summaryrefslogtreecommitdiff
path: root/libdigidoc
diff options
context:
space:
mode:
Diffstat (limited to 'libdigidoc')
-rw-r--r--libdigidoc/DigiDocCert.h4
-rw-r--r--libdigidoc/DigiDocCsp.c48
-rw-r--r--libdigidoc/DigiDocOCSP.c1
-rw-r--r--libdigidoc/DigiDocObj.c11
-rw-r--r--libdigidoc/DigiDocSAXParser.c1
-rw-r--r--libdigidoc/DigiDocSAXParser.h1
-rw-r--r--libdigidoc/DigiDocVerify.c21
-rw-r--r--libdigidoc/DigiDocVerify.h1
-rw-r--r--libdigidoc/cdigidoc.c1
9 files changed, 54 insertions, 35 deletions
diff --git a/libdigidoc/DigiDocCert.h b/libdigidoc/DigiDocCert.h
index 4fd86ff..da1982e 100644
--- a/libdigidoc/DigiDocCert.h
+++ b/libdigidoc/DigiDocCert.h
@@ -310,6 +310,10 @@ EXP_OPTION int verifyCertificateByOCSPWithIp(X509* pCert, const X509** caCerts,
//--------------------------------------------------
EXP_OPTION int readSubjectKeyIdentifier(X509* pCert, DigiDocMemBuf* pMemBuf);
+ EXP_OPTION int ddocCertGetDNPart(X509* pCert, DigiDocMemBuf* pMemBuf, int nNid, int bIssuer);
+
+ EXP_OPTION int ddocCertGetDN(X509* pCert, DigiDocMemBuf* pMemBuf, int bIssuer);
+
//================< deprecated functions> =================================
// these functions are deprecated. Use the replacements in DigiDocCert.h
// these functions will be removed in future releases!
diff --git a/libdigidoc/DigiDocCsp.c b/libdigidoc/DigiDocCsp.c
index ee0081b..248cd26 100644
--- a/libdigidoc/DigiDocCsp.c
+++ b/libdigidoc/DigiDocCsp.c
@@ -406,22 +406,20 @@ X509 *Digi_FindCertByResponse(StoreHandle *hStore, OCSP_RESPONSE *poResponse)
{
X509 *poX509 = NULL;
PCCERT_CONTEXT pCert = NULL;
- OCSP_RESPID *rid = NULL;
OCSP_BASICRESP *br = NULL;
- OCSP_RESPDATA *rd = NULL;
+ const X509_NAME *name = NULL;
int iLen;
char sCN[255];
if (poResponse != NULL) {
if ((br = OCSP_response_get1_basic(poResponse)) == NULL)
- return(poX509);
- rd = br->tbsResponseData;
- rid = rd->responderId;
- if (rid->type != V_OCSP_RESPID_NAME) {
- if(br) OCSP_BASICRESP_free(br);
- return(poX509);
- }
- iLen = X509_NAME_get_text_by_NID(rid->value.byName,NID_commonName,sCN,sizeof(sCN));
+ return(poX509);
+ OCSP_resp_get0_id(br, NULL, &name);
+ if (!name) {
+ if(br) OCSP_BASICRESP_free(br);
+ return(poX509);
+ }
+ iLen = X509_NAME_get_text_by_NID(name,NID_commonName,sCN,sizeof(sCN));
if (iLen > 0) //VS: 18.03.2006 - use only currently valid cert for new notary
pCert = Digi_FindCertBySubject(hStore, sCN, TRUE, 0, TRUE);
if(pCert != NULL)
@@ -437,22 +435,20 @@ X509 *Digi_FindCertByResponse(StoreHandle *hStore, OCSP_RESPONSE *poResponse)
//Added by AA 09/10/2003
BOOL Digi_CheckResponderCertByResponse(X509 *poX509Responder, OCSP_RESPONSE *poResponse)
{
-BOOL fRes = FALSE;
-OCSP_RESPID *rid = NULL;
-OCSP_BASICRESP *br = NULL;
-OCSP_RESPDATA *rd = NULL;
-int iLen;
-char sCNResp[255];
-char sCNCert[255];
-if (poResponse != NULL)
- {
- if ((br = OCSP_response_get1_basic(poResponse)) == NULL)
- return(fRes);
- rd = br->tbsResponseData;
- rid = rd->responderId;
- if (rid->type != V_OCSP_RESPID_NAME)
- return(fRes);
- iLen = X509_NAME_get_text_by_NID(rid->value.byName,NID_commonName,sCNResp,sizeof(sCNResp));
