diff --git a/NEWS.md b/NEWS.md index 2e844c5a..713e4655 100644 --- a/NEWS.md +++ b/NEWS.md @@ -6,6 +6,7 @@ - used native HTTP client with OpenSSL 3.0 or later, removed libcurl dependency - added the "-ignore-crl" option to disable fetching and verifying CRL Distribution Points +- changed error output to stderr instead of stdout - improved testing ### 2.8 (2024.03.03) diff --git a/appx.c b/appx.c index a280f264..6d25c4cc 100644 --- a/appx.c +++ b/appx.c @@ -442,7 +442,7 @@ static PKCS7 *appx_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP /* Create and append a new signature content types entry */ entry = zipGetCDEntryByName(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME); if (!entry) { - printf("Not a valid .appx file: content types file missing\n"); + fprintf(stderr, "Not a valid .appx file: content types file missing\n"); return NULL; /* FAILED */ } if (!appx_append_ct_signature_entry(ctx->appx_ctx->zip, entry)) { @@ -483,7 +483,7 @@ static int appx_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) if (idc) { BIO *hashes; if (!appx_extract_hashes(ctx, idc)) { - printf("Failed to extract hashes from the signature\n"); + fprintf(stderr, "Failed to extract hashes from the signature\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } @@ -494,7 +494,7 @@ static int appx_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) } BIO_free_all(hashes); if (!appx_compare_hashes(ctx)) { - printf("Signature hash verification failed\n"); + fprintf(stderr, "Signature hash verification failed\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } @@ -518,7 +518,7 @@ static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx) /* Check if the signature exists */ if (!zipEntryExist(ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME)) { - printf("%s does not exist\n", APP_SIGNATURE_FILENAME); + fprintf(stderr, "%s does not exist\n", APP_SIGNATURE_FILENAME); return NULL; /* FAILED */ } dataSize = zipReadFileDataByName(&data, ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME); @@ -527,7 +527,7 @@ static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx) } /* P7X format is just 0x504B4358 (PKCX) followed by PKCS#7 data in the DER format */ if (memcmp(data, PKCX_SIGNATURE, 4)) { - printf("Invalid PKCX header\n"); + fprintf(stderr, "Invalid PKCX header\n"); OPENSSL_free(data); return NULL; /* FAILED */ } @@ -556,7 +556,7 @@ static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) (void)hash; if (!entry) { - printf("Not a valid .appx file: content types file missing\n"); + fprintf(stderr, "Not a valid .appx file: content types file missing\n"); return 1; /* FAILED */ } /* read signature data */ @@ -566,17 +566,17 @@ static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) } OPENSSL_free(data); if (!appx_remove_ct_signature_entry(zip, entry)) { - printf("Failed to remove signature entry\n"); + fprintf(stderr, "Failed to remove signature entry\n"); return 1; /* FAILED */ } for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries == zip->centralDirectoryRecordCount) { - printf("Warning: Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); return 1; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { - printf("Warning: Corrupted file name\n"); + fprintf(stderr, "Corrupted file name\n"); return 1; /* FAILED */ } if (strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { @@ -587,11 +587,11 @@ static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) } } if (!get_current_position(outdata, &cdOffset)) { - printf("Unable to get offset\n"); + fprintf(stderr, "Unable to get offset\n"); return 1; /* FAILED */ } if (!appx_write_central_directory(outdata, zip, 1, cdOffset)) { - printf("Unable to write central directory\n"); + fprintf(stderr, "Unable to write central directory\n"); return 1; /* FAILED */ } return 0; /* OK */ @@ -615,7 +615,7 @@ static int appx_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) /* Create and append a new signature content types entry */ entry = zipGetCDEntryByName(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME); if (!entry) { - printf("Not a valid .appx file: content types file missing\n"); + fprintf(stderr, "Not a valid .appx file: content types file missing\n"); return 0; /* FAILED */ } if (!appx_append_ct_signature_entry(ctx->appx_ctx->zip, entry)) { @@ -646,12 +646,12 @@ static PKCS7 *appx_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) } p7 = pkcs7_create(ctx); if (!p7) { - printf("Creating a new signature failed\n"); + fprintf(stderr, "Creating a new signature failed\n"); BIO_free_all(hashes); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { - printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); BIO_free_all(hashes); return NULL; /* FAILED */ @@ -659,12 +659,12 @@ static PKCS7 *appx_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) content = spc_indirect_data_content_get(hashes, ctx); BIO_free_all(hashes); if (!content) { - printf("Failed to get spcIndirectDataContent\n"); + fprintf(stderr, "Failed to get spcIndirectDataContent\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { - printf("Failed to set signed content\n"); + fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ @@ -692,13 +692,13 @@ static int appx_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) for (entry = zip->centralDirectoryHead; entry != NULL;) { if (noEntries >= zip->centralDirectoryRecordCount) { - printf("Warning: Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); return 1; /* FAILED */ } noEntries++; last = entry; if (!entry->fileName || (entry->fileNameLen == 0)) { - printf("Warning: Corrupted file name\n"); + fprintf(stderr, "Corrupted file name\n"); return 1; /* FAILED */ } if (strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { @@ -738,17 +738,17 @@ static int appx_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) len += 4; if (!zipAppendSignatureFile(outdata, zip, blob, (uint64_t)len)) { OPENSSL_free(blob); - printf("Failed to append zip file\n"); + fprintf(stderr, "Failed to append zip file\n"); return 1; /* FAILED */ } OPENSSL_free(der); OPENSSL_free(blob); if (!get_current_position(outdata, &cdOffset)) { - printf("Unable to get offset\n"); + fprintf(stderr, "Unable to get offset\n"); return 1; /* FAILED */ } if (!appx_write_central_directory(outdata, zip, 0, cdOffset)) { - printf("Unable to write central directory\n"); + fprintf(stderr, "Unable to write central directory\n"); return 1; /* FAILED */ } return 0; /* OK */ @@ -811,11 +811,11 @@ static BIO *appx_calculate_hashes(FILE_FORMAT_CTX *ctx) if (!ctx->appx_ctx->calculatedBMHash || !ctx->appx_ctx->calculatedCTHash || !ctx->appx_ctx->calculatedCDHash || !ctx->appx_ctx->calculatedDataHash) { - printf("One or more hashes calculation failed\n"); + fprintf(stderr, "One or more hashes calculation failed\n"); return NULL; /* FAILED */ } if (zipEntryExist(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME) && !ctx->appx_ctx->calculatedCIHash) { - printf("Code integrity file exists, but CI hash calculation failed\n"); + fprintf(stderr, "Code integrity file exists, but CI hash calculation failed\n"); return NULL; /* FAILED */ } return appx_hash_blob_get(ctx); @@ -879,13 +879,13 @@ static uint8_t *appx_calc_zip_central_directory_hash(ZIP_FILE *zip, const EVP_MD BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!appx_write_central_directory(bhash, zip, 1, cdOffset)) { - printf("Unable to write central directory\n"); + fprintf(stderr, "Unable to write central directory\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } @@ -913,11 +913,11 @@ static int appx_write_central_directory(BIO *bio, ZIP_FILE *zip, int removeSigna /* the signature file is considered non existent for hashing purposes */ uint64_t sizeOnDisk = 0; if (noEntries > zip->centralDirectoryRecordCount) { - printf("Warning: Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); return 0; /* FAILED */ } if (!entry->fileName || (entry->fileNameLen == 0)) { - printf("Warning: Corrupted file name\n"); + fprintf(stderr, "Corrupted file name\n"); return 0; /* FAILED */ } if (removeSignature && !strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { @@ -1006,7 +1006,7 @@ static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const uint64_t noEntries = 0; if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } @@ -1016,13 +1016,13 @@ static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const /* the signature file is considered not existent for hashing purposes */ uint64_t sizeOnDisk = 0; if (noEntries >= zip->centralDirectoryRecordCount) { - printf("Warning: Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { - printf("Warning: Corrupted file name\n"); + fprintf(stderr, "Corrupted file name\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } @@ -1030,7 +1030,7 @@ static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const continue; } if (!zipRewriteData(zip, entry, bhash, &sizeOnDisk)) { - printf("Rewrite data error\n"); + fprintf(stderr, "Rewrite data error\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } @@ -1060,7 +1060,7 @@ static int appx_extract_hashes(FILE_FORMAT_CTX *ctx, SpcIndirectDataContent *con long d = ASN1_INTEGER_get(si->d); long e = ASN1_INTEGER_get(si->e); long f = ASN1_INTEGER_get(si->f); - BIO *stdbio = BIO_new_fp(stdout, BIO_NOCLOSE); + BIO *stdbio = BIO_new_fp(stderr, BIO_NOCLOSE); printf("a: 0x%lX b: 0x%lX c: 0x%lX d: 0x%lX e: 0x%lX f: 0x%lX\n", a, b, c, d, e, f); printf("string: "); ASN1_STRING_print_ex(stdbio, si->string, ASN1_STRFLGS_RFC2253); @@ -1075,11 +1075,11 @@ static int appx_extract_hashes(FILE_FORMAT_CTX *ctx, SpcIndirectDataContent *con /* we are expecting at least 4 hashes + 4 byte header */ if (length < 4 * mdlen + 4) { - printf("Hash too short\n"); + fprintf(stderr, "Hash too short\n"); return 0; /* FAILED */ } if (memcmp(data, APPX_SIGNATURE, 4)) { - printf("Hash signature does not match\n"); + fprintf(stderr, "Hash signature does not match\n"); return 0; /* FAILED */ } while (pos + mdlen + 4 <= length) { @@ -1099,29 +1099,29 @@ static int appx_extract_hashes(FILE_FORMAT_CTX *ctx, SpcIndirectDataContent *con ctx->appx_ctx->existingCIHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingCIHash, data + pos + 4, (size_t)mdlen); } else { - printf("Invalid hash signature\n"); + fprintf(stderr, "Invalid hash signature\n"); return 0; /* FAILED */ } pos += mdlen + 4; } if (!ctx->appx_ctx->existingDataHash) { - printf("File hash missing\n"); + fprintf(stderr, "File hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingCDHash) { - printf("Central directory hash missing\n"); + fprintf(stderr, "Central directory hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingBMHash) { - printf("Block map hash missing\n"); + fprintf(stderr, "Block map hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingCTHash) { - printf("Content types hash missing\n"); + fprintf(stderr, "Content types hash missing\n"); return 0; /* FAILED */ } if (zipEntryExist(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME) && !ctx->appx_ctx->existingCIHash) { - printf("Code integrity hash missing\n"); + fprintf(stderr, "Code integrity hash missing\n"); return 0; /* FAILED */ } return 1; /* OK */ @@ -1142,7 +1142,7 @@ static int appx_compare_hashes(FILE_FORMAT_CTX *ctx) return 0; /* FAILED */ } } else { - printf("Block map hash missing\n"); + fprintf(stderr, "Block map hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCTHash && ctx->appx_ctx->existingCTHash) { @@ -1151,7 +1151,7 @@ static int appx_compare_hashes(FILE_FORMAT_CTX *ctx) return 0; /* FAILED */ } } else { - printf("Content Types hash missing\n"); + fprintf(stderr, "Content Types hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedDataHash && ctx->appx_ctx->existingDataHash) { @@ -1160,7 +1160,7 @@ static int appx_compare_hashes(FILE_FORMAT_CTX *ctx) return 0; /* FAILED */ } } else { - printf("Central Directory hash missing\n"); + fprintf(stderr, "Central Directory hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCDHash && ctx->appx_ctx->existingCDHash) { @@ -1169,7 +1169,7 @@ static int appx_compare_hashes(FILE_FORMAT_CTX *ctx) return 0; /* FAILED */ } } else { - printf("Central Directory hash missing\n"); + fprintf(stderr, "Central Directory hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCIHash && ctx->appx_ctx->existingCIHash) { @@ -1180,7 +1180,7 @@ static int appx_compare_hashes(FILE_FORMAT_CTX *ctx) } else if (!ctx->appx_ctx->calculatedCIHash && !ctx->appx_ctx->existingCIHash) { /* this is fine, CI file is optional -> if it is missing we expect both hashes to be non existent */ } else { - printf("Code Integrity hash missing\n"); + fprintf(stderr, "Code Integrity hash missing\n"); return 0; /* FAILED */ } return 1; /* OK */ @@ -1205,7 +1205,7 @@ static int appx_remove_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_E } cpos = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_ENTRY); if (!cpos) { - printf("Did not find existing signature entry in %s\n", entry->fileName); + printf("Warning: Did not find existing signature entry in %s\n", entry->fileName); OPENSSL_free(data); return 1; /* do not treat as en error */ } @@ -1243,7 +1243,7 @@ static int appx_append_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_E } cpos = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_CLOSING_TAG); if (!cpos) { - printf("%s parsing error\n", entry->fileName); + fprintf(stderr, "%s parsing error\n", entry->fileName); OPENSSL_free(data); return 0; /* FAILED */ } @@ -1275,24 +1275,24 @@ static const EVP_MD *appx_get_md(ZIP_FILE *zip) dataSize = zipReadFileDataByName(&data, zip, BLOCK_MAP_FILENAME); if (dataSize <= 0) { - printf("Could not read: %s\n", BLOCK_MAP_FILENAME); + fprintf(stderr, "Could not read: %s\n", BLOCK_MAP_FILENAME); return NULL; /* FAILED */ } start = strstr((const char *)data, HASH_METHOD_TAG); if (!start) { - printf("Parse error: tag: %s not found in %s\n", HASH_METHOD_TAG, BLOCK_MAP_FILENAME); + fprintf(stderr, "Parse error: tag: %s not found in %s\n", HASH_METHOD_TAG, BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } start += strlen(HASH_METHOD_TAG); if ((uint8_t *)start >= data + dataSize) { - printf("Parse error: data too short in %s\n", BLOCK_MAP_FILENAME); + fprintf(stderr, "Parse error: data too short in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } end = strstr((const char *)start, ">"); if (!end) { - printf("Parse error: end of tag not found in %s\n", BLOCK_MAP_FILENAME); + fprintf(stderr, "Parse error: end of tag not found in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } @@ -1306,7 +1306,7 @@ static const EVP_MD *appx_get_md(ZIP_FILE *zip) } } if (!valueStart || !valueEnd || valueEnd <= valueStart) { - printf("Parse error: value parse error in %s\n", BLOCK_MAP_FILENAME); + fprintf(stderr, "Parse error: value parse error in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } @@ -1321,7 +1321,7 @@ static const EVP_MD *appx_get_md(ZIP_FILE *zip) printf("Hash method is SHA512\n"); md = EVP_sha512(); } else { - printf("Unsupported hash method\n"); + fprintf(stderr, "Unsupported hash method\n"); OPENSSL_free(data); return NULL; /* FAILED */ } @@ -1342,12 +1342,12 @@ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipGetCDEntryByName(ZIP_FILE *zip, const cha for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { - printf("Warning: Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); return NULL; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { - printf("Warning: Corrupted file name\n"); + fprintf(stderr, "Corrupted file name\n"); return NULL; /* FAILED */ } if (!strcmp(entry->fileName, name)) { @@ -1454,7 +1454,7 @@ static int zipAppendSignatureFile(BIO *bio, ZIP_FILE *zip, uint8_t *data, uint64 dataToWrite = OPENSSL_malloc(dataSize); ret = zipDeflate(dataToWrite, &size, data, dataSize); if (ret != Z_OK) { - printf("Zip deflate failed: %d\n", ret); + fprintf(stderr, "Zip deflate failed: %d\n", ret); OPENSSL_free(dataToWrite); return 0; /* FAILED */ } @@ -1492,7 +1492,7 @@ static int zipAppendSignatureFile(BIO *bio, ZIP_FILE *zip, uint8_t *data, uint64 header.extraFieldLen = 0; if (!get_current_position(bio, &offset)) { - printf("Unable to get offset\n"); + fprintf(stderr, "Unable to get offset\n"); OPENSSL_free(dataToWrite); return 0; /* FAILED */ } @@ -1577,7 +1577,7 @@ static int zipOverrideFileData(ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint8_t *data size = dataSize; ret = zipDeflate(entry->overrideData->data, &size, data, dataSize); if (ret != Z_OK) { - printf("Zip deflate failed: %d\n", ret); + fprintf(stderr, "Zip deflate failed: %d\n", ret); return 0; /* FAILED */ } entry->overrideData->compressedSize = size; @@ -1599,7 +1599,7 @@ static int zipRewriteData(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, BIO memset(&header, 0, sizeof(header)); if (entry->offsetOfLocalHeader >= (uint64_t)zip->fileSize) { - printf("Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); + fprintf(stderr, "Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); return 0; /* FAILED */ } if (fseeko(zip->file, (int64_t)entry->offsetOfLocalHeader, SEEK_SET) < 0) { @@ -1620,7 +1620,7 @@ static int zipRewriteData(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, BIO return 0; /* FAILED */ } if (entry->compressedSize > (uint64_t)zip->fileSize - entry->offsetOfLocalHeader) { - printf("Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); + fprintf(stderr, "Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); return 0; /* FAILED */ } if (fseeko(zip->file, (int64_t)entry->compressedSize, SEEK_CUR) < 0) { @@ -1724,12 +1724,12 @@ static int zipEntryExist(ZIP_FILE *zip, const char *name) for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { - printf("Warning: Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); return 0; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { - printf("Warning: Corrupted file name\n"); + fprintf(stderr, "Corrupted file name\n"); return 0; /* FAILED */ } if (!strcmp(entry->fileName, name)) { @@ -1759,7 +1759,7 @@ static u_char *zipCalcDigest(ZIP_FILE *zip, const char *fileName, const EVP_MD * } bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); OPENSSL_free(data); BIO_free_all(bhash); return NULL; /* FAILED */ @@ -1792,12 +1792,12 @@ static size_t zipReadFileDataByName(uint8_t **pData, ZIP_FILE *zip, const char * for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { - printf("Warning: Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); return 0; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { - printf("Warning: Corrupted file name\n"); + fprintf(stderr, "Corrupted file name\n"); return 0; /* FAILED */ } if (!strcmp(entry->fileName, name)) { @@ -1823,7 +1823,7 @@ static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECT size_t size, dataSize = 0; if (entry->offsetOfLocalHeader >= (uint64_t)zip->fileSize) { - printf("Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); + fprintf(stderr, "Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); return 0; /* FAILED */ } if (fseeko(file, (int64_t)entry->offsetOfLocalHeader, SEEK_SET) < 0) { @@ -1847,7 +1847,7 @@ static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECT || header.compressedSize != compressedSize || header.uncompressedSize != uncompressedSize || header.compression != entry->compression) { - printf("Local header does not match central directory entry\n"); + fprintf(stderr, "Local header does not match central directory entry\n"); return 0; /* FAILED */ } /* we don't really need those */ @@ -1855,7 +1855,7 @@ static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECT OPENSSL_free(header.extraField); if (compressedSize > (uint64_t)zip->fileSize - entry->offsetOfLocalHeader) { - printf("Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); + fprintf(stderr, "Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); return 0; /* FAILED */ } compressedData = OPENSSL_zalloc(compressedSize + 1); @@ -1883,7 +1883,7 @@ static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECT OPENSSL_free(compressedData); if (ret != Z_OK) { - printf("Data decompresssion failed, zlib error: %d\n", ret); + fprintf(stderr, "Data decompresssion failed, zlib error: %d\n", ret); OPENSSL_free(uncompressedData); return 0; /* FAILED */ } else { @@ -1895,7 +1895,7 @@ static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECT dataSize = destLen; } } else { - printf("Unsupported compression mode: %d\n", entry->compression); + fprintf(stderr, "Unsupported compression mode: %d\n", entry->compression); OPENSSL_free(compressedData); return 0; /* FAILED */ } @@ -1920,7 +1920,7 @@ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t return 0; /* FAILED */ } if (memcmp(signature, PKZIP_LH_SIGNATURE, 4)) { - printf("The input file is not a valid zip file - local header signature does not match\n"); + fprintf(stderr, "The input file is not a valid zip file - local header signature does not match\n"); return 0; /* FAILED */ } /* version needed to extract (2 bytes) */ @@ -1972,7 +1972,7 @@ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t return 0; /* FAILED */ } if (compressedSize > (uint64_t)(zip->fileSize - offset)) { - printf("Corrupted compressedSize : 0x%08" PRIX64 "\n", compressedSize); + fprintf(stderr, "Corrupted compressedSize : 0x%08" PRIX64 "\n", compressedSize); return 0; /* FAILED */ } if (fseeko(file, (int64_t)compressedSize, SEEK_CUR) < 0) { @@ -1983,7 +1983,7 @@ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t return 0; /* FAILED */ } if (memcmp(signature, PKZIP_DATA_DESCRIPTOR_SIGNATURE, 4)) { - printf("The input file is not a valid zip file - flags indicate data descriptor, but data descriptor signature does not match\n"); + fprintf(stderr, "The input file is not a valid zip file - flags indicate data descriptor, but data descriptor signature does not match\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); return 0; /* FAILED */ @@ -2007,7 +2007,7 @@ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t uint16_t op = bufferGetU16(header->extraField, &pos); if (op != ZIP64_HEADER) { - printf("Expected zip64 header in local header extra field, got : 0x%X\n", op); + fprintf(stderr, "Expected zip64 header in local header extra field, got : 0x%X\n", op); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; @@ -2020,7 +2020,7 @@ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t header->uncompressedSize = bufferGetU64(header->extraField, &pos); header->uncompressedSizeInZip64 = 1; } else { - printf("Invalid zip64 local header entry\n"); + fprintf(stderr, "Invalid zip64 local header entry\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; @@ -2033,7 +2033,7 @@ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t header->compressedSize = bufferGetU64(header->extraField, &pos); header->compressedSizeInZip64 = 1; } else { - printf("Invalid zip64 local header entry\n"); + fprintf(stderr, "Invalid zip64 local header entry\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; @@ -2212,7 +2212,7 @@ static ZIP_FILE *openZip(const char *filename) return NULL; /* FAILED */ } if (zip->locator.eocdOffset >= (uint64_t)zip->fileSize) { - printf("Corrupted end of central directory locator offset : 0x%08" PRIX64 "\n", zip->locator.eocdOffset); + fprintf(stderr, "Corrupted end of central directory locator offset : 0x%08" PRIX64 "\n", zip->locator.eocdOffset); freeZip(zip); return 0; /* FAILED */ } @@ -2241,13 +2241,13 @@ static ZIP_FILE *openZip(const char *filename) zip->centralDirectorySize = zip->eocdr.centralDirectorySize; zip->centralDirectoryRecordCount = (uint64_t)zip->eocdr.totalEntries; if (zip->centralDirectoryRecordCount > UINT16_MAX) { - printf("Corrupted total number of entries in the central directory : 0x%08" PRIX64 "\n", zip->centralDirectoryRecordCount); + fprintf(stderr, "Corrupted total number of entries in the central directory : 0x%08" PRIX64 "\n", zip->centralDirectoryRecordCount); freeZip(zip); return NULL; /* FAILED */ } } if (zip->centralDirectoryOffset >= (uint64_t)zip->fileSize) { - printf("Corrupted central directory offset : 0x%08" PRIX64 "\n", zip->centralDirectoryOffset); + fprintf(stderr, "Corrupted central directory offset : 0x%08" PRIX64 "\n", zip->centralDirectoryOffset); freeZip(zip); return NULL; /* FAILED */ } @@ -2308,26 +2308,26 @@ static ZIP_FILE *zipSortCentralDirectory(ZIP_FILE *zip) for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { - printf("Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); sk_ZIP_CENTRAL_DIRECTORY_ENTRY_free(chain); freeZip(zip); - return NULL; + return NULL; /* FAILED */ } noEntries++; if (!sk_ZIP_CENTRAL_DIRECTORY_ENTRY_push(chain, entry)) { - printf("Failed to add central directory entry\n"); + fprintf(stderr, "Failed to add central directory entry\n"); sk_ZIP_CENTRAL_DIRECTORY_ENTRY_free(chain); freeZip(zip); - return NULL; + return NULL; /* FAILED */ } } sk_ZIP_CENTRAL_DIRECTORY_ENTRY_sort(chain); zip->centralDirectoryHead = entry = sk_ZIP_CENTRAL_DIRECTORY_ENTRY_value(chain, 0); if (!entry) { - printf("Failed to get sorted central directory entry\n"); + fprintf(stderr, "Failed to get sorted central directory entry\n"); sk_ZIP_CENTRAL_DIRECTORY_ENTRY_free(chain); freeZip(zip); - return NULL; + return NULL; /* FAILED */ } for (i=1; inext = sk_ZIP_CENTRAL_DIRECTORY_ENTRY_value(chain, i); @@ -2384,7 +2384,7 @@ static int zipReadCentralDirectory(ZIP_FILE *zip, FILE *file) } else if (!zip->centralDirectoryHead) { zip->centralDirectoryHead = entry; } else { - printf("Corrupted central directory structure\n"); + fprintf(stderr, "Corrupted central directory structure\n"); OPENSSL_free(entry); return 0; /* FAILED */ } @@ -2408,7 +2408,7 @@ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) return NULL; /* FAILED */ } if (memcmp(signature, PKZIP_CD_SIGNATURE, 4)) { - printf("The input file is not a valid zip file - could not find Central Directory record\n"); + fprintf(stderr, "The input file is not a valid zip file - could not find Central Directory record\n"); return NULL; /* FAILED */ } entry = OPENSSL_zalloc(sizeof(ZIP_CENTRAL_DIRECTORY_ENTRY)); @@ -2487,7 +2487,7 @@ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) uint16_t header = bufferGetU16(entry->extraField, &pos); if (header != ZIP64_HEADER) { - printf("Expected zip64 header in central directory extra field, got : 0x%X\n", header); + fprintf(stderr, "Expected zip64 header in central directory extra field, got : 0x%X\n", header); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } @@ -2497,7 +2497,7 @@ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) entry->uncompressedSize = bufferGetU64(entry->extraField, &pos); entry->uncompressedSizeInZip64 = 1; } else { - printf("Invalid zip64 central directory entry\n"); + fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } @@ -2507,7 +2507,7 @@ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) entry->compressedSize = bufferGetU64(entry->extraField, &pos); entry->compressedSizeInZip64 = 1; } else { - printf("Invalid zip64 central directory entry\n"); + fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } @@ -2517,7 +2517,7 @@ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) entry->offsetOfLocalHeader = bufferGetU64(entry->extraField, &pos); entry->offsetInZip64 = 1; } else { - printf("Invalid zip64 central directory entry\n"); + fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } @@ -2527,7 +2527,7 @@ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) entry->diskNoStart = bufferGetU32(entry->extraField, &pos); entry->diskNoInZip64 = 1; } else { - printf("Invalid zip64 central directory entry\n"); + fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } @@ -2604,7 +2604,7 @@ static int readZipEOCDR(ZIP_EOCDR *eocdr, FILE *file) eocdr->centralDirectoryDiskNumber != eocdr->diskNumber || eocdr->diskEntries != eocdr->totalEntries) { - printf("The input file is a multipart archive - not supported\n"); + fprintf(stderr, "The input file is a multipart archive - not supported\n"); return 0; /* FAILED */ } #endif @@ -2640,7 +2640,7 @@ static int readZip64EOCDLocator(ZIP64_EOCD_LOCATOR *locator, FILE *file) return 0; /* FAILED */ } if (memcmp(signature, PKZIP64_EOCD_LOCATOR_SIGNATURE, 4)) { - printf("The input file is not a valid zip file - could not find zip64 EOCD locator\n"); + fprintf(stderr, "The input file is not a valid zip file - could not find zip64 EOCD locator\n"); return 0; /* FAILED */ } locator->diskWithEOCD = fileGetU32(file); @@ -2669,7 +2669,7 @@ static int readZip64EOCDR(ZIP64_EOCDR *eocdr, FILE *file, uint64_t offset) return 0; /* FAILED */ } if (memcmp(signature, PKZIP64_EOCDR_SIGNATURE, 4)) { - printf("The input file is not a valid zip file - could not find zip64 End of Central Directory record\n"); + fprintf(stderr, "The input file is not a valid zip file - could not find zip64 End of Central Directory record\n"); return 0; /* FAILED */ } /* size of zip64 end of central directory record (8 bytes) */ @@ -2694,7 +2694,7 @@ static int readZip64EOCDR(ZIP64_EOCDR *eocdr, FILE *file, uint64_t offset) /* zip64 extensible data sector (comment) */ eocdr->commentLen = eocdr->eocdrSize - 44; if (eocdr->commentLen > UINT16_MAX) { - printf("Corrupted file comment length : 0x%08" PRIX64 "\n", eocdr->commentLen); + fprintf(stderr, "Corrupted file comment length : 0x%08" PRIX64 "\n", eocdr->commentLen); return 0; /* FAILED */ } if (eocdr->commentLen > 0) { @@ -2707,7 +2707,7 @@ static int readZip64EOCDR(ZIP64_EOCDR *eocdr, FILE *file, uint64_t offset) if (eocdr->diskWithCentralDirectory > 1 || eocdr->diskNumber > 1 || eocdr->diskWithCentralDirectory != eocdr->diskNumber || eocdr->totalEntries != eocdr->diskEntries) { - printf("The input file is a multipart archive - not supported\n"); + fprintf(stderr, "The input file is a multipart archive - not supported\n"); return 0; /* FAILED */ } return 1; /* OK */ diff --git a/cab.c b/cab.c index b35c86d4..2294c8bc 100644 --- a/cab.c +++ b/cab.c @@ -206,7 +206,7 @@ static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return 0; /* FAILED */ } @@ -296,7 +296,7 @@ static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) nfolders--; } if (idx != coffFiles) { - printf("Corrupt coffFiles value: 0x%08X\n", coffFiles); + fprintf(stderr, "Corrupt coffFiles value: 0x%08X\n", coffFiles); BIO_free_all(bhash); return 0; /* FAILED */ } @@ -307,7 +307,7 @@ static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) } /* (variable) ab - the compressed data bytes */ if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { - printf("Unable to calculate digest\n"); + fprintf(stderr, "Unable to calculate digest\n"); BIO_free_all(bhash); return 0; /* FAILED */ } @@ -343,17 +343,17 @@ static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) } } if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); + fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = cab_digest_calc(ctx, md); if (!cmdbuf) { - printf("Failed to calculate message digest\n\n"); + fprintf(stderr, "Failed to calculate message digest\n\n"); return 0; /* FAILED */ } if (!compare_digests(mdbuf, cmdbuf, mdtype)) { - printf("Signature verification: failed\n\n"); + fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } @@ -443,7 +443,7 @@ static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) BIO_write(outdata, ctx->options->indata + 32, 4); idx = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); if (idx >= ctx->cab_ctx->fileend) { - printf("Corrupt CAB file - too short\n"); + fprintf(stderr, "Corrupt CAB file - too short\n"); OPENSSL_free(buf); return 0; /* FAILED */ } @@ -453,7 +453,7 @@ static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); if (nfolders * 8 >= ctx->cab_ctx->fileend - idx) { - printf("Corrupt cFolders value: 0x%08X\n", nfolders); + fprintf(stderr, "Corrupt cFolders value: 0x%08X\n", nfolders); OPENSSL_free(buf); return 0; /* FAILED */ } @@ -510,26 +510,26 @@ static PKCS7 *cab_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { - printf("Creating a new signature failed\n"); + fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (ctx->options->jp >= 0 && !cab_add_jp_attribute(p7, ctx->options->jp)) { - printf("Adding jp attribute failed\n"); + fprintf(stderr, "Adding jp attribute failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { - printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { - printf("Failed to get spcIndirectDataContent\n"); + fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { - printf("Failed to set signed content\n"); + fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ @@ -556,7 +556,7 @@ static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { - printf("i2d_PKCS memory allocation failed: %d\n", len); + fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); @@ -653,19 +653,19 @@ static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize) uint16_t flags; if (filesize < 44) { - printf("CAB file is too short\n"); + fprintf(stderr, "CAB file is too short\n"); return NULL; /* FAILED */ } reserved = GET_UINT32_LE(indata + 4); if (reserved) { - printf("Reserved1: 0x%08X\n", reserved); + fprintf(stderr, "Reserved1: 