3 月之前 · 00838c94ac
--- a/Components/ISSigFunc.pas
+++ b/Components/ISSigFunc.pas
@@ -21,7 +21,7 @@ type
 
				   TISSigImportKeyResult = (ikrSuccess, ikrMalformed, ikrNotPrivateKey);

			
 
				   TISSigVerifySignatureFileMissingErrorProc = reference to procedure(const Filename: String);

			
 
				   TISSigVerifySignatureSigFileMissingErrorProc = reference to procedure(const Filename, SigFilename: String);

			
 
				-  TISSigVerifySignatureVerificationFailedErrorProc = reference to procedure(const SigFilename: String; const VerifyResult: TISSigVerifySignatureResult);

			
 
				+  TISSigVerifySignatureVerificationFailedErrorProc = reference to procedure(const Filename, SigFilename: String; const VerifyResult: TISSigVerifySignatureResult);

			
 
				 

			
 
				 { Preferred, hardened functions for loading/saving .issig and key file text }

			
 
				 function ISSigLoadTextFromFile(const AFilename: String): String;

			
@@ -297,7 +297,7 @@ begin
 
				     AExpectedFileSize, AExpectedFileHash, AKeyUsedID);

			
 
				   Result := VerifyResult = vsrSuccess;

			
 
				   if not Result and Assigned(AVerificationFailedErrorProc) then

			
 
				-    AVerificationFailedErrorProc(SigFilename, VerifyResult);

			
 
				+    AVerificationFailedErrorProc(AFilename, SigFilename, VerifyResult);

			
 
				 end;

			
 
				 

			
 
				 function ISSigVerifySignature(const AFilename: String; const AAllowedKeys: array of TECDSAKey;

			
--- a/Components/TrustFunc.pas
+++ b/Components/TrustFunc.pas
@@ -93,7 +93,7 @@ begin
 
				       begin

			
 
				         raise Exception.CreateFmt('Signature file "%s" does not exist', [SigFileName]);

			
 
				       end,

			
 
				-      procedure(const SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				+      procedure(const Filename, SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				       begin

			
 
				         raise Exception.CreateFmt('Signature file "%s" is not valid', [SigFileName]);

			
 
				       end

			
--- a/Projects/ISSigTool.dpr
+++ b/Projects/ISSigTool.dpr
@@ -198,10 +198,10 @@ begin
 
				     begin

			
 
				       PrintUnlessQuiet('MISSINGSIGFILE (Signature file does not exist)');

			
 
				     end,

			
 
				-    procedure(const SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				+    procedure(const Filename, SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				     begin

			
 
				       case VerifyResult of

			
 
				-        vsrMalformed, vsrBadSignature:

			
 
				+        vsrMalformed, vsrBad:

			
 
				           PrintUnlessQuiet('BADSIGFILE (Signature file is not valid)');

			
 
				         vsrKeyNotFound:

			
 
				           PrintUnlessQuiet('UNKNOWNKEY (Incorrect key ID)');

			
--- a/Projects/Src/Compiler.Messages.pas
+++ b/Projects/Src/Compiler.Messages.pas
@@ -85,14 +85,13 @@ const
 
				   SCompilerUnknownFilenamePrefix = 'Unknown filename prefix "%s"';

			
 
				   SCompilerSourceFileDoesntExist = 'Source file "%s" does not exist';

			
 
				   SCompilerSourceFileNotSigned = 'Source file "%s" is not signed';

			
 
				-  SCompilerSourceFileISSigMissingFile = 'Signature file does not exist for source file "%s"';

			
 
				-  SCompilerSourceFileISSigInvalidSignature1 = 'Signature file "%s" is not valid: %s';

			
 
				-  SCompilerSourceFileISSigInvalidSignature2 = 'Signature for source file "%s" is not valid: %s';

			
 
				-  SCompilerSourceFileISSigMalformedOrBadSignature = 'malformed or bad signature';

			
 
				-  SCompilerSourceFileISSigKeyNotFound = 'no matching key found';

			
 
				-  SCompilerSourceFileISSigUnknownVerifyResult = 'unknown verify result';

			
 
				-  SCompilerSourceFileISSigFileSizeIncorrect = 'file size incorrect';

			
 
				-  SCompilerSourceFileISSigFileHashIncorrect = 'file hash incorrect';

			
 
				+  SCompilerSourceFileVerificationFailed = 'Verification of source file "%s" failed: %s';

			
 
				+  SCompilerVerificationSignatureDoesntExist = 'The signature file "%1" does not exist';

			
 
				+  SCompilerVerificationSignatureMalformed = 'The signature file "%1" is malformed';

			
 
				+  SCompilerVerificationSignatureBad = 'The signature file "%1" is bad';

			
 
				+  SCompilerVerificationKeyNotFound = 'No matching key found';

			
 
