diff options
author | Andrej Shadura <andrewsh@debian.org> | 2020-06-09 22:08:20 +0200 |
---|---|---|
committer | Andrej Shadura <andrewsh@debian.org> | 2020-06-09 22:08:20 +0200 |
commit | 8dd1422b26ad22371af1c04388a50cffdffc0e4b (patch) | |
tree | fb0dc2bd9c385a0ca528ce6c172f72ff0a2a2d66 | |
parent | 3259ab99df8d8746a46ca7469635751f604e42fc (diff) |
New upstream version 3.10.5
-rw-r--r-- | .gitignore | 10 | ||||
-rw-r--r-- | .travis.yml | 15 | ||||
-rw-r--r-- | CMakeLists.txt | 2 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | RELEASE-NOTES.md | 6 | ||||
-rw-r--r-- | cmake/README.txt | 2 | ||||
-rw-r--r-- | cmake/modules/FindLDAP.cmake | 24 | ||||
-rw-r--r-- | cmake/modules/FindLdap.cmake | 35 | ||||
-rw-r--r-- | cmake/modules/FindXercesC.cmake | 28 | ||||
-rw-r--r-- | cmake/modules/VersionInfo.cmake | 37 | ||||
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | debian/compat | 2 | ||||
-rw-r--r-- | debian/control | 12 | ||||
-rw-r--r-- | etc/certs/README.txt | 2 | ||||
-rw-r--r-- | libdigidoc/DigiDocCert.h | 4 | ||||
-rw-r--r-- | libdigidoc/DigiDocCsp.c | 48 | ||||
-rw-r--r-- | libdigidoc/DigiDocOCSP.c | 1 | ||||
-rw-r--r-- | libdigidoc/DigiDocObj.c | 11 | ||||
-rw-r--r-- | libdigidoc/DigiDocSAXParser.c | 1 | ||||
-rw-r--r-- | libdigidoc/DigiDocSAXParser.h | 1 | ||||
-rw-r--r-- | libdigidoc/DigiDocVerify.c | 21 | ||||
-rw-r--r-- | libdigidoc/DigiDocVerify.h | 1 | ||||
-rw-r--r-- | libdigidoc/cdigidoc.c | 1 | ||||
-rw-r--r-- | prepare_win_build_environment.ps1 | 13 |
24 files changed, 111 insertions, 176 deletions
diff --git a/.gitignore b/.gitignore deleted file mode 100644 index f1590b7..0000000 --- a/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -*.suo -*.ncb -*.pch -*.pdb -CMakeCache.txt -CMakeFiles -CMakeScripts -Makefile -cmake_install.cmake -install_manifest.txt diff --git a/.travis.yml b/.travis.yml index 4a47595..aa9ed06 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,18 +3,16 @@ matrix: include: - os: linux env: TARGET=ubuntu:16.04 - sudo: false - os: linux env: TARGET=ubuntu:18.04 - sudo: false - os: linux env: TARGET=i386/ubuntu:16.04 - sudo: false - os: osx env: TARGET=osx -sudo: required + sudo: required +sudo: false dist: trusty -osx_image: xcode9.2 +osx_image: xcode9.3 services: - docker cache: ccache @@ -32,9 +30,9 @@ script: case ${TARGET} in cd ..; ;; *) - docker run -e BUILD_NUMBER=${BUILD_NUMBER} -e COVERITY_SCAN_TOKEN=${COVERITY_SCAN_TOKEN} -e TRAVIS_BRANCH=${TRAVIS_BRANCH} -e TARGET=${TARGET} -v $(pwd):$(pwd) -t "${TARGET}" /bin/bash -c "cd $(pwd);"' + docker run -e BUILD_NUMBER=${BUILD_NUMBER} -e COVERITY_SCAN_TOKEN=${COVERITY_SCAN_TOKEN} -e TRAVIS_BRANCH=${TRAVIS_BRANCH} -e TARGET=${TARGET} -v ${HOME}:${HOME} -t "${TARGET}" /bin/bash -c "cd $(pwd);"' apt-get update -qq; - apt-get install -y dh-make devscripts dpkg-dev cdbs cmake libxml2-dev libssl-dev git curl wget ruby; + apt-get install -y dh-make devscripts cdbs cmake libxml2-dev libssl-dev doxygen git curl wget ruby; export VERSION=$(grep project CMakeLists.txt | egrep -o "([0-9]{1,}\.)+[0-9]{1,}").