diff options
Diffstat (limited to 'libdigidoc')
-rw-r--r-- | libdigidoc/DigiDocCert.h | 4 | ||||
-rw-r--r-- | libdigidoc/DigiDocCsp.c | 48 | ||||
-rw-r--r-- | libdigidoc/DigiDocOCSP.c | 1 | ||||
-rw-r--r-- | libdigidoc/DigiDocObj.c | 11 | ||||
-rw-r--r-- | libdigidoc/DigiDocSAXParser.c | 1 | ||||
-rw-r--r-- | libdigidoc/DigiDocSAXParser.h | 1 | ||||
-rw-r--r-- | libdigidoc/DigiDocVerify.c | 21 | ||||
-rw-r--r-- | libdigidoc/DigiDocVerify.h | 1 | ||||
-rw-r--r-- | libdigidoc/cdigidoc.c | 1 |
9 files changed, 54 insertions, 35 deletions
diff --git a/libdigidoc/DigiDocCert.h b/libdigidoc/DigiDocCert.h index 4fd86ff..da1982e 100644 --- a/libdigidoc/DigiDocCert.h +++ b/libdigidoc/DigiDocCert.h @@ -310,6 +310,10 @@ EXP_OPTION int verifyCertificateByOCSPWithIp(X509* pCert, const X509** caCerts, //-------------------------------------------------- EXP_OPTION int readSubjectKeyIdentifier(X509* pCert, DigiDocMemBuf* pMemBuf); + EXP_OPTION int ddocCertGetDNPart(X509* pCert, DigiDocMemBuf* pMemBuf, int nNid, int bIssuer); + + EXP_OPTION int ddocCertGetDN(X509* pCert, DigiDocMemBuf* pMemBuf, int bIssuer); + //================< deprecated functions> ================================= // these functions are deprecated. Use the replacements in DigiDocCert.h // these functions will be removed in future releases! diff --git a/libdigidoc/DigiDocCsp.c b/libdigidoc/DigiDocCsp.c index ee0081b..248cd26 100644 --- a/libdigidoc/DigiDocCsp.c +++ b/libdigidoc/DigiDocCsp.c @@ -406,22 +406,20 @@ X509 *Digi_FindCertByResponse(StoreHandle *hStore, OCSP_RESPONSE *poResponse) { X509 *poX509 = NULL; PCCERT_CONTEXT pCert = NULL; - OCSP_RESPID *rid = NULL; OCSP_BASICRESP *br = NULL; - OCSP_RESPDATA *rd = NULL; + const X509_NAME *name = NULL; int iLen; char sCN[255]; if (poResponse != NULL) { if ((br = OCSP_response_get1_basic(poResponse)) == NULL) - return(poX509); - rd = br->tbsResponseData; - rid = rd->responderId; - if (rid->type != V_OCSP_RESPID_NAME) { - if(br) OCSP_BASICRESP_free(br); - return(poX509); - } - iLen = X509_NAME_get_text_by_NID(rid->value.byName,NID_commonName,sCN,sizeof(sCN)); + return(poX509); + OCSP_resp_get0_id(br, NULL, &name); + if (!name) { + if(br) OCSP_BASICRESP_free(br); + return(poX509); + } + iLen = X509_NAME_get_text_by_NID(name,NID_commonName,sCN,sizeof(sCN)); if (iLen > 0) //VS: 18.03.2006 - use only currently valid cert for new notary pCert = Digi_FindCertBySubject(hStore, sCN, TRUE, 0, TRUE); if(pCert != NULL) @@ -437,22 +435,20 @@ X509 *Digi_FindCertByResponse(StoreHandle *hStore, OCSP_RESPONSE *poResponse) //Added by AA 09/10/2003 BOOL Digi_CheckResponderCertByResponse(X509 *poX509Responder, OCSP_RESPONSE *poResponse) { -BOOL fRes = FALSE; -OCSP_RESPID *rid = NULL; -OCSP_BASICRESP *br = NULL; -OCSP_RESPDATA *rd = NULL; -int iLen; -char sCNResp[255]; -char sCNCert[255]; -if (poResponse != NULL) - { - if ((br = OCSP_response_get1_basic(poResponse)) == NULL) - return(fRes); - rd = br->tbsResponseData; - rid = rd->responderId; - if (rid->type != V_OCSP_RESPID_NAME) - return(fRes); - iLen = X509_NAME_get_text_by_NID(rid->value.byName,NID_commonName,sCNResp,sizeof(sCNResp)); + BOOL fRes = FALSE; + OCSP_BASICRESP *br = NULL; + const X509_NAME *name = NULL; + int iLen; + char sCNResp[255]; + char sCNCert[255]; + if (poResponse != NULL) + { + if ((br = OCSP_response_get1_basic(poResponse)) == NULL) + return(fRes); + OCSP_resp_get0_id(br, NULL, &name); + if (!name) + return(fRes); + iLen = X509_NAME_get_text_by_NID(name,NID_commonName,sCNResp,sizeof(sCNResp)); if (iLen > 0) { iLen = X509_NAME_get_text_by_NID(X509_get_subject_name(poX509Responder),NID_commonName, sCNCert,sizeof(sCNCert)); diff --git a/libdigidoc/DigiDocOCSP.c b/libdigidoc/DigiDocOCSP.c index 5c48aac..f8cba0a 100644 --- a/libdigidoc/DigiDocOCSP.c +++ b/libdigidoc/DigiDocOCSP.c @@ -42,6 +42,7 @@ #include <openssl/pkcs12.h> #include <openssl/rand.h> #include <ctype.h> +#include <string.h> #ifdef FRAMEWORK #ifdef __APPLE__ diff --git a/libdigidoc/DigiDocObj.c b/libdigidoc/DigiDocObj.c index 6dba29f..204a7ce 100644 --- a/libdigidoc/DigiDocObj.c +++ b/libdigidoc/DigiDocObj.c @@ -50,6 +50,8 @@ static int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING * { *pid = NULL; *pname = NULL; + if(!bs || !bs->tbsResponseData) + return 0; const OCSP_RESPID *rid = bs->tbsResponseData->responderId; if (rid->type == V_OCSP_RESPID_NAME) *pname = rid->value.byName; @@ -62,17 +64,17 @@ static int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING * static const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs) { - return bs->tbsResponseData->producedAt; + return bs && bs->tbsResponseData ? bs->tbsResponseData->producedAt : NULL; } static const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) { - return single->certId; + return single ? single->certId : NULL; } static const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) { - return bs->signature; + return bs ? bs->signature : NULL; } #endif @@ -3959,7 +3961,8 @@ int ddocNotInfo_GetProducedAt_timet(const NotaryInfo* pNotary, time_t* pTime) RETURN_IF_NULL_PARAM(pNotary); RETURN_IF_NULL_PARAM(pTime); err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, NULL); - producedAt = OCSP_resp_get0_produced_at(br); + if(br) + producedAt = OCSP_resp_get0_produced_at(br); if(!err && br && producedAt) { err = asn1time2time_t_local((ASN1_GENERALIZEDTIME*)producedAt, pTime); } diff --git a/libdigidoc/DigiDocSAXParser.c b/libdigidoc/DigiDocSAXParser.c index 4aa46e9..d52e230 100644 --- a/libdigidoc/DigiDocSAXParser.c +++ b/libdigidoc/DigiDocSAXParser.c @@ -32,6 +32,7 @@ #include <libdigidoc/DigiDocOCSP.h> #include <libdigidoc/DigiDocDfExtract.h> #include <libdigidoc/DigiDocVerify.h> +#include <libdigidoc/DigiDocGen.h> #include <stdio.h> #include <stdlib.h> #include <memory.h> diff --git a/libdigidoc/DigiDocSAXParser.h b/libdigidoc/DigiDocSAXParser.h index aad2fc6..8871bac 100644 --- a/libdigidoc/DigiDocSAXParser.h +++ b/libdigidoc/DigiDocSAXParser.h @@ -94,6 +94,7 @@ EXP_OPTION int ddocReadNewSignaturesFromDdoc(SignedDoc* pSigDoc, const char* szF //AM 13.03.2008 void decodeURI(const char* uri, char* id, int nIdLen, char* adr, int