+ BOOL fRes = FALSE;
+ OCSP_BASICRESP *br = NULL;
+ const X509_NAME *name = NULL;
+ int iLen;
+ char sCNResp[255];
+ char sCNCert[255];
+ if (poResponse != NULL)
+ {
+ if ((br = OCSP_response_get1_basic(poResponse)) == NULL)
+ return(fRes);
+ OCSP_resp_get0_id(br, NULL, &name);
+ if (!name)
+ return(fRes);
+ iLen = X509_NAME_get_text_by_NID(name,NID_commonName,sCNResp,sizeof(sCNResp));
if (iLen > 0)
{
iLen = X509_NAME_get_text_by_NID(X509_get_subject_name(poX509Responder),NID_commonName, sCNCert,sizeof(sCNCert));
diff --git a/libdigidoc/DigiDocOCSP.c b/libdigidoc/DigiDocOCSP.c
index 5c48aac..f8cba0a 100644
--- a/libdigidoc/DigiDocOCSP.c
+++ b/libdigidoc/DigiDocOCSP.c
@@ -42,6 +42,7 @@
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <ctype.h>
+#include <string.h>
#ifdef FRAMEWORK
#ifdef __APPLE__
diff --git a/libdigidoc/DigiDocObj.c b/libdigidoc/DigiDocObj.c
index 6dba29f..204a7ce 100644
--- a/libdigidoc/DigiDocObj.c
+++ b/libdigidoc/DigiDocObj.c
@@ -50,6 +50,8 @@ static int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING *
{
*pid = NULL;
*pname = NULL;
+ if(!bs || !bs->tbsResponseData)
+ return 0;
const OCSP_RESPID *rid = bs->tbsResponseData->responderId;
if (rid->type == V_OCSP_RESPID_NAME)
*pname = rid->value.byName;
@@ -62,17 +64,17 @@ static int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING *
static const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs)
{
- return bs->tbsResponseData->producedAt;
+ return bs && bs->tbsResponseData ? bs->tbsResponseData->producedAt : NULL;
}
static const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
{
- return single->certId;
+ return single ? single->certId : NULL;
}
static const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
{
- return bs->signature;
+ return bs ? bs->signature : NULL;
}
#endif
@@ -3959,7 +3961,8 @@ int ddocNotInfo_GetProducedAt_timet(const NotaryInfo* pNotary, time_t* pTime)
RETURN_IF_NULL_PARAM(pNotary);
RETURN_IF_NULL_PARAM(pTime);
err = ddocNotInfo_GetBasicResp(pNotary, &pResp, &br, NULL);
- producedAt = OCSP_resp_get0_produced_at(br);
+ if(br)
+ producedAt = OCSP_resp_get0_produced_at(br);
if(!err && br && producedAt) {
err = asn1time2time_t_local((ASN1_GENERALIZEDTIME*)producedAt, pTime);
}
diff --git a/libdigidoc/DigiDocSAXParser.c b/libdigidoc/DigiDocSAXParser.c
index 4aa46e9..d52e230 100644
--- a/libdigidoc/DigiDocSAXParser.c
+++ b/libdigidoc/DigiDocSAXParser.c
@@ -32,6 +32,7 @@
#include <libdigidoc/DigiDocOCSP.h>
#include <libdigidoc/DigiDocDfExtract.h>
#include <libdigidoc/DigiDocVerify.h>
+#include <libdigidoc/DigiDocGen.h>
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
diff --git a/libdigidoc/DigiDocSAXParser.h b/libdigidoc/DigiDocSAXParser.h
index aad2fc6..8871bac 100644
--- a/libdigidoc/DigiDocSAXParser.h
+++ b/libdigidoc/DigiDocSAXParser.h
@@ -94,6 +94,7 @@ EXP_OPTION int ddocReadNewSignaturesFromDdoc(SignedDoc* pSigDoc, const char* szF
//AM 13.03.2008
void decodeURI(const char* uri, char* id, int nIdLen, char* adr, int nAdrLen);
