mirror of
https://github.com/mtrojnar/osslsigncode.git
synced 2025-04-05 09:08:04 -05:00
code simplification
This commit is contained in:
olszomal
Michał Trojnara
parent
f8849b8048
commit
e8fe3e934d
@ -3064,10 +3064,8 @@ out:
|
|||||||
static void msi_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf, size_t fileend)
|
static void msi_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf, size_t fileend)
|
||||||
{
|
{
|
||||||
BIO *bio = NULL;
|
BIO *bio = NULL;
|
||||||
static unsigned char bfb[16*1024*1024];
|
|
||||||
EVP_MD_CTX *mdctx;
|
EVP_MD_CTX *mdctx;
|
||||||
size_t n;
|
size_t n;
|
||||||
int l;
|
|
||||||
|
|
||||||
bio = BIO_new_mem_buf(indata, fileend);
|
bio = BIO_new_mem_buf(indata, fileend);
|
||||||
mdctx = EVP_MD_CTX_new();
|
mdctx = EVP_MD_CTX_new();
|
||||||
@ -3077,6 +3075,8 @@ static void msi_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf
|
|||||||
|
|
||||||
n = 0;
|
n = 0;
|
||||||
while (n < fileend) {
|
while (n < fileend) {
|
||||||
|
int l;
|
||||||
|
static unsigned char bfb[16*1024*1024];
|
||||||
size_t want = fileend - n;
|
size_t want = fileend - n;
|
||||||
if (want > sizeof(bfb))
|
if (want > sizeof(bfb))
|
||||||
want = sizeof(bfb);
|
want = sizeof(bfb);
|
||||||
@ -3125,8 +3125,7 @@ static int msi_verify_file(GsfInfile *infile, GLOBAL_OPTIONS *options)
|
|||||||
PKCS7 *p7 = NULL;
|
PKCS7 *p7 = NULL;
|
||||||
unsigned long inlen, exlen = 0;
|
unsigned long inlen, exlen = 0;
|
||||||
const unsigned char *blob;
|
const unsigned char *blob;
|
||||||
STACK_OF(SIGNATURE) *signatures;
|
STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null();
|
||||||
SIGNATURE *signature = NULL;
|
|
||||||
|
|
||||||
sig = msi_get_child(infile, "\05DigitalSignature");
|
sig = msi_get_child(infile, "\05DigitalSignature");
|
||||||
if (sig == NULL) {
|
if (sig == NULL) {
|
||||||
@ -3134,8 +3133,6 @@ static int msi_verify_file(GsfInfile *infile, GLOBAL_OPTIONS *options)
|
|||||||
return 1; /* FAILED */
|
return 1; /* FAILED */
|
||||||
}
|
}
|
||||||
|
|
||||||
signatures = sk_SIGNATURE_new_null();
|
|
||||||
|
|
||||||
inlen = (unsigned long) gsf_input_remaining(sig);
|
inlen = (unsigned long) gsf_input_remaining(sig);
|
||||||
indata = OPENSSL_malloc(inlen);
|
indata = OPENSSL_malloc(inlen);
|
||||||
if (gsf_input_read(sig, inlen, indata) == NULL) {
|
if (gsf_input_read(sig, inlen, indata) == NULL) {
|
||||||
@ -3164,8 +3161,8 @@ static int msi_verify_file(GsfInfile *infile, GLOBAL_OPTIONS *options)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
||||||
|
SIGNATURE *signature = sk_SIGNATURE_value(signatures, i);
|
||||||
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
||||||
signature = sk_SIGNATURE_value(signatures, i);
|
|
||||||
ret &= msi_verify_pkcs7(signature, infile, exdata, exlen, options);
|
ret &= msi_verify_pkcs7(signature, infile, exdata, exlen, options);
|
||||||
if (signature->timestamp) {
|
if (signature->timestamp) {
|
||||||
CMS_ContentInfo_free(signature->timestamp);
|
CMS_ContentInfo_free(signature->timestamp);
|
||||||
@ -3471,7 +3468,6 @@ static void pe_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf,
|
|||||||
static unsigned char bfb[16*1024*1024];
|
static unsigned char bfb[16*1024*1024];
|
||||||
EVP_MD_CTX *mdctx;
|
EVP_MD_CTX *mdctx;
|
||||||
size_t n;
|
size_t n;
|
||||||
int l;
|
|
||||||
size_t offset;
|
size_t offset;
|
||||||
|
|
||||||
if (header->sigpos)
|
if (header->sigpos)
|
||||||
@ -3494,6 +3490,7 @@ static void pe_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf,
|
|||||||
|
|
||||||
n = header->header_size + 88 + 4 + 60 + header->pe32plus * 16 + 8;
|
n = header->header_size + 88 + 4 + 60 + header->pe32plus * 16 + 8;
|
||||||
while (n < offset) {
|
while (n < offset) {
|
||||||
|
int l;
|
||||||
size_t want = offset - n;
|
size_t want = offset - n;
|
||||||
if (want > sizeof(bfb))
|
if (want > sizeof(bfb))
|
||||||
want = sizeof(bfb);
|
want = sizeof(bfb);
|
||||||
@ -3671,14 +3668,11 @@ static int pe_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *opt
|
|||||||
BIO *bio;
|
BIO *bio;
|
||||||
unsigned int real_pe_checksum;
|
unsigned int real_pe_checksum;
|
||||||
PKCS7 *p7;
|
PKCS7 *p7;
|
||||||
STACK_OF(SIGNATURE) *signatures;
|
STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null();
|
||||||
SIGNATURE *signature = NULL;
|
|
||||||
|
|
||||||
if (header->siglen == 0)
|
if (header->siglen == 0)
|
||||||
header->siglen = header->fileend;
|
header->siglen = header->fileend;
|
||||||
|
|
||||||
signatures = sk_SIGNATURE_new_null();
|
|
||||||
|
|
||||||
/* check PE checksum */
|
/* check PE checksum */
|
||||||
printf("Current PE checksum : %08X\n", header->pe_checksum);
|
printf("Current PE checksum : %08X\n", header->pe_checksum);
|
||||||
bio = BIO_new_mem_buf(indata, header->sigpos + header->siglen);
|
bio = BIO_new_mem_buf(indata, header->sigpos + header->siglen);
|
||||||
@ -3704,8 +3698,8 @@ static int pe_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *opt
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
||||||
|
SIGNATURE *signature = sk_SIGNATURE_value(signatures, i);
|
||||||
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
||||||
signature = sk_SIGNATURE_value(signatures, i);
|
|
||||||
ret &= pe_verify_pkcs7(signature, indata, header, options);
|
ret &= pe_verify_pkcs7(signature, indata, header, options);
|
||||||
if (signature->timestamp) {
|
if (signature->timestamp) {
|
||||||
CMS_ContentInfo_free(signature->timestamp);
|
CMS_ContentInfo_free(signature->timestamp);
|
||||||
@ -3878,11 +3872,9 @@ static int cab_verify_header(char *indata, char *infile, size_t filesize, FILE_H
|
|||||||
static void cab_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf, FILE_HEADER *header)
|
static void cab_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf, FILE_HEADER *header)
|
||||||
{
|
{
|
||||||
BIO *bio;
|
BIO *bio;
|
||||||
size_t coffFiles, nfolders, flags;
|
|
||||||
static unsigned char bfb[16*1024*1024];
|
static unsigned char bfb[16*1024*1024];
|
||||||
EVP_MD_CTX *mdctx;
|
EVP_MD_CTX *mdctx;
|
||||||
int l;
|
size_t offset, coffFiles;
|
||||||
size_t offset;
|
|
||||||
|
|
||||||
if (header->sigpos)
|
if (header->sigpos)
|
||||||
offset = header->sigpos;
|
offset = header->sigpos;
|
||||||
@ -3901,6 +3893,7 @@ static void cab_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf
|
|||||||
/* u4 reserved1 00000000: 4-7 */
|
/* u4 reserved1 00000000: 4-7 */
|
||||||
BIO_read(bio, bfb, 4);
|
BIO_read(bio, bfb, 4);
|
||||||
if (header->sigpos) {
|
if (header->sigpos) {
|
||||||
|
size_t nfolders, flags;
|
||||||
/*
|
/*
|
||||||
* u4 cbCabinet - size of this cabinet file in bytes: 8-11
|
* u4 cbCabinet - size of this cabinet file in bytes: 8-11
|
||||||
* u4 reserved2 00000000: 12-15
|
* u4 reserved2 00000000: 12-15
|
||||||
@ -3986,6 +3979,7 @@ static void cab_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf
|
|||||||
}
|
}
|
||||||
/* (variable) ab - the compressed data bytes */
|
/* (variable) ab - the compressed data bytes */
|
||||||
while (coffFiles < offset) {
|
while (coffFiles < offset) {
|
||||||
|
int l;
|
||||||
size_t want = offset - coffFiles;
|
size_t want = offset - coffFiles;
|
||||||
if (want > sizeof(bfb))
|
if (want > sizeof(bfb))
|
||||||
want = sizeof(bfb);
|
want = sizeof(bfb);
|
||||||
@ -4063,10 +4057,7 @@ static int cab_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *op
|
|||||||
{
|
{
|
||||||
int i, ret = 1;
|
int i, ret = 1;
|
||||||
PKCS7 *p7;
|
PKCS7 *p7;
|
||||||
STACK_OF(SIGNATURE) *signatures;
|
STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null();
|
||||||
SIGNATURE *signature = NULL;
|
|
||||||
|
|
||||||
signatures = sk_SIGNATURE_new_null();
|
|
||||||
|
|
||||||
if (header->header_size != 20) {
|
if (header->header_size != 20) {
|
||||||
printf("No signature found\n\n");
|
printf("No signature found\n\n");
|
||||||
@ -4084,8 +4075,8 @@ static int cab_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *op
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
||||||
|
SIGNATURE *signature = sk_SIGNATURE_value(signatures, i);
|
||||||
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
||||||
signature = sk_SIGNATURE_value(signatures, i);
|
|
||||||
ret &= cab_verify_pkcs7(signature, indata, header, options);
|
ret &= cab_verify_pkcs7(signature, indata, header, options);
|
||||||
if (signature->timestamp) {
|
if (signature->timestamp) {
|
||||||
CMS_ContentInfo_free(signature->timestamp);
|
CMS_ContentInfo_free(signature->timestamp);
|
||||||
@ -4374,9 +4365,10 @@ static int cat_verify_header(char *indata, size_t filesize, FILE_HEADER *header)
|
|||||||
return 0; /* FAILED */
|
return 0; /* FAILED */
|
||||||
}
|
}
|
||||||
si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0);
|
si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0);
|
||||||
if (si == NULL)
|
if (si == NULL) {
|
||||||
/* catalog file is unsigned */
|
/* catalog file is unsigned */
|
||||||
header->sigpos = filesize;
|
header->sigpos = filesize;
|
||||||
|
}
|
||||||
|
|
||||||
header->fileend = filesize;
|
header->fileend = filesize;
|
||||||
PKCS7_free(p7);
|
PKCS7_free(p7);
|
||||||
@ -4390,25 +4382,23 @@ static int cat_verify_header(char *indata, size_t filesize, FILE_HEADER *header)
|
|||||||
static int cat_verify_member(CatalogAuthAttr *attribute, char *indata, FILE_HEADER *header,
|
static int cat_verify_member(CatalogAuthAttr *attribute, char *indata, FILE_HEADER *header,
|
||||||
file_type_t filetype)
|
file_type_t filetype)
|
||||||
{
|
{
|
||||||
int ret = 1, mdok, mdtype = -1, phtype = -1;
|
int ret = 1;
|
||||||
unsigned char mdbuf[EVP_MAX_MD_SIZE];
|
|
||||||
unsigned char cmdbuf[EVP_MAX_MD_SIZE];
|
|
||||||
char hexbuf[EVP_MAX_MD_SIZE*2+1];
|
|
||||||
unsigned char *ph = NULL;
|
unsigned char *ph = NULL;
|
||||||
size_t phlen = 0;
|
|
||||||
const EVP_MD *md;
|
|
||||||
ASN1_STRING *content_val;
|
|
||||||
const unsigned char *p;
|
|
||||||
ASN1_OBJECT *indir_objid = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1);
|
ASN1_OBJECT *indir_objid = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1);
|
||||||
|
|
||||||
if (attribute && !OBJ_cmp(attribute->type, indir_objid)) {
|
if (attribute && !OBJ_cmp(attribute->type, indir_objid)) {
|
||||||
STACK_OF(ASN1_TYPE) *contents;
|
int mdok, mdtype = -1, phtype = -1;
|
||||||
|
unsigned char mdbuf[EVP_MAX_MD_SIZE];
|
||||||
|
unsigned char cmdbuf[EVP_MAX_MD_SIZE];
|
||||||
|
char hexbuf[EVP_MAX_MD_SIZE*2+1];
|
||||||
|
size_t phlen = 0;
|
||||||
|
const EVP_MD *md;
|
||||||
ASN1_TYPE *content;
|
ASN1_TYPE *content;
|
||||||
SpcIndirectDataContent *idc;
