mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
5776e92058
--HG-- rename : security/coreconf/AIX.mk => security/nss/coreconf/AIX.mk rename : security/coreconf/Android.mk => security/nss/coreconf/Android.mk rename : security/coreconf/BSD_OS.mk => security/nss/coreconf/BSD_OS.mk rename : security/coreconf/BeOS.mk => security/nss/coreconf/BeOS.mk rename : security/coreconf/Darwin.mk => security/nss/coreconf/Darwin.mk rename : security/coreconf/FreeBSD.mk => security/nss/coreconf/FreeBSD.mk rename : security/coreconf/HP-UX.mk => security/nss/coreconf/HP-UX.mk rename : security/coreconf/HP-UXA.09.03.mk => security/nss/coreconf/HP-UXA.09.03.mk rename : security/coreconf/HP-UXA.09.07.mk => security/nss/coreconf/HP-UXA.09.07.mk rename : security/coreconf/HP-UXA.09.mk => security/nss/coreconf/HP-UXA.09.mk rename : security/coreconf/HP-UXB.10.01.mk => security/nss/coreconf/HP-UXB.10.01.mk rename : security/coreconf/HP-UXB.10.10.mk => security/nss/coreconf/HP-UXB.10.10.mk rename : security/coreconf/HP-UXB.10.20.mk => security/nss/coreconf/HP-UXB.10.20.mk rename : security/coreconf/HP-UXB.10.30.mk => security/nss/coreconf/HP-UXB.10.30.mk rename : security/coreconf/HP-UXB.10.mk => security/nss/coreconf/HP-UXB.10.mk rename : security/coreconf/HP-UXB.11.00.mk => security/nss/coreconf/HP-UXB.11.00.mk rename : security/coreconf/HP-UXB.11.11.mk => security/nss/coreconf/HP-UXB.11.11.mk rename : security/coreconf/HP-UXB.11.20.mk => security/nss/coreconf/HP-UXB.11.20.mk rename : security/coreconf/HP-UXB.11.22.mk => security/nss/coreconf/HP-UXB.11.22.mk rename : security/coreconf/HP-UXB.11.23.mk => security/nss/coreconf/HP-UXB.11.23.mk rename : security/coreconf/HP-UXB.11.mk => security/nss/coreconf/HP-UXB.11.mk rename : security/coreconf/IRIX.mk => security/nss/coreconf/IRIX.mk rename : security/coreconf/IRIX5.2.mk => security/nss/coreconf/IRIX5.2.mk rename : security/coreconf/IRIX5.3.mk => security/nss/coreconf/IRIX5.3.mk rename : security/coreconf/IRIX5.mk => security/nss/coreconf/IRIX5.mk rename : security/coreconf/IRIX6.2.mk => security/nss/coreconf/IRIX6.2.mk rename : security/coreconf/IRIX6.3.mk => security/nss/coreconf/IRIX6.3.mk rename : security/coreconf/IRIX6.5.mk => security/nss/coreconf/IRIX6.5.mk rename : security/coreconf/IRIX6.mk => security/nss/coreconf/IRIX6.mk rename : security/coreconf/Linux.mk => security/nss/coreconf/Linux.mk rename : security/coreconf/Makefile => security/nss/coreconf/Makefile rename : security/coreconf/NCR3.0.mk => security/nss/coreconf/NCR3.0.mk rename : security/coreconf/NEC4.2.mk => security/nss/coreconf/NEC4.2.mk rename : security/coreconf/NetBSD.mk => security/nss/coreconf/NetBSD.mk rename : security/coreconf/OS2.mk => security/nss/coreconf/OS2.mk rename : security/coreconf/OSF1.mk => security/nss/coreconf/OSF1.mk rename : security/coreconf/OSF1V3.0.mk => security/nss/coreconf/OSF1V2.0.mk rename : security/coreconf/OSF1V3.0.mk => security/nss/coreconf/OSF1V3.0.mk rename : security/coreconf/OSF1V3.2.mk => security/nss/coreconf/OSF1V3.2.mk rename : security/coreconf/OSF1V4.0.mk => security/nss/coreconf/OSF1V4.0.mk rename : security/coreconf/OSF1V4.0B.mk => security/nss/coreconf/OSF1V4.0B.mk rename : security/coreconf/OSF1V4.0D.mk => security/nss/coreconf/OSF1V4.0D.mk rename : security/coreconf/OSF1V5.0.mk => security/nss/coreconf/OSF1V5.0.mk rename : security/coreconf/OSF1V5.1.mk => security/nss/coreconf/OSF1V5.1.mk rename : security/coreconf/OpenBSD.mk => security/nss/coreconf/OpenBSD.mk rename : security/coreconf/OpenUNIX.mk => security/nss/coreconf/OpenUNIX.mk rename : security/coreconf/QNX.mk => security/nss/coreconf/QNX.mk rename : security/coreconf/README => security/nss/coreconf/README rename : security/coreconf/RISCOS.mk => security/nss/coreconf/RISCOS.mk rename : security/coreconf/ReliantUNIX.mk => security/nss/coreconf/ReliantUNIX.mk rename : security/coreconf/ReliantUNIX5.4.mk => security/nss/coreconf/ReliantUNIX5.4.mk rename : security/coreconf/SCOOS5.0.mk => security/nss/coreconf/SCOOS5.0.mk rename : security/coreconf/SCO_SV3.2.mk => security/nss/coreconf/SCO_SV3.2.mk rename : security/coreconf/SunOS4.1.3_U1.mk => security/nss/coreconf/SunOS4.1.3_U1.mk rename : security/coreconf/UNIX.mk => security/nss/coreconf/UNIX.mk rename : security/coreconf/UNIXWARE2.1.mk => security/nss/coreconf/UNIXWARE2.1.mk rename : security/coreconf/WIN95.mk => security/nss/coreconf/WIN95.mk rename : security/coreconf/WINNT.mk => security/nss/coreconf/WINNT.mk rename : security/coreconf/arch.mk => security/nss/coreconf/arch.mk rename : security/coreconf/command.mk => security/nss/coreconf/command.mk rename : security/coreconf/coreconf.pl => security/nss/coreconf/coreconf.pl rename : security/coreconf/cpdist.pl => security/nss/coreconf/cpdist.pl rename : security/coreconf/headers.mk => security/nss/coreconf/headers.mk rename : security/coreconf/import.pl => security/nss/coreconf/import.pl rename : security/coreconf/jdk.mk => security/nss/coreconf/jdk.mk rename : security/coreconf/jniregen.pl => security/nss/coreconf/jniregen.pl rename : security/coreconf/location.mk => security/nss/coreconf/location.mk rename : security/coreconf/mkdepend/Makefile => security/nss/coreconf/mkdepend/Makefile rename : security/coreconf/mkdepend/cppsetup.c => security/nss/coreconf/mkdepend/cppsetup.c rename : security/coreconf/mkdepend/def.h => security/nss/coreconf/mkdepend/def.h rename : security/coreconf/mkdepend/ifparser.c => security/nss/coreconf/mkdepend/ifparser.c rename : security/coreconf/mkdepend/ifparser.h => security/nss/coreconf/mkdepend/ifparser.h rename : security/coreconf/mkdepend/imakemdep.h => security/nss/coreconf/mkdepend/imakemdep.h rename : security/coreconf/mkdepend/include.c => security/nss/coreconf/mkdepend/include.c rename : security/coreconf/mkdepend/main.c => security/nss/coreconf/mkdepend/main.c rename : security/coreconf/mkdepend/mkdepend.man => security/nss/coreconf/mkdepend/mkdepend.man rename : security/coreconf/mkdepend/parse.c => security/nss/coreconf/mkdepend/parse.c rename : security/coreconf/mkdepend/pr.c => security/nss/coreconf/mkdepend/pr.c rename : security/coreconf/module.mk => security/nss/coreconf/module.mk rename : security/coreconf/nsinstall/Makefile => security/nss/coreconf/nsinstall/Makefile rename : security/coreconf/nsinstall/nsinstall.c => security/nss/coreconf/nsinstall/nsinstall.c rename : security/coreconf/nsinstall/pathsub.c => security/nss/coreconf/nsinstall/pathsub.c rename : security/coreconf/nsinstall/pathsub.h => security/nss/coreconf/nsinstall/pathsub.h rename : security/coreconf/nsinstall/sunos4.h => security/nss/coreconf/nsinstall/sunos4.h rename : security/coreconf/outofdate.pl => security/nss/coreconf/outofdate.pl rename : security/coreconf/prefix.mk => security/nss/coreconf/prefix.mk rename : security/coreconf/release.pl => security/nss/coreconf/release.pl rename : security/coreconf/rules.mk => security/nss/coreconf/rules.mk rename : security/coreconf/ruleset.mk => security/nss/coreconf/ruleset.mk rename : security/coreconf/source.mk => security/nss/coreconf/source.mk rename : security/coreconf/suffix.mk => security/nss/coreconf/suffix.mk rename : security/coreconf/tree.mk => security/nss/coreconf/tree.mk rename : security/coreconf/version.mk => security/nss/coreconf/version.mk rename : security/coreconf/version.pl => security/nss/coreconf/version.pl rename : security/dbm/config/config.mk => security/nss/lib/dbm/config/config.mk rename : dbm/include/cdefs.h => security/nss/lib/dbm/include/cdefs.h rename : dbm/include/extern.h => security/nss/lib/dbm/include/extern.h rename : dbm/include/hash.h => security/nss/lib/dbm/include/hash.h rename : dbm/include/search.h => security/nss/lib/dbm/include/hsearch.h rename : dbm/include/mcom_db.h => security/nss/lib/dbm/include/mcom_db.h rename : dbm/include/mpool.h => security/nss/lib/dbm/include/mpool.h rename : dbm/include/ncompat.h => security/nss/lib/dbm/include/ncompat.h rename : dbm/include/page.h => security/nss/lib/dbm/include/page.h rename : dbm/include/queue.h => security/nss/lib/dbm/include/queue.h rename : dbm/include/search.h => security/nss/lib/dbm/include/search.h rename : dbm/include/winfile.h => security/nss/lib/dbm/include/winfile.h rename : dbm/src/db.c => security/nss/lib/dbm/src/db.c rename : security/dbm/src/dirent.c => security/nss/lib/dbm/src/dirent.c rename : security/dbm/src/dirent.h => security/nss/lib/dbm/src/dirent.h rename : dbm/src/h_bigkey.c => security/nss/lib/dbm/src/h_bigkey.c rename : dbm/src/h_func.c => security/nss/lib/dbm/src/h_func.c rename : dbm/src/h_log2.c => security/nss/lib/dbm/src/h_log2.c rename : dbm/src/h_page.c => security/nss/lib/dbm/src/h_page.c rename : dbm/src/hash.c => security/nss/lib/dbm/src/hash.c rename : dbm/src/hash_buf.c => security/nss/lib/dbm/src/hash_buf.c rename : dbm/src/memmove.c => security/nss/lib/dbm/src/memmove.c rename : dbm/src/mktemp.c => security/nss/lib/dbm/src/mktemp.c rename : dbm/src/snprintf.c => security/nss/lib/dbm/src/snprintf.c rename : dbm/src/strerror.c => security/nss/lib/dbm/src/strerror.c rename : dbm/tests/dbmtest.pkg => security/nss/lib/dbm/tests/dbmtest.pkg rename : dbm/tests/lots.c => security/nss/lib/dbm/tests/lots.c extra : rebase_source : 119dad5f824e8e760182047fd32e2a0d0f944172 extra : amend_source : 98e24aa51f9044d9091a26f013b643925e8f9dcf
340 lines
7.6 KiB
C
340 lines
7.6 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "signtool.h"
|
|
|
|
|
|
static int jar_cb(int status, JAR *jar, const char *metafile,
|
|
char *pathname, char *errortext);
|
|
static int verify_global (JAR *jar);
|
|
|
|