${BUILD_NUMBER}; export DEBFULLNAME="Travis"; export DEBEMAIL="travis-ci@travis"; @@ -45,12 +43,11 @@ script: case ${TARGET} in export COVERITY_SCAN_PROJECT_NAME="open-eid/libdigidoc"; export COVERITY_SCAN_NOTIFICATION_EMAIL="raul@metsma.ee"; export COVERITY_SCAN_BRANCH_PATTERN=coverity_scan; - export COVERITY_SCAN_BUILD_COMMAND_PREPEND="mkdir coverity && cd coverity && cmake .."; + export COVERITY_SCAN_BUILD_COMMAND_PREPEND="cmake ."; export COVERITY_SCAN_BUILD_COMMAND=make; wget -O - https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh | bash; fi; git clean -dxf'; - ;; esac before_deploy: diff --git a/CMakeLists.txt b/CMakeLists.txt index b4be89a..a0dfff9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ cmake_minimum_required(VERSION 3.0) -project(libdigidoc VERSION 3.10.4) +project(libdigidoc VERSION 3.10.5) set( CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/modules" ) set( BUILD_TOOLS YES CACHE BOOL "Build digidoc-tool" ) @@ -16,7 +16,7 @@ You need the following dependent librarys to build libdigidoc: Full documentation ---------------------------- For documentation please see in doc folder SK-CDD-PRG-GUIDE -Contact for assistance by email abi@id.ee or http://www.id.ee +Contact our support via www.id.ee for assistance. ## Building [![Build Status](https://travis-ci.org/open-eid/libdigidoc.svg?branch=master)](https://travis-ci.org/open-eid/libdigidoc) @@ -105,6 +105,6 @@ Contact for assistance by email abi@id.ee or http://www.id.ee libdigidoc/cdigidoc.exe ## Support -Official builds are provided through official distribution point [installer.id.ee](https://installer.id.ee). If you want support, you need to be using official builds. Contact for assistance by email [abi@id.ee](mailto:abi@id.ee) or [www.id.ee](http://www.id.ee). +Official builds are provided through official distribution point [installer.id.ee](https://installer.id.ee). If you want support, you need to be using official builds. Contact our support via [www.id.ee](http://www.id.ee) for assistance. Source code is provided on "as is" terms with no warranty (see license for more information). Do not file Github issues with generic support requests. diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index d8a2b6b..03f82d1 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,3 +1,9 @@ +DigiDoc C library [3.10.5](https://github.com/open-eid/libdigidocpp/releases/tag/v3.10.5) release notes +----------------------------------- +- Fix OpenSSL 1.1 build on windows + +[Full Changelog](https://github.com/open-eid/libdigidocpp/compare/v3.10.4...v3.10.5) + DigiDoc C library [3.10.4](https://github.com/open-eid/libdigidocpp/releases/tag/v3.10.4) release notes ----------------------------------- - OpenSSL 1.1 support diff --git a/cmake/README.txt b/cmake/README.txt index 6c6e4ab..afc01f8 100644 --- a/cmake/README.txt +++ b/cmake/README.txt @@ -1 +1 @@ -Inner component, do not use. Contact for assistance by email abi@id.ee or http://www.id.ee +Inner component, do not use. Contact our support via www.id.ee for assistance. diff --git a/cmake/modules/FindLDAP.cmake b/cmake/modules/FindLDAP.cmake new file mode 100644 index 0000000..4b9d571 --- /dev/null +++ b/cmake/modules/FindLDAP.cmake @@ -0,0 +1,24 @@ +# - Try to find the LDAP client libraries +# Once done this will define +# +# LDAP_FOUND - system has libldap +# LDAP_INCLUDE_DIR - the ldap include directory +# LDAP_LIBRARIES - libldap + liblber library + +set(CMAKE_FIND_FRAMEWORK LAST) +find_path(LDAP_INCLUDE_DIR