diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fa3dd2a4c..e94740623 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -165,7 +165,7 @@ jobs: "zlib:x64-windows-v${{ matrix.toolset }}" "boost-test:x86-windows-v${{ matrix.toolset }}" "boost-test:x64-windows-v${{ matrix.toolset }}" - vcpkgGitCommitId: 30465138ef7facf1d4c1aa8a06dd62ceb71cc2eb + vcpkgGitCommitId: 291b84e651bc21d90088394139097f9a5396cc00 - name: Install dependencies run: choco install doxygen.install swig -y > $null - name: Build xsd diff --git a/build-library.sh b/build-library.sh index 47b9b0375..84f626f48 100755 --- a/build-library.sh +++ b/build-library.sh @@ -8,11 +8,11 @@ if [ "$#" -eq 0 ]; then echo " target: osx ios iossimulator androidarm androidarm64 androidx86 androidx86_64" echo "To control iOS, macOS builds set environment variables:" echo " minimum deployment target" - echo " - MACOSX_DEPLOYMENT_TARGET=10.11" - echo " - IPHONEOS_DEPLOYMENT_TARGET=9.0" + echo " - MACOSX_DEPLOYMENT_TARGET=10.14" + echo " - IPHONEOS_DEPLOYMENT_TARGET=12.0" echo " archs to build on macOS/iOS" echo " - ARCHS=\"x86_64 arm64\" (macOS)" - echo " - ARCHS=\"armv7 arm64\" (iOS)" + echo " - ARCHS=\"arm64\" (iOS)" echo " - ARCHS=\"x86_64\" (iPhoneSimulator)" exit fi @@ -59,11 +59,11 @@ case "$@" in *) echo "Building for iOS" TARGET=iphoneos - : ${ARCHS:="armv7 arm64"} + : ${ARCHS:="arm64"} ;; esac TARGET_PATH=/Library/libdigidocpp.${TARGET} - : ${IPHONEOS_DEPLOYMENT_TARGET:="9.0"} + : ${IPHONEOS_DEPLOYMENT_TARGET:="12.0"} export IPHONEOS_DEPLOYMENT_TARGET CMAKEARGS=" -DCMAKE_C_COMPILER_WORKS=yes \ @@ -83,7 +83,7 @@ case "$@" in TARGET=macOS TARGET_PATH=/Library/libdigidocpp : ${ARCHS:="x86_64 arm64"} - : ${MACOSX_DEPLOYMENT_TARGET:="10.13"} + : ${MACOSX_DEPLOYMENT_TARGET:="10.14"} export MACOSX_DEPLOYMENT_TARGET esac diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh index 738b223d4..8d9a9a264 100755 --- a/prepare_osx_build_environment.sh +++ b/prepare_osx_build_environment.sh @@ -5,7 +5,7 @@ XERCES_DIR=xerces-c-3.2.3 XALAN_DIR=xalan_c-1.12 XMLSEC_DIR=xml-security-c-2.0.4 XSD=xsd-4.0.0-i686-macosx -OPENSSL_DIR=openssl-1.1.1l +OPENSSL_DIR=openssl-1.1.1m LIBXML2_DIR=libxml2-2.9.10 ANDROID_NDK=android-ndk-r21e FREETYPE_DIR=freetype-2.10.1 @@ -77,7 +77,7 @@ case "$@" in CONFIGURE="--host=arm-apple-darwin --enable-static --disable-shared --disable-dependency-tracking" SYSROOT=$(xcrun -sdk iphonesimulator --show-sdk-path) : ${ARCHS:="x86_64"} - : ${IPHONEOS_DEPLOYMENT_TARGET:="9.0"} + : ${IPHONEOS_DEPLOYMENT_TARGET:="12.0"} export IPHONEOS_DEPLOYMENT_TARGET export CFLAGS