				+  SCompilerVerificationFileSizeIncorrect = 'The file size is incorrect';

			
 
				+  SCompilerVerificationFileHashIncorrect = 'The file hash is incorrect';

			
 
				   SCompilerCopyError3a = 'Could not copy "%s" to "%s".' + SNewLine2 + 'Error %s';

			
 
				   SCompilerCopyError3b = 'Could not copy "%s" to "%s".' + SNewLine2 + 'Error %d: %s';

			
 
				   SCompilerReadError = 'Could not read "%s".' + SNewLine2 + 'Error: %s';

			
--- a/Projects/Src/Compiler.SetupCompiler.pas
+++ b/Projects/Src/Compiler.SetupCompiler.pas
@@ -19,7 +19,7 @@ interface
 
				 

			
 
				 uses

			
 
				   Windows, SysUtils, Classes, Generics.Collections,

			
 
				-  SimpleExpression, SHA256, ChaCha20,

			
 
				+  SimpleExpression, SHA256, ChaCha20, Shared.SetupTypes,

			
 
				   Shared.Struct, Shared.CompilerInt.Struct, Shared.PreprocInt, Shared.SetupMessageIDs,

			
 
				   Shared.SetupSectionDirectives, Shared.VerInfoFunc, Shared.Int64Em, Shared.DebugStruct,

			
 
				   Compiler.ScriptCompiler, Compiler.StringLists, Compression.LZMACompressor;

			
@@ -256,6 +256,8 @@ type
 
				     procedure WriteCompiledCodeDebugInfo(const CompiledCodeDebugInfo: AnsiString);

			
 
				     function CreateMemoryStreamsFromFiles(const ADirectiveName, AFiles: String): TObjectList<TCustomMemoryStream>;

			
 
				     function CreateMemoryStreamsFromResources(const AResourceNamesPrefixes, AResourceNamesPostfixes: array of String): TObjectList<TCustomMemoryStream>;

			
 
				+    procedure ISSigVerifyError(const AError: TISSigVerifySignatureError;

			
 
				+      const AFilename: String; const ASigFilename: String = '');

			
 
				   public

			
 
				     AppData: Longint;

			
 
				     CallbackProc: TCompilerCallbackProc;

			
@@ -298,7 +300,7 @@ uses
 
				 {$IFDEF STATICPREPROC}

			
 
				   ISPP.Preprocess,

			
 
				 {$ENDIF}

			
 
				-  Shared.SetupTypes, Compiler.CompressionHandler, Compiler.HelperFunc, Compiler.BuiltinPreproc;

			
 
				+  Compiler.CompressionHandler, Compiler.HelperFunc, Compiler.BuiltinPreproc;

			
 
				 

			
 
				 type

			
 
				   TLineInfo = class

			
@@ -6602,6 +6604,18 @@ begin
 
				   end;

			
 
				 end;

			
 
				 

			
 
				+procedure TSetupCompiler.ISSigVerifyError(const AError: TISSigVerifySignatureError;

			
 
				+  const AFilename, ASigFilename: String);

			
 
				+const

			
 
				+  Messages: array[TISSigVerifySignatureError] of String =

			
 
				+    (SCompilerVerificationSignatureDoesntExist, SCompilerVerificationSignatureMalformed,

			
 
				+     SCompilerVerificationKeyNotFound, SCompilerVerificationSignatureBad,

			
 
				+     SCompilerVerificationFileSizeIncorrect, SCompilerVerificationFileHashIncorrect);

			
 
				+begin

			
 
				+  AbortCompileFmt(SCompilerSourceFileVerificationFailed,

			
 
				+    [AFilename, Format(Messages[AError], [ASigFilename])]); { Not all messages actually have a %s parameter but that's OK }

			
 
				+end;

			
 
				+

			
 
				 procedure TSetupCompiler.Compile;

			
 
				 

			
 
				   procedure InitDebugInfo;

			
@@ -7106,25 +7120,23 @@ var
 
				               nil,

			
 
				               procedure(const Filename, SigFilename: String)

			
 
				               begin

			
 
				-                AbortCompileFmt(SCompilerSourceFileISSigMissingFile, [Filename]);

			
 
				+                ISSigVerifyError(vseSignatureMissing, Filename, SigFilename);

			
 
				               end,

			
 
				-              procedure(const SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				+              procedure(const Filename, SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				               begin

			
 
				                 var VerifyResultAsString: String;

			
 
				                 case VerifyResult of

			
 
				-                  vsrMalformed, vsrBad: VerifyResultAsString := SCompilerSourceFileISSigMalformedOrBadSignature;

			
 
				-                  vsrKeyNotFound: VerifyResultAsString := SCompilerSourceFileISSigKeyNotFound;

			
 
				+                  vsrMalformed: ISSigVerifyError(vseSignatureMalformed, SigFilename);

			
 
