Simplify checking whether a signature exists

Author: olszomal

appx.c

@@ -250,7 +250,6 @@ static const EVP_MD *appx_md_get(FILE_FORMAT_CTX *ctx);
 static ASN1_OBJECT *appx_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx);
 static PKCS7 *appx_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md);
 static int appx_hash_length_get(FILE_FORMAT_CTX *ctx);
-static int appx_check_file(FILE_FORMAT_CTX *ctx, int detached);
 static int appx_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7);
 static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx);
 static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
@@ -266,7 +265,6 @@ FILE_FORMAT file_format_appx = {
     .data_blob_get = appx_spc_sip_info_get,
     .pkcs7_contents_get = appx_pkcs7_contents_get,
     .hash_length_get = appx_hash_length_get,
-    .check_file = appx_check_file,
     .verify_digests = appx_verify_digests,
     .pkcs7_extract = appx_pkcs7_extract,
     .remove_pkcs7 = appx_remove_pkcs7,
@@ -466,25 +464,6 @@ static int appx_hash_length_get(FILE_FORMAT_CTX *ctx)
     return ctx->appx_ctx->hashlen;
 }
 
-/*
- * Check if the signature exists.
- * [in] ctx: structure holds input and output data
- * [in] detached: embedded/detached PKCS#7 signature switch
- * [returns] 0 on error or 1 on success
- */
-static int appx_check_file(FILE_FORMAT_CTX *ctx, int detached)
-{
-    if (detached) {
-        printf("APPX format does not support detached PKCS#7 signature\n");
-        return 0; /* FAILED */
-    }
-    if (!zipEntryExist(ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME)) {
-        printf("%s does not exist\n", APP_SIGNATURE_FILENAME);
-        return 0; /* FAILED */
-    }
-    return 1; /* OK */
-}
-
 /*
  * Calculate message digest and compare to value retrieved from PKCS#7 signedData.
  * [in] ctx: structure holds input and output data
@@ -534,6 +513,11 @@ static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx)
     const u_char *blob;
     size_t dataSize;
 
+    /* Check if the signature exists */
+    if (!zipEntryExist(ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME)) {
+        printf("%s does not exist\n", APP_SIGNATURE_FILENAME);
+        return NULL; /* FAILED */
+    }
     dataSize = zipReadFileDataByName(&data, ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME);
     if (dataSize <= 0) {
         return NULL; /* FAILED */

cab.c

@@ -45,7 +45,6 @@ static FILE_FORMAT_CTX *cab_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *out
 static ASN1_OBJECT *cab_obsolete_link_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx);
 static PKCS7 *cab_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md);
 static int cab_hash_length_get(FILE_FORMAT_CTX *ctx);
-static int cab_check_file(FILE_FORMAT_CTX *ctx, int detached);
 static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md);
 static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7);
 static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx);
@@ -57,13 +56,13 @@ static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7);
 static void cab_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7);
 static BIO *cab_bio_free(BIO *hash, BIO *outdata);
 static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
+static int cab_is_detaching_supported(void);
 
 FILE_FORMAT file_format_cab = {
     .ctx_new = cab_ctx_new,
     .data_blob_get = cab_obsolete_link_get,
     .pkcs7_contents_get = cab_pkcs7_contents_get,
     .hash_length_get = cab_hash_length_get,
-    .check_file = cab_check_file,
     .digest_calc = cab_digest_calc,
     .verify_digests = cab_verify_digests,
     .pkcs7_extract = cab_pkcs7_extract,
@@ -74,7 +73,8 @@ FILE_FORMAT file_format_cab = {
     .append_pkcs7 = cab_append_pkcs7,
     .update_data_size = cab_update_data_size,
     .bio_free = cab_bio_free,
-    .ctx_cleanup = cab_ctx_cleanup
+    .ctx_cleanup = cab_ctx_cleanup,
+    .is_detaching_supported = cab_is_detaching_supported
 };
 
 /* Prototypes */
@@ -83,6 +83,7 @@ static int cab_add_jp_attribute(PKCS7 *p7, int jp);
 static size_t cab_write_optional_names(BIO *outdata, char *indata, size_t len, uint16_t flags);
 static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
 static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
+static int cab_check_file(FILE_FORMAT_CTX *ctx);
 
 /*
  * FILE_FORMAT method definitions
@@ -192,34 +193,6 @@ static int cab_hash_length_get(FILE_FORMAT_CTX *ctx)
     return EVP_MD_size(ctx->options->md);
 }
 
-/*
- * Check if the signature exists.
- * [in, out] ctx: structure holds input and output data
- * [in] detached: embedded/detached PKCS#7 signature switch
- * [returns] 0 on error or 1 on success
- */
-static int cab_check_file(FILE_FORMAT_CTX *ctx, int detached)
-{
-    if (!ctx) {
-        printf("Init error\n\n");
-        return 0; /* FAILED */
-    }
-    if (detached) {
-        printf("Checking the specified catalog file\n\n");
-        return 1; /* OK */
-    }
-    if (ctx->cab_ctx->header_size != 20) {
-        printf("No signature found\n\n");
-        return 0; /* FAILED */
-    }
-    if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0
-        || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) {
-        printf("No signature found\n\n");
-        return 0; /* FAILED */
-    }
-    return 1; /* OK */
-}
-
 /*
  * Compute a message digest value of the signed or unsigned CAB file.
  * [in] ctx: structure holds input and output data
@@ -397,8 +370,7 @@ static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx)
 {
     const u_char *blob;
 
-    if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0
-        || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) {
+    if (!cab_check_file(ctx)) {
         return NULL; /* FAILED */
     }
     blob = (u_char *)ctx->options->indata + ctx->cab_ctx->sigpos;
@@ -432,8 +404,7 @@ static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
     /* squash the unused parameter warning */
     (void)hash;
 
-    if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0
-        || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) {
+    if (!cab_check_file(ctx)) {
         return 1; /* FAILED, no signature */
     }
     buf = OPENSSL_malloc(SIZE_64K);
@@ -655,6 +626,11 @@ static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
     OPENSSL_free(ctx);
 }
 
+static int cab_is_detaching_supported(void)
+{
+    return 1; /* OK */
+}
+
 /*
  * CAB helper functions
  */
@@ -972,6 +948,29 @@ static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
     return 1; /* OK */
 }
 
+/*
+ * Check if the signature exists.
+ * [in, out] ctx: structure holds input and output data
+ * [returns] 0 on error or 1 on success
+ */
+static int cab_check_file(FILE_FORMAT_CTX *ctx)
+{
+    if (!ctx) {
+        printf("Init error\n\n");
+        return 0; /* FAILED */
+    }
+    if (ctx->cab_ctx->header_size != 20) {
+        printf("No signature found\n\n");
+        return 0; /* FAILED */
+    }
+    if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0
+        || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) {
+        printf("No signature found\n\n");
+        return 0; /* FAILED */
+    }
+    return 1; /* OK */
+}
+
 /*
 Local Variables:
    c-basic-offset: 4

cat.c

@@ -36,7 +36,6 @@ struct cat_ctx_st {
 
 /* FILE_FORMAT method prototypes */
 static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata);
-static int cat_check_file(FILE_FORMAT_CTX *ctx, int detached);
 static int cat_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7);
 static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx);
 static PKCS7 *cat_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash);
@@ -46,7 +45,6 @@ static void cat_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata);
 
 FILE_FORMAT file_format_cat = {
     .ctx_new = cat_ctx_new,
-    .check_file = cat_check_file,
     .verify_digests = cat_verify_digests,
     .pkcs7_extract = cat_pkcs7_extract,
     .pkcs7_signature_new = cat_pkcs7_signature_new,
@@ -64,6 +62,7 @@ static int cat_print_content_member_digest(ASN1_TYPE *content);
 static int cat_print_content_member_name(ASN1_TYPE *content);
 static void cat_print_base64(ASN1_OCTET_STRING *value);
 static void cat_print_utf16_as_ascii(ASN1_OCTET_STRING *value);
+static int cat_check_file(FILE_FORMAT_CTX *ctx);
 
 /*
  * FILE_FORMAT method definitions
@@ -118,35 +117,6 @@ static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *out
     return ctx;
 }
 
-static int cat_check_file(FILE_FORMAT_CTX *ctx, int detached)
-{
-    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
-    PKCS7_SIGNER_INFO *si;
-
-    if (!ctx) {
-        printf("Init error\n\n");
-        return 0; /* FAILED */
-    }
-    if (detached) {
-        printf("CAT format does not support detached PKCS#7 signature\n\n");
-        return 0; /* FAILED */
-    }
-    signer_info = PKCS7_get_signer_info(ctx->cat_ctx->p7);
-    if (!signer_info) {
-        printf("Failed catalog file\n\n");
-        return 0; /* FAILED */
-    }
-    si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0);
-    if (!si) {
-        printf("No signature found\n\n");
-        return 0; /* FAILED */
-    }
-    if (ctx->options->verbose) {
-        (void)cat_list_content(ctx->cat_ctx->p7);
-    }
-    return 1; /* OK */
-}
-
 /*
  * ContentInfo value is the inner content of pkcs7-signedData.
  * An extra verification is not necessary when a content type data
@@ -167,6 +137,9 @@ static int cat_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7)
  */
 static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx)
 {
+    if (!cat_check_file(ctx)) {
+        return NULL; /* FAILED */
+    }
     return PKCS7_dup(ctx->cat_ctx->p7);
 }
 
@@ -472,6 +445,35 @@ static void cat_print_utf16_as_ascii(ASN1_OCTET_STRING *value)
         putchar(isprint(data[i]) && !data[i+1] ? data[i] : '.');
 }
 
+/*
+ * Check if the signature exists.
+ * [in, out] ctx: structure holds input and output data
+ * [returns] 0 on error or 1 on success
+ */
+static int cat_check_file(FILE_FORMAT_CTX *ctx)
+{
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+    PKCS7_SIGNER_INFO *si;
+
+    if (!ctx) {
+        printf("Init error\n\n");
+        return 0; /* FAILED */
+    }
+    signer_info = PKCS7_get_signer_info(ctx->cat_ctx->p7);
+    if (!signer_info) {
+        printf("Failed catalog file\n\n");
+        return 0; /* FAILED */
+    }
+    si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0);
+    if (!si) {
+        printf("No signature found\n\n");
+        return 0; /* FAILED */
+    }
+    if (ctx->options->verbose) {
+        (void)cat_list_content(ctx->cat_ctx->p7);
+    }
+    return 1; /* OK */
+}
 /*
 Local Variables:
    c-basic-offset: 4