nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity
182 Commits 1 Branch 10 Tags
Commit Graph

140 Commits

Author SHA1 Message Date
olszomal
e59e922d32 last merge error - X509_PURPOSE_ANY 2020-04-09 10:45:25 +02:00
olszomal
e2f984f5c9 attach DER signature 2020-04-08 14:21:53 +02:00
olszomal
cafa23819b more memory leaks fixed 2020-04-07 15:49:00 +02:00
olszomal
235448d839 fixed memory leaks 2020-04-03 15:12:43 +02:00
olszomal
077783aa2a signer extended key usage XKU_CODE_SIGN 2020-04-03 12:31:59 +02:00
olszomal
7c39f73ff6 memory cleanup 2020-04-03 11:44:56 +02:00
olszomal
1e4681980f print osslsigncode version and usage 2020-04-02 12:18:37 +02:00
olszomal
26d35cee40 C89 standard compatibility 2020-04-02 12:03:06 +02:00
olszomal
a79c0c6426 is_indirect_data_signature() 2020-04-01 13:25:58 +02:00
olszomal
3ae025a133 code cleaning 2020-03-31 12:55:09 +02:00
olszomal
6383166189 enable MsiDigitalSignatureEx 2020-03-27 15:00:47 +01:00
olszomal
0692db5ed3 resolved merge conflict by incorporating both suggestions 2020-03-27 14:28:04 +01:00
olszomal
ee2d65d354 msi_calc_MsiDigitalSignatureEx() with GSF_PARAMS struct 2020-03-27 14:04:14 +01:00
olszomal
3635d586fb create pkcs7 object and prepare file to sign 2020-03-27 13:51:59 +01:00
olszomal
ee17261eaf resolved merge conflict 2020-03-26 11:24:24 +01:00
olszomal
77493d5cde input options and input file header validation 2020-03-26 10:38:02 +01:00
olszomal
cdd2a23bf1 check attached data 2020-03-26 09:16:18 +01:00
olszomal
20236fb677
Verification purpose and nested signature (#35) 
- Require "Code Signing" extended key usage for authenticode verification.
 - Only check for the X509_PURPOSE_CRL_SIGN purpose in CRL verification.
 - Only require one valid signature for a nested signature.
 2020-03-25 21:00:47 +01:00
olszomal
18b19cbe5d Update additional data size 2020-03-25 14:06:36 +01:00
olszomal
e570907a59 Append signature to outfile 2020-03-25 13:52:08 +01:00
olszomal
9f6af8becb set_indirect_data_blob() 2020-03-24 14:44:03 +01:00
olszomal
b7f0461311 page hash verification 2020-03-24 14:04:37 +01:00
olszomal
1715a02cd8 get_indirect_data_blob() with options and header structures 2020-03-24 13:59:38 +01:00
olszomal
536cf9670b get_file_type() 2020-03-17 11:17:45 +01:00
olszomal
0f35d25791 CRYPTO_PARAMS struct 2020-03-17 11:01:37 +01:00
olszomal
f93bdc0f98 nturl/ntsurl GLOBAL_OPTIONS related to turl/tsurl 2020-03-16 14:41:21 +01:00
olszomal
6e46f71e69 main_configure() 2020-03-16 14:20:02 +01:00
olszomal
5e0f6e17a9 GLOBAL_OPTIONS struct 2020-03-16 10:32:39 +01:00
olszomal
1281dbccf1 read certificate and key 2020-03-13 12:19:42 +01:00
olszomal
9e670ea7a0 read_password 2020-03-12 15:36:40 +01:00
olszomal
29b138a667 create_new_signature() 2020-03-12 15:03:36 +01:00
olszomal
e7f0577bf3 set_signing_bob 2020-03-12 14:13:26 +01:00
olszomal
f0050d6033 MSI Digital Signatures support 2020-03-12 13:35:30 +01:00
olszomal
ccde20f8e2 FILE_HEADER struct for CAB header support 2020-03-11 09:25:27 +01:00
olszomal
787933ef53 verify_pe_header() 2020-03-10 13:26:20 +01:00
olszomal
7cd0e9d581 add jp/purpose/desc/url attribute functions 2020-03-04 15:35:48 +01:00
olszomal
889679e080 attach_sigfile() 2020-03-04 14:34:51 +01:00
olszomal
150d14b57c modify and verify CAB header 2020-03-04 13:28:46 +01:00
olszomal
73cf4e9540 attach to CAB file fixed 
some improvements for PE files
 2020-02-21 16:26:53 +01:00
olszomal
94f5e0c1bf CAB file support 2020-02-21 14:07:15 +01:00
olszomal
6bcb95e8fa file format fixes 2020-02-19 10:47:29 +01:00
olszomal
7fcf08ad75
CA bundle install path detection (#32) 2020-02-04 22:44:58 +01:00
Michal Trojnara
2bb573219a Fix invocation without arguments 
Closes #29
 2020-01-25 18:41:47 +01:00
olszomal
7366df707d Help (#27) 2020-01-25 08:37:11 +01:00
olszomal
49f25a1914 CRL support with new CRLfile global option (#28) 2020-01-25 08:25:48 +01:00
olszomal
7f6ec7607f ifdef ENABLE_CURL mistake 2019-12-28 20:34:13 +01:00
olszomal
311f5af395 signature verification 2019-12-28 20:34:13 +01:00
Michał Trojnara
2ffa5a9d69 Signing Time code refactoring 
- Code simplification.
 - Support for the -st option while timestamps are enabled.
 - Fix for a NULL pointer dereference.
 2019-09-10 23:03:35 +02:00
Viktor Szakats
5c51cab171 reword comment 2019-09-10 22:09:45 +02:00
Viktor Szakats
c72434aa08 add option to override non-trusted time in signature 
By default the non-trusted time embedded in the signature is the
current time of the machine. This means that adding a signature
prevents from creating reproducible/deterministic binaries.

This patch resolves that by introducing the -st <unix-time> option
where a custom time can be supplied and which will be used in the
signature. By using a point in time bound to the package (e.g.
release date or timestamp of a specific file in the source package
- or just 0 to suppress the current time), it makes it possible to
create signed binaries with reproducible/deterministic, IOW
identical signatures, regardless of when the build was done. It
also makes osslsigncode behaviour closer to signtool.exe, which by
default creates deterministic signatures (by include no
non-trusted time at all.)

The patch has been used live for the last year to build curl-for-win
binaries:
  https://github.com/curl/curl-for-win/blob/master/osslsigncode.patch

It also resolves this osslsigncode bug:
  https://sourceforge.net/p/osslsigncode/bugs/8/#a59a
 2019-09-10 22:09:45 +02:00