+EXP_OPTION int ddocAddSignatureFromMemory(SignedDoc* pSigDoc, const char* szFileName, const void* pSigBuf, int nSigLen);
#ifdef __cplusplus
diff --git a/libdigidoc/DigiDocVerify.c b/libdigidoc/DigiDocVerify.c
index 7a8e82b..60619fe 100644
--- a/libdigidoc/DigiDocVerify.c
+++ b/libdigidoc/DigiDocVerify.c
@@ -47,6 +47,8 @@
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
+#include <string.h>
+
#if OPENSSL_VERSION_NUMBER < 0x10010000L
static EVP_MD_CTX *EVP_MD_CTX_new()
{
@@ -60,12 +62,17 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
static const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
{
- return bs->signature;
+ return bs ? bs->signature : NULL;
}
static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
{
- return ctx->param;
+ return ctx ? ctx->param : NULL;
+}
+
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
+{
+ return single ? single->certId : NULL;
}
#endif
@@ -1405,7 +1412,7 @@ int verifyOcspCertId(OCSP_RESPONSE* pResp, X509* pCert, X509* pCaCert)
OCSP_BASICRESP *br = NULL;
OCSP_RESPDATA *rd = NULL;
OCSP_SINGLERESP *single = NULL;
- OCSP_CERTID *cid = NULL;
+ const OCSP_CERTID *cid = NULL;
int err = ERR_OK;
DigiDocMemBuf mbuf1, mbuf2, mbuf3;
ASN1_OCTET_STRING *issuerNameHash = NULL, *issuerKeyHash = NULL;
@@ -1427,9 +1434,13 @@ int verifyOcspCertId(OCSP_RESPONSE* pResp, X509* pCert, X509* pCaCert)
ddocDebug(4, "verifyOcspCertId", "for cert: %ld, cn: %s, ca: %s", X509_get_serialNumber(pCert), mbuf2.pMem, mbuf3.pMem);
ddocMemBuf_free(&mbuf2);
ddocMemBuf_free(&mbuf3);
- cid = OCSP_cert_to_id(EVP_sha1(), pCert, pCaCert);
+ if(OCSP_resp_count(br) != 1)
+ SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_ONE_RESPONSE);
+ single = OCSP_resp_get0(br, 0);
+ RETURN_IF_NULL(single);
+ cid = OCSP_SINGLERESP_get0_id(single);
RETURN_IF_NULL(cid);
- OCSP_id_get0_info(&issuerNameHash, NULL, &issuerKeyHash, &serialNumber, cid);
+ OCSP_id_get0_info(&issuerNameHash, NULL, &issuerKeyHash, &serialNumber, (OCSP_CERTID*)cid);
// check serial number
if(ASN1_INTEGER_cmp(serialNumber, X509_get_serialNumber(pCert)) != 0) {
ddocDebug(4, "verifyOcspCertId", "Looking for cert-nr: %ld buf found %ld",
diff --git a/libdigidoc/DigiDocVerify.h b/libdigidoc/DigiDocVerify.h
index 891e2b7..aed6328 100644
--- a/libdigidoc/DigiDocVerify.h
+++ b/libdigidoc/DigiDocVerify.h
@@ -168,6 +168,7 @@ EXP_OPTION int verifyEstIDSignature2(const byte* digest, int digestLen, int nDig
//============================================================
EXP_OPTION int checkDdocWrongDigests(const SignedDoc* pSigDoc);
+EXP_OPTION int validateElementPath(XmlElemInfo* pElem);
#ifdef __cplusplus
}
diff --git a/libdigidoc/cdigidoc.c b/libdigidoc/cdigidoc.c
index 49e0988..502ad94 100644
--- a/libdigidoc/cdigidoc.c
+++ b/libdigidoc/cdigidoc.c
@@ -69,6 +69,7 @@ char* g_szProgNameVer = "cdigidoc/"DIGIDOC_VERSION;
//==========< forward defs >========================
void printErrorsAndWarnings(SignedDoc* pSigDoc);
+int isWarning(SignedDoc* pSigDoc, int nErrCd);
//==========< helper functions for argument handling >====================
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-06 15:42:04 +0000