0x%08X\n", reserved); return NULL; /* FAILED */ } /* flags specify bit-mapped values that indicate the presence of optional data */ flags = GET_UINT16_LE(indata + 30); if (flags & FLAG_PREV_CABINET) { /* FLAG_NEXT_CABINET works */ - printf("Multivolume cabinet file is unsupported: flags 0x%04X\n", flags); + fprintf(stderr, "Multivolume cabinet file is unsupported: flags 0x%04X\n", flags); return NULL; /* FAILED */ } if (flags & FLAG_RESERVE_PRESENT) { @@ -675,12 +675,12 @@ static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize) */ header_size = GET_UINT32_LE(indata + 36); if (header_size != 20) { - printf("Additional header size: 0x%08X\n", header_size); + fprintf(stderr, "Additional header size: 0x%08X\n", header_size); return NULL; /* FAILED */ } reserved = GET_UINT32_LE(indata + 40); if (reserved != 0x00100000) { - printf("abReserved: 0x%08X\n", reserved); + fprintf(stderr, "abReserved: 0x%08X\n", reserved); return NULL; /* FAILED */ } /* @@ -695,13 +695,13 @@ static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize) sigpos = GET_UINT32_LE(indata + 44); siglen = GET_UINT32_LE(indata + 48); if ((sigpos < filesize && sigpos + siglen != filesize) || (sigpos >= filesize)) { - printf("Additional data offset:\t%u bytes\nAdditional data size:\t%u bytes\n", + fprintf(stderr, "Additional data offset:\t%u bytes\nAdditional data size:\t%u bytes\n", sigpos, siglen); - printf("File size:\t\t%u bytes\n", filesize); + fprintf(stderr, "File size:\t\t%u bytes\n", filesize); return NULL; /* FAILED */ } if ((sigpos > 0 && siglen == 0) || (sigpos == 0 && siglen > 0)) { - printf("Corrupt signature\n"); + fprintf(stderr, "Corrupt signature\n"); return NULL; /* FAILED */ } } @@ -852,7 +852,7 @@ static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) idx = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); if (idx >= ctx->cab_ctx->fileend) { - printf("Corrupt CAB file - too short\n"); + fprintf(stderr, "Corrupt CAB file - too short\n"); return 0; /* FAILED */ } /* @@ -861,7 +861,7 @@ static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); if (nfolders * 8 >= ctx->cab_ctx->fileend - idx) { - printf("Corrupt cFolders value: 0x%08X\n", nfolders); + fprintf(stderr, "Corrupt cFolders value: 0x%08X\n", nfolders); return 0; /* FAILED */ } while (nfolders) { @@ -936,7 +936,7 @@ static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) idx = cab_write_optional_names(outdata, ctx->options->indata, 36, flags); if (idx >= ctx->cab_ctx->fileend) { - printf("Corrupt CAB file - too short\n"); + fprintf(stderr, "Corrupt CAB file - too short\n"); OPENSSL_free(buf); return 0; /* FAILED */ } @@ -946,7 +946,7 @@ static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); if (nfolders * 8 >= ctx->cab_ctx->fileend - idx) { - printf("Corrupt cFolders value: 0x%08X\n", nfolders); + fprintf(stderr, "Corrupt cFolders value: 0x%08X\n", nfolders); OPENSSL_free(buf); return 0; /* FAILED */ } @@ -979,16 +979,16 @@ static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) static int cab_check_file(FILE_FORMAT_CTX *ctx) { if (!ctx) { - printf("Init error\n\n"); + fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } if (ctx->cab_ctx->header_size != 20) { - printf("No signature found\n\n"); + fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0 || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) { - printf("No signature found\n\n"); + fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } return 1; /* OK */ diff --git a/cat.c b/cat.c index aed8c882..391a0a35 100644 --- a/cat.c +++ b/cat.c @@ -82,7 +82,7 @@ static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *out uint32_t filesize; if (options->cmd == CMD_REMOVE || options->cmd==CMD_ATTACH || options->cmd == CMD_EXTRACT_DATA) { - printf("Unsupported command\n"); + fprintf(stderr, "Unsupported command\n"); return NULL; /* FAILED */ } filesize = get_file_size(options->infile); @@ -158,21 +158,21 @@ static PKCS7 *cat_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) p7 = pkcs7_create(ctx); if (!p7) { - printf("Creating a new signature failed\n"); + fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!cat_add_ms_ctl_object(p7)) { - printf("Adding MS_CTL_OBJID failed\n"); + fprintf(stderr, "Adding MS_CTL_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!ctx->cat_ctx->p7 || !ctx->cat_ctx->p7->d.sign || !ctx->cat_ctx->p7->d.sign->contents) { - printf("Failed to get content\n"); + fprintf(stderr, "Failed to get content\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!cat_sign_ms_ctl_content(p7, ctx->cat_ctx->p7->d.sign->contents)) { - printf("Failed to set signed content\n"); + fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); return NULL; /* FAILED */ } @@ -287,7 +287,7 @@ static int cat_sign_ms_ctl_content(PKCS7 *p7, PKCS7 *contents) if (!contents->d.other || !contents->d.other->value.sequence || !contents->d.other->value.sequence->data) { - printf("Failed to get content value\n"); + fprintf(stderr, "Failed to get content value\n"); return 0; /* FAILED */ } seqhdrlen = asn1_simple_hdr_len(contents->d.other->value.sequence->data, @@ -296,11 +296,11 @@ static int cat_sign_ms_ctl_content(PKCS7 *p7, PKCS7 *contents) content_length = contents->d.other->value.sequence->length - seqhdrlen; if (!pkcs7_sign_content(p7, content, content_length)) { - printf("Failed to sign content\n"); + fprintf(stderr, "Failed to sign content\n"); return 0; /* FAILED */ } if (!PKCS7_set_content(p7, PKCS7_dup(contents))) { - printf("PKCS7_set_content failed\n"); + fprintf(stderr, "PKCS7_set_content failed\n"); return 0; /* FAILED */ } return 1; /* OK */ @@ -318,7 +318,7 @@ static int cat_list_content(PKCS7 *p7) ctlc = ms_ctl_content_get(p7); if (!ctlc) { - printf("Failed to extract MS_CTL_OBJID data\n"); + fprintf(stderr, "Failed to extract MS_CTL_OBJID data\n"); return 1; /* FAILED */ } printf("\nCatalog members:\n"); @@ -353,7 +353,7 @@ static int cat_list_content(PKCS7 *p7) printf("\n"); } MsCtlContent_free(ctlc); - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); return 0; /* OK */ } @@ -382,7 +382,7 @@ static int cat_print_content_member_digest(ASN1_TYPE *content) } SpcIndirectDataContent_free(idc); if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); + fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } printf("\tHash algorithm: %s\n", OBJ_nid2sn(mdtype)); @@ -461,17 +461,17 @@ static int cat_check_file(FILE_FORMAT_CTX *ctx) PKCS7_SIGNER_INFO *si; if (!ctx) { - printf("Init error\n\n"); + fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } signer_info = PKCS7_get_signer_info(ctx->cat_ctx->p7); if (!signer_info) { - printf("Failed catalog file\n\n"); + fprintf(stderr, "Failed catalog file\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { - printf("No signature found\n\n"); + fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } if (ctx->options->verbose) { diff --git a/helpers.c b/helpers.c index f7a732d0..d64b249f 100644 --- a/helpers.c +++ b/helpers.c @@ -37,16 +37,16 @@ uint32_t get_file_size(const char *infile) ret = stat(infile, &st); #endif if (ret) { - printf("Failed to open file: %s\n", infile); + fprintf(stderr, "Failed to open file: %s\n", infile); return 0; } if (st.st_size < 4) { - printf("Unrecognized file type - file is too short: %s\n", infile); + fprintf(stderr, "Unrecognized file type - file is too short: %s\n", infile); return 0; } if (st.st_size > UINT32_MAX) { - printf("Unsupported file - too large: %s\n", infile); + fprintf(stderr, "Unsupported file - too large: %s\n", infile); return 0; } return (uint32_t)st.st_size; @@ -86,7 +86,7 @@ char *map_file(const char *infile, const size_t size) } close(fd); #else - printf("No file mapping function\n"); + fprintf(stderr, "No file mapping function\n"); return NULL; #endif /* HAVE_SYS_MMAN_H */ #endif /* WIN32 */ @@ -152,7 +152,7 @@ int data_write_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) ret = !i2d_PKCS7_bio(outdata, p7); } if (ret) { - printf("Unable to write pkcs7 object\n"); + fprintf(stderr, "Unable to write pkcs7 object\n"); } return ret; } @@ -193,9 +193,9 @@ PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx) } } if (si == NULL) { - printf("Failed to checking the consistency of a private key: %s\n", + fprintf(stderr, "Failed to checking the consistency of a private key: %s\n", ctx->options->keyfile); - printf(" with a public key in any X509 certificate: %s\n\n", + fprintf(stderr, " with a public key in any X509 certificate: %s\n\n", ctx->options->certfile); return NULL; /* FAILED */ } @@ -208,7 +208,7 @@ PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx) } if ((ctx->options->desc || ctx->options->url) && !pkcs7_signer_info_add_spc_sp_opus_info(si, ctx)) { - printf("Couldn't allocate memory for opus info\n"); + fprintf(stderr, "Couldn't allocate memory for opus info\n"); return NULL; /* FAILED */ } if ((ctx->options->nested_number >= 0) && @@ -218,7 +218,7 @@ PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx) /* create X509 chain sorted in ascending order by their DER encoding */ chain = X509_chain_get_sorted(ctx, signer); if (chain == NULL) { - printf("Failed to create a sorted certificate chain\n"); + fprintf(stderr, "Failed to create a sorted certificate chain\n"); return NULL; /* FAILED */ } /* add sorted certificate chain */ @@ -278,11 +278,12 @@ int sign_spc_indirect_data_content(PKCS7 *p7, ASN1_OCTET_STRING *content) inf = ASN1_get_object(&p, &plen, &tag, &class, len); if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || !pkcs7_sign_content(p7, p, (int)plen)) { - printf("Failed to sign spcIndirectDataContent\n"); + fprintf(stderr, "Failed to sign spcIndirectDataContent\n"); return 0; /* FAILED */ } td7 = PKCS7_new(); if (!td7) { + fprintf(stderr, "PKCS7_new failed\n"); return 0; /* FAILED */ } td7->type = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); @@ -291,7 +292,7 @@ int sign_spc_indirect_data_content(PKCS7 *p7, ASN1_OCTET_STRING *content) td7->d.other->value.sequence = ASN1_STRING_new(); ASN1_STRING_set(td7->d.other->value.sequence, data, len); if (!PKCS7_set_content(p7, td7)) { - printf("PKCS7_set_content failed\n"); + fprintf(stderr, "PKCS7_set_content failed\n"); PKCS7_free(td7); return 0; /* FAILED */ } @@ -388,13 +389,13 @@ int pkcs7_sign_content(PKCS7 *p7, const u_char *data, int len) BIO *p7bio; if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { - printf("PKCS7_dataInit failed\n"); + fprintf(stderr, "PKCS7_dataInit failed\n"); return 0; /* FAILED */ } BIO_write(p7bio, data, len); (void)BIO_flush(p7bio); if (!PKCS7_dataFinal(p7, p7bio)) { - printf("PKCS7_dataFinal failed\n"); + fprintf(stderr, "PKCS7_dataFinal failed\n"); BIO_free_all(p7bio); return 0; /* FAILED */ } @@ -488,7 +489,7 @@ MsCtlContent *ms_ctl_content_get(PKCS7 *p7) const u_char *data; if (!is_content_type(p7, MS_CTL_OBJID)) { - printf("Failed to find MS_CTL_OBJID\n"); + fprintf(stderr, "Failed to find MS_CTL_OBJID\n"); return NULL; /* FAILED */ } value = p7->d.sign->contents->d.other->value.sequence; diff --git a/msi.c b/msi.c index 865fab0e..45a5197a 100644 --- a/msi.c +++ b/msi.c @@ -350,11 +350,11 @@ static PKCS7 *msi_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_ (void)md; if (ctx->options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ctx, hash)) { - printf("Unable to calc MsiDigitalSignatureEx\n"); + fprintf(stderr, "Unable to calc MsiDigitalSignatureEx\n"); return NULL; /* FAILED */ } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { - printf("Unable to msi_handle_dir()\n"); + fprintf(stderr, "Unable to msi_handle_dir()\n"); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); @@ -374,13 +374,13 @@ static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!bio_hash_data(bhash, ctx->options->indata, 0, ctx->msi_ctx->fileend)) { - printf("Unable to calculate digest\n"); + fprintf(stderr, "Unable to calculate digest\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } @@ -420,14 +420,14 @@ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) } } if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); + fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); md = EVP_get_digestbynid(mdtype); hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); return 0; /* FAILED */ } @@ -435,13 +435,13 @@ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) if (ctx->msi_ctx->p_msiex) { BIO *prehash = BIO_new(BIO_f_md()); if (EVP_MD_size(md) != (int)ctx->msi_ctx->len_msiex) { - printf("Incorrect MsiDigitalSignatureEx stream data length\n\n"); + fprintf(stderr, "Incorrect MsiDigitalSignatureEx stream data length\n\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ } if (!BIO_set_md(prehash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ @@ -451,7 +451,7 @@ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) print_hash("Current MsiDigitalSignatureEx ", "", (u_char *)ctx->msi_ctx->p_msiex, (int)ctx->msi_ctx->len_msiex); if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { - printf("Failed to calculate pre-hash used for MsiDigitalSignatureEx\n\n"); + fprintf(stderr, "Failed to calculate pre-hash used for MsiDigitalSignatureEx\n\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ @@ -463,7 +463,7 @@ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { - printf("Failed to calculate DigitalSignature\n\n"); + fprintf(stderr, "Failed to calculate DigitalSignature\n\n"); BIO_free_all(hash); return 0; /* FAILED */ } @@ -474,12 +474,12 @@ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) print_hash("Calculated DigitalSignature ", mdok ? "" : " MISMATCH!!!\n", cmdbuf, EVP_MD_size(md)); if (!mdok) { - printf("Signature verification: failed\n\n"); + fprintf(stderr, "Signature verification: failed\n\n"); return 0; /* FAILED */ } cdigest = msi_digest_calc(ctx, md); if (!cdigest) { - printf("Failed to calculate simple message digest\n\n"); + fprintf(stderr, "Failed to calculate simple message digest\n\n"); return 0; /* FAILED */ } mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); @@ -504,12 +504,12 @@ static PKCS7 *msi_pkcs7_extract(FILE_FORMAT_CTX *ctx) ds = msi_signatures_get(ctx->msi_ctx->dirent, NULL); if (!ds) { - printf("MSI file has no signature\n"); + fprintf(stderr, "MSI file has no signature\n"); return NULL; /* FAILED */ } p7 = msi_pkcs7_get_digital_signature(ctx, ds); if (!p7) { - printf("Unable to extract existing signature\n"); + fprintf(stderr, "Unable to extract existing signature\n"); return NULL; /* FAILED */ } return p7; @@ -531,12 +531,12 @@ static PKCS7 *msi_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) } ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); if (!ds) { - printf("MSI file has no signature\n"); + fprintf(stderr, "MSI file has no signature\n"); return NULL; /* FAILED */ } p7 = msi_pkcs7_get_digital_signature(ctx, ds); if (!p7) { - printf("Unable to extract existing signature\n"); + fprintf(stderr, "Unable to extract existing signature\n"); return NULL; /* FAILED */ } /* perform a sanity check for the MsiDigitalSignatureEx section */ @@ -575,7 +575,7 @@ static int msi_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) } if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, NULL, 0, NULL, 0, outdata)) { - printf("Saving the msi file failed\n"); + fprintf(stderr, "Saving the msi file failed\n"); return 1; /* FAILED */ } return 0; /* OK */ @@ -612,21 +612,21 @@ static PKCS7 *msi_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { - printf("Creating a new signature failed\n"); + fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { - printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { - printf("Failed to get spcIndirectDataContent\n"); + fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { - printf("Failed to set signed content\n"); + fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ @@ -649,7 +649,7 @@ static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { - printf("i2d_PKCS memory allocation failed: %d\n", len); + fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); @@ -657,7 +657,7 @@ static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, p, (uint32_t)len, ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex, outdata)) { - printf("Saving the msi file failed\n"); + fprintf(stderr, "Saving the msi file failed\n"); OPENSSL_free(p); return 1; /* FAILED */ } @@ -719,17 +719,17 @@ static MSI_CTX *msi_ctx_get(char *indata, uint32_t filesize) msi = msi_file_new(indata, filesize); if (!msi) { - printf("Failed to parse MSI_FILE struct\n"); + fprintf(stderr, "Failed to parse MSI_FILE