search

mtrojnar / osslsigncode

OpenSSL based Authenticode signing for PE/MSI/Java CAB files
Other
778 stars 131 forks source link

signed cab files seem to be corrupted #302

Closed adb014 closed 1 year ago

adb014 commented 1 year ago

Here is my test case

openssl genrsa -out MyCert.key 4096 > /dev/null 2>&1
yes '' | openssl req -x509 -nodes -key MyCert.key -extensions v3_ca -sha256 -days 180 -out MyCert.pem > /dev/null 2>&1
echo "Test file" > test.txt
lcab test.txt test-unsigned.cab
osslsigncode sign -certs MyCert.pem -key MyCert.key -in test-unsigned.cab -out test.cab 
osslsigncode verify -CAfile MyCert.pem test.cab
rm test.txt
cabextract test.cab
cabextract test-unsigned.cab

with the results 

$ openssl genrsa -out MyCert.key 4096 > /dev/null 2>&1
$ yes '' | openssl req -x509 -nodes -key MyCert.key -extensions v3_ca -sha256 -days 180 -out MyCert.pem > /dev/null 2>&1
$ echo "Test file" > test.txt
$ lcab test.txt test-unsigned.cab
lcab v1.0b11 (2003) by Rien (rien@geekshop.be)
nopath          : no
recursive       : no
quiet           : no
inputfiles      : test.txt
outputfile      : test-unsigned.txt
cabfile         : 20 bytes (approx. 0.02 Kbytes)
cfileInit: test.txt localtime:
tmp,header,folder,.
done
$ osslsigncode sign -certs MyCert.pem -key MyCert.key -in test-unsigned.cab -out test.cab 
Suceeded
$ osslsigncode verify -CAfile MyCert.pem test.cab

Message digest algorithm  : SHA256
Current message digest    : 58343B70890AE2E41C1095761EB5D2D0CAD62E8DCF9B9C5AA25B5B7B73037046
Calculated message digest : 58343B70890AE2E41C1095761EB5D2D0CAD62E8DCF9B9C5AA25B5B7B73037046

Signature Index: 0  (Primary Signature)
Signer's certificate:
        Signer #0:
                Subject: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
                Issuer : /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
                Serial : 41A3407EFE6CB1CA169A86BB15864CA9D1EF511C
                Certificate expiration date:
                        notBefore : Sep 15 16:17:35 2023 GMT
                        notAfter : Mar 13 16:17:35 2024 GMT

Number of certificates: 1
        Signer #0:
                Subject: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
                Issuer : /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
                Serial : 41A3407EFE6CB1CA169A86BB15864CA9D1EF511C
                Certificate expiration date:
                        notBefore : Sep 15 16:17:35 2023 GMT
                        notAfter : Mar 13 16:17:35 2024 GMT

Message digest algorithm: SHA256

Authenticated attributes:
        Signing time: Sep 15 16:20:03 2023 GMT
        Microsoft Individual Code Signing purpose
        Message digest: 7B8014E654417C01AD4D3F186E7E16CD6082855A6E1C332D3CA5AB3F543CFE88

CAfile: MyCert.pem

Timestamp is not available

Signature verification: ok

Number of verified signatures: 1
Succeeded
$ rm test.txt
$ cabextract test.cab 
test.cab: WARNING; possible 2344 extra bytes at end of file.
Extracting cabinet: test.cab
  extracting test.txt
test.txt: No such file or directory

All done, errors in processing 1 file(s)
$ cabextract test_unsigned.cab 
Extracting cabinet: test-unsigned.cab
  extracting test.txt

All done, no errors.

As you can see the cabextarct doesn't work and the file test.txtis not recovered, even though I can recover it from the unsigned cab. I can correctly sign EXE files however. Am I doing something wrong or is this a bug ?

olszomal commented 1 year ago

Related #289, fixed #290

Can you also you reproduce this issue against the latest release: https://github.com/mtrojnar/osslsigncode/releases/tag/2.7

adb014 commented 1 year ago

Yes thank you version 2.7 resolves this issue