nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 01:00:11 -05:00
Code Issues Projects Releases Wiki Activity

Append signature to outfile

Browse Source
This commit is contained in:
olszomal 2020-03-25 13:52:08 +01:00
parent 9f6af8becb
commit e570907a59
1 changed files with 107 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
osslsigncode.c
View File

@ -622,33 +622,6 @@ static void tohex(const unsigned char *v, char *b, int len)
sprintf(b+i*2, "%02X", v[i]); sprintf(b+i*2, "%02X", v[i]);
} }
static int add_unauthenticated_blob(PKCS7 *sig)
{
u_char *p = NULL;
int len = 1024+4;
char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; /* Length data for ASN1 attribute plus prefix */
char postfix[] = "---END_BLOB---";
PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(sig->d.sign->signer_info, 0);
p = OPENSSL_malloc(len);
memset(p, 0, len);
memcpy(p, prefix, sizeof(prefix));
memcpy(p+len-sizeof(postfix), postfix, sizeof(postfix));
ASN1_STRING *astr = ASN1_STRING_new();
ASN1_STRING_set(astr, p, len);
int nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID,
"unauthenticatedData", "unauthenticatedData");
PKCS7_add_attribute (si, nid, V_ASN1_SEQUENCE, astr);
OPENSSL_free(p);
return 0;
}
#ifdef ENABLE_CURL #ifdef ENABLE_CURL
static int blob_has_nl = 0; static int blob_has_nl = 0;
@ -3892,6 +3865,102 @@ static int create_new_signature(PKCS7 *sig, file_type_t type,
return 1; /* OK */ return 1; /* OK */
} }
static int add_unauthenticated_blob(PKCS7 *sig)
{
PKCS7_SIGNER_INFO *si;
ASN1_STRING *astr;
u_char *p = NULL;
int nid, len = 1024+4;
/* Length data for ASN1 attribute plus prefix */
char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---";
char postfix[] = "---END_BLOB---";
si = sk_PKCS7_SIGNER_INFO_value(sig->d.sign->signer_info, 0);
if ((p = OPENSSL_malloc(len)) == NULL)
return 1; /* FAILED */
memset(p, 0, len);
memcpy(p, prefix, sizeof(prefix));
memcpy(p+len-sizeof(postfix), postfix, sizeof(postfix));
astr = ASN1_STRING_new();
ASN1_STRING_set(astr, p, len);
nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID,
"unauthenticatedData", "unauthenticatedData");
PKCS7_add_attribute (si, nid, V_ASN1_SEQUENCE, astr);
OPENSSL_free(p);
return 0; /* OK */
}
#ifdef WITH_GSF
static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_type_t *cmd,
GLOBAL_OPTIONS *options, size_t *padlen, int *len, BIO *outdata,
GsfOutfile *outole, u_char *p_msiex, int len_msiex)
#else
static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, cmd_type_t *cmd,
GLOBAL_OPTIONS *options, size_t *padlen, int *len, BIO *outdata)
#endif
{
u_char *p = NULL;
static char buf[64*1024];
PKCS7 *outsig = NULL;
if (options->nest) {
if (cursig == NULL) {
fprintf(stderr, "Internal error: No 'cursig' was extracted\n");
return 0; /* FAILED */
}
if (pkcs7_set_nested_signature(cursig, sig, options->signing_time) == 0) {
fprintf(stderr, "Unable to append the nested signature to the current signature\n");
return 0; /* FAILED */
}
outsig = cursig;
} else {
outsig = sig;
}
/* Append signature to outfile */
if (((*len = i2d_PKCS7(outsig, NULL)) <= 0) || (p = OPENSSL_malloc(*len)) == NULL) {
fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", *len);
return 0; /* FAILED */
}
i2d_PKCS7(outsig, &p);
p -= *len;
*padlen = (8 - *len%8) % 8;
if (type == FILE_TYPE_PE) {
PUT_UINT32_LE(*len + 8 + *padlen, buf);
PUT_UINT16_LE(WIN_CERT_REVISION_2, buf + 4);
PUT_UINT16_LE(WIN_CERT_TYPE_PKCS_SIGNED_DATA, buf + 6);
BIO_write(outdata, buf, 8);
}
if (type == FILE_TYPE_PE || type == FILE_TYPE_CAB) {
BIO_write(outdata, p, *len);
/* pad (with 0's) asn1 blob to 8 byte boundary */