struct\n"); return NULL; /* FAILED */ } root = msi_root_entry_get(msi); if (!root) { - printf("Failed to get file entry\n"); + fprintf(stderr, "Failed to get file entry\n"); msi_file_free(msi); return NULL; /* FAILED */ } if (!msi_dirent_new(msi, root, NULL, &(dirent))) { - printf("Failed to parse MSI_DIRENT struct\n"); + fprintf(stderr, "Failed to parse MSI_DIRENT struct\n"); msi_file_free(msi); if (dirent) msi_dirent_free(dirent); @@ -750,12 +750,12 @@ static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *d uint32_t len = GET_UINT32_LE(ds->size); if (len == 0 || len >= MAXREGSECT) { - printf("Corrupted DigitalSignature stream length 0x%08X\n", len); + fprintf(stderr, "Corrupted DigitalSignature stream length 0x%08X\n", len); return NULL; /* FAILED */ } p = OPENSSL_malloc((size_t)len); if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, p, len)) { - printf("DigitalSignature stream data error\n"); + fprintf(stderr, "DigitalSignature stream data error\n"); OPENSSL_free(p); return NULL; } @@ -763,7 +763,7 @@ static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *d p7 = d2i_PKCS7(NULL, &blob, len); OPENSSL_free(p); if (!p7) { - printf("Failed to extract PKCS7 data\n"); + fprintf(stderr, "Failed to extract PKCS7 data\n"); return NULL; } return p7; @@ -774,7 +774,7 @@ static const u_char *sector_offset_to_address(MSI_FILE *msi, uint32_t sector, ui { if (sector >= MAXREGSECT || offset >= msi->m_sectorSize || (msi->m_bufferLen - offset) / msi->m_sectorSize <= sector) { - printf("Corrupted file\n"); + fprintf(stderr, "Corrupted file\n"); return NULL; /* FAILED */ } return msi->m_buffer + (sector + 1) * msi->m_sectorSize + offset; @@ -795,19 +795,19 @@ static uint32_t get_fat_sector_location(MSI_FILE *msi, uint32_t fatSectorNumber) fatSectorNumber -= entriesPerSector; address = sector_offset_to_address(msi, difatSectorLocation, msi->m_sectorSize - 4); if (!address) { - printf("Failed to get a next sector address\n"); + fprintf(stderr, "Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } difatSectorLocation = GET_UINT32_LE(address); } address = sector_offset_to_address(msi, difatSectorLocation, fatSectorNumber * 4); if (!address) { - printf("Failed to get a next sector address\n"); + fprintf(stderr, "Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } fatSectorLocation = GET_UINT32_LE(address); if (fatSectorLocation == 0 || fatSectorLocation >= FREESECT) { - printf("Get corrupted sector location 0x%08X\n", fatSectorLocation); + fprintf(stderr, "Get corrupted sector location 0x%08X\n", fatSectorLocation); return NOSTREAM; /* FAILED */ } return fatSectorLocation; @@ -823,17 +823,17 @@ static uint32_t get_next_sector(MSI_FILE *msi, uint32_t sector) uint32_t fatSectorNumber = sector / entriesPerSector; uint32_t fatSectorLocation = get_fat_sector_location(msi, fatSectorNumber); if (fatSectorLocation == NOSTREAM) { - printf("Failed to get a fat sector location\n"); + fprintf(stderr, "Failed to get a fat sector location\n"); return NOSTREAM; /* FAILED */ } address = sector_offset_to_address(msi, fatSectorLocation, sector % entriesPerSector * 4); if (!address) { - printf("Failed to get a next sector address\n"); + fprintf(stderr, "Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } nextSectorLocation = GET_UINT32_LE(address); if (nextSectorLocation == 0 || nextSectorLocation >= FREESECT) { - printf("Get corrupted sector location 0x%08X\n", nextSectorLocation); + fprintf(stderr, "Get corrupted sector location 0x%08X\n", nextSectorLocation); return NOSTREAM; /* FAILED */ } return nextSectorLocation; @@ -846,7 +846,7 @@ static int locate_final_sector(MSI_FILE *msi, uint32_t sector, uint32_t offset, offset -= msi->m_sectorSize; sector = get_next_sector(msi, sector); if (sector == NOSTREAM) { - printf("Failed to get a next sector\n"); + fprintf(stderr, "Failed to get a next sector\n"); return 0; /* FAILED */ } } @@ -860,11 +860,11 @@ static const u_char *mini_sector_offset_to_address(MSI_FILE *msi, uint32_t secto { if (sector >= MAXREGSECT || offset >= msi->m_minisectorSize || (msi->m_bufferLen - offset) / msi->m_minisectorSize <= sector) { - printf("Corrupted file\n"); + fprintf(stderr, "Corrupted file\n"); return NULL; /* FAILED */ } if (!locate_final_sector(msi, msi->m_miniStreamStartSector, sector * msi->m_minisectorSize + offset, §or, &offset)) { - printf("Failed to locate a final sector\n"); + fprintf(stderr, "Failed to locate a final sector\n"); return NULL; /* FAILED */ } return sector_offset_to_address(msi, sector, offset); @@ -877,7 +877,7 @@ static const u_char *mini_sector_offset_to_address(MSI_FILE *msi, uint32_t secto static int read_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *buffer, uint32_t len) { if (!locate_final_sector(msi, sector, offset, §or, &offset)) { - printf("Failed to locate a final sector\n"); + fprintf(stderr, "Failed to locate a final sector\n"); return 0; /* FAILED */ } while (len > 0) { @@ -885,12 +885,12 @@ static int read_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *bu uint32_t copylen; address = sector_offset_to_address(msi, sector, offset); if (!address) { - printf("Failed to get a next sector address\n"); + fprintf(stderr, "Failed to get a next sector address\n"); return 0; /* FAILED */ } copylen = MIN(len, msi->m_sectorSize - offset); if (msi->m_buffer + msi->m_bufferLen < address + copylen) { - printf("Corrupted file\n"); + fprintf(stderr, "Corrupted file\n"); return 0; /* FAILED */ } memcpy(buffer, address, copylen); @@ -898,7 +898,7 @@ static int read_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *bu len -= copylen; sector = get_next_sector(msi, sector); if (sector == 0) { - printf("Failed to get a next sector\n"); + fprintf(stderr, "Failed to get a next sector\n"); return 0; /* FAILED */ } offset = 0; @@ -913,17 +913,17 @@ static uint32_t get_next_mini_sector(MSI_FILE *msi, uint32_t miniSector) const u_char *address; if (!locate_final_sector(msi, msi->m_hdr->firstMiniFATSectorLocation, miniSector * 4, §or, &offset)) { - printf("Failed to locate a final sector\n"); + fprintf(stderr, "Failed to locate a final sector\n"); return NOSTREAM; /* FAILED */ } address = sector_offset_to_address(msi, sector, offset); if (!address) { - printf("Failed to get a next mini sector address\n"); + fprintf(stderr, "Failed to get a next mini sector address\n"); return NOSTREAM; /* FAILED */ } nextMiniSectorLocation = GET_UINT32_LE(address); if (nextMiniSectorLocation == 0 || nextMiniSectorLocation >= FREESECT) { - printf("Get corrupted sector location 0x%08X\n", nextMiniSectorLocation); + fprintf(stderr, "Get corrupted sector location 0x%08X\n", nextMiniSectorLocation); return NOSTREAM; /* FAILED */ } return nextMiniSectorLocation; @@ -935,7 +935,7 @@ static int locate_final_mini_sector(MSI_FILE *msi, uint32_t sector, uint32_t off offset -= msi->m_minisectorSize; sector = get_next_mini_sector(msi, sector); if (sector == NOSTREAM) { - printf("Failed to get a next mini sector\n"); + fprintf(stderr, "Failed to get a next mini sector\n"); return 0; /* FAILED */ } } @@ -948,7 +948,7 @@ static int locate_final_mini_sector(MSI_FILE *msi, uint32_t sector, uint32_t off static int read_mini_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *buffer, uint32_t len) { if (!locate_final_mini_sector(msi, sector, offset, §or, &offset)) { - printf("Failed to locate a final mini sector\n"); + fprintf(stderr, "Failed to locate a final mini sector\n"); return 0; /* FAILED */ } while (len > 0) { @@ -956,12 +956,12 @@ static int read_mini_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, cha uint32_t copylen; address = mini_sector_offset_to_address(msi, sector, offset); if (!address) { - printf("Failed to get a next mini sector address\n"); + fprintf(stderr, "Failed to get a next mini sector address\n"); return 0; /* FAILED */ } copylen = MIN(len, msi->m_minisectorSize - offset); if (msi->m_buffer + msi->m_bufferLen < address + copylen) { - printf("Corrupted file\n"); + fprintf(stderr, "Corrupted file\n"); return 0; /* FAILED */ } memcpy(buffer, address, copylen); @@ -969,7 +969,7 @@ static int read_mini_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, cha len -= copylen; sector = get_next_mini_sector(msi, sector); if (sector == NOSTREAM) { - printf("Failed to get a next mini sector\n"); + fprintf(stderr, "Failed to get a next mini sector\n"); return 0; /* FAILED */ } offset = 0; @@ -1004,20 +1004,20 @@ static MSI_FILE_HDR *parse_header(char *data) memcpy(header->signature, data + HEADER_SIGNATURE, sizeof header->signature); /* Minor Version field SHOULD be set to 0x003E. */ header->minorVersion = GET_UINT16_LE(data + HEADER_MINOR_VER); - if (header->minorVersion !=0x003E ) { + if (header->minorVersion !=0x003E) { printf("Warning: Minor Version field SHOULD be 0x003E, but is: 0x%04X\n", header->minorVersion); } /* Major Version field MUST be set to either 0x0003 (version 3) or 0x0004 (version 4). */ header->majorVersion = GET_UINT16_LE(data + HEADER_MAJOR_VER); if (header->majorVersion != 0x0003 && header->majorVersion != 0x0004) { - printf("Unknown Major Version: 0x%04X\n", header->majorVersion); + fprintf(stderr, "Unknown Major Version: 0x%04X\n", header->majorVersion); OPENSSL_free(header); return NULL; /* FAILED */ } /* Byte Order field MUST be set to 0xFFFE, specifies little-endian byte order. */ header->byteOrder = GET_UINT16_LE(data + HEADER_BYTE_ORDER); if (header->byteOrder != 0xFFFE) { - printf("Unknown Byte Order: 0x%04X\n", header->byteOrder); + fprintf(stderr, "Unknown Byte Order: 0x%04X\n", header->byteOrder); OPENSSL_free(header); return NULL; /* FAILED */ } @@ -1026,7 +1026,7 @@ static MSI_FILE_HDR *parse_header(char *data) header->sectorShift = GET_UINT16_LE(data + HEADER_SECTOR_SHIFT); if ((header->majorVersion == 0x0003 && header->sectorShift != 0x0009) || (header->majorVersion == 0x0004 && header->sectorShift != 0x000C)) { - printf("Unknown Sector Shift: 0x%04X\n", header->sectorShift); + fprintf(stderr, "Unknown Sector Shift: 0x%04X\n", header->sectorShift); OPENSSL_free(header); return NULL; /* FAILED */ } @@ -1035,7 +1035,7 @@ static MSI_FILE_HDR *parse_header(char *data) * The sector size of the Mini Stream MUST be 64 bytes. */ header->miniSectorShift = GET_UINT16_LE(data + HEADER_MINI_SECTOR_SHIFT); if (header->miniSectorShift != 0x0006) { - printf("Unknown Mini Sector Shift: 0x%04X\n", header->miniSectorShift); + fprintf(stderr, "Unknown Mini Sector Shift: 0x%04X\n", header->miniSectorShift); OPENSSL_free(header); return NULL; /* FAILED */ } @@ -1045,13 +1045,13 @@ static MSI_FILE_HDR *parse_header(char *data) * If Major Version is 3, the Number of Directory Sectors MUST be zero. */ header->numDirectorySector = GET_UINT32_LE(data + HEADER_DIR_SECTORS_NUM); if (header->majorVersion == 0x0003 && header->numDirectorySector != 0x00000000) { - printf("Unsupported Number of Directory Sectors: 0x%08X\n", header->numDirectorySector); + fprintf(stderr, "Unsupported Number of Directory Sectors: 0x%08X\n", header->numDirectorySector); OPENSSL_free(header); return NULL; /* FAILED */ } header->numFATSector = GET_UINT32_LE(data + HEADER_FAT_SECTORS_NUM); if ((uint64_t)header->numFATSector * sectorSize >= SIZE_16M) { - printf("Unsupported Number of FAT Sectors: 0x%08X\n", header->numFATSector); + fprintf(stderr, "Unsupported Number of FAT Sectors: 0x%08X\n", header->numFATSector); OPENSSL_free(header); return NULL; /* FAILED */ } @@ -1064,21 +1064,21 @@ static MSI_FILE_HDR *parse_header(char *data) * must be allocated as normal sectors from the FAT. */ header->miniStreamCutoffSize = GET_UINT32_LE(data + HEADER_MINI_STREAM_CUTOFF); if (header->miniStreamCutoffSize != 0x00001000) { - printf("Unsupported Mini Stream Cutoff Size: 0x%08X\n", header->miniStreamCutoffSize); + fprintf(stderr, "Unsupported Mini Stream Cutoff Size: 0x%08X\n", header->miniStreamCutoffSize); OPENSSL_free(header); return NULL; /* FAILED */ } header->firstMiniFATSectorLocation = GET_UINT32_LE(data + HEADER_MINI_FAT_SECTOR_LOC); header->numMiniFATSector = GET_UINT32_LE(data + HEADER_MINI_FAT_SECTORS_NUM); if ((uint64_t)header->numMiniFATSector * sectorSize >= SIZE_16M) { - printf("Unsupported Number of Mini FAT Sectors: 0x%08X\n", header->numMiniFATSector); + fprintf(stderr, "Unsupported Number of Mini FAT Sectors: 0x%08X\n", header->numMiniFATSector); OPENSSL_free(header); return NULL; /* FAILED */ } header->firstDIFATSectorLocation = GET_UINT32_LE(data + HEADER_DIFAT_SECTOR_LOC); header->numDIFATSector = GET_UINT32_LE(data + HEADER_DIFAT_SECTORS_NUM); if ((uint64_t)header->numDIFATSector * sectorSize >= SIZE_16M) { - printf("Unsupported Number of DIFAT Sectors: 0x%08X\n", header->numDIFATSector); + fprintf(stderr, "Unsupported Number of DIFAT Sectors: 0x%08X\n", header->numDIFATSector); OPENSSL_free(header); return NULL; /* FAILED */ } @@ -1097,7 +1097,7 @@ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) entry->nameLen = GET_UINT16_LE(data + DIRENT_NAME_LEN); /* This length MUST NOT exceed 64, the maximum size of the Directory Entry Name field */ if (entry->nameLen == 0 || entry->nameLen > 64) { - printf("Corrupted Directory Entry Name Length\n"); + fprintf(stderr, "Corrupted Directory Entry Name Length\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } @@ -1106,7 +1106,7 @@ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) * string "Root Entry" in Unicode UTF-16. */ if (is_root && (entry->nameLen != sizeof msi_root_entry || memcmp(entry->name, msi_root_entry, entry->nameLen))) { - printf("Corrupted Root Directory Entry's Name\n"); + fprintf(stderr, "Corrupted Root Directory Entry's Name\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } @@ -1121,7 +1121,7 @@ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) /* The Creation Time field in the root storage directory entry MUST be all zeroes but the Modified Time field in the root storage directory entry MAY be all zeroes */ if (is_root && memcmp(entry->creationTime, msi_zeroes, 8)) { - printf("Corrupted Root Directory Entry's Creation Time\n"); + fprintf(stderr, "Corrupted Root Directory Entry's Creation Time\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } @@ -1133,7 +1133,7 @@ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) inlen = GET_UINT32_LE(entry->size); if ((msi->m_sectorSize == 0x0200 && inlen > 0x80000000) || (msi->m_bufferLen <= inlen)) { - printf("Corrupted Stream Size 0x%08X\n", inlen); + fprintf(stderr, "Corrupted Stream Size 0x%08X\n", inlen); OPENSSL_free(entry); return NULL; /* FAILED */ } @@ -1153,27 +1153,27 @@ static MSI_ENTRY *get_entry(MSI_FILE *msi, uint32_t entryID, int is_root) /* Corrupted file */ if (!is_root && entryID == 0) { - printf("Corrupted entryID\n"); + fprintf(stderr, "Corrupted entryID\n"); return NULL; /* FAILED */ } if (msi->m_bufferLen / sizeof(MSI_ENTRY) <= entryID) { - printf("Invalid argument entryID\n"); + fprintf(stderr, "Invalid argument entryID\n"); return NULL; /* FAILED */ } /* The first entry in the first sector of the directory chain is known as the root directory entry so it can not contain the directory stream */ if (msi->m_hdr->firstDirectorySectorLocation == 0 && entryID == 0) { - printf("Corrupted First Directory Sector Location\n"); + fprintf(stderr, "Corrupted First Directory Sector Location\n"); return NULL; /* FAILED */ } if (!locate_final_sector(msi, msi->m_hdr->firstDirectorySectorLocation, entryID * sizeof(MSI_ENTRY), §or, &offset)) { - printf("Failed to locate a final sector\n"); + fprintf(stderr, "Failed to locate a final sector\n"); return NULL; /* FAILED */ } address = sector_offset_to_address(msi, sector, offset); if (!address) { - printf("Failed to get a final address\n"); + fprintf(stderr, "Failed to get a final address\n"); return NULL; /* FAILED */ } return parse_entry(msi, address, is_root); @@ -1200,12 +1200,12 @@ static MSI_FILE *msi_file_new(char *buffer, uint32_t len) MSI_FILE_HDR *header; if (buffer == NULL || len == 0) { - printf("Invalid argument\n"); + fprintf(stderr, "Invalid argument\n"); return NULL; /* FAILED */ } header = parse_header(buffer); if (!header) { - printf("Failed to parse MSI_FILE_HDR struct\n"); + fprintf(stderr, "Failed to parse MSI_FILE_HDR struct\n"); return NULL; /* FAILED */ } msi = (MSI_FILE *)OPENSSL_malloc(sizeof(MSI_FILE)); @@ -1218,20 +1218,20 @@ static MSI_FILE *msi_file_new(char *buffer, uint32_t len) if (msi->m_bufferLen < sizeof *(msi->m_hdr) || memcmp(msi->m_hdr->signature, msi_magic, sizeof msi_magic)) { - printf("Wrong file format\n"); + fprintf(stderr, "Wrong file