nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-17 21:38:04 -05:00
Code Issues Projects Releases Wiki Activity

disable GSF_CAN_READ_MSI_METADATA

Browse Source
This commit is contained in:
olszomal 2021-01-11 15:59:20 +01:00 committed by Michał Trojnara
parent 352ef49b3a
commit c0d9569c4f
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
osslsigncode.c
View File

@ -144,8 +144,6 @@ typedef unsigned char u_char;
#define TRUE 1 #define TRUE 1
#endif #endif
#define GSF_CAN_READ_MSI_METADATA
#if defined (HAVE_TERMIOS_H) || defined (HAVE_GETPASS) #if defined (HAVE_TERMIOS_H) || defined (HAVE_GETPASS)
#define PROVIDE_ASKPASS 1 #define PROVIDE_ASKPASS 1
#endif #endif
@ -3124,6 +3122,12 @@ out:
return ret; return ret;
} }
/*
* Until libgsf can read more MSI metadata,
* we can't verify MsiDigitalSignatureEx
* #define GSF_CAN_READ_MSI_METADATA
*/
/* /*
* msi_verify_pkcs7 is a helper function for msi_verify_file. * msi_verify_pkcs7 is a helper function for msi_verify_file.
* It exists to make it easier to implement verification of nested signatures. * It exists to make it easier to implement verification of nested signatures.
@ -3131,7 +3135,7 @@ out:
static int msi_verify_pkcs7(SIGNATURE *signature, GsfInfile *infile, unsigned char *exdata, static int msi_verify_pkcs7(SIGNATURE *signature, GsfInfile *infile, unsigned char *exdata,
size_t exlen, GLOBAL_OPTIONS *options) size_t exlen, GLOBAL_OPTIONS *options)
{ {
int ret = 1, mdtype = -1, mdok, exok; int ret = 1, mdtype = -1, mdok;
unsigned char mdbuf[EVP_MAX_MD_SIZE]; unsigned char mdbuf[EVP_MAX_MD_SIZE];
unsigned char cmdbuf[EVP_MAX_MD_SIZE]; unsigned char cmdbuf[EVP_MAX_MD_SIZE];
#ifdef GSF_CAN_READ_MSI_METADATA #ifdef GSF_CAN_READ_MSI_METADATA
@ -3139,7 +3143,7 @@ static int msi_verify_pkcs7(SIGNATURE *signature, GsfInfile *infile, unsigned ch
#endif #endif
char hexbuf[EVP_MAX_MD_SIZE*2+1]; char hexbuf[EVP_MAX_MD_SIZE*2+1];
const EVP_MD *md; const EVP_MD *md;
BIO *hash, *prehash; BIO *hash;
if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) { if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) {
ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence;
@ -3176,7 +3180,7 @@ static int msi_verify_pkcs7(SIGNATURE *signature, GsfInfile *infile, unsigned ch
* file content hashes ourselves. * file content hashes ourselves.
*/ */
#ifdef GSF_CAN_READ_MSI_METADATA #ifdef GSF_CAN_READ_MSI_METADATA
prehash = BIO_new(BIO_f_md()); BIO *prehash = BIO_new(BIO_f_md());
BIO_set_md(prehash, md); BIO_set_md(prehash, md);
BIO_push(prehash, BIO_new(BIO_s_null())); BIO_push(prehash, BIO_new(BIO_s_null()));
@ -3211,8 +3215,9 @@ static int msi_verify_pkcs7(SIGNATURE *signature, GsfInfile *infile, unsigned ch
} else } else
printf("\n"); printf("\n");
#ifdef GSF_CAN_READ_MSI_METADATA
if (exdata) { if (exdata) {
#ifdef GSF_CAN_READ_MSI_METADATA
int exok;
tohex(cexmdbuf, hexbuf, EVP_MD_size(md)); tohex(cexmdbuf, hexbuf, EVP_MD_size(md));
exok = !memcmp(exdata, cexmdbuf, MIN((size_t)EVP_MD_size(md), exlen)); exok = !memcmp(exdata, cexmdbuf, MIN((size_t)EVP_MD_size(md), exlen));
printf("Calculated MsiDigitalSignatureEx : %s", hexbuf); printf("Calculated MsiDigitalSignatureEx : %s", hexbuf);
@ -3223,8 +3228,12 @@ static int msi_verify_pkcs7(SIGNATURE *signature, GsfInfile *infile, unsigned ch
goto out; goto out;
} else } else
printf("\n"); printf("\n");
} #else
tohex(exdata, hexbuf, MIN((size_t)EVP_MD_size(md), exlen));
printf("\nWarning: MsiDigitalSignatureEx found but not verified\n");
printf("Current MsiDigitalSignatureEx : %s\n\n", hexbuf);
#endif #endif
}
ret = verify_signature(signature, options); ret = verify_signature(signature, options);
out: out: