Simplify obtaining an existing signature and creating a new one

pe.c

@@ -51,8 +51,10 @@ static u_char *pe_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md);
 static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7);
 static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj);
 static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx);
+static PKCS7 *pe_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx);
 static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
-static PKCS7 *pe_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
+static int pe_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
+static PKCS7 *pe_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash);
 static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7);
 static void pe_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7);
 static BIO *pe_bio_free(BIO *hash, BIO *outdata);
@@ -68,8 +70,10 @@ FILE_FORMAT file_format_pe = {
     .verify_digests = pe_verify_digests,
     .verify_indirect_data = pe_verify_indirect_data,
     .pkcs7_extract = pe_pkcs7_extract,
+    .pkcs7_extract_to_nest = pe_pkcs7_extract_to_nest,
     .remove_pkcs7 = pe_remove_pkcs7,
-    .pkcs7_prepare = pe_pkcs7_prepare,
+    .process_data = pe_process_data,
+    .pkcs7_signature_new = pe_pkcs7_signature_new,
     .append_pkcs7 = pe_append_pkcs7,
     .update_data_size = pe_update_data_size,
     .bio_free = pe_bio_free,
@@ -381,6 +385,16 @@ static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx)
     return pe_pkcs7_get_file(ctx->options->indata, ctx->pe_ctx);
 }
 
+/*
+ * Extract existing signature in DER format.
+ * [in] ctx: structure holds input and output data
+ * [returns] pointer to PKCS#7 structure
+ */
+static PKCS7 *pe_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx)
+{
+    return pe_pkcs7_extract(ctx);
+}
+
 /*
  * Remove existing signature.
  * [in, out] ctx: structure holds input and output data
@@ -404,78 +418,57 @@ static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
 }
 
 /*
- * Obtain an existing signature or create a new one.
+ * Modify specific type data and calculate a hash (message digest) of data.
  * [in, out] ctx: structure holds input and output data
  * [out] hash: message digest BIO
  * [out] outdata: outdata file BIO
- * [returns] pointer to PKCS#7 structure
+ * [returns] 1 on error or 0 on success
  */
-static PKCS7 *pe_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
+static int pe_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
 {
-    PKCS7 *cursig = NULL, *p7 = NULL;
-
-    /* Obtain a current signature from previously-signed file */
-    if ((ctx->options->cmd == CMD_SIGN && ctx->options->nest)
-        || (ctx->options->cmd == CMD_ATTACH && ctx->options->nest)
-        || ctx->options->cmd == CMD_ADD) {
-        cursig = pe_pkcs7_get_file(ctx->options->indata, ctx->pe_ctx);
-        if (!cursig) {
-            printf("Unable to extract existing signature\n");
-            return NULL; /* FAILED */
-        }
-        ctx->options->nested_number = nested_signatures_number_get(cursig);
-        if (ctx->options->nested_number < 0) {
-            printf("Unable to get number of nested signatures\n");
-            PKCS7_free(cursig);
-            return NULL; /* FAILED */
-        }
-        if (ctx->options->cmd == CMD_ADD)
-            p7 = cursig;
-    }
     if (ctx->pe_ctx->sigpos > 0) {
         /* Strip current signature */
         ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos;
     }
     if (!pe_modify_header(ctx, hash, outdata)) {
         printf("Unable to modify file header\n");
+        return 1; /* FAILED */
+    }
+    return 0; /* OK */
+}
+
+/*
+ * Create a new PKCS#7 signature.
+ * [in, out] ctx: structure holds input and output data
+ * [out] hash: message digest BIO
+ * [returns] pointer to PKCS#7 structure
+ */
+static PKCS7 *pe_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash)
+{
+    ASN1_OCTET_STRING *content;
+    PKCS7 *p7 = pkcs7_create(ctx);
+
+    if (!p7) {
+        printf("Creating a new signature failed\n");
         return NULL; /* FAILED */
     }
-    if (ctx->options->cmd == CMD_ATTACH) {
-        /* Obtain an existing PKCS#7 signature */
-        p7 = pkcs7_get_sigfile(ctx);
-        if (!p7) {
-            printf("Unable to extract valid signature\n");
-            PKCS7_free(cursig);
-            return NULL; /* FAILED */
-        }
-    } else if (ctx->options->cmd == CMD_SIGN) {
-        ASN1_OCTET_STRING *content;
-        /* Create a new PKCS#7 signature */
-        p7 = pkcs7_create(ctx);
-        if (!p7) {
-            printf("Creating a new signature failed\n");
-            return NULL; /* FAILED */
-        }
-        if (!add_indirect_data_object(p7)) {
-            printf("Adding SPC_INDIRECT_DATA_OBJID failed\n");
-            PKCS7_free(p7);
-            return NULL; /* FAILED */
-        }
-        content = spc_indirect_data_content_get(hash, ctx);
-        if (!content) {
-            printf("Failed to get spcIndirectDataContent\n");
-            return NULL; /* FAILED */
-        }
-        if (!sign_spc_indirect_data_content(p7, content)) {
-            printf("Failed to set signed content\n");
-            PKCS7_free(p7);
-            ASN1_OCTET_STRING_free(content);
-            return NULL; /* FAILED */
-        }
-        ASN1_OCTET_STRING_free(content);
+    if (!add_indirect_data_object(p7)) {
+        printf("Adding SPC_INDIRECT_DATA_OBJID failed\n");
+        PKCS7_free(p7);
+        return NULL; /* FAILED */
     }
-    if (ctx->options->nest)
-        ctx->options->prevsig = cursig;
+    content = spc_indirect_data_content_get(hash, ctx);
+    if (!content) {
+        printf("Failed to get spcIndirectDataContent\n");
+        return NULL; /* FAILED */
+    }
+    if (!sign_spc_indirect_data_content(p7, content)) {
+        printf("Failed to set signed content\n");
+        PKCS7_free(p7);
+        ASN1_OCTET_STRING_free(content);
+        return NULL; /* FAILED */
+    }
+    ASN1_OCTET_STRING_free(content);
     return p7;
 }