format\n"); msi_file_free(msi); return NULL; /* FAILED */ } /* The file must contains at least 3 sectors */ if (msi->m_bufferLen < msi->m_sectorSize * 3) { - printf("The file must contains at least 3 sectors\n"); + fprintf(stderr, "The file must contains at least 3 sectors\n"); msi_file_free(msi); return NULL; /* FAILED */ } root = msi_root_entry_get(msi); if (!root) { - printf("Failed to get msi root entry\n"); + fprintf(stderr, "Failed to get msi root entry\n"); msi_file_free(msi); return NULL; /* FAILED */ } @@ -1251,13 +1251,13 @@ static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, M return 1; /* OK */ } if (entry->nameLen == 0 || entry->nameLen > 64) { - printf("Corrupted Directory Entry Name Length\n"); + fprintf(stderr, "Corrupted Directory Entry Name Length\n"); return 0; /* FAILED */ } /* detect cycles in previously visited entries (parents, siblings) */ if (!ret) { /* initialized (non-root entry) */ if (!memcmp(entry, tortoise->entry, sizeof(MSI_ENTRY))) { - printf("MSI_ENTRY cycle detected at level %d\n", cnt); + fprintf(stderr, "MSI_ENTRY cycle detected at level %d\n", cnt); OPENSSL_free(entry); return 0; /* FAILED */ } @@ -1284,7 +1284,7 @@ static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, M } if (parent && !sk_MSI_DIRENT_push(parent->children, dirent)) { - printf("Failed to insert MSI_DIRENT\n"); + fprintf(stderr, "Failed to insert MSI_DIRENT\n"); return 0; /* FAILED */ } @@ -1294,7 +1294,7 @@ static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, M if (!recurse_entry(msi, entry->leftSiblingID, parent) || !recurse_entry(msi, entry->rightSiblingID, parent) || !recurse_entry(msi, entry->childID, dirent)) { - printf("Failed to add a sibling or a child to the tree\n"); + fprintf(stderr, "Failed to add a sibling or a child to the tree\n"); return 0; /* FAILED */ } @@ -1313,7 +1313,7 @@ static int recurse_entry(MSI_FILE *msi, uint32_t entryID, MSI_DIRENT *parent) node = get_entry(msi, entryID, FALSE); if (!node) { - printf("Corrupted ID: 0x%08X\n", entryID); + fprintf(stderr, "Corrupted ID: 0x%08X\n", entryID); return 0; /* FAILED */ } @@ -1478,7 +1478,7 @@ static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_roo } indata = (char *)OPENSSL_malloc(inlen); if (!msi_file_read(msi, child->entry, 0, indata, inlen)) { - printf("Failed to read stream data\n"); + fprintf(stderr, "Failed to read stream data\n"); OPENSSL_free(indata); goto out; } @@ -1487,7 +1487,7 @@ static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_roo } if (child->type == DIR_STORAGE) { if (!msi_hash_dir(msi, child, hash, 0)) { - printf("Failed to hash a MSI storage\n"); + fprintf(stderr, "Failed to hash a MSI storage\n"); goto out; } } @@ -1506,7 +1506,7 @@ static int ministream_append(MSI_OUT *out, char *buf, uint32_t len) out->ministreamsMemallocCount += needSectors; out->ministream = OPENSSL_realloc(out->ministream, (size_t)(out->ministreamsMemallocCount * out->sectorSize)); if (!out->ministream) { - printf("Memory allocation failure\n"); + fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } @@ -1520,12 +1520,12 @@ static int minifat_append(MSI_OUT *out, char *buf, uint32_t len) if (out->minifatLen == (uint64_t)out->minifatMemallocCount * out->sectorSize) { out->minifatMemallocCount++; if ((uint64_t)out->minifatMemallocCount * out->sectorSize >= SIZE_16M) { - printf("Failed to append MiniFAT sector\n"); + fprintf(stderr, "Failed to append MiniFAT sector\n"); return 0; /* FAILED */ } out->minifat = OPENSSL_realloc(out->minifat, (size_t)(out->minifatMemallocCount * out->sectorSize)); if (!out->minifat) { - printf("Memory allocation failure\n"); + fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } @@ -1539,12 +1539,12 @@ static int fat_append(MSI_OUT *out, char *buf, uint32_t len) if (out->fatLen == (uint64_t)out->fatMemallocCount * out->sectorSize) { out->fatMemallocCount++; if ((uint64_t)out->fatMemallocCount * out->sectorSize >= SIZE_16M) { - printf("Failed to append FAT sector\n"); + fprintf(stderr, "Failed to append FAT sector\n"); return 0; /* FAILED */ } out->fat = OPENSSL_realloc(out->fat, (size_t)(out->fatMemallocCount * out->sectorSize)); if (!out->fat) { - printf("Memory allocation failure\n"); + fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } @@ -1558,12 +1558,12 @@ static int difat_append(MSI_OUT *out, char *buf, uint32_t len) if (out->difatLen == (uint64_t)out->difatMemallocCount * out->sectorSize) { out->difatMemallocCount++; if ((uint64_t)out->difatMemallocCount * out->sectorSize >= SIZE_16M) { - printf("Failed to append DIFAT sector\n"); + fprintf(stderr, "Failed to append DIFAT sector\n"); return 0; /* FAILED */ } out->difat = OPENSSL_realloc(out->difat, (size_t)(out->difatMemallocCount * out->sectorSize)); if (!out->difat) { - printf("Memory allocation failure\n"); + fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } @@ -1582,7 +1582,7 @@ static int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t na continue; } if (child->type != DIR_STREAM) { - printf("Can't delete or replace storages\n"); + fprintf(stderr, "Can't delete or replace storages\n"); return 0; /* FAILED */ } sk_MSI_DIRENT_delete(dirent->children, i); @@ -1680,7 +1680,7 @@ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint3 if (dirent->type == DIR_ROOT) { if (len_msi > 0 && !signature_insert(dirent, len_msiex)) { - printf("Insert new signature failed\n"); + fprintf(stderr, "Insert new signature failed\n"); return 0; /* FAILED */ } out->ministreamsMemallocCount = (GET_UINT32_LE(dirent->entry->size) + out->sectorSize - 1)/out->sectorSize; @@ -1697,7 +1697,7 @@ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint3 char *indata = NULL; uint32_t inlen = GET_UINT32_LE(child->entry->size); if (inlen >= MAXREGSECT) { - printf("Corrupted stream length 0x%08X\n", inlen); + fprintf(stderr, "Corrupted stream length 0x%08X\n", inlen); return 0; /* FAILED */ } /* DigitalSignature or MsiDigitalSignatureEx: inlen == 0 */ @@ -2239,11 +2239,11 @@ static int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint static BIO *msi_digest_calc_bio(FILE_FORMAT_CTX *ctx, BIO *hash) { if (ctx->options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ctx, hash)) { - printf("Unable to calc MsiDigitalSignatureEx\n"); + fprintf(stderr, "Unable to calc MsiDigitalSignatureEx\n"); return NULL; /* FAILED */ } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { - printf("Unable to msi_handle_dir()\n"); + fprintf(stderr, "Unable to msi_handle_dir()\n"); return NULL; /* FAILED */ } return hash; @@ -2296,14 +2296,14 @@ static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash) BIO *prehash = BIO_new(BIO_f_md()); if (!BIO_set_md(prehash, ctx->options->md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(prehash); return 0; /* FAILED */ } BIO_push(prehash, BIO_new(BIO_s_null())); if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { - printf("Unable to calculate MSI pre-hash ('metadata') hash\n"); + fprintf(stderr, "Unable to calculate MSI pre-hash ('metadata') hash\n"); return 0; /* FAILED */ } if (ctx->msi_ctx->p_msiex) { @@ -2335,23 +2335,23 @@ static int msi_check_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, MSI_ENTRY *dse, alg = sk_X509_ALGOR_value(p7->d.sign->md_algs, 0); X509_ALGOR_get0(&aoid, NULL, NULL, alg); - printf("Message digest algorithm found : %s\n", OBJ_nid2sn(OBJ_obj2nid(aoid))); - printf("It is not possible to add a nested signature of a different MD type to the MSI file " + fprintf(stderr, "Message digest algorithm found : %s\n", OBJ_nid2sn(OBJ_obj2nid(aoid))); + fprintf(stderr, "It is not possible to add a nested signature of a different MD type to the MSI file " "without invalidating the initial signature, as the file contains MsiDigitalSignatureEx.\n" "The file should be signed again, rather than adding a nested signature.\n"); - return 0; /* FAILED */ + return 0; /* FAILED */ } if (!dse && ctx->options->add_msi_dse) { - printf("It is not possible to add a nested signature using the -add-msi-dse parameter " + fprintf(stderr, "It is not possible to add a nested signature using the -add-msi-dse parameter " "without invalidating the initial signature, as the file does not contain MsiDigitalSignatureEx.\n" "The file should be signed again, rather than adding a nested signature.\n"); - return 0; /* FAILED */ + return 0; /* FAILED */ } if (dse && !ctx->options->add_msi_dse) { - printf("It is not possible to add a signature without using the -add-msi-dse parameter, " + fprintf(stderr, "It is not possible to add a signature without using the -add-msi-dse parameter, " "as doing so would invalidate the initial signature due to the presence of MsiDigitalSignatureEx.\n" "In this case, consider using the -add-msi-dse option.\n"); - return 0; /* FAILED */ + return 0; /* FAILED */ } return 1; /* OK */ } @@ -2378,22 +2378,22 @@ static int msi_check_file(FILE_FORMAT_CTX *ctx) MSI_ENTRY *ds, *dse = NULL; if (!ctx) { - printf("Init error\n\n"); + fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); if (!ds) { - printf("MSI file has no signature\n\n"); + fprintf(stderr, "MSI file has no signature\n"); return 0; /* FAILED */ } inlen = GET_UINT32_LE(ds->size); if (inlen == 0 || inlen >= MAXREGSECT) { - printf("Corrupted DigitalSignature stream length 0x%08X\n", inlen); + fprintf(stderr, "Corrupted DigitalSignature stream length 0x%08X\n", inlen); return 0; /* FAILED */ } indata = OPENSSL_malloc((size_t)inlen); if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, indata, inlen)) { - printf("DigitalSignature stream data error\n\n"); + fprintf(stderr, "DigitalSignature stream data error\n\n"); OPENSSL_free(indata); return 0; /* FAILED */ } @@ -2402,7 +2402,7 @@ static int msi_check_file(FILE_FORMAT_CTX *ctx) } else { ctx->msi_ctx->len_msiex = GET_UINT32_LE(dse->size); if (ctx->msi_ctx->len_msiex == 0 || ctx->msi_ctx->len_msiex >= MAXREGSECT) { - printf("Corrupted MsiDigitalSignatureEx stream length 0x%08X\n", + fprintf(stderr, "Corrupted MsiDigitalSignatureEx stream length 0x%08X\n", ctx->msi_ctx->len_msiex); OPENSSL_free(indata); return 0; /* FAILED */ @@ -2410,7 +2410,7 @@ static int msi_check_file(FILE_FORMAT_CTX *ctx) ctx->msi_ctx->p_msiex = OPENSSL_malloc((size_t)ctx->msi_ctx->len_msiex); if (!msi_file_read(ctx->msi_ctx->msi, dse, 0, (char *)ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex)) { - printf("MsiDigitalSignatureEx stream data error\n\n"); + fprintf(stderr, "MsiDigitalSignatureEx stream data error\n\n"); OPENSSL_free(indata); return 0; /* FAILED */ } diff --git a/osslsigncode.c b/osslsigncode.c index 8d36609d..b0902400 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -281,7 +281,7 @@ static BIO *bio_encode_rfc3161_request(PKCS7 *p7, const EVP_MD *md) bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); goto out; } BIO_push(bhash, BIO_new(BIO_s_null())); @@ -347,11 +347,11 @@ static ASN1_INTEGER *create_nonce(int bits) int i; if (len > (int)sizeof(buf)) { - printf("Invalid nonce size\n"); + fprintf(stderr, "Invalid nonce size\n"); return NULL; } if (RAND_bytes(buf, len) <= 0) { - printf("Random nonce generation failed\n"); + fprintf(stderr, "Random nonce generation failed\n"); return NULL; } /* Find the first non-zero byte and creating ASN1_INTEGER object. */ @@ -359,7 +359,7 @@ static ASN1_INTEGER *create_nonce(int bits) } nonce = ASN1_INTEGER_new(); if (!nonce) { - printf("Could not create nonce\n"); + fprintf(stderr, "Could not create nonce\n"); return NULL; } OPENSSL_free(nonce->data); @@ -441,10 +441,10 @@ static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) if (ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status)) != 0) { if (verbose) { const STACK_OF(ASN1_UTF8STRING) *reasons = TS_STATUS_INFO_get0_text(status); - printf("Timestamping failed: status %ld\n", ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status))); + fprintf(stderr, "Timestamping failed: status %ld\n", ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status))); for (i = 0; i < sk_ASN1_UTF8STRING_num(reasons); i++) { ASN1_UTF8STRING *reason = sk_ASN1_UTF8STRING_value(reasons, i); - printf("%s\n", ASN1_STRING_get0_data(reason)); + fprintf(stderr, "%s\n", ASN1_STRING_get0_data(reason)); } } return 1; /* FAILED */ @@ -452,8 +452,8 @@ static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) token = TS_RESP_get_token(response); if (((len = i2d_PKCS7(token, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { - printf("Failed to convert pkcs7: %d\n", len); - ERR_print_errors_fp(stdout); + fprintf(stderr, "Failed to convert pkcs7: %d\n", len); + ERR_print_errors_fp(stderr); } return 1; /* FAILED */ } @@ -501,8 +501,8 @@ static int attach_authenticode_response(PKCS7 *p7, PKCS7 *resp, int verbose) } if (((len = i2d_PKCS7_SIGNER_INFO(info, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { - printf("Failed to convert signer info: %d\n", len); - ERR_print_errors_fp(stdout); + fprintf(stderr, "Failed to convert signer info: %d\n", len); + ERR_print_errors_fp(stderr); } PKCS7_free(resp); return 1; /* FAILED */ @@ -596,24 +596,24 @@ static BIO *bio_get_http_curl(long *http_code, char *url, BIO *req, char *proxy, if (proxy) { res = curl_easy_setopt(curl, CURLOPT_PROXY, proxy); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } if (!strncmp("http:", proxy, 5)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } if (!strncmp("socks:", proxy, 6)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } } res = curl_easy_setopt(curl, CURLOPT_URL, url); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } /* * ask libcurl to show us the verbose output @@ -622,7 +622,7 @@ static BIO *bio_get_http_curl(long *http_code, char *url, BIO *req, char *proxy, if (noverifypeer) { res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } if (req) { /* POST */ @@ -639,31 +639,31 @@ static BIO *bio_get_http_curl(long *http_code, char *url, BIO *req, char *proxy, slist = curl_slist_append(slist, "Cache-Control: no-cache"); res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } len = BIO_get_mem_data(req, &p); res = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (char*)p); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_POST, 1); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } bin = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bin, 0); res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, bin); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_write); if (res != CURLE_OK) { - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } /* Perform the request */ res = curl_easy_perform(curl); @@ -672,7 +672,7 @@ static BIO *bio_get_http_curl(long *http_code, char *url, BIO *req, char *proxy, if (res != CURLE_OK) { BIO_free_all(bin); if (verbose) - printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); + fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); curl_easy_cleanup(curl); return NULL; /* FAILED */ } else { @@ -750,7 +750,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) } return 1; } else { - printf("\tError: %s\n", X509_verify_cert_error_string(error)); + printf("\tError: %s\n\n", X509_verify_cert_error_string(error)); } } return ok; @@ -806,7 +806,7 @@ static BIO *socket_bio_read(BIO *s_bio, OSSL_HTTP_REQ_CTX *rctx, int use_ssl) ok = 1; retry = 0; /* use_ssl EOF */ } else { - printf("\nHTTP failure: error %ld: %s\n", err, ERR_reason_error_string(err)); + fprintf(stderr, "\nHTTP failure: error %ld: %s\n", err, ERR_reason_error_string(err)); retry = 0; /* FAILED */ } } @@ -952,7 +952,7 @@ static BIO *bio_get_http(char *url, BIO *req, char *proxy, int rfc3161, char *ca if (resp && req && !rfc3161) check_authenticode_timestamp(&resp); } else { - printf("\nHTTP failure: Failed to get data from %s\n", url); + fprintf(stderr, "\nHTTP failure: Failed to get data from %s\n", url); } return resp; @@ -993,7 +993,7 @@ static int add_timestamp(PKCS7 *p7, FILE_FORMAT_CTX *ctx, char *url, int rfc3161 #ifndef ENABLE_CURL (void)url; (void)rfc3161; - printf("Could NOT find CURL\n"); + fprintf(stderr, "Could NOT find CURL\n"); BIO_free_all(req); return NULL; /* FAILED */ #else /* ENABLE_CURL */ @@ -1034,13 +1034,13 @@ static int add_timestamp(PKCS7 *p7, FILE_FORMAT_CTX *ctx, char *url, int rfc3161 #if OPENSSL_VERSION_NUMBER<0x30000000L #ifdef ENABLE_CURL if (http_code != -1) - printf("Failed to convert timestamp reply from %s; " + fprintf(stderr, "Failed to convert timestamp reply from %s; " "HTTP status %ld\n", url, http_code); else #endif /* ENABLE_CURL */ #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ - printf("Failed to convert timestamp