/*************************************************************************
|
|
*
|
|
* V e r i f y J a r
|
|
*/
|
|
int
|
|
VerifyJar(char *filename)
|
|
{
|
|
FILE * fp;
|
|
|
|
int ret;
|
|
int status;
|
|
int failed = 0;
|
|
char *err;
|
|
|
|
JAR * jar;
|
|
JAR_Context * ctx;
|
|
|
|
JAR_Item * it;
|
|
|
|
jar = JAR_new();
|
|
|
|
if ((fp = fopen (filename, "r")) == NULL) {
|
|
perror (filename);
|
|
exit (ERRX);
|
|
} else
|
|
fclose (fp);
|
|
|
|
JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
|
|
|
|
|
|
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
|
|
|
|
if (status < 0 || jar->valid < 0) {
|
|
failed = 1;
|
|
PR_fprintf(outputFD,
|
|
"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
|
|
filename);
|
|
if (status < 0) {
|
|
const char *errtext;
|
|
|
|
if (status >= JAR_BASE && status <= JAR_BASE_END) {
|
|
errtext = JAR_get_error (status);
|
|
} else {
|
|
errtext = SECU_Strerror(PORT_GetError());
|
|
}
|
|
|
|
PR_fprintf(outputFD, " (reported reason: %s)\n\n",
|
|
errtext);
|
|
|
|
/* corrupt files should not have their contents listed */
|
|
|
|
if (status == JAR_ERR_CORRUPT)
|
|
return - 1;
|
|
}
|
|
PR_fprintf(outputFD,
|
|
"entries shown below will have their digests checked only.\n");
|
|
jar->valid = 0;
|
|
} else
|
|
PR_fprintf(outputFD,
|
|
"archive \"%s\" has passed crypto verification.\n", filename);
|
|
|
|
if (verify_global (jar))
|
|
failed = 1;
|
|
|
|
PR_fprintf(outputFD, "\n");
|
|
PR_fprintf(outputFD, "%16s %s\n", "status", "path");
|
|
PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------");
|
|
|
|
ctx = JAR_find (jar, NULL, jarTypeMF);
|
|
|
|
while (JAR_find_next (ctx, &it) >= 0) {
|
|
if (it && it->pathname) {
|
|
rm_dash_r(TMP_OUTPUT);
|
|
ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
|
|
/* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
|
|
if (ret < 0)
|
|
failed = 1;
|
|
|
|
if (ret == JAR_ERR_PNF)
|
|
err = "NOT PRESENT";
|
|
else if (ret == JAR_ERR_HASH)
|
|
err = "HASH FAILED";
|
|
else
|
|
err = "NOT VERIFIED";
|
|
|
|
PR_fprintf(outputFD, "%16s %s\n",
|
|
ret >= 0 ? "verified" : err, it->pathname);
|
|
|
|
if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
|
|
PR_fprintf(outputFD, " (reason: %s)\n",
|
|
JAR_get_error (ret));
|
|
}
|
|
}
|
|
|
|
JAR_find_end (ctx);
|
|
|
|
if (status < 0 || jar->valid < 0) {
|
|
failed = 1;
|
|
PR_fprintf(outputFD,
|
|
"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
|
|
filename);
|
|
give_help (status);
|
|
}
|
|
|
|
JAR_destroy (jar);
|
|
|
|
if (failed)
|
|
return - 1;
|
|
return 0;
|
|
}
|
|
|
|
|
|
/***************************************************************************
|
|
*
|
|
* v e r i f y _ g l o b a l
|
|
*/
|
|
static int
|
|
verify_global (JAR *jar)
|
|
{
|
|
FILE * fp;
|
|
JAR_Context * ctx;
|
|
JAR_Item * it;
|
|
JAR_Digest * globaldig;
|
|
char * ext;
|
|
unsigned char *md5_digest, *sha1_digest;
|
|
unsigned int sha1_length, md5_length;
|
|
int retval = 0;
|
|
char buf [BUFSIZ];
|
|
|
|
ctx = JAR_find (jar, "*", jarTypePhy);
|
|
|
|
while (JAR_find_next (ctx, &it) >= 0) {
|
|
if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
|
|
for (ext = it->pathname; *ext; ext++)
|
|
;
|
|
while (ext > it->pathname && *ext != '.')
