Fixed bugs in cms generation corrupting the message in openssl.

Don't generate sha256 hash or sign when entry is a directory.
Fixed not printing adding file when new entry is added.

minizip.c

@@ -303,6 +303,7 @@ int32_t minizip_add(const char *path, const char *password, minizip_opt *options
     mz_zip_writer_set_compress_level(writer, options->compress_level);
     mz_zip_writer_set_overwrite_cb(writer, options, minizip_add_overwrite_cb);
     mz_zip_writer_set_progress_cb(writer, options, minizip_add_progress_cb);
+    mz_zip_writer_set_entry_cb(writer, options, minizip_add_entry_cb);
     if (options->zip_cd)
         mz_zip_writer_set_flags(writer, MZ_ZIP_FLAG_MASK_LOCAL_INFO);
     if (options->cert_path != NULL)

mz_crypt_openssl.c

@@ -473,15 +473,14 @@ int32_t mz_crypt_sign(uint8_t *message, int32_t message_size, const char *cert_p
     mz_stream_os_delete(&cert_stream);
 
     cert_bio = BIO_new_mem_buf(cert_data, cert_size);
-    message_bio = BIO_new_mem_buf(message, message_size);
-    
+
     if (d2i_PKCS12_bio(cert_bio, &p12) == NULL)
         err = MZ_CRYPT_ERROR;
     if (err == MZ_OK)
         result = PKCS12_parse(p12, cert_pwd, &evp_pkey, &cert, &ca_stack);
     if (result)
     {
-        cms = CMS_sign(NULL, NULL, ca_stack, message_bio, CMS_BINARY | CMS_PARTIAL);
+        cms = CMS_sign(NULL, NULL, ca_stack, NULL, CMS_BINARY | CMS_PARTIAL);
         if (cms)
             signer_info = CMS_add1_signer(cms, cert, evp_pkey, EVP_sha256(), 0);
         if (signer_info == NULL)
@@ -490,8 +489,10 @@ int32_t mz_crypt_sign(uint8_t *message, int32_t message_size, const char *cert_p
         }
         else
         {
+            message_bio = BIO_new_mem_buf(message, message_size);
             signature_bio = BIO_new(BIO_s_mem());
-            result = CMS_final(cms, message_bio, NULL, 0);
+
+            result = CMS_final(cms, message_bio, NULL, CMS_BINARY);
             if (result)
                 result = i2d_CMS_bio(signature_bio, cms);
             if (result)
@@ -611,11 +612,13 @@ int32_t mz_crypt_sign_verify(uint8_t *message, int32_t message_size, uint8_t *si
 
         BIO_get_mem_ptr(message_bio, &buf_mem);
 
-        // Verify the message
-        if (((int32_t)buf_mem->length == message_size) && (memcmp(buf_mem->data, message, message_size) == 0))
-            err = MZ_OK;
-        else
-            err = MZ_CRYPT_ERROR;
+        if (err == MZ_OK)
+        {
+            // Verify the message
+            if (((int32_t)buf_mem->length != message_size) || 
+                (memcmp(buf_mem->data, message, message_size) != 0))
+                err = MZ_CRYPT_ERROR;
+        }
     }
 
 #if 0

mz_zip_rw.c

@@ -1307,10 +1307,13 @@ int32_t mz_zip_writer_entry_open(void *handle, mz_zip_file *file_info)
     }
 
 #ifndef MZ_ZIP_NO_ENCRYPTION
-    // Start calculating sha256
-    mz_crypt_sha_create(&writer->sha256);
-    mz_crypt_sha_set_algorithm(writer->sha256, MZ_HASH_SHA256);
-    mz_crypt_sha_begin(writer->sha256);
+    if (mz_zip_attrib_is_dir(writer->file_info.external_fa, writer->file_info.version_madeby) != MZ_OK)
+    {
+        // Start calculating sha256
+        mz_crypt_sha_create(&writer->sha256);
+        mz_crypt_sha_set_algorithm(writer->sha256, MZ_HASH_SHA256);
+        mz_crypt_sha_begin(writer->sha256);
+    }
 #endif
 
     // Open entry in zip
@@ -1331,40 +1334,44 @@ int32_t mz_zip_writer_entry_close(void *handle)
     uint8_t sha256[MZ_HASH_SHA256_SIZE];
 