|
SpcIndirectDataContent *idc;
|
||||||
|
|
||||||
content_val = attribute->contents->value.sequence;
|
ASN1_STRING *content_val = attribute->contents->value.sequence;
|
||||||
p = content_val->data;
|
const unsigned char *p = content_val->data;
|
||||||
contents = d2i_ASN1_SET_ANY(NULL, &p, content_val->length);
|
STACK_OF(ASN1_TYPE) *contents = d2i_ASN1_SET_ANY(NULL, &p, content_val->length);
|
||||||
if (contents == NULL)
|
if (contents == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
@ -4443,9 +4433,11 @@ static int cat_verify_member(CatalogAuthAttr *attribute, char *indata, FILE_HEAD
|
|||||||
case FILE_TYPE_PE:
|
case FILE_TYPE_PE:
|
||||||
pe_calc_digest(indata, md, cmdbuf, header);
|
pe_calc_digest(indata, md, cmdbuf, header);
|
||||||
break;
|
break;
|
||||||
|
#ifdef WITH_GSF
|
||||||
case FILE_TYPE_MSI:
|
case FILE_TYPE_MSI:
|
||||||
msi_calc_digest(indata, md, cmdbuf, header->fileend);
|
msi_calc_digest(indata, md, cmdbuf, header->fileend);
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -4515,21 +4507,22 @@ static int cat_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *hea
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (ok)
|
if (ok) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
MsCtlContent_free(ctlc);
|
MsCtlContent_free(ctlc);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* the input file is a catalog file */
|
/* the input file is a catalog file */
|
||||||
ok = 1;
|
ok = 1;
|
||||||
}
|
}
|
||||||
if (ok)
|
if (ok) {
|
||||||
/* a message digest value of the catalog file is checked by PKCS7_verify() */
|
/* a message digest value of the catalog file is checked by PKCS7_verify() */
|
||||||
ret = verify_signature(signature, options);
|
ret = verify_signature(signature, options);
|
||||||
else
|
} else {
|
||||||
printf("File not found in the specified catalog.\n\n");
|
printf("File not found in the specified catalog.\n\n");
|
||||||
|
}
|
||||||
if (!ret)
|
if (!ret)
|
||||||
ERR_print_errors_fp(stdout);
|
ERR_print_errors_fp(stdout);
|
||||||
return ret;
|
return ret;
|
||||||
@ -4540,10 +4533,7 @@ static int cat_verify_file(char *catdata, FILE_HEADER *catheader,
|
|||||||
{
|
{
|
||||||
int i, ret = 1;
|
int i, ret = 1;
|
||||||
PKCS7 *p7;
|
PKCS7 *p7;
|
||||||
STACK_OF(SIGNATURE) *signatures;
|
STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null();
|
||||||
SIGNATURE *signature;
|
|
||||||
|
|
||||||
signatures = sk_SIGNATURE_new_null();
|
|
||||||
|
|
||||||
if (header->sigpos == header->fileend ||
|
if (header->sigpos == header->fileend ||
|
||||||
(options->catalog && (catheader->sigpos == catheader->fileend))) {
|
(options->catalog && (catheader->sigpos == catheader->fileend))) {
|
||||||
@ -4561,9 +4551,9 @@ static int cat_verify_file(char *catdata, FILE_HEADER *catheader,
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
for (i = 0; i < sk_SIGNATURE_num(signatures); i++) {
|
||||||
|
SIGNATURE *signature = sk_SIGNATURE_value(signatures, i);
|
||||||
if (!options->catalog)
|
if (!options->catalog)
|
||||||
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
|
||||||
signature = sk_SIGNATURE_value(signatures, i);
|
|
||||||
ret &= cat_verify_pkcs7(signature, indata, header, filetype, options);
|
ret &= cat_verify_pkcs7(signature, indata, header, filetype, options);
|
||||||
if (signature->timestamp) {
|
if (signature->timestamp) {
|
||||||
CMS_ContentInfo_free(signature->timestamp);
|
CMS_ContentInfo_free(signature->timestamp);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user