|
|
ext--;
|
|
|
|
if (verbosity >= 0) {
|
|
if (!PORT_Strcasecmp (ext, ".rsa")) {
|
|
PR_fprintf(outputFD, "found a RSA signature file: %s\n",
|
|
it->pathname);
|
|
}
|
|
|
|
if (!PORT_Strcasecmp (ext, ".dsa")) {
|
|
PR_fprintf(outputFD, "found a DSA signature file: %s\n",
|
|
it->pathname);
|
|
}
|
|
|
|
if (!PORT_Strcasecmp (ext, ".mf")) {
|
|
PR_fprintf(outputFD,
|
|
"found a MF master manifest file: %s\n",
|
|
it->pathname);
|
|
}
|
|
}
|
|
|
|
if (!PORT_Strcasecmp (ext, ".sf")) {
|
|
if (verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
"found a SF signature manifest file: %s\n",
|
|
it->pathname);
|
|
}
|
|
|
|
rm_dash_r(TMP_OUTPUT);
|
|
if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
|
|
PR_fprintf(errorFD, "%s: error extracting %s\n",
|
|
PROGRAM_NAME, it->pathname);
|
|
errorCount++;
|
|
retval = -1;
|
|
continue;
|
|
}
|
|
|
|
md5_digest = NULL;
|
|
sha1_digest = NULL;
|
|
|
|
if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
|
|
while (fgets (buf, BUFSIZ, fp)) {
|
|
char *s;
|
|
|
|
if (*buf == 0 || *buf == '\n' || *buf == '\r')
|
|
break;
|
|
|
|
for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
|
|
;
|
|
*s = 0;
|
|
|
|
if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
|
|
md5_digest =
|
|
ATOB_AsciiToData (buf + 12, &md5_length);
|
|
}
|
|
if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
|
|
sha1_digest =
|
|
ATOB_AsciiToData (buf + 13, &sha1_length);
|
|
}
|
|
if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
|
|
sha1_digest =
|
|
ATOB_AsciiToData (buf + 12, &sha1_length);
|
|
}
|
|
}
|
|
|
|
globaldig = jar->globalmeta;
|
|
|
|
if (globaldig && md5_digest && verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
" md5 digest on global metainfo: %s\n",
|
|
PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
|
|
? "no match" : "match");
|
|
}
|
|
|
|
if (globaldig && sha1_digest && verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
" sha digest on global metainfo: %s\n",
|
|
PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
|
|
? "no match" : "match");
|
|
}
|
|
|
|
if (globaldig == NULL && verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
"global metadigest is not available, strange.\n");
|
|
}
|
|
|
|
fclose (fp);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
JAR_find_end (ctx);
|
|
|
|
return retval;
|
|
}
|
|
|
|
|
|
/************************************************************************
|
|
*
|
|
* J a r W h o
|
|
*/
|
|
int
|
|
JarWho(char *filename)
|
|
{
|
|
FILE * fp;
|
|
|
|
JAR * jar;
|
|
JAR_Context * ctx;
|
|
|
|
int status;
|
|
int retval = 0;
|
|
|
|
JAR_Item * it;
|
|
JAR_Cert * fing;
|
|
|
|
CERTCertificate * cert, *prev = NULL;
|
|
|
|
jar = JAR_new();
|
|
|
|
if ((fp = fopen (filename, "r")) == NULL) {
|
|
perror (filename);
|
|
exit (ERRX);
|
|
}
|
|
fclose (fp);
|
|
|
|
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
|
|
|
|
if (status < 0 || jar->valid < 0) {
|
|
PR_fprintf(outputFD,
|
|
"NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
|
|
filename);
|
|
retval = -1;
|
|
if (jar->valid < 0 || status != -1) {
|
|
const char *errtext;
|
|
|
|
if (status >= JAR_BASE && status <= JAR_BASE_END) {
|
|
errtext = JAR_get_error (status);
|
|
} else {
|
|
errtext = SECU_Strerror(PORT_GetError());
|
|
}
|
|
|
|
PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
|
|
}
|
|
}
|
|
|
|
PR_fprintf(outputFD, "\nSigner information:\n\n");
|
|
|
|
ctx = JAR_find (jar, NULL, jarTypeSign);
|
|
|
|
while (JAR_find_next (ctx, &it) >= 0) {
|
|
fing = (JAR_Cert * ) it->data;
|
|
cert = fing->cert;
|
|
|
|
if (cert) {
|
|
if (prev == cert)
|
|
break;
|
|
|
|
if (cert->nickname)
|
|
PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
|
|
if (cert->subjectName)
|
|
PR_fprintf(outputFD, "subject name: %s\n",
|
|
cert->subjectName);
|
|
if (cert->issuerName)
|
|
PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
|
|
} else {
|
|
PR_fprintf(outputFD, "no certificate could be found\n");
|
|
retval = -1;
|
|
}
|
|
|
|
prev = cert;
|
|
}
|
|
|
|
JAR_find_end (ctx);
|
|
|
|
JAR_destroy (jar);
|
|
return retval;
|
|
}
|
|
|
|
|
|
/************************************************************************
|
|
* j a r _ c b
|
|
*/
|
|
static int jar_cb(int status, JAR *jar, const char *metafile,
|
|
char *pathname, char *errortext)
|
|
{
|
|
PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,
|
|
pathname);
|
|
errorCount++;
|
|
return 0;
|
|
}
|
|
|
|
|