diff options
Diffstat (limited to 'libdigidoc/DigiDocObj.c')
-rw-r--r-- | libdigidoc/DigiDocObj.c | 150 |
1 files changed, 107 insertions, 43 deletions
diff --git a/libdigidoc/DigiDocObj.c b/libdigidoc/DigiDocObj.c index 4845f3e..6dba29f 100644 --- a/libdigidoc/DigiDocObj.c +++ b/libdigidoc/DigiDocObj.c @@ -35,6 +35,47 @@ #include <openssl/evp.h> #include <openssl/err.h> +#if OPENSSL_VERSION_NUMBER < 0x10010000L +static EVP_MD_CTX *EVP_MD_CTX_new() +{ + return (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX)); +} + +static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + OPENSSL_free(ctx); +} + +static int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname) +{ + *pid = NULL; + *pname = NULL; + const OCSP_RESPID *rid = bs->tbsResponseData->responderId; + if (rid->type == V_OCSP_RESPID_NAME) + *pname = rid->value.byName; + else if (rid->type == V_OCSP_RESPID_KEY) + *pid = rid->value.byKey; + else + return 0; + return 1; +} + +static const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs) +{ + return bs->tbsResponseData->producedAt; +} + +static const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) +{ + return single->certId; +} + +static const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) +{ + return bs->signature; +} +#endif + //============================================================ // Sets a string element of a struct to a new value // dest - element pointer @@ -3699,28 +3740,26 @@ int ddocGetOcspRespIdTypeAndValue(OCSP_RESPONSE* pResp, int err = ERR_OK; OCSP_BASICRESP *br = NULL; + const X509_NAME *name = NULL; + const ASN1_OCTET_STRING *id = NULL; RETURN_IF_NULL_PARAM(pResp); RETURN_IF_NULL_PARAM(pType); RETURN_IF_NULL_PARAM(pMbufRespId); if((br = OCSP_response_get1_basic(pResp)) == NULL) SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_NO_BASIC_RESP); if(!err && br) { - switch(br->tbsResponseData->responderId->type) { - case V_OCSP_RESPID_NAME: - *pType = RESPID_NAME_TYPE; - ddocMemSetLength(pMbufRespId, 300); + OCSP_resp_get0_id(br, &id, &name); + if(name) { + *pType = RESPID_NAME_TYPE; + ddocMemSetLength(pMbufRespId, 300); //X509_NAME_oneline(br->tbsResponseData->responderId->value.byName, (char*)pMbufRespId->pMem, pMbufRespId->nLen); //AM 26.09.08 - err = ddocCertGetDNFromName(br->tbsResponseData->responderId->value.byName, pMbufRespId); + err = ddocCertGetDNFromName((X509_NAME*)name, pMbufRespId); //RETURN_IF_NOT(err == ERR_OK, err); - break; - case V_OCSP_RESPID_KEY: - *pType = RESPID_KEY_TYPE; - err = ddocMemAssignData(pMbufRespId, - (const char*)br->tbsResponseData->responderId->value.byKey->data, - br->tbsResponseData->responderId->value.byKey->length); - break; - default: + } else if(id) { + *pType = RESPID_KEY_TYPE; + err = ddocMemAssignData(pMbufRespId, (const char*)id->data, id->length); + } else { SET_LAST_ERROR(ERR_OCSP_WRONG_RESPID); } } @@ -3800,7 +3839,7 @@ int ddocNotInfo_GetBasicResp(const NotaryInfo* pNotary, OCSP_RESPONSE **ppResp, *ppBasResp = OCSP_response_get1_basic(*ppResp); if(*ppBasResp) { if(ppSingle) - *ppSingle = sk_OCSP_SINGLERESP_value((*ppBasResp)->tbsResponseData->responses, 0); + *ppSingle = OCSP_resp_get0(*ppBasResp, 0); } else return ERR_OCSP_NO_BASIC_RESP; @@ -3818,17 +3857,20 @@ EXP_OPTION const char* ddocNotInfo_GetResponderId_Type(const NotaryInfo* pNotary int err = ERR_OK; OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; + const ASN1_OCTET_STRING *id = NULL; + const X509_NAME *name = NULL; char *p1 = RESPID_NAME_VALUE; // default value is name - usefull in format 1.0 where we had no good OCSP response RETURN_OBJ_IF_NULL(pNotary, NULL); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, NULL); if(!err && br) { - switch(br->tbsResponseData->responderId->type) { - case V_OCSP_RESPID_NAME: p1 = RESPID_NAME_VALUE; break; - case V_OCSP_RESPID_KEY: p1 = RESPID_KEY_VALUE; break; - default: + OCSP_resp_get0_id(br, &id, &name); + if(name) + p1 = RESPID_NAME_VALUE; + else if(id) + p1 = RESPID_KEY_VALUE; + else SET_LAST_ERROR(ERR_OCSP_WRONG_RESPID); - } } if(pResp) OCSP_RESPONSE_free(pResp); @@ -3850,15 +3892,17 @@ EXP_OPTION int ddocNotInfo_GetThisUpdate(const NotaryInfo* pNotary, DigiDocMemBu OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; OCSP_SINGLERESP *single = NULL; + ASN1_GENERALIZEDTIME *thisUpdate = NULL; RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pMBuf); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, &single); if(!err && br && single) { err = ddocMemSetLength(pMBuf, 50); - ddocDebug(3, "ddocNotInfo_GetThisUpdate", "This update: %s", single->thisUpdate); - if(!err && single->thisUpdate) - err = asn1time2str(NULL, single->thisUpdate, (char*)pMBuf->pMem, pMBuf->nLen); + OCSP_single_get0_status(single, NULL, NULL, &thisUpdate, NULL); + ddocDebug(3, "ddocNotInfo_GetThisUpdate", "This update: %s", thisUpdate); + if(!err && thisUpdate) + err = asn1time2str(NULL, thisUpdate, (char*)pMBuf->pMem, pMBuf->nLen); } if(pResp) OCSP_RESPONSE_free(pResp); @@ -3881,13 +3925,15 @@ int ddocNotInfo_GetThisUpdate_timet(const NotaryInfo* pNotary, time_t* pTime) OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; OCSP_SINGLERESP *single = NULL; + ASN1_GENERALIZEDTIME *thisUpdate = NULL; RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pTime); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, &single); if(!err && br && single) { - if(!err && single->thisUpdate) - err = asn1time2time_t_local(single->thisUpdate, pTime); + OCSP_single_get0_status(single, NULL, NULL, &thisUpdate, NULL); + if(!err && thisUpdate) + err = asn1time2time_t_local(thisUpdate, pTime); } if(pResp) OCSP_RESPONSE_free(pResp); @@ -3908,13 +3954,14 @@ int ddocNotInfo_GetProducedAt_timet(const NotaryInfo* pNotary, time_t* pTime) int err = ERR_OK; OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; - + const ASN1_GENERALIZEDTIME *producedAt = NULL; RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pTime); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, NULL); - if(!err && br && br->tbsResponseData && br->tbsResponseData->producedAt) { - err = asn1time2time_t_local(br->tbsResponseData->producedAt, pTime); + producedAt = OCSP_resp_get0_produced_at(br); + if(!err && br && producedAt) { + err = asn1time2time_t_local((ASN1_GENERALIZEDTIME*)producedAt, pTime); } //AM 22.06.08 lets free br too if(br) @@ -3954,14 +4001,16 @@ EXP_OPTION int ddocNotInfo_GetNextUpdate(const NotaryInfo* pNotary, DigiDocMemBu OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; OCSP_SINGLERESP *single = NULL; + ASN1_GENERALIZEDTIME *nextUpdate = NULL; RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pMBuf); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, &single); if(!err && br && single) { err = ddocMemSetLength(pMBuf, 50); - if(!err && single->nextUpdate) - err = asn1time2str(NULL, single->nextUpdate, (char*)pMBuf->pMem, pMBuf->nLen); + OCSP_single_get0_status(single, NULL, NULL, NULL, &nextUpdate); + if(!err && nextUpdate) + err = asn1time2str(NULL, nextUpdate, (char*)pMBuf->pMem, pMBuf->nLen); } if(pResp) OCSP_RESPONSE_free(pResp); @@ -3983,13 +4032,17 @@ int ddocNotInfo_GetIssuerNameHash(const NotaryInfo* pNotary, DigiDocMemBuf* pMBu OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; OCSP_SINGLERESP *single = NULL; + ASN1_OCTET_STRING *issuerNameHash = NULL; + const OCSP_CERTID *cid = NULL; RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pMBuf); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, &single); - if(!err && br && single->certId) { - err = ddocMemAssignData(pMBuf, (const char*)single->certId->issuerNameHash->data, - single->certId->issuerNameHash->length); + if(!err && br) { + cid = OCSP_SINGLERESP_get0_id(OCSP_resp_get0(br, 0)); + OCSP_id_get0_info(&issuerNameHash, NULL, NULL, NULL, (OCSP_CERTID*)cid); + err = ddocMemAssignData(pMBuf, (const char*)issuerNameHash->data, + issuerNameHash->length); } if(pResp) OCSP_RESPONSE_free(pResp); @@ -4011,13 +4064,18 @@ int ddocNotInfo_GetIssuerKeyHash(const NotaryInfo* pNotary, DigiDocMemBuf* pMBuf OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; OCSP_SINGLERESP *single = NULL; + ASN1_OCTET_STRING *issuerKeyHash = NULL; + const OCSP_CERTID *cid = NULL; RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pMBuf); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, &single); - if(!err && br && single->certId) { - err = ddocMemAssignData(pMBuf, (const char*)single->certId->issuerKeyHash->data, - single->certId->issuerKeyHash->length); + + if(!err && br) { + cid = OCSP_SINGLERESP_get0_id(OCSP_resp_get0(br, 0)); + OCSP_id_get0_info(NULL, NULL, &issuerKeyHash, NULL, (OCSP_CERTID*)cid); + err = ddocMemAssignData(pMBuf, (const char*)issuerKeyHash->data, + issuerKeyHash->length); } if(pResp) OCSP_RESPONSE_free(pResp); @@ -4040,6 +4098,7 @@ int ddocNotInfo_GetOcspRealDigest(const SignedDoc* pSigDoc, const NotaryInfo* pN OCSP_BASICRESP *br = NULL; OCSP_SINGLERESP *single = NULL; X509_EXTENSION *ext = NULL; + ASN1_OCTET_STRING *value = NULL; byte* p = 0, buf2[DIGEST_LEN256 * 2 + 2]; RETURN_IF_NULL_PARAM(pNotary); @@ -4051,8 +4110,9 @@ int ddocNotInfo_GetOcspRealDigest(const SignedDoc* pSigDoc, const NotaryInfo* pN if(nIdx >= 0) { ext = OCSP_BASICRESP_get_ext(br, nIdx); if(ext != NULL) { - int l1 = ASN1_STRING_length(ext->value); - p = ASN1_STRING_data(ext->value); + value = X509_EXTENSION_get_data(ext); + int l1 = ASN1_STRING_length(value); + p = ASN1_STRING_data(value); if(l1 > 20 && p[0] == V_ASN1_OCTET_STRING && p[1] == l1-2) err = ddocMemAssignData(pMBuf, (const char*)p+2, l1-2); else @@ -4093,13 +4153,15 @@ int ddocNotInfo_GetOcspSignatureValue(const NotaryInfo* pNotary, DigiDocMemBuf* int err = ERR_OK; OCSP_RESPONSE *pResp = 0; OCSP_BASICRESP *br = NULL; + const ASN1_OCTET_STRING *signature = NULL; RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pMBuf); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, NULL); if(!err && br) { - err = ddocMemAssignData(pMBuf, (const char*)br->signature->data, - br->signature->length); + signature = OCSP_resp_get0_signature(br); + err = ddocMemAssignData(pMBuf, (const char*)signature->data, + signature->length); } if(pResp) OCSP_RESPONSE_free(pResp); @@ -4328,7 +4390,7 @@ EXP_OPTION int calculateSignatureWithPkcs12(SignedDoc* pSigDoc, SignatureInfo* p int l2; EVP_PKEY *pkey = 0; X509* x509 = 0; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; DigiDocMemBuf mbuf1; RETURN_IF_NULL_PARAM(pSigInfo); @@ -4397,9 +4459,11 @@ EXP_OPTION int calculateSignatureWithPkcs12(SignedDoc* pSigDoc, SignatureInfo* p sigLen = sizeof(signature); memset(signature, 0, sizeof(signature)); // sign data - EVP_SignInit(&ctx, EVP_sha1()); - EVP_SignUpdate(&ctx, buf1, (unsigned long)strlen(buf1)); - err = EVP_SignFinal(&ctx, signature, &sigLen, pkey); + ctx = EVP_MD_CTX_new(); + EVP_SignInit(ctx, EVP_sha1()); + EVP_SignUpdate(ctx, buf1, (unsigned long)strlen(buf1)); + err = EVP_SignFinal(ctx, signature, &sigLen, pkey); + EVP_MD_CTX_free(ctx); free(buf1); if(err == ERR_LIB_NONE) err = ERR_OK; |