if (*padlen > 0) {
memset(p, 0, *padlen);
BIO_write(outdata, p, *padlen);
}
#ifdef WITH_GSF
} else if (type == FILE_TYPE_MSI) {
/* Only output signatures if we're signing */
if (*cmd == CMD_SIGN || *cmd == CMD_ADD || *cmd == CMD_ATTACH) {
if (!msi_add_DigitalSignature(outole, p, *len)) {
fprintf(stderr, "Failed to write MSI 'DigitalSignature' signature to %s\n", options->infile);
return 0; /* FAILED */
}
if (p_msiex != NULL && !msi_add_MsiDigitalSignatureEx(outole, p_msiex, len_msiex)) {
fprintf(stderr, "Failed to write MSI 'MsiDigitalSignatureEx' signature to %s\n", options->infile);
return 0; /* FAILED */
}
}
#endif
}
OPENSSL_free(p);
return 1; /* OK */
}
static STACK_OF(X509) *PEM_read_certs_with_pass(BIO *bin, char *certpass) static STACK_OF(X509) *PEM_read_certs_with_pass(BIO *bin, char *certpass)
{ {
STACK_OF(X509) *certs = sk_X509_new_null(); STACK_OF(X509) *certs = sk_X509_new_null();
@ -4555,10 +4624,9 @@ int main(int argc, char **argv)
FILE_HEADER header; FILE_HEADER header;
CRYPTO_PARAMS cparams; CRYPTO_PARAMS cparams;
BIO *hash = NULL, *outdata = NULL; BIO *hash = NULL, *outdata = NULL;
PKCS7 *cursig = NULL, *outsig = NULL, *sig = NULL; PKCS7 *cursig = NULL, *sig = NULL;
static char buf[64*1024]; static char buf[64*1024];
char *indata, *outdataverify; char *indata, *outdataverify;
u_char *p = NULL;
int ret = 0, len = 0; int ret = 0, len = 0;
size_t padlen = 0, filesize, outdatasize; size_t padlen = 0, filesize, outdatasize;
file_type_t type; file_type_t type;
@ -4784,54 +4852,20 @@ add_only:
DO_EXIT_0("PKCS7 output failed\n"); DO_EXIT_0("PKCS7 output failed\n");
#endif #endif
if (options.nest) {
if (cursig == NULL)
DO_EXIT_0("Internal error: No 'cursig' was extracted\n")
if (pkcs7_set_nested_signature(cursig, sig, options.signing_time) == 0)
DO_EXIT_0("Unable to append the nested signature to the current signature\n");
outsig = cursig;
} else {
outsig = sig;
}
/* Append signature to outfile */
if (((len = i2d_PKCS7(outsig, NULL)) <= 0) ||
(p = OPENSSL_malloc(len)) == NULL)
DO_EXIT_1("i2d_PKCS memory allocation failed: %d\n", len);
i2d_PKCS7(outsig, &p);
p -= len;
padlen = (8 - len%8) % 8;
if (type == FILE_TYPE_PE) {
PUT_UINT32_LE(len+8+padlen, buf);
PUT_UINT16_LE(WIN_CERT_REVISION_2, buf + 4);
PUT_UINT16_LE(WIN_CERT_TYPE_PKCS_SIGNED_DATA, buf + 6);
BIO_write(outdata, buf, 8);
}
if (type == FILE_TYPE_PE || type == FILE_TYPE_CAB) {
BIO_write(outdata, p, len);
/* pad (with 0's) asn1 blob to 8 byte boundary */
if (padlen > 0) {
memset(p, 0, padlen);
BIO_write(outdata, p, padlen);
}
#ifdef WITH_GSF #ifdef WITH_GSF
} else if (type == FILE_TYPE_MSI) { if (!append_signature(sig, cursig, type, &cmd, &options, &padlen, &len, outdata,
/* Only output signatures if we're signing. */ outole, p_msiex, len_msiex))
if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) { DO_EXIT_0("Append signature to outfile failed\n");
if (!msi_add_DigitalSignature(outole, p, len)) if (type == FILE_TYPE_MSI) {
DO_EXIT_1("Failed to write MSI 'DigitalSignature' signature to %s\n", options.infile); gsf_output_close(GSF_OUTPUT(outole));
if (p_msiex != NULL && !msi_add_MsiDigitalSignatureEx(outole, p_msiex, len_msiex)) g_object_unref(sink);
DO_EXIT_1("Failed to write MSI 'MsiDigitalSignatureEx' signature to %s\n", options.infile);
gsf_output_close(GSF_OUTPUT(outole));
g_object_unref(sink);
}
#endif
} }
#else
if (!append_signature(sig, cursig, type, &cmd, &options, &padlen, &len, outdata))
DO_EXIT_0("Append signature to outfile failed\n");
#endif
PKCS7_free(sig); PKCS7_free(sig);
OPENSSL_free(p);
skip_signing: skip_signing: