Fixed validation of supported command

2025-05-20 18:34:29 -05:00 · 2023-06-18 16:02:31 +04:00 · 2023-06-18 16:02:31 +04:00 · f2f3a8891c
commit f2f3a8891c
parent 29eedf9059
1 changed files with 38 additions and 6 deletions
--- a/osslsigncode.c
+++ b/osslsigncode.c
@ -2002,6 +2002,12 @@ static int verify_member(FILE_FORMAT_CTX *ctx, CatalogAuthAttr *attribute)
        printf("Failed to extract current message digest\n\n");
        return 1; /* FAILED */
    }
    if(!ctx->format->digest_calc) {
        printf("Unsupported command\n");
        return 1; /* Failed */
    }
    md = EVP_get_digestbynid(mdtype);
    cmdbuf = ctx->format->digest_calc(ctx, md);
    if (!cmdbuf) {
@ -2219,9 +2225,13 @@ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options)
    PKCS7 *p7;
    STACK_OF(PKCS7) *signatures;
    int detached = options->catalog ? 1 : 0;
    if(!ctx->format->check_file) {
        printf("Unsupported command\n");
        return 1; /* Failed */
    }
    if (!ctx->format->check_file(ctx, detached))
-        return 1; /* FAILED */
+        return 1; /* Failed */
    if (detached) {
        GLOBAL_OPTIONS *cat_options;
@ -2238,10 +2248,21 @@ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options)
            printf("CAT file initialization error\n");
            return 1; /* Failed */
        }
        if(!cat_ctx->format->pkcs7_extract) {
           printf("Unsupported command\n");
           return 1; /* Failed */
        }
        p7 = cat_ctx->format->pkcs7_extract(cat_ctx);
        cat_ctx->format->ctx_cleanup(cat_ctx, NULL, NULL);
        OPENSSL_free(cat_options);
    } else {
        if(!ctx->format->pkcs7_extract) {
           printf("Unsupported command\n");
           return 1; /* Failed */
        }
        p7 = ctx->format->pkcs7_extract(ctx);
    }
    if (!p7) {
@ -2262,10 +2283,15 @@ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options)
            } else {
                printf("Catalog verification: failed\n\n");
            }
-        } else if (ctx->format->verify_digests(ctx, sig)) {
+        } else if (ctx->format->verify_digests) {
            if(ctx->format->verify_digests(ctx, sig)) {
                printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : "");
                ret &= verify_signature(ctx, sig);
            }
        } else {
           printf("Unsupported command\n");
           return 1; /* Failed */
        }
    }
    printf("Number of verified signatures: %d\n", i);
    sk_PKCS7_pop_free(signatures, PKCS7_free);
@ -3744,7 +3770,10 @@ int main(int argc, char **argv)
    if (options.cmd == CMD_VERIFY) {
        ret = verify_signed_file(ctx, &options);
        goto skip_signing;
-    } else if (options.cmd == CMD_EXTRACT && ctx->format->pkcs7_extract) {
+    } else if (options.cmd == CMD_EXTRACT) {
        if(!ctx->format->pkcs7_extract) {
            DO_EXIT_0("Unsupported command\n");
        }
        p7 = ctx->format->pkcs7_extract(ctx);
        if (!p7) {
            DO_EXIT_0("Unable to extract existing signature\n");
@ -3752,7 +3781,10 @@ int main(int argc, char **argv)
        ret = save_extracted_pkcs7(ctx, outdata, p7);
        PKCS7_free(p7);
        goto skip_signing;
-    } else if (options.cmd == CMD_REMOVE && ctx->format->remove_pkcs7) {
+    } else if (options.cmd == CMD_REMOVE) {
        if(!ctx->format->remove_pkcs7) {
            DO_EXIT_0("Unsupported command\n");
        }
        ret = ctx->format->remove_pkcs7(ctx, hash, outdata);
        if (ctx->format->update_data_size) {
            ctx->format->update_data_size(ctx, outdata, NULL);