reply from %s\n", url); - ERR_print_errors_fp(stdout); + fprintf(stderr, "Failed to convert timestamp reply from %s\n", url); + ERR_print_errors_fp(stderr); } BIO_free_all(resp); } @@ -1092,7 +1092,7 @@ static ASN1_INTEGER *serial_cb(TS_RESP_CTX *resp_ctx, void *data) (void)data; if (RAND_bytes((unsigned char *)&buf, sizeof buf) <= 0) { - printf("RAND_bytes failed\n"); + fprintf(stderr, "RAND_bytes failed\n"); goto out; } serial = ASN1_INTEGER_new(); @@ -1192,7 +1192,7 @@ static TS_RESP *get_rfc3161_response(FILE_FORMAT_CTX *ctx, X509 *signer_cert, /* generate RFC3161 response with embedded TS_TST_INFO structure */ response = TS_RESP_create_response(resp_ctx, bout); if (!response) { - printf("Failed to create RFC3161 response\n"); + fprintf(stderr, "Failed to create RFC3161 response\n"); } out: @@ -1241,7 +1241,7 @@ static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) btmp = BIO_new_file(ctx->options->tsa_certfile, "rb"); if (!btmp) { - printf("Failed to read Time-Stamp Authority certificate file: %s\n", ctx->options->tsa_certfile); + fprintf(stderr, "Failed to read Time-Stamp Authority certificate file: %s\n", ctx->options->tsa_certfile); return 0; /* FAILED */ } /* .pem certificate file */ @@ -1249,13 +1249,13 @@ static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) BIO_free(btmp); btmp = BIO_new_file(ctx->options->tsa_keyfile, "rb"); if (!btmp) { - printf("Failed to read private key file: %s\n", ctx->options->tsa_keyfile); + fprintf(stderr, "Failed to read private key file: %s\n", ctx->options->tsa_keyfile); return 0; /* FAILED */ } signer_key = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL); BIO_free(btmp); if(!chain || !signer_key) { - printf("Failed to load Time-Stamp Authority crypto parameters\n"); + fprintf(stderr, "Failed to load Time-Stamp Authority crypto parameters\n"); return 0; /* FAILED */ } /* find the signer's certificate located somewhere in the whole certificate chain */ @@ -1267,7 +1267,7 @@ static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) } } if(!signer_cert) { - printf("Failed to checking the consistency of a TSA private key with a public key in any X509 certificate\n"); + fprintf(stderr, "Failed to checking the consistency of a TSA private key with a public key in any X509 certificate\n"); goto out; } @@ -1277,18 +1277,18 @@ static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) /* check X509_PURPOSE_TIMESTAMP_SIGN certificate purpose */ if (X509_check_purpose(signer_cert, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { - printf("Unsupported TSA signer's certificate purpose X509_PURPOSE_TIMESTAMP_SIGN\n"); + fprintf(stderr, "Unsupported TSA signer's certificate purpose X509_PURPOSE_TIMESTAMP_SIGN\n"); goto out; } /* check extended key usage flag XKU_TIMESTAMP */ if (!(X509_get_extended_key_usage(signer_cert) & XKU_TIMESTAMP)) { - printf("Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); + fprintf(stderr, "Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); goto out; } /* encode timestamp request */ bout = bio_encode_rfc3161_request(p7, ctx->options->md); if (!bout) { - printf("Failed to encode timestamp request\n"); + fprintf(stderr, "Failed to encode timestamp request\n"); goto out; } @@ -1298,11 +1298,11 @@ static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) if (response) { res = attach_rfc3161_response(p7, response, ctx->options->verbose); if (res) { - printf("Failed to convert timestamp reply\n"); - ERR_print_errors_fp(stdout); + fprintf(stderr, "Failed to convert timestamp reply\n"); + ERR_print_errors_fp(stderr); } } else { - printf("Failed to obtain RFC3161 response\n"); + fprintf(stderr, "Failed to obtain RFC3161 response\n"); } out: sk_X509_pop_free(chain, X509_free); @@ -1330,7 +1330,7 @@ static int add_unauthenticated_blob(PKCS7 *p7) signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { - printf("Failed to obtain PKCS#7 signer info list\n"); + fprintf(stderr, "Failed to obtain PKCS#7 signer info list\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0); @@ -1359,21 +1359,21 @@ static int add_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { /* add counter-signature/timestamp */ if (ctx->options->nturl && !add_timestamp_authenticode(p7, ctx)) { - printf("%s\n%s\n", "Authenticode timestamping failed", + fprintf(stderr, "%s\n%s\n", "Authenticode timestamping failed", "Use the \"-ts\" option to add the RFC3161 Time-Stamp Authority or choose another one Authenticode Time-Stamp Authority"); return 1; /* FAILED */ } if (ctx->options->ntsurl && !add_timestamp_rfc3161(p7, ctx)) { - printf("%s\n%s\n", "RFC 3161 timestamping failed", + fprintf(stderr, "%s\n%s\n", "RFC 3161 timestamping failed", "Use the \"-t\" option to add the Authenticode Time-Stamp Authority or choose another one RFC3161 Time-Stamp Authority"); return 1; /* FAILED */ } if (ctx->options->tsa_certfile && ctx->options->tsa_keyfile && add_timestamp_builtin(p7, ctx)) { - printf("Built-in timestamping failed\n"); + fprintf(stderr, "Built-in timestamping failed\n"); return 1; /* FAILED */ } if (ctx->options->addBlob && !add_unauthenticated_blob(p7)) { - printf("Adding unauthenticated blob failed\n"); + fprintf(stderr, "Adding unauthenticated blob failed\n"); return 1; /* FAILED */ } return 0; /* OK */ @@ -1401,12 +1401,12 @@ static int add_nested_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx, int in } signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { - printf("Failed to obtain PKCS#7 signer info list\n"); + fprintf(stderr, "Failed to obtain PKCS#7 signer info list\n"); return 1; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { - printf("Failed to obtain PKCS#7 signer info value\n"); + fprintf(stderr, "Failed to obtain PKCS#7 signer info value\n"); return 1; /* FAILED */ } unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ @@ -1424,7 +1424,7 @@ static int add_nested_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx, int in } signatures = signature_list_create(p7_tmp); if (!signatures) { - printf("Failed to create signature list\n\n"); + fprintf(stderr, "Failed to create signature list\n\n"); return 1; /* FAILED */ } /* append all nested signature to the primary signature */ @@ -1433,13 +1433,13 @@ static int add_nested_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx, int in if (i == index) { printf("Use the signature at index %d\n", i); if (add_timestamp_and_blob(sig, ctx)) { - printf("Unable to set unauthenticated attributes\n"); + fprintf(stderr, "Unable to set unauthenticated attributes\n"); sk_PKCS7_pop_free(signatures, PKCS7_free); return 1; /* FAILED */ } } if (!cursig_set_nested(p7, sig)) { - printf("Unable to append the nested signature to the current signature\n"); + fprintf(stderr, "Unable to append the nested signature to the current signature\n"); sk_PKCS7_pop_free(signatures, PKCS7_free); return 1; /* FAILED */ } @@ -1758,7 +1758,7 @@ static int verify_ca_callback(int ok, X509_STORE_CTX *ctx) printf("\tError: Certificate not found in local repository: %s\n", X509_verify_cert_error_string(error)); } else { - printf("\tError: %s\n", X509_verify_cert_error_string(error)); + printf("\tError: %s\n\n", X509_verify_cert_error_string(error)); } } return ok; @@ -1783,7 +1783,7 @@ static int verify_crl_callback(int ok, X509_STORE_CTX *ctx) X509_verify_cert_error_string(error)); } else { - printf("\tError: %s\n", X509_verify_cert_error_string(error)); + printf("\tError: %s\n\n", X509_verify_cert_error_string(error)); } } return ok; @@ -1803,7 +1803,7 @@ static int x509_store_load_file(X509_STORE *store, char *cafile) if (!lookup || !cafile) return 0; /* FAILED */ if (!X509_LOOKUP_load_file(lookup, cafile, X509_FILETYPE_PEM)) { - printf("\nError: no certificate found\n"); + fprintf(stderr, "\nError: no certificate found\n"); return 0; /* FAILED */ } param = X509_STORE_get0_param(store); @@ -1833,11 +1833,11 @@ static int x509_store_load_crlfile(X509_STORE *store, char *cafile, char *crlfil if (!lookup) return 0; /* FAILED */ if (!X509_LOOKUP_load_file(lookup, cafile, X509_FILETYPE_PEM)) { - printf("\nError: no certificate found\n"); + fprintf(stderr, "\nError: no certificate found\n"); return 0; /* FAILED */ } if (crlfile && !X509_load_crl_file(lookup, crlfile, X509_FILETYPE_PEM)) { - printf("\nError: no CRL found in %s\n", crlfile); + fprintf(stderr, "\nError: no CRL found in %s\n", crlfile); return 0; /* FAILED */ } param = X509_STORE_get0_param(store); @@ -1890,7 +1890,7 @@ static int verify_crl(char *cafile, char *crlfile, STACK_OF(X509_CRL) *crls, printf("\nCertificate Revocation List verified using:\n"); if (X509_verify_cert(ctx) <= 0) { int error = X509_STORE_CTX_get_error(ctx); - printf("\nX509_verify_cert: certificate verify error: %s\n", + fprintf(stderr, "X509_verify_cert: certificate verify error: %s\n", X509_verify_cert_error_string(error)); goto out; } @@ -1898,7 +1898,7 @@ static int verify_crl(char *cafile, char *crlfile, STACK_OF(X509_CRL) *crls, out: if (!verok) - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); /* NULL is a valid parameter value for X509_STORE_free() and X509_STORE_CTX_free() */ X509_STORE_free(store); X509_STORE_CTX_free(ctx); @@ -1959,7 +1959,7 @@ static X509_CRL *x509_crl_get(FILE_FORMAT_CTX *ctx, char *url) #if OPENSSL_VERSION_NUMBER<0x30000000L #ifndef ENABLE_CURL - printf("Could NOT find CURL\n"); + fprintf(stderr, "Could NOT find CURL\n"); return NULL; /* FAILED */ #else /* ENABLE_CURL */ long http_code = -1; @@ -1971,7 +1971,7 @@ static X509_CRL *x509_crl_get(FILE_FORMAT_CTX *ctx, char *url) ctx->options->noverifypeer ? NULL : ctx->options->https_crlfile); #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ if (!bio) { - printf("Warning: Faild to get CRL from %s\n\n", url); + fprintf(stderr, "Faild to get CRL from %s\n\n", url); return NULL; /* FAILED */ } crl = d2i_X509_CRL_bio(bio, NULL); /* DER format */ @@ -1981,7 +1981,7 @@ static X509_CRL *x509_crl_get(FILE_FORMAT_CTX *ctx, char *url) } BIO_free_all(bio); if (!crl) { - printf("Warning: Faild to decode CRL from %s\n\n", url); + fprintf(stderr, "Faild to decode CRL from %s\n\n", url); return NULL; /* FAILED */ } return crl; /* OK */ @@ -2069,7 +2069,7 @@ static int verify_timestamp_token(PKCS7 *p7, CMS_ContentInfo *timestamp) /* compute a hash from the encrypted message digest value of the file */ bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); TS_TST_INFO_free(token); return 0; /* FAILED */ @@ -2134,7 +2134,7 @@ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *ti * So verify timestamp against the time of its creation. */ if (!x509_store_set_time(store, time)) { - printf("Failed to set store time\n"); + fprintf(stderr, "Failed to set store time\n"); X509_STORE_free(store); goto out; } @@ -2149,7 +2149,7 @@ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *ti if (!CMS_verify(timestamp, NULL, store, 0, NULL, 0)) { STACK_OF(X509) *cms_certs; - printf("\nCMS_verify error\n"); + printf("CMS_verify error\n"); X509_STORE_free(store); printf("\nFailed timestamp certificate chain retrieved from the signature:\n"); cms_certs = CMS_get1_certs(timestamp); @@ -2185,7 +2185,7 @@ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *ti if (p7->d.sign->crl || crl) { crls = x509_crl_list_get(p7, crl); if (!crls) { - printf("Failed to use CRL distribution point\n"); + fprintf(stderr, "Failed to use CRL distribution point\n"); goto out; } } @@ -2203,7 +2203,7 @@ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *ti } /* check extended key usage flag XKU_TIMESTAMP */ if (!(X509_get_extended_key_usage(signer) & XKU_TIMESTAMP)) { - printf("Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); + fprintf(stderr, "Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); goto out; } /* verify the hash provided from the trusted timestamp */ @@ -2213,7 +2213,7 @@ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *ti verok = 1; /* OK */ out: if (!verok) - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); return verok; } @@ -2261,7 +2261,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 goto out; if (!x509_store_load_file(store, ctx->options->cafile)) { - printf("Failed to add store lookup file\n"); + fprintf(stderr, "Failed to add store lookup file\n"); X509_STORE_free(store); goto out; } @@ -2269,7 +2269,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 printf("Signature verification time: "); print_time_t(time); if (!x509_store_set_time(store, time)) { - printf("Failed to set signature time\n"); + fprintf(stderr, "Failed to set signature time\n"); X509_STORE_free(store); goto out; } @@ -2277,7 +2277,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 printf("Signature verification time: "); print_time_t(ctx->options->time); if (!x509_store_set_time(store, ctx->options->time)) { - printf("Failed to set verifying time\n"); + fprintf(stderr, "Failed to set verifying time\n"); X509_STORE_free(store); goto out; } @@ -2295,7 +2295,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 inf = ASN1_get_object(&data, &len, &tag, &class, contents->d.other->value.sequence->length); if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE) { - printf("Corrupted data content\n"); + fprintf(stderr, "Corrupted data content\n"); X509_STORE_free(store); goto out; } @@ -2306,7 +2306,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 contents->d.other->value.sequence->length); } } else { - printf("Corrupted data content\n"); + fprintf(stderr, "Corrupted data content\n"); X509_STORE_free(store); goto out; } @@ -2319,10 +2319,10 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 * https://github.com/openssl/openssl/pull/22575 */ if (!PKCS7_verify(p7, NULL, store, bio, NULL, 0)) { - printf("\nPKCS7_verify error\n"); + printf("PKCS7_verify error\n"); X509_STORE_free(store); BIO_free(bio); - printf("\nFailed signing certificate chain retrieved from the signature:\n"); + printf("Failed signing certificate chain retrieved from the signature:\n"); print_certs_chain(p7->d.sign->cert); goto out; } @@ -2351,7 +2351,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 if (p7->d.sign->crl || crl) { crls = x509_crl_list_get(p7, crl); if (!crls) { - printf("Failed to use CRL distribution point\n"); + fprintf(stderr, "Failed to use CRL distribution point\n"); goto out; } } @@ -2366,14 +2366,14 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 } /* check extended key usage flag XKU_CODE_SIGN */ if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) { - printf("Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); + fprintf(stderr, "Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); goto out; } verok = 1; /* OK */ out: if (!verok) - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); return verok; } @@ -2395,20 +2395,20 @@ static int verify_leaf_hash(X509 *cert, const char *leafhash) char *mdid = OPENSSL_strdup(leafhash); char *hash = strchr(mdid, ':'); if (hash == NULL) { - printf("\nUnable to parse -require-leaf-hash parameter: %s\n", leafhash); + fprintf(stderr, "\nUnable to parse -require-leaf-hash parameter: %s\n", leafhash); OPENSSL_free(mdid); return 0; /* FAILED */ } *hash++ = '\0'; md = EVP_get_digestbyname(mdid); if (md == NULL) { - printf("\nUnable to lookup digest by name '%s'\n", mdid); + fprintf(stderr, "\nUnable to lookup digest by name '%s'\n", mdid); OPENSSL_free(mdid); return 0; /* FAILED */ } mdbuf = OPENSSL_hexstr2buf(hash, &mdlen); if (mdlen != EVP_MD_size(md)) { - printf("\nHash length mismatch: '%s' digest must be %d bytes long (got %ld bytes)\n", + fprintf(stderr, "\nHash length mismatch: '%s' digest must be %d bytes long (got %ld bytes)\n", mdid, EVP_MD_size(md), mdlen); OPENSSL_free(mdid); OPENSSL_free(mdbuf); @@ -2419,7 +2419,7 @@ static int verify_leaf_hash(X509 *cert, const char *leafhash) /* compute the leaf certificate hash */ bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); OPENSSL_free(mdbuf); return 0; /* FAILED */ @@ -2642,8 +2642,8 @@ static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7 data = ASN1_STRING_get0_data(value); countersi = d2i_PKCS7_SIGNER_INFO(NULL, &data, ASN1_STRING_length(value)); if (countersi == NULL) { - printf("Error: Authenticode Timestamp could not be decoded correctly\n"); - ERR_print_errors_fp(stdout); + printf("Warning: Authenticode Timestamp could not be decoded correctly\n"); + ERR_print_errors_fp(stderr); continue; } time = time_t_get_si_time(countersi); @@ -2652,14 +2652,16 @@ static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7 if (cms) { if (!print_cms_timestamp(cms, time)) { CMS_ContentInfo_free(cms); - return