 
-    mz_crypt_sha_end(writer->sha256, sha256, sizeof(sha256));
-    mz_crypt_sha_delete(&writer->sha256);
-    // Copy extrafield so we can append our own fields before close
-    mz_stream_mem_create(&writer->file_extra_stream);
-    mz_stream_mem_open(writer->file_extra_stream, NULL, MZ_OPEN_MODE_CREATE);
-
-    if ((writer->file_info.extrafield != NULL) && (writer->file_info.extrafield_size > 0))
-        mz_stream_mem_write(writer->file_extra_stream, writer->file_info.extrafield, 
-            writer->file_info.extrafield_size);
-
-    // Write sha256 hash to extrafield
-    field_length_hash = 4 + MZ_HASH_SHA256_SIZE;
-    err = mz_zip_extrafield_write(writer->file_extra_stream, MZ_ZIP_EXTENSION_HASH, field_length_hash);
-    if (err == MZ_OK)
-        err = mz_stream_write_uint16(writer->file_extra_stream, MZ_HASH_SHA256);
-    if (err == MZ_OK)
-        err = mz_stream_write_uint16(writer->file_extra_stream, MZ_HASH_SHA256_SIZE);
-    if (err == MZ_OK)
+    if (writer->sha256 != NULL)
     {
-        if (mz_stream_write(writer->file_extra_stream, sha256, sizeof(sha256)) != MZ_HASH_SHA256_SIZE)
-            err = MZ_STREAM_ERROR;
-    }
+        mz_crypt_sha_end(writer->sha256, sha256, sizeof(sha256));
+        mz_crypt_sha_delete(&writer->sha256);
+
+        // Copy extrafield so we can append our own fields before close
+        mz_stream_mem_create(&writer->file_extra_stream);
+        mz_stream_mem_open(writer->file_extra_stream, NULL, MZ_OPEN_MODE_CREATE);
+
+        if ((writer->file_info.extrafield != NULL) && (writer->file_info.extrafield_size > 0))
+            mz_stream_mem_write(writer->file_extra_stream, writer->file_info.extrafield,
+                writer->file_info.extrafield_size);
+
+        // Write sha256 hash to extrafield
+        field_length_hash = 4 + MZ_HASH_SHA256_SIZE;
+        err = mz_zip_extrafield_write(writer->file_extra_stream, MZ_ZIP_EXTENSION_HASH, field_length_hash);
+        if (err == MZ_OK)
+            err = mz_stream_write_uint16(writer->file_extra_stream, MZ_HASH_SHA256);
+        if (err == MZ_OK)
+            err = mz_stream_write_uint16(writer->file_extra_stream, MZ_HASH_SHA256_SIZE);
+        if (err == MZ_OK)
+        {
+            if (mz_stream_write(writer->file_extra_stream, sha256, sizeof(sha256)) != MZ_HASH_SHA256_SIZE)
+                err = MZ_STREAM_ERROR;
+        }
 
 #ifndef MZ_ZIP_NO_SIGNING
-    if (writer->cert_path != NULL)
-        err = mz_zip_writer_entry_sign(handle, sha256, sizeof(sha256), writer->cert_path, writer->cert_pwd);
+        if (writer->cert_path != NULL)
+            err = mz_zip_writer_entry_sign(handle, sha256, sizeof(sha256), writer->cert_path, writer->cert_pwd);
 #endif
 
-    // Update extra field for central directory after adding extra fields
-    mz_stream_mem_get_buffer(writer->file_extra_stream, (const void **)&extrafield);
-    mz_stream_mem_get_buffer_length(writer->file_extra_stream, &extrafield_size);
+        // Update extra field for central directory after adding extra fields
+        mz_stream_mem_get_buffer(writer->file_extra_stream, (const void **)&extrafield);
+        mz_stream_mem_get_buffer_length(writer->file_extra_stream, &extrafield_size);
 
-    mz_zip_entry_set_extrafield(writer->zip_handle, extrafield, (uint16_t)extrafield_size);
+        mz_zip_entry_set_extrafield(writer->zip_handle, extrafield, (uint16_t)extrafield_size);
 #endif
+    }
 
     if (writer->raw)
         err = mz_zip_entry_close_raw(writer->zip_handle, writer->file_info.uncompressed_size, 
@@ -1381,7 +1388,7 @@ int32_t mz_zip_writer_entry_write(void *handle, const void *buf, int32_t len)
     int32_t written = 0;
     written = mz_zip_entry_write(writer->zip_handle, buf, len);
 #ifndef MZ_ZIP_NO_ENCRYPTION
-    if (written > 0)
+    if ((written > 0) && (writer->sha256 != NULL))
         mz_crypt_sha_update(writer->sha256, buf, written);
 #endif
     return written;