nAdrLen); +EXP_OPTION int ddocAddSignatureFromMemory(SignedDoc* pSigDoc, const char* szFileName, const void* pSigBuf, int nSigLen); #ifdef __cplusplus diff --git a/libdigidoc/DigiDocVerify.c b/libdigidoc/DigiDocVerify.c index 7a8e82b..60619fe 100644 --- a/libdigidoc/DigiDocVerify.c +++ b/libdigidoc/DigiDocVerify.c @@ -47,6 +47,8 @@ #include <openssl/pkcs12.h> #include <openssl/rand.h> +#include <string.h> + #if OPENSSL_VERSION_NUMBER < 0x10010000L static EVP_MD_CTX *EVP_MD_CTX_new() { @@ -60,12 +62,17 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) static const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) { - return bs->signature; + return bs ? bs->signature : NULL; } static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx) { - return ctx->param; + return ctx ? ctx->param : NULL; +} + +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) +{ + return single ? single->certId : NULL; } #endif @@ -1405,7 +1412,7 @@ int verifyOcspCertId(OCSP_RESPONSE* pResp, X509* pCert, X509* pCaCert) OCSP_BASICRESP *br = NULL; OCSP_RESPDATA *rd = NULL; OCSP_SINGLERESP *single = NULL; - OCSP_CERTID *cid = NULL; + const OCSP_CERTID *cid = NULL; int err = ERR_OK; DigiDocMemBuf mbuf1, mbuf2, mbuf3; ASN1_OCTET_STRING *issuerNameHash = NULL, *issuerKeyHash = NULL; @@ -1427,9 +1434,13 @@ int verifyOcspCertId(OCSP_RESPONSE* pResp, X509* pCert, X509* pCaCert) ddocDebug(4, "verifyOcspCertId", "for cert: %ld, cn: %s, ca: %s", X509_get_serialNumber(pCert), mbuf2.pMem, mbuf3.pMem); ddocMemBuf_free(&mbuf2); ddocMemBuf_free(&mbuf3); - cid = OCSP_cert_to_id(EVP_sha1(), pCert, pCaCert); + if(OCSP_resp_count(br) != 1) + SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_ONE_RESPONSE); + single = OCSP_resp_get0(br, 0); + RETURN_IF_NULL(single); + cid = OCSP_SINGLERESP_get0_id(single); RETURN_IF_NULL(cid); - OCSP_id_get0_info(&issuerNameHash, NULL, &issuerKeyHash, &serialNumber, cid); + OCSP_id_get0_info(&issuerNameHash, NULL, &issuerKeyHash, &serialNumber, (OCSP_CERTID*)cid); // check serial number if(ASN1_INTEGER_cmp(serialNumber, X509_get_serialNumber(pCert)) != 0) { ddocDebug(4, "verifyOcspCertId", "Looking for cert-nr: %ld buf found %ld", diff --git a/libdigidoc/DigiDocVerify.h b/libdigidoc/DigiDocVerify.h index 891e2b7..aed6328 100644 --- a/libdigidoc/DigiDocVerify.h +++ b/libdigidoc/DigiDocVerify.h @@ -168,6 +168,7 @@ EXP_OPTION int verifyEstIDSignature2(const byte* digest, int digestLen, int nDig //============================================================ EXP_OPTION int checkDdocWrongDigests(const SignedDoc* pSigDoc); +EXP_OPTION int validateElementPath(XmlElemInfo* pElem); #ifdef __cplusplus } diff --git a/libdigidoc/cdigidoc.c b/libdigidoc/cdigidoc.c index 49e0988..502ad94 100644 --- a/libdigidoc/cdigidoc.c +++ b/libdigidoc/cdigidoc.c @@ -69,6 +69,7 @@ char* g_szProgNameVer = "cdigidoc/"DIGIDOC_VERSION; //==========< forward defs >======================== void printErrorsAndWarnings(SignedDoc* pSigDoc); +int isWarning(SignedDoc* pSigDoc, int nErrCd); //==========< helper functions for argument handling >==================== |