INVALID_TIME; /* FAILED */ + printf("Warning: Authenticode Timestamp could not be decoded correctly\n"); + ERR_print_errors_fp(stderr); + continue; } *timestamp = cms; } else { - printf("Error: Corrupt Authenticode Timestamp embedded content\n"); + printf("Warning: Corrupt Authenticode Timestamp embedded content\n"); } } else { - printf("Error: PKCS9_TIMESTAMP_SIGNING_TIME attribute not found\n"); + printf("Warning: PKCS9_TIMESTAMP_SIGNING_TIME attribute not found\n"); PKCS7_SIGNER_INFO_free(countersi); } } else if (!strcmp(object_txt, SPC_RFC3161_OBJID)) { @@ -2672,27 +2674,29 @@ static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7 data = ASN1_STRING_get0_data(value); cms = d2i_CMS_ContentInfo(NULL, &data, ASN1_STRING_length(value)); if (cms == NULL) { - printf("Error: RFC3161 Timestamp could not be decoded correctly\n"); - ERR_print_errors_fp(stdout); + printf("Warning: RFC3161 Timestamp could not be decoded correctly\n"); + ERR_print_errors_fp(stderr); continue; } time = time_t_get_cms_time(cms); if (time != INVALID_TIME) { if (!print_cms_timestamp(cms, time)) { CMS_ContentInfo_free(cms); - return INVALID_TIME; /* FAILED */ + printf("Warning: RFC3161 Timestamp could not be decoded correctly\n"); + ERR_print_errors_fp(stderr); + continue; } *timestamp = cms; } else { - printf("Error: Corrupt RFC3161 Timestamp embedded content\n"); + printf("Warning: Corrupt RFC3161 Timestamp embedded content\n"); CMS_ContentInfo_free(cms); - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); } } else if (!strcmp(object_txt, SPC_UNAUTHENTICATED_DATA_BLOB_OBJID)) { /* Unauthenticated Data Blob - Policy OID: 1.3.6.1.4.1.42921.1.2.1 */ ASN1_STRING *blob = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTF8STRING, NULL); if (blob == NULL) { - printf("Error: Unauthenticated Data Blob could not be decoded correctly\n"); + printf("Warning: Unauthenticated Data Blob could not be decoded correctly\n"); continue; } if (verbose) { @@ -2854,7 +2858,7 @@ static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, } /* Convert PKCS7 into CMS_ContentInfo */ if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { - printf("Failed to convert pkcs7: %d\n", len); + fprintf(stderr, "Failed to convert pkcs7: %d\n", len); goto out; } len = i2d_PKCS7(p7, &p); @@ -2865,7 +2869,7 @@ static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, out: if (!cms) - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); PKCS7_free(p7); return cms; } @@ -2891,7 +2895,7 @@ static int verify_content_member_digest(FILE_FORMAT_CTX *ctx, ASN1_TYPE *content data = ASN1_STRING_get0_data(value); idc = d2i_SpcIndirectDataContent(NULL, &data, ASN1_STRING_length(value)); if (!idc) { - printf("Failed to extract SpcIndirectDataContent data\n"); + fprintf(stderr, "Failed to extract SpcIndirectDataContent data\n"); return 1; /* FAILED */ } if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { @@ -2900,19 +2904,19 @@ static int verify_content_member_digest(FILE_FORMAT_CTX *ctx, ASN1_TYPE *content memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); + fprintf(stderr, "Failed to extract current message digest\n\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } if (!ctx->format->digest_calc) { - printf("Unsupported method: digest_calc\n"); + fprintf(stderr, "Unsupported method: digest_calc\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = ctx->format->digest_calc(ctx, md); if (!cmdbuf) { - printf("Failed to compute a message digest value\n\n"); + fprintf(stderr, "Failed to compute a message digest value\n\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } @@ -2951,7 +2955,7 @@ static int verify_content(FILE_FORMAT_CTX *ctx, PKCS7 *p7) ctlc = ms_ctl_content_get(p7); if (!ctlc) { - printf("Failed to extract MS_CTL_OBJID data\n"); + fprintf(stderr, "Failed to extract MS_CTL_OBJID data\n"); return 1; /* FAILED */ } for (i = 0; i < sk_CatalogInfo_num(ctlc->header_attributes); i++) { @@ -2985,7 +2989,7 @@ static int verify_content(FILE_FORMAT_CTX *ctx, PKCS7 *p7) } } MsCtlContent_free(ctlc); - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); return 1; /* FAILED */ } @@ -3004,7 +3008,7 @@ static int verify_signature(FILE_FORMAT_CTX *ctx, PKCS7 *p7) signers = PKCS7_get0_signers(p7, NULL, 0); if (!signers || sk_X509_num(signers) != 1) { - printf("PKCS7_get0_signers error\n"); + fprintf(stderr, "PKCS7_get0_signers error\n"); return 1; /* FAILED */ } signer = sk_X509_value(signers, 0); @@ -3069,24 +3073,24 @@ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options) FILE_FORMAT_CTX *cat_ctx; if (!ctx->format->is_detaching_supported || !ctx->format->is_detaching_supported()) { - printf("This format does not support detached PKCS#7 signature\n"); + fprintf(stderr, "This format does not support detached PKCS#7 signature\n"); return 1; /* FAILED */ } printf("Checking the specified catalog file\n\n"); cat_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); if (!cat_options) { - printf("OPENSSL_memdup error.\n"); - return 1; /* Failed */ + fprintf(stderr, "OPENSSL_memdup error.\n"); + return 1; /* FAILED */ } cat_options->infile = options->catalog; cat_options->cmd = CMD_EXTRACT; cat_ctx = file_format_cat.ctx_new(cat_options, NULL, NULL); if (!cat_ctx) { - printf("CAT file initialization error\n"); - return 1; /* Failed */ + fprintf(stderr, "CAT file initialization error\n"); + return 1; /* FAILED */ } if (!cat_ctx->format->pkcs7_extract) { - printf("Unsupported command: extract-signature\n"); + fprintf(stderr, "Unsupported command: extract-signature\n"); return 1; /* FAILED */ } p7 = cat_ctx->format->pkcs7_extract(cat_ctx); @@ -3094,18 +3098,18 @@ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options) OPENSSL_free(cat_options); } else { if (!ctx->format->pkcs7_extract) { - printf("Unsupported command: extract-signature\n"); + fprintf(stderr, "Unsupported command: extract-signature\n"); return 1; /* FAILED */ } p7 = ctx->format->pkcs7_extract(ctx); } if (!p7) { - printf("Unable to extract existing signature\n"); + fprintf(stderr, "Unable to extract existing signature\n"); return 1; /* FAILED */ } signatures = signature_list_create(p7); if (!signatures) { - printf("Failed to create signature list\n\n"); + fprintf(stderr, "Failed to create signature list\n\n"); sk_PKCS7_pop_free(signatures, PKCS7_free); return 1; /* FAILED */ } @@ -3131,14 +3135,14 @@ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options) } verified++; } else { - printf("Unsupported method: verify_digests\n"); + fprintf(stderr, "Unsupported method: verify_digests\n"); return 1; /* FAILED */ } } printf("Number of verified signatures: %d\n", verified); sk_PKCS7_pop_free(signatures, PKCS7_free); if (ret) - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); return ret; } @@ -3155,17 +3159,17 @@ static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7) STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { - printf("Failed to obtain PKCS#7 signer info list\n"); + fprintf(stderr, "Failed to obtain PKCS#7 signer info list\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { - printf("Failed to obtain PKCS#7 signer info value\n"); + fprintf(stderr, "Failed to obtain PKCS#7 signer info value\n"); return 0; /* FAILED */ } signatures = sk_PKCS7_new(PKCS7_compare); if (!signatures) { - printf("Failed to create new signature list\n"); + fprintf(stderr, "Failed to create new signature list\n"); return 0; /* FAILED */ } /* Unauthenticated attributes */ @@ -3190,7 +3194,7 @@ static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7) data = ASN1_STRING_get0_data(value); nested = d2i_PKCS7(NULL, &data, ASN1_STRING_length(value)); if (nested && !sk_PKCS7_push(signatures, nested)) { - printf("Failed to add nested signature\n"); + fprintf(stderr, "Failed to add nested signature\n"); PKCS7_free(nested); sk_PKCS7_pop_free(signatures, PKCS7_free); return NULL; /* FAILED */ @@ -3274,7 +3278,7 @@ static PKCS7 *pkcs7_get_sigfile(FILE_FORMAT_CTX *ctx) } indata = map_file(ctx->options->sigfile, filesize); if (!indata) { - printf("Failed to open file: %s\n", ctx->options->sigfile); + fprintf(stderr, "Failed to open file: %s\n", ctx->options->sigfile); return NULL; /* FAILED */ } p7 = pkcs7_read_data(indata, filesize); @@ -3293,8 +3297,8 @@ static int check_attached_data(GLOBAL_OPTIONS *options) tmp_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); if (!tmp_options) { - printf("OPENSSL_memdup error.\n"); - return 1; /* Failed */ + fprintf(stderr, "OPENSSL_memdup error.\n"); + return 1; /* FAILED */ } tmp_options->infile = options->outfile; tmp_options->cmd = CMD_VERIFY; @@ -3311,15 +3315,15 @@ static int check_attached_data(GLOBAL_OPTIONS *options) if (!ctx) ctx = file_format_cat.ctx_new(tmp_options, NULL, NULL); if (!ctx) { - printf("Corrupt attached signature\n"); + fprintf(stderr, "Corrupt attached signature\n"); OPENSSL_free(tmp_options); - return 1; /* Failed */ + return 1; /* FAILED */ } if (verify_signed_file(ctx, tmp_options)) { - printf("Signature mismatch\n"); + fprintf(stderr, "Signature mismatch\n"); ctx->format->ctx_cleanup(ctx); OPENSSL_free(tmp_options); - return 1; /* Failed */ + return 1; /* FAILED */ } ctx->format->ctx_cleanup(ctx); OPENSSL_free(tmp_options); @@ -3720,15 +3724,15 @@ static char *getpassword(const char *prompt) nfl.c_lflag |= ECHONL; if (tcsetattr(fileno(stdin), TCSANOW, &nfl) != 0) { - printf("Failed to set terminal attributes\n"); - return NULL; + fprintf(stderr, "Failed to set terminal attributes\n"); + return NULL; /* FAILED */ } p = fgets(passbuf, sizeof passbuf, stdin); if (tcsetattr(fileno(stdin), TCSANOW, &ofl) != 0) - printf("Failed to restore terminal attributes\n"); + printf("Warning: Failed to restore terminal attributes\n"); if (!p) { - printf("Failed to read password\n"); - return NULL; + fprintf(stderr, "Failed to read password\n"); + return NULL; /* FAILED */ } passbuf[strlen(passbuf)-1] = 0x00; pass = OPENSSL_strdup(passbuf); @@ -3820,16 +3824,16 @@ static int read_pkcs12file(GLOBAL_OPTIONS *options) btmp = BIO_new_file(options->pkcs12file, "rb"); if (!btmp) { - printf("Failed to read PKCS#12 file: %s\n", options->pkcs12file); + fprintf(stderr, "Failed to read PKCS#12 file: %s\n", options->pkcs12file); return 0; /* FAILED */ } p12 = d2i_PKCS12_bio(btmp, NULL); if (!p12) { - printf("Failed to extract PKCS#12 data: %s\n", options->pkcs12file); + fprintf(stderr, "Failed to extract PKCS#12 data: %s\n", options->pkcs12file); goto out; /* FAILED */ } if (!PKCS12_parse(p12, options->pass ? options->pass : "", &options->pkey, &options->cert, &options->certs)) { - printf("Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file); + fprintf(stderr, "Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file); PKCS12_free(p12); goto out; /* FAILED */ } @@ -3879,7 +3883,7 @@ static int read_certfile(GLOBAL_OPTIONS *options) btmp = BIO_new_file(options->certfile, "rb"); if (!btmp) { - printf("Failed to read certificate file: %s\n", options->certfile); + fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); return 0; /* FAILED */ } /* .pem certificate file */ @@ -3917,7 +3921,7 @@ static int read_certfile(GLOBAL_OPTIONS *options) ret = 1; /* OK */ out: if (ret == 0) - printf("No certificate found\n"); + fprintf(stderr, "No certificate found\n"); BIO_free(btmp); return ret; } @@ -3934,12 +3938,12 @@ static int read_xcertfile(GLOBAL_OPTIONS *options) btmp = BIO_new_file(options->xcertfile, "rb"); if (!btmp) { - printf("Failed to read cross certificates file: %s\n", options->xcertfile); + fprintf(stderr, "Failed to read cross certificates file: %s\n", options->xcertfile); return 0; /* FAILED */ } options->xcerts = X509_chain_read_certs(btmp, NULL); if (!options->xcerts) { - printf("Failed to read cross certificates file: %s\n", options->xcertfile); + fprintf(stderr, "Failed to read cross certificates file: %s\n", options->xcertfile); goto out; /* FAILED */ } @@ -3961,7 +3965,7 @@ static int read_keyfile(GLOBAL_OPTIONS *options) btmp = BIO_new_file(options->keyfile, "rb"); if (!btmp) { - printf("Failed to read private key file: %s\n", options->keyfile); + fprintf(stderr, "Failed to read private key file: %s\n", options->keyfile); return 0; /* FAILED */ } if (((options->pkey = d2i_PrivateKey_bio(btmp, NULL)) == NULL && @@ -3969,7 +3973,7 @@ static int read_keyfile(GLOBAL_OPTIONS *options) (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : NULL)) == NULL && (BIO_seek(btmp, 0) == 0) && (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) { - printf("Failed to decode private key file: %s (Wrong password?)\n", options->keyfile); + fprintf(stderr, "Failed to decode private key file: %s (Wrong password?)\n", options->keyfile); goto out; /* FAILED */ } ret = 1; /* OK */ @@ -4023,7 +4027,7 @@ static int read_pvk_key(GLOBAL_OPTIONS *options) btmp = BIO_new_file(options->pvkfile, "rb"); if (!btmp) { - printf("Failed to read private key file: %s\n", options->pvkfile); + fprintf(stderr, "Failed to read private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } options->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : NULL); @@ -4033,7 +4037,7 @@ static int read_pvk_key(GLOBAL_OPTIONS *options) } BIO_free(btmp); if (!options->pkey) { - printf("Failed to decode private key file: %s\n", options->pvkfile); + fprintf(stderr, "Failed to decode private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } return 1; /* OK */ @@ -4053,7 +4057,7 @@ static ENGINE *engine_dynamic(GLOBAL_OPTIONS *options) engine = ENGINE_by_id("dynamic"); if (!engine) { - printf("Failed to load 'dynamic' engine\n"); + fprintf(stderr, "Failed to load 'dynamic' engine\n"); return NULL; /* FAILED */ } if (options->p11engine) { /* strip directory and extension */ @@ -4077,7 +4081,7 @@ static ENGINE *engine_dynamic(GLOBAL_OPTIONS *options) || !ENGINE_ctrl_cmd_string(engine, "ID", id, 0) || !ENGINE_ctrl_cmd_string(engine, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0)) { - printf("Failed to set 'dynamic' engine\n"); + fprintf(stderr, "Failed to set 'dynamic' engine\n"); ENGINE_free(engine); engine = NULL; /* FAILED */ } @@ -4094,7 +4098,7 @@ static ENGINE *engine_pkcs11(void) { ENGINE *engine = ENGINE_by_id("pkcs11"); if (!engine) { - printf("Failed to find and load 'pkcs11' engine\n"); + fprintf(stderr, "Failed to find and load 'pkcs11' engine\n"); return NULL; /* FAILED */ } return engine; /* OK */ @@ -4109,22 +4113,22 @@ static ENGINE *engine_pkcs11(void) static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine) { if (options->p11module && !ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", options->p11module, 0)) { - printf("Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module); + fprintf(stderr, "Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module); ENGINE_free(engine); return 0; /* FAILED */ } if (options->pass != NULL && !ENGINE_ctrl_cmd_string(engine, "PIN", options->pass, 0)) { - printf("Failed to set pkcs11 PIN\n"); + fprintf(stderr, "Failed to set pkcs11 PIN\n"); ENGINE_free(engine); return 0; /* FAILED */ } if (!ENGINE_init(engine)) { - printf("Failed to initialize pkcs11 engine\n"); + fprintf(stderr, "Failed to initialize pkcs11 engine\n"); ENGINE_free(engine); return 0; /* FAILED */ } if (options->login && !ENGINE_ctrl_cmd_string(engine, "FORCE_LOGIN", 0, 0)) { - printf("Failed to force a login to the pkcs11 engine\n"); + fprintf(stderr, "Failed to force a login to the pkcs11 engine\n"); ENGINE_free(engine); return 0; /* FAILED */ } @@ -4144,7 +4148,7 @@ static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine) parms.cert = NULL; ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); if (!parms.cert) { - printf("Failed to load certificate %s\n", options->p11cert); + fprintf(stderr, "Failed to load certificate %s\n", options->p11cert); ENGINE_finish(engine); return 0; /* FAILED */ } else @@ -4155,7 +4159,7 @@ static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine) /* Free the functional reference from ENGINE_init */ ENGINE_finish(engine); if (!options->pkey) { - printf("Failed to load private key %s\n", options->keyfile); + fprintf(stderr, "Failed to load private key %s\n", options->keyfile); return 0; /* FAILED */ } return 1; /* OK */ @@ -4325,7 +4329,7 @@ static int provider_load(OSSL_LIB_CTX *libctx, const char *pname) { OSSL_PROVIDER *prov= OSSL_PROVIDER_load(libctx, pname); if (prov == NULL) { - printf("Unable to load provider: %s\n", pname); + fprintf(stderr, "Unable to load provider: %s\n", pname); return 0; /* FAILED */ } if (providers == NULL) { @@ -4734,7 +4738,7 @@ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) } } if (cmd != CMD_VERIFY && file_exists(options->outfile)) { - printf("Overwriting an existing file is not supported.