULL, NULL);
|
|
||||||
BIO_free_all(sigbio);
|
|
||||||
} else {
|
|
||||||
if (type == FILE_TYPE_PE) {
|
|
||||||
sig = extract_existing_pe_pkcs7(insigdata, 0, sigfilesize);
|
|
||||||
} else if (type == FILE_TYPE_CAB) {
|
|
||||||
sig = extract_existing_cab_pkcs7(insigdata, 0, sigfilesize);
|
|
||||||
} else if (type == FILE_TYPE_MSI) {
|
|
||||||
#ifdef WITH_GSF
|
|
||||||
const unsigned char *p = (unsigned char*)insigdata;
|
|
||||||
sig = d2i_PKCS7(NULL, &p, sigfilesize);
|
|
||||||
#else
|
|
||||||
DO_EXIT_1("libgsf is not available, msi support is disabled: %s\n", infile);
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!sig)
|
if (!sig)
|
||||||
DO_EXIT_0("No valid signature found\n");
|
DO_EXIT_0("Unable to extract valid signature\n");
|
||||||
goto add_only;
|
goto add_only;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user