Skip to content

Commit

Permalink
Upgrade openssl 1.1.1m and fix crash with new openssl version (#453)
Browse files Browse the repository at this point in the history 
Fixes #452, IB-7265

Signed-off-by: Raul Metsma <raul@metsma.ee>
  • Loading branch information
@metsma
metsma authored Jan 20, 2022
1 parent 3e94fc8 commit 42a8cfd
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 19 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ jobs:
"zlib:x64-windows-v${{ matrix.toolset }}"
"boost-test:x86-windows-v${{ matrix.toolset }}"
"boost-test:x64-windows-v${{ matrix.toolset }}"
vcpkgGitCommitId: 30465138ef7facf1d4c1aa8a06dd62ceb71cc2eb
vcpkgGitCommitId: 291b84e651bc21d90088394139097f9a5396cc00
- name: Install dependencies
run: choco install doxygen.install swig -y > $null
- name: Build xsd
Expand Down
12 changes: 6 additions & 6 deletions build-library.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ if [ "$#" -eq 0 ]; then
echo " target: osx ios iossimulator androidarm androidarm64 androidx86 androidx86_64"
echo "To control iOS, macOS builds set environment variables:"
echo " minimum deployment target"
echo " - MACOSX_DEPLOYMENT_TARGET=10.11"
echo " - IPHONEOS_DEPLOYMENT_TARGET=9.0"
echo " - MACOSX_DEPLOYMENT_TARGET=10.14"
echo " - IPHONEOS_DEPLOYMENT_TARGET=12.0"
echo " archs to build on macOS/iOS"
echo " - ARCHS=\"x86_64 arm64\" (macOS)"
echo " - ARCHS=\"armv7 arm64\" (iOS)"
echo " - ARCHS=\"arm64\" (iOS)"
echo " - ARCHS=\"x86_64\" (iPhoneSimulator)"
exit
fi
Expand Down Expand Up @@ -59,11 +59,11 @@ case "$@" in
*)
echo "Building for iOS"
TARGET=iphoneos
: ${ARCHS:="armv7 arm64"}
: ${ARCHS:="arm64"}
;;
esac
TARGET_PATH=/Library/libdigidocpp.${TARGET}
: ${IPHONEOS_DEPLOYMENT_TARGET:="9.0"}
: ${IPHONEOS_DEPLOYMENT_TARGET:="12.0"}
export IPHONEOS_DEPLOYMENT_TARGET
CMAKEARGS="
-DCMAKE_C_COMPILER_WORKS=yes \
Expand All @@ -83,7 +83,7 @@ case "$@" in
TARGET=macOS
TARGET_PATH=/Library/libdigidocpp
: ${ARCHS:="x86_64 arm64"}
: ${MACOSX_DEPLOYMENT_TARGET:="10.13"}
: ${MACOSX_DEPLOYMENT_TARGET:="10.14"}
export MACOSX_DEPLOYMENT_TARGET
esac