				+                  vsrBad: ISSigVerifyError(vseSignatureBad, SigFilename);

			
 
				+                  vsrKeyNotFound: ISSigVerifyError(vseKeyNotFound, Filename, SigFilename);

			
 
				                 else

			
 
				-                  VerifyResultAsString := SCompilerSourceFileISSigUnknownVerifyResult;

			
 
				+                  AbortCompileFmt(SCompilerCompressInternalError, ['Unknown ISSigVerifySignature result'])

			
 
				                 end;

			
 
				-                AbortCompileFmt(SCompilerSourceFileISSigInvalidSignature1,

			
 
				-                  [SigFilename, VerifyResultAsString]);

			
 
				               end

			
 
				             ) then

			
 
				               AbortCompileFmt(SCompilerCompressInternalError, ['Unexpected ISSigVerifySignature result']);

			
 
				             if Int64(SourceFile.Size) <> ExpectedFileSize then

			
 
				-              AbortCompileFmt(SCompilerSourceFileISSigInvalidSignature2,

			
 
				-                [FileLocationEntryFilenames[I], SCompilerSourceFileISSigFileSizeIncorrect]);

			
 
				+              ISSigVerifyError(vseFileSizeIncorrect, FileLocationEntryFilenames[I]);

			
 
				             { ExpectedFileHash checked below after compression }

			
 
				           end;

			
 
				 

			
@@ -7176,8 +7188,7 @@ var
 
				 

			
 
				           if floISSigVerify in FLExtraInfo.Flags then begin

			
 
				             if not SHA256DigestsEqual(FL.SHA256Sum, ExpectedFileHash) then

			
 
				-              AbortCompileFmt(SCompilerSourceFileISSigInvalidSignature2,

			
 
				-                [FileLocationEntryFilenames[I], SCompilerSourceFileISSigFileHashIncorrect]);

			
 
				+              ISSigVerifyError(vseFileHashIncorrect, FileLocationEntryFilenames[I]);

			
 
				             AddStatus(SCompilerStatusFilesISSigVerified);

			
 
				           end;

			
 
				         finally

			
--- a/Projects/Src/Setup.Install.pas
+++ b/Projects/Src/Setup.Install.pas
@@ -12,11 +12,7 @@ unit Setup.Install;
 
				 interface

			
 
				 

			
 
				 uses

			
 
				-  Classes, SHA256, Shared.FileClass;

			
 
				-

			
 
				-type

			
 
				-  TISSigVerifySignatureError = (vseSignatureMissing, vseSignatureMalformed, vseKeyNotFound,

			
 
				-    vseSignatureBad, vseFileSizeIncorrect, vseFileHashIncorrect);

			
 
				+  Classes, SHA256, Shared.FileClass, Shared.SetupTypes;

			
 
				 

			
 
				 procedure ISSigVerifyError(const AError: TISSigVerifySignatureError;

			
 
				   const ASigFilename: String = '');

			
@@ -43,7 +39,7 @@ procedure SetDownloadCredentials(const User, Pass: String);
 
				 implementation

			
 
				 

			
 
				 uses

			
 
				-  Windows, SysUtils, Messages, Forms, ShlObj, Shared.Struct, Setup.UninstallLog, Shared.SetupTypes,

			
 
				+  Windows, SysUtils, Messages, Forms, ShlObj, Shared.Struct, Setup.UninstallLog,

			
 
				   SetupLdrAndSetup.InstFunc, Setup.InstFunc, Setup.InstFunc.Ole, Setup.SecurityFunc, SetupLdrAndSetup.Messages,

			
 
				   Setup.MainFunc, Setup.LoggingFunc, Setup.FileExtractor,

			
 
				   Compression.Base, PathFunc, ISSigFunc, Shared.CommonFunc.Vcl, Compression.SevenZipDLLDecoder,

			
@@ -297,7 +293,7 @@ begin
 
				     begin

			
 
				       ISSigVerifyError(vseSignatureMissing, SigFilename);

			
 
				     end,

			
 
				-    procedure(const SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				+    procedure(const Filename, SigFilename: String; const VerifyResult: TISSigVerifySignatureResult)

			
 
				     begin

			
 
				       case VerifyResult of

			
 
				         vsrMalformed:  ISSigVerifyError(vseSignatureMalformed, SigFilename);

			
--- a/Projects/Src/Shared.SetupTypes.pas
+++ b/Projects/Src/Shared.SetupTypes.pas
@@ -39,6 +39,9 @@ type
 
				 

			
 
				   TArrayOfECDSAKey = array of TECDSAKey;

			
 
				 

			
 
				+  TISSigVerifySignatureError = (vseSignatureMissing, vseSignatureMalformed, vseKeyNotFound,

			
 
				+    vseSignatureBad, vseFileSizeIncorrect, vseFileHashIncorrect);

			
 
				+

			
 
				 const

			
 
				   crHand = 1;