ldap.h Winldap.h) +find_library(LDAP_LIBRARY NAMES ldap Wldap32) +find_library(LBER_LIBRARY NAMES lber) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(LDAP DEFAULT_MSG LDAP_LIBRARY) + +if(LDAP_FOUND) + if(LBER_LIBRARY) + set(LDAP_LIBRARIES ${LDAP_LIBRARY} ${LBER_LIBRARY}) + else() + set(LDAP_LIBRARIES ${LDAP_LIBRARY}) + endif() +endif() + +mark_as_advanced(LDAP_INCLUDE_DIR LDAP_LIBRARY LBER_LIBRARY) diff --git a/cmake/modules/FindLdap.cmake b/cmake/modules/FindLdap.cmake deleted file mode 100644 index 188debd..0000000 --- a/cmake/modules/FindLdap.cmake +++ /dev/null @@ -1,35 +0,0 @@ -# - Try to find the LDAP client libraries -# Once done this will define -# -# LDAP_FOUND - system has libldap -# LDAP_INCLUDE_DIR - the ldap include directory -# LDAP_LIBRARIES - libldap + liblber (if found) library -# LBER_LIBRARIES - liblber library - -if(LDAP_INCLUDE_DIR AND LDAP_LIBRARIES) - # Already in cache, be silent - set(Ldap_FIND_QUIETLY TRUE) -endif() - -FIND_PATH(LDAP_INCLUDE_DIR ldap.h) -FIND_LIBRARY(LDAP_LIBRARIES NAMES ldap) -FIND_LIBRARY(LBER_LIBRARIES NAMES lber) - -if(LDAP_INCLUDE_DIR AND LDAP_LIBRARIES) - set(LDAP_FOUND TRUE) - if(LBER_LIBRARIES) - set(LDAP_LIBRARIES ${LDAP_LIBRARIES} ${LBER_LIBRARIES}) - endif() -endif() - -if(LDAP_FOUND) - if(NOT Ldap_FIND_QUIETLY) - message(STATUS "Found ldap: ${LDAP_LIBRARIES}") - endif() -else() - if(Ldap_FIND_REQUIRED) - message(FATAL_ERROR "Could NOT find ldap") - endif() -endif() - -MARK_AS_ADVANCED(LDAP_INCLUDE_DIR LDAP_LIBRARIES LBER_LIBRARIES) diff --git a/cmake/modules/FindXercesC.cmake b/cmake/modules/FindXercesC.cmake deleted file mode 100644 index 6f31742..0000000 --- a/cmake/modules/FindXercesC.cmake +++ /dev/null @@ -1,28 +0,0 @@ -# - Find Xerces-C -# Find the Xerces-C includes and library -# -# XERCESC_INCLUDE_DIR - Where to find xercesc include sub-directory. -# XERCESC_LIBRARIES - List of libraries when using Xerces-C. -# XERCESC_FOUND - True if Xerces-C found. - - -IF (XERCESC_INCLUDE_DIR) - # Already in cache, be silent. - SET(XERCESC_FIND_QUIETLY TRUE) -ENDIF (XERCESC_INCLUDE_DIR) - -FIND_PATH(XERCESC_INCLUDE_DIR xercesc/dom/DOM.hpp) -FIND_LIBRARY(XERCESC_LIBRARY NAMES xerces-c xerces-c_3) - -# Handle the QUIETLY and REQUIRED arguments and set XERCESC_FOUND to -# TRUE if all listed variables are TRUE. -INCLUDE(FindPackageHandleStandardArgs) -FIND_PACKAGE_HANDLE_STANDARD_ARGS(XercesC DEFAULT_MSG XERCESC_LIBRARY XERCESC_INCLUDE_DIR) - -IF(XERCESC_FOUND) - SET( XERCESC_LIBRARIES ${XERCESC_LIBRARY} ) -ELSE(XERCESC_FOUND) - SET( XERCESC_LIBRARIES ) -ENDIF(XERCESC_FOUND) - -MARK_AS_ADVANCED( XERCESC_LIBRARY XERCESC_INCLUDE_DIR ) diff --git a/cmake/modules/VersionInfo.cmake b/cmake/modules/VersionInfo.cmake index 53024c3..864a52e 100644 --- a/cmake/modules/VersionInfo.cmake +++ b/cmake/modules/VersionInfo.cmake @@ -19,6 +19,11 @@ add_definitions( -DBUILD_DATE=\"${BUILD_DATE}\" ) +set(CMAKE_C_VISIBILITY_PRESET hidden) +set(CMAKE_CXX_VISIBILITY_PRESET hidden) +set(CMAKE_VISIBILITY_INLINES_HIDDEN YES) +set(CMAKE_CXX_STANDARD 11) +set(CMAKE_CXX_STANDARD_REQUIRED YES) set( MACOSX_BUNDLE_COPYRIGHT "(C) 2010-2018 Estonian Information System Authority" ) set( MACOSX_BUNDLE_SHORT_VERSION_STRING ${PROJECT_VERSION} ) set( MACOSX_BUNDLE_BUNDLE_VERSION ${BUILD_VER} ) @@ -65,35 +70,3 @@ macro( SET_ENV NAME DEF ) set( ${NAME} ${DEF} ${ARGN} ) endif() endmacro() - - -if(NOT DEFINED ENABLE_VISIBILITY) - if(POLICY CMP0063) - cmake_policy(GET CMP0063 VISIBILITY_POLICY) - endif() - if(VISIBILITY_POLICY STREQUAL NEW) - set(CMAKE_C_VISIBILITY_PRESET hidden) - set(CMAKE_CXX_VISIBILITY_PRESET hidden) - set(CMAKE_VISIBILITY_INLINES_HIDDEN YES) - elseif(CMAKE_COMPILER_IS_GNUCC OR __COMPILER_GNU) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fvisibility=hidden -fvisibility-inlines-hidden") - endif() -endif() - -if(NOT DISABLE_CXX11) - if(CMAKE_VERSION VERSION_GREATER 3.1.0) - set(CMAKE_CXX_STANDARD 11) - set(CMAKE_CXX_STANDARD_REQUIRED YES) - elseif(CMAKE_COMPILER_IS_GNUCC OR __COMPILER_GNU) - include(CheckCXXCompilerFlag) - CHECK_CXX_COMPILER_FLAG(-std=c++11 C11) - CHECK_CXX_COMPILER_FLAG(-std=c++0x C0X) - if(C11) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") - elseif(C0X) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x") - endif() - set(CMAKE_XCODE_ATTRIBUTE_CLANG_CXX_LANGUAGE_STANDARD "c++0x") - endif() -endif() diff --git a/debian/changelog b/debian/changelog index 6468cf9..5751c03 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libdigidoc (3.10.5.78) xenial; urgency=medium + + * Release 3.10.5.78. + + -- Travis <travis-ci@travis> Tue, 05 Nov 2019 13:20:59 +0000 + libdigidoc (3.10.0) stable; urgency=low * Initial release diff --git a/debian/compat b/debian/compat index ec63514..f599e28 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -9 +10 diff --git a/debian/control b/debian/control index f7465d3..1094600 100644 --- a/debian/control +++ b/debian/control @@ -55,18 +55,6 @@ Description: DigiDoc digital signature library tools This package contains tools for manipulating signatures command line with the DigiDoc digital signature library. -Package: libdigidoc-dbg -Architecture: any -Section: debug -Depends: - libdigidoc2 (= ${binary:Version}), - libssl1.0.0-dbg, - libxml2-dbg, - ${misc:Depends} -Description: Debugging symbols for libdigidoc2 - This package contains the debugging symbols for DigiDoc digital signature - library. - Package: libdigidoc-dev Architecture: any Section: libdevel diff --git a/etc/certs/README.txt b/etc/certs/README.txt index 282a06d..8a0e926 100644 --- a/etc/certs/README.txt +++ b/etc/certs/README.txt @@ -1 +1 @@ -Internal component, do not use. Contact for assistance by email abi@id.ee or http://www.id.ee +Internal component, do not use. Contact our support via [www.id.ee](http://www.id.ee) for assistance. diff --git a/libdigidoc/DigiDocCert.h b/libdigidoc/DigiDocCert.h index 4fd86ff..da1982e 100644 --- a/libdigidoc/DigiDocCert.h +++ b/libdigidoc/DigiDocCert.h @@ -310,6 +310,10 @@ EXP_OPTION int verifyCertificateByOCSPWithIp(X509* pCert, const X509** caCerts, //-------------------------------------------------- EXP_OPTION int readSubjectKeyIdentifier(X509* pCert, DigiDocMemBuf* pMemBuf); + EXP_OPTION int ddocCertGetDNPart(X509* pCert, DigiDocMemBuf* pMemBuf, int nNid, int bIssuer); + + EXP_OPTION int ddocCertGetDN(X509* pCert, DigiDocMemBuf* pMemBuf, int bIssuer); + //================< deprecated functions> ================================= // these functions are deprecated. Use the replacements in DigiDocCert.h // these functions