Expand Down
16 changes: 8 additions & 8 deletions prepare_osx_build_environment.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ XERCES_DIR=xerces-c-3.2.3
XALAN_DIR=xalan_c-1.12
XMLSEC_DIR=xml-security-c-2.0.4
XSD=xsd-4.0.0-i686-macosx
OPENSSL_DIR=openssl-1.1.1l
OPENSSL_DIR=openssl-1.1.1m
LIBXML2_DIR=libxml2-2.9.10
ANDROID_NDK=android-ndk-r21e
FREETYPE_DIR=freetype-2.10.1
Expand Down Expand Up @@ -77,7 +77,7 @@ case "$@" in
CONFIGURE="--host=arm-apple-darwin --enable-static --disable-shared --disable-dependency-tracking"
SYSROOT=$(xcrun -sdk iphonesimulator --show-sdk-path)
: ${ARCHS:="x86_64"}
: ${IPHONEOS_DEPLOYMENT_TARGET:="9.0"}
: ${IPHONEOS_DEPLOYMENT_TARGET:="12.0"}
export IPHONEOS_DEPLOYMENT_TARGET
export CFLAGS="-arch ${ARCHS// / -arch } -isysroot ${SYSROOT}"
export CXXFLAGS="${CFLAGS} -std=gnu++11 -Wno-null-conversion"
Expand All @@ -87,8 +87,8 @@ case "$@" in
TARGET_PATH=/Library/libdigidocpp.iphoneos
CONFIGURE="--host=arm-apple-darwin --enable-static --disable-shared --disable-dependency-tracking"
SYSROOT=$(xcrun -sdk iphoneos --show-sdk-path)
: ${ARCHS:="armv7 arm64"}
: ${IPHONEOS_DEPLOYMENT_TARGET:="9.0"}
: ${ARCHS:="arm64"}
: ${IPHONEOS_DEPLOYMENT_TARGET:="12.0"}
export IPHONEOS_DEPLOYMENT_TARGET
export CFLAGS="-arch ${ARCHS// / -arch } -isysroot ${SYSROOT}"
export CXXFLAGS="${CFLAGS} -std=gnu++11 -Wno-null-conversion"
Expand All @@ -99,7 +99,7 @@ case "$@" in
CONFIGURE="--disable-static --enable-shared --disable-dependency-tracking"
SYSROOT=$(xcrun -sdk macosx --show-sdk-path)
: ${ARCHS:="x86_64 arm64"}
: ${MACOSX_DEPLOYMENT_TARGET:="10.13"}
: ${MACOSX_DEPLOYMENT_TARGET:="10.14"}
export MACOSX_DEPLOYMENT_TARGET
export CFLAGS="-arch ${ARCHS// / -arch } "
export CXXFLAGS="${CFLAGS} -std=gnu++11 -Wno-null-conversion"
Expand Down Expand Up @@ -433,10 +433,10 @@ case "$@" in
echo " tasks: xerces, xalan, openssl, xmlsec, xsd, all, help"
echo "To control iOS, macOS builds set environment variables:"
echo " minimum deployment target"
echo " - MACOSX_DEPLOYMENT_TARGET=10.11"
echo " - IPHONEOS_DEPLOYMENT_TARGET=9.0"
echo " - MACOSX_DEPLOYMENT_TARGET=10.14"
echo " - IPHONEOS_DEPLOYMENT_TARGET=12.0"
echo " archs to build on iOS"
echo " - ARCHS=\"armv7 arm64\" (iOS)"
echo " - ARCHS=\"arm64\" (iOS)"
echo " - ARCHS=\"x86_64\" (iPhoneSimulator)"
;;
esac
8 changes: 4 additions & 4 deletions src/crypto/TS.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ static void TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)

static void TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len)
{
OPENSSL_free(ctx->imprint);
ctx->imprint = hexstr;
ctx->imprint_len = unsigned(len);
}
Expand Down Expand Up @@ -257,11 +258,10 @@ void TS::verify(const Digest &digest)
{
SCOPE(TS_VERIFY_CTX, ctx, TS_VERIFY_CTX_new());
TS_VERIFY_CTX_set_flags(ctx.get(), TS_VFY_IMPRINT|TS_VFY_VERSION|TS_VFY_SIGNATURE);
TS_VERIFY_CTX_set_imprint(ctx.get(), data.data(), long(data.size()));
TS_VERIFY_CTX_set_imprint(ctx.get(),
(unsigned char*)OPENSSL_memdup(data.data(), data.size()), long(data.size()));
TS_VERIFY_CTX_set_store(ctx.get(), store.release());
int err = TS_RESP_verify_token(ctx.get(), d.get());
TS_VERIFY_CTX_set_imprint(ctx.get(), nullptr, 0); //Avoid CRYPTO_free
if(err != 1)
if(TS_RESP_verify_token(ctx.get(), d.get()) != 1)
{
unsigned long err = ERR_get_error();
if(ERR_GET_LIB(err) == ERR_LIB_TS && ERR_GET_REASON(err) == TS_R_CERTIFICATE_VERIFY_ERROR)
Expand Down

0 comments on commit 42a8cfd

Please sign in to comment.