\n"); + fprintf(stderr, "Overwriting an existing file is not supported.\n"); return 0; /* FAILED */ } if (argc > 0 || @@ -4749,7 +4753,7 @@ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) #endif /* OPENSSL_NO_ENGINE */ options->pkcs12file))) { if (failarg) - printf("Unknown option: %s\n", failarg); + fprintf(stderr, "Unknown option: %s\n", failarg); usage(argv0, "all"); return 0; /* FAILED */ } @@ -5030,7 +5034,7 @@ int main(int argc, char **argv) providers_cleanup(); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (ret) - ERR_print_errors_fp(stdout); + ERR_print_errors_fp(stderr); if (options.cmd == CMD_HELP) ret = 0; /* OK */ else diff --git a/osslsigncode.h b/osslsigncode.h index c316b883..926b28bb 100644 --- a/osslsigncode.h +++ b/osslsigncode.h @@ -221,9 +221,9 @@ */ #define FLAG_RESERVE_PRESENT 0x0004 -#define DO_EXIT_0(x) { printf(x); goto err_cleanup; } -#define DO_EXIT_1(x, y) { printf(x, y); goto err_cleanup; } -#define DO_EXIT_2(x, y, z) { printf(x, y, z); goto err_cleanup; } +#define DO_EXIT_0(x) { fprintf(stderr, x); goto err_cleanup; } +#define DO_EXIT_1(x, y) { fprintf(stderr, x, y); goto err_cleanup; } +#define DO_EXIT_2(x, y, z) { fprintf(stderr, x, y, z); goto err_cleanup; } /* Default policy if request did not specify it. */ #define TSA_POLICY1 "1.2.3.4.1" diff --git a/pe.c b/pe.c index 97a475d5..f96400fc 100644 --- a/pe.c +++ b/pe.c @@ -251,7 +251,7 @@ static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (!pe_page_hash_get(&ph, &phlen, &phtype, idc->data)) { - printf("Failed to extract a page hash\n\n"); + fprintf(stderr, "Failed to extract a page hash\n\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } @@ -263,25 +263,25 @@ static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) } } if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); + fprintf(stderr, "Failed to extract current message digest\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = pe_digest_calc(ctx, md); if (!cmdbuf) { - printf("Failed to calculate message digest\n\n"); + fprintf(stderr, "Failed to calculate message digest\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } if (!compare_digests(mdbuf, cmdbuf, mdtype)) { - printf("Signature verification: failed\n\n"); + fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } if (!pe_verify_page_hash(ctx, ph, phlen, phtype)) { - printf("Signature verification: failed\n\n"); + fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 0; /* FAILED */ @@ -303,11 +303,11 @@ static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOpti u_char *ph = NULL; if (!pe_page_hash_get(&ph, &phlen, &phtype, obj)) { - printf("Failed to extract a page hash\n\n"); + fprintf(stderr, "Failed to extract a page hash\n\n"); return 0; /* FAILED */ } if (!pe_verify_page_hash(ctx, ph, phlen, phtype)) { - printf("Page hash verification: failed\n\n"); + fprintf(stderr, "Page hash verification: failed\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } @@ -353,7 +353,7 @@ static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) /* Strip current signature */ ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; if (!pe_modify_header(ctx, hash, outdata)) { - printf("Unable to modify file header\n"); + fprintf(stderr, "Unable to modify file header\n"); return 1; /* FAILED */ } return 0; /* OK */ @@ -373,7 +373,7 @@ static int pe_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; } if (!pe_modify_header(ctx, hash, outdata)) { - printf("Unable to modify file header\n"); + fprintf(stderr, "Unable to modify file header\n"); return 0; /* FAILED */ } return 1; /* OK */ @@ -391,21 +391,21 @@ static PKCS7 *pe_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { - printf("Creating a new signature failed\n"); + fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { - printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { - printf("Failed to get spcIndirectDataContent\n"); + fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { - printf("Failed to set signed content\n"); + fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ @@ -435,7 +435,7 @@ static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { - printf("i2d_PKCS memory allocation failed: %d\n", len); + fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); @@ -540,7 +540,7 @@ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) uint16_t magic; if (filesize < 64) { - printf("Corrupt DOS file - too short\n"); + fprintf(stderr, "Corrupt DOS file - too short\n"); return NULL; /* FAILED */ } /* SizeOfHeaders field specifies the combined size of an MS-DOS stub, PE header, @@ -549,15 +549,15 @@ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) * because of a bug when checking section names for compatibility purposes */ header_size = GET_UINT32_LE(indata + 60); if (header_size < 44 || header_size > filesize) { - printf("Unexpected SizeOfHeaders field: 0x%08X\n", header_size); + fprintf(stderr, "Unexpected SizeOfHeaders field: 0x%08X\n", header_size); return NULL; /* FAILED */ } if (filesize < header_size + 176) { - printf("Corrupt PE file - too short\n"); + fprintf(stderr, "Corrupt PE file - too short\n"); return NULL; /* FAILED */ } if (memcmp(indata + header_size, "PE\0\0", 4)) { - printf("Unrecognized DOS file type\n"); + fprintf(stderr, "Unrecognized DOS file type\n"); return NULL; /* FAILED */ } /* Magic field identifies the state of the image file. The most common number is @@ -570,7 +570,7 @@ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) } else if (magic == 0x10b) { pe32plus = 0; } else { - printf("Corrupt PE file - found unknown magic %04X\n", magic); + fprintf(stderr, "Corrupt PE file - found unknown magic %04X\n", magic); return NULL; /* FAILED */ } /* The image file checksum */ @@ -579,7 +579,7 @@ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) * in the remainder of the optional header. Each describes a location and size. */ nrvas = GET_UINT32_LE(indata + header_size + 116 + pe32plus * 16); if (nrvas < 5) { - printf("Can not handle PE files without certificate table resource\n"); + fprintf(stderr, "Can not handle PE files without certificate table resource\n"); return NULL; /* FAILED */ } /* Certificate Table field specifies the attribute certificate table address (4 bytes) and size (4 bytes) */ @@ -589,7 +589,7 @@ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) that signature should be last part of file */ if ((sigpos != 0 || siglen != 0) && (sigpos == 0 || siglen == 0 || sigpos >= filesize || sigpos + siglen != filesize)) { - printf("Ignoring PE signature not at the end of the file\n"); + printf("Warning: Ignoring PE signature not at the end of the file\n"); sigpos = 0; siglen = 0; } @@ -617,7 +617,7 @@ static PKCS7 *pe_pkcs7_get_file(char *indata, PE_CTX *pe_ctx) uint32_t pos = 0; if (pe_ctx->siglen == 0 || pe_ctx->siglen > pe_ctx->fileend) { - printf("Corrupted signature length: 0x%08X\n", pe_ctx->siglen); + fprintf(stderr, "Corrupted signature length: 0x%08X\n", pe_ctx->siglen); return NULL; /* FAILED */ } while (pos < pe_ctx->siglen) { @@ -780,7 +780,7 @@ static BIO *pe_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md) BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return 0; /* FAILED */ } @@ -805,7 +805,7 @@ static BIO *pe_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md) } idx += (uint32_t)written + 8; if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { - printf("Unable to calculate digest\n"); + fprintf(stderr, "Unable to calculate digest\n"); BIO_free_all(bhash); return 0; /* FAILED */ } @@ -918,7 +918,7 @@ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) * which immediately follows the headers, can be up to 65535 under Vista and later */ nsections = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 6); if (nsections == 0) { - printf("Corrupted number of sections: 0x%08X\n", nsections); + fprintf(stderr, "Corrupted number of sections: 0x%08X\n", nsections); return NULL; /* FAILED */ } /* FileAlignment is the alignment factor (in bytes) that is used to align @@ -926,7 +926,7 @@ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) * of 2 between 512 and 64 K, inclusive. The default is 512. */ alignment = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 60); if (alignment < 512 || alignment > UINT16_MAX) { - printf("Corrupted file alignment factor: 0x%08X\n", alignment); + fprintf(stderr, "Corrupted file alignment factor: 0x%08X\n", alignment); return NULL; /* FAILED */ } /* SectionAlignment is the alignment (in bytes) of sections when they are @@ -936,14 +936,14 @@ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) * https://devblogs.microsoft.com/oldnewthing/20210510-00/?p=105200 */ pagesize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 56); if (pagesize == 0 || pagesize < alignment || pagesize > 4194304) { - printf("Corrupted page size: 0x%08X\n", pagesize); + fprintf(stderr, "Corrupted page size: 0x%08X\n", pagesize); return NULL; /* FAILED */ } /* SizeOfHeaders is the combined size of an MS-DOS stub, PE header, * and section headers rounded up to a multiple of FileAlignment. */ hdrsize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 84); if (hdrsize < ctx->pe_ctx->header_size || hdrsize > UINT32_MAX) { - printf("Corrupted headers size: 0x%08X\n", hdrsize); + fprintf(stderr, "Corrupted headers size: 0x%08X\n", hdrsize); return NULL; /* FAILED */ } /* SizeOfOptionalHeader is the size of the optional header, which is @@ -951,7 +951,7 @@ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) * and can't be bigger than the file */ opthdr_size = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 20); if (opthdr_size == 0 || opthdr_size > ctx->pe_ctx->fileend) { - printf("Corrupted optional header size: 0x%08X\n", opthdr_size); + fprintf(stderr, "Corrupted optional header size: 0x%08X\n", opthdr_size); return NULL; /* FAILED */ } pphlen = 4 + EVP_MD_size(md); @@ -959,7 +959,7 @@ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } @@ -1006,7 +1006,7 @@ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) PUT_UINT32_LE(ro + l, res + pi*pphlen); bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); OPENSSL_free(zeroes); OPENSSL_free(res); @@ -1099,7 +1099,7 @@ static SpcLink *pe_page_hash_link_get(FILE_FORMAT_CTX *ctx, int phtype) ph = pe_page_hash_calc(&phlen, ctx, phtype); if (!ph) { - printf("Failed to calculate page hash\n"); + fprintf(stderr, "Failed to calculate page hash\n"); return NULL; /* FAILED */ } if (ctx->options->verbose) @@ -1170,20 +1170,20 @@ static int pe_check_file(FILE_FORMAT_CTX *ctx) uint32_t real_pe_checksum, sum = 0; if (!ctx) { - printf("Init error\n\n"); + fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } real_pe_checksum = pe_calc_realchecksum(ctx); if (ctx->pe_ctx->pe_checksum == real_pe_checksum) { - printf("PE checksum : %08X\n\n", real_pe_checksum); + printf("PE checksum : %08X\n", real_pe_checksum); } else { printf("Current PE checksum : %08X\n", ctx->pe_ctx->pe_checksum); printf("Calculated PE checksum: %08X\n", real_pe_checksum); - printf("Warning: invalid PE checksum\n\n"); + printf("Warning: invalid PE checksum\n"); } if (ctx->pe_ctx->sigpos == 0 || ctx->pe_ctx->siglen == 0 || ctx->pe_ctx->sigpos > ctx->pe_ctx->fileend) { - printf("No signature found\n\n"); + fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } /* @@ -1193,9 +1193,9 @@ static int pe_check_file(FILE_FORMAT_CTX *ctx) while (sum < ctx->pe_ctx->siglen) { uint32_t len = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->sigpos + sum); if (ctx->pe_ctx->siglen - len > 8) { - printf("Corrupted attribute certificate table\n"); - printf("Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); - printf("Attribute certificate entry length: %08X\n\n", len); + fprintf(stderr, "Corrupted attribute certificate table\n"); + fprintf(stderr, "Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); + fprintf(stderr, "Attribute certificate entry length: %08X\n\n", len); return 0; /* FAILED */ } /* quadword align data */ @@ -1203,9 +1203,9 @@ static int pe_check_file(FILE_FORMAT_CTX *ctx) sum += len; } if (sum != ctx->pe_ctx->siglen) { - printf("Corrupted attribute certificate table\n"); - printf("Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); - printf("Sum of the rounded dwLength values: %08X\n\n", sum); + fprintf(stderr, "Corrupted attribute certificate table\n"); + fprintf(stderr, "Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); + fprintf(stderr, "Sum of the rounded dwLength values: %08X\n\n", sum); return 0; /* FAILED */ } return 1; /* OK */ diff --git a/script.c b/script.c index 8b476ba1..32a7ad3b 100644 --- a/script.c +++ b/script.c @@ -243,7 +243,7 @@ static u_char *script_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) BIO *hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); return NULL; /* FAILED */ } @@ -286,7 +286,7 @@ static int script_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) } } if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); + fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); @@ -299,7 +299,7 @@ static int script_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) BIO_free_all(bhash); if (!compare_digests(mdbuf, cmdbuf, mdtype)) { - printf("Signature verification: failed\n\n"); + fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } @@ -346,7 +346,7 @@ static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx) /* allocate memory for cleaned Base64 */ clean_base64 = OPENSSL_malloc(base64_len); if (!clean_base64) { - printf("Malloc failed\n"); + fprintf(stderr, "Malloc failed\n"); goto cleanup; } @@ -355,7 +355,7 @@ static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx) /* find the opening tag */ for(;;) { if (ptr + open_tag_len >= base64_data + base64_len) { - printf("Signature line too long\n"); + fprintf(stderr, "Signature line too long\n"); goto cleanup; } if (!memcmp(ptr, open_tag, (size_t)open_tag_len)) { @@ -375,7 +375,7 @@ static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx) /* copy until the closing tag */ for(;;) { if (ptr + close_tag_len >= base64_data + base64_len) { - printf("Signature line too long\n"); + fprintf(stderr, "Signature line too long\n"); goto cleanup; } if (close_tag_len) { @@ -473,21 +473,21 @@ static PKCS7 *script_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { - printf("Creating a new signature failed\n"); + fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { - printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { - printf("Failed to get spcIndirectDataContent\n"); + fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { - printf("Failed to set signed content\n"); + fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ @@ -784,13 +784,13 @@ static BIO *script_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md) fileend = ctx->script_ctx->fileend; if (!BIO_set_md(hash, md)) { - printf("Unable to set the message digest of BIO\n"); + fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); return NULL; /* FAILED */ } BIO_push(hash, BIO_new(BIO_s_null())); if (!script_digest_convert(hash, ctx, fileend)) { - printf("Unable calc a message digest value\n"); + fprintf(stderr, "Unable calc a message digest value\n"); BIO_free_all(hash); return NULL; /* FAILED */ } @@ -852,12 +852,12 @@ static int script_write_bio(BIO *bio, char *indata, size_t len) static int script_check_file(FILE_FORMAT_CTX *ctx) { if (!ctx) { - printf("Init error\n\n"); + fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } if (ctx->script_ctx->sigpos == 0 || ctx->script_ctx->sigpos > ctx->script_ctx->fileend) { - printf("No signature found\n\n"); + fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } diff --git a/tests/exec.py b/tests/exec.py index 80e7c074..0aa9171a 100644 --- a/tests/exec.py +++ b/tests/exec.py @@ -2,7 +2,7 @@ """Implementation of a single ctest script.""" import sys -import subprocess +from subprocess import Popen, PIPE def parse(value): @@ -19,7 +19,11 @@ def main() -> None: if len(sys.argv) > 1: try: params = map(parse, sys.argv[1:]) - proc = subprocess.run(params, check=True) + proc = Popen(params, stdout=PIPE, stderr=PIPE, text=True) + stdout, stderr = proc.communicate() + print(stdout, file=sys.stderr) + if stderr: + print("Error:\n" + "-" * 58 + "\n" + stderr, file=sys.stderr) sys.exit(proc.returncode) except Exception as err: # pylint: disable=broad-except # all exceptions are critical