will be removed in future releases! diff --git a/libdigidoc/DigiDocCsp.c b/libdigidoc/DigiDocCsp.c index ee0081b..248cd26 100644 --- a/libdigidoc/DigiDocCsp.c +++ b/libdigidoc/DigiDocCsp.c @@ -406,22 +406,20 @@ X509 *Digi_FindCertByResponse(StoreHandle *hStore, OCSP_RESPONSE *poResponse) { X509 *poX509 = NULL; PCCERT_CONTEXT pCert = NULL; - OCSP_RESPID *rid = NULL; OCSP_BASICRESP *br = NULL; - OCSP_RESPDATA *rd = NULL; + const X509_NAME *name = NULL; int iLen; char sCN[255]; if (poResponse != NULL) { if ((br = OCSP_response_get1_basic(poResponse)) == NULL) - return(poX509); - rd = br->tbsResponseData; - rid = rd->responderId; - if (rid->type != V_OCSP_RESPID_NAME) { - if(br) OCSP_BASICRESP_free(br); - return(poX509); - } - iLen = X509_NAME_get_text_by_NID(rid->value.byName,NID_commonName,sCN,sizeof(sCN)); + return(poX509); + OCSP_resp_get0_id(br, NULL, &name); + if (!name) { + if(br) OCSP_BASICRESP_free(br); + return(poX509); + } + iLen = X509_NAME_get_text_by_NID(name,NID_commonName,sCN,sizeof(sCN)); if (iLen > 0) //VS: 18.03.2006 - use only currently valid cert for new notary pCert = Digi_FindCertBySubject(hStore, sCN, TRUE, 0, TRUE); if(pCert != NULL) @@ -437,22 +435,20 @@ X509 *Digi_FindCertByResponse(StoreHandle *hStore, OCSP_RESPONSE *poResponse) //Added by AA 09/10/2003 BOOL Digi_CheckResponderCertByResponse(X509 *poX509Responder, OCSP_RESPONSE *poResponse) { -BOOL fRes = FALSE; -OCSP_RESPID *rid = NULL; -OCSP_BASICRESP *br = NULL; -OCSP_RESPDATA *rd = NULL; -int iLen; -char sCNResp[255]; -char sCNCert[255]; -if (poResponse != NULL) - { - if ((br = OCSP_response_get1_basic(poResponse)) == NULL) - return(fRes); - rd = br->tbsResponseData; - rid = rd->responderId; - if (rid->type != V_OCSP_RESPID_NAME) - return(fRes); - iLen = X509_NAME_get_text_by_NID(rid->value.byName,NID_commonName,sCNResp,sizeof(sCNResp)); + BOOL fRes = FALSE; + OCSP_BASICRESP *br = NULL; + const X509_NAME *name = NULL; + int iLen; + char sCNResp[255]; + char sCNCert[255]; + if (poResponse != NULL) + { + if ((br = OCSP_response_get1_basic(poResponse)) == NULL) + return(fRes); + OCSP_resp_get0_id(br, NULL, &name); + if (!name) + return(fRes); + iLen = X509_NAME_get_text_by_NID(name,NID_commonName,sCNResp,sizeof(sCNResp)); if (iLen > 0) { iLen = X509_NAME_get_text_by_NID(X509_get_subject_name(poX509Responder),NID_commonName, sCNCert,sizeof(sCNCert)); diff --git a/libdigidoc/DigiDocOCSP.c b/libdigidoc/DigiDocOCSP.c index 5c48aac..f8cba0a 100644 --- a/libdigidoc/DigiDocOCSP.c +++ b/libdigidoc/DigiDocOCSP.c @@ -42,6 +42,7 @@ #include <openssl/pkcs12.h> #include <openssl/rand.h> #include <ctype.h> +#include <string.h> #ifdef FRAMEWORK #ifdef __APPLE__ diff --git a/libdigidoc/DigiDocObj.c b/libdigidoc/DigiDocObj.c index 6dba29f..204a7ce 100644 --- a/libdigidoc/DigiDocObj.c +++ b/libdigidoc/DigiDocObj.c @@ -50,6 +50,8 @@ static int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING * { *pid = NULL; *pname = NULL; + if(!bs || !bs->tbsResponseData) + return 0; const OCSP_RESPID *rid = bs->tbsResponseData->responderId; if (rid->type == V_OCSP_RESPID_NAME) *pname = rid->value.byName; @@ -62,17 +64,17 @@ static int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING * static const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs) { - return bs->tbsResponseData->producedAt; + return bs && bs->tbsResponseData ? bs->tbsResponseData->producedAt : NULL; } static const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) { - return single->certId; + return single ? single->certId : NULL; } static const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) { - return bs->signature; + return bs ? bs->signature : NULL; } #endif @@ -3959,7 +3961,8 @@ int ddocNotInfo_GetProducedAt_timet(const NotaryInfo* pNotary, time_t* pTime) RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pTime); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, NULL); - producedAt = OCSP_resp_get0_produced_at(br); + if(br) + producedAt = OCSP_resp_get0_produced_at(br); if(!err && br && producedAt) { err = asn1time2time_t_local((ASN1_GENERALIZEDTIME*)producedAt, pTime); } diff --git a/libdigidoc/DigiDocSAXParser.c b/libdigidoc/DigiDocSAXParser.c index 4aa46e9..d52e230 100644 --- a/libdigidoc/DigiDocSAXParser.c +++ b/libdigidoc/DigiDocSAXParser.c @@ -32,6 +32,7 @@ #include <libdigidoc/DigiDocOCSP.h> #include <libdigidoc/DigiDocDfExtract.h> #include <libdigidoc/DigiDocVerify.h> +#include <libdigidoc/DigiDocGen.h> #include <stdio.h> #include <stdlib.h> #include <memory.h> diff --git a/libdigidoc/DigiDocSAXParser.h b/libdigidoc/DigiDocSAXParser.h index aad2fc6..8871bac 100644 --- a/libdigidoc/DigiDocSAXParser.h +++ b/libdigidoc/DigiDocSAXParser.h @@ -94,6 +94,7 @@ EXP_OPTION int ddocReadNewSignaturesFromDdoc(SignedDoc* pSigDoc, const char* szF //AM 13.03.2008 void decodeURI(const char* uri, char* id, int nIdLen, char* adr, int nAdrLen); +EXP_OPTION int ddocAddSignatureFromMemory(SignedDoc* pSigDoc, const char* szFileName, const void* pSigBuf, int nSigLen); #ifdef __cplusplus diff --git a/libdigidoc/DigiDocVerify.c b/libdigidoc/DigiDocVerify.c index 7a8e82b..60619fe 100644 --- a/libdigidoc/DigiDocVerify.c +++ b/libdigidoc/DigiDocVerify.c @@ -47,6 +47,8 @@ #include <openssl/pkcs12.h> #include <openssl/rand.h> +#include <string.h> + #if OPENSSL_VERSION_NUMBER < 0x10010000L static EVP_MD_CTX *EVP_MD_CTX_new() { @@ -60,12 +62,17 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) static const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) { - return bs->signature; + return bs ? bs->signature : NULL; } static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx) { - return ctx->param; + return ctx ? ctx->param : NULL; +} + +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) +{ + return single ? single->certId : NULL; } #endif @@ -1405,7 +1412,7 @@ int verifyOcspCertId(OCSP_RESPONSE* pResp, X509* pCert, X509* pCaCert) OCSP_BASICRESP *br = NULL; OCSP_RESPDATA *rd = NULL; OCSP_SINGLERESP *single = NULL; - OCSP_CERTID *cid = NULL; + const OCSP_CERTID *cid = NULL; int err = ERR_OK; DigiDocMemBuf mbuf1, mbuf2, mbuf3; ASN1_OCTET_STRING *issuerNameHash = NULL, *issuerKeyHash = NULL; @@ -1427,9 +1434,13 @@ int verifyOcspCertId(OCSP_RESPONSE* pResp, X509* pCert, X509* pCaCert) ddocDebug(4, "verifyOcspCertId", "for cert: %ld, cn: %s, ca: %s", X509_get_serialNumber(pCert), mbuf2.pMem, mbuf3.pMem); ddocMemBuf_free(&mbuf2); ddocMemBuf_free(&mbuf3); - cid = OCSP_cert_to_id(EVP_sha1(), pCert, pCaCert); + if(OCSP_resp_count(br) != 1) + SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_ONE_RESPONSE); + single = OCSP_resp_get0(br, 0); + RETURN_IF_NULL(single); + cid = OCSP_SINGLERESP_get0_id(single); RETURN_IF_NULL(cid); - OCSP_id_get0_info(&issuerNameHash, NULL, &issuerKeyHash, &serialNumber, cid); + OCSP_id_get0_info(&issuerNameHash, NULL, &issuerKeyHash, &serialNumber, (OCSP_CERTID*)cid); // check serial number if(ASN1_INTEGER_cmp(serialNumber, X509_get_serialNumber(pCert)) != 0) { ddocDebug(4, "verifyOcspCertId", "Looking for cert-nr: %ld buf found %ld", diff --git a/libdigidoc/DigiDocVerify.h b/libdigidoc/DigiDocVerify.h index 891e2b7..aed6328 100644 --- a/libdigidoc/DigiDocVerify.h +++ b/libdigidoc/DigiDocVerify.h @@ -168,6 +168,7 @@ EXP_OPTION int verifyEstIDSignature2(const byte* digest, int digestLen, int nDig //============================================================ EXP_OPTION int checkDdocWrongDigests(const SignedDoc* pSigDoc); +EXP_OPTION int validateElementPath(XmlElemInfo* pElem); #ifdef __cplusplus } diff --git a/libdigidoc/cdigidoc.c b/libdigidoc/cdigidoc.c index 49e0988..502ad94 100644 --- a/libdigidoc/cdigidoc.c +++ b/libdigidoc/cdigidoc.c @@ -69,6 +69,7 @@ char* g_szProgNameVer = "cdigidoc/"DIGIDOC_VERSION; //==========< forward defs >======================== void printErrorsAndWarnings(SignedDoc* pSigDoc); +int isWarning(SignedDoc* pSigDoc, int nErrCd); //==========< helper functions for argument handling >==================== diff --git a/prepare_win_build_environment.ps1 b/prepare_win_build_environment.ps1 index 92e883e..d681f7c 100644 --- a/prepare_win_build_environment.ps1 +++ b/prepare_win_build_environment.ps1 @@ -1,12 +1,11 @@ #powershell -ExecutionPolicy ByPass -File prepare_win_build_environment.ps1 [-openssl] [-libxml2] [-zlib] param( [string]$target = "C:\build", - [string]$msbuild = "C:\Program Files (x86)\MSBuild\12.0\Bin\MSBuild.exe", [string]$7zip = "C:\Program Files\7-Zip\7z.exe", [string]$cmake = "C:\Program Files (x86)\CMake\bin\cmake.exe", - [string]$vcvars = "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\vcvarsall.bat", #$env:VCINSTALLDIR + [string]$vcvars = "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat", [string]$opensslver = "openssl-1.0.2e", - [string]$libxml2ver = "libxml2-2.9.3", + [string]$libxml2ver = "libxml2-2.9.9", [string]$zlibver = "zlib-1.2.8", [switch]$openssl = $false, [switch]$libxml2 = $false, @@ -43,20 +42,16 @@ function libxml2() { $client.DownloadFile("http://xmlsoft.org/sources/$libxml2ver.tar.gz", "$target\$libxml2ver.tar.gz") & $7zip x "$libxml2ver.tar.gz" & $7zip x "$libxml2ver.tar" - Push-Location -Path "$libxml2ver\win32" & cscript configure.js iconv=no iso8859x=yes "prefix=$target\libxml2\x86" & $vcvars x86 "&&" nmake -f Makefile.msvc install Pop-Location Remove-Item $libxml2ver -Force -Recurse - & $7zip x "$libxml2ver.tar" - foreach($item in $shell.NameSpace("$libdigidoc\$libxml2ver-patches.zip").items()) { - $shell.Namespace($target).CopyHere($item,0x14) - } + & $7zip x "$libxml2ver.tar" Push-Location -Path "$libxml2ver\win32" & cscript configure.js iconv=no iso8859x=yes "prefix=$target\libxml2\x64" - & $vcvars x86_amd64 "&&" nmake -f Makefile.msvc install + & $vcvars x64 "&&" nmake -f Makefile.msvc install Pop-Location Remove-Item $libxml2ver -Force -Recurse Remove-Item "$libxml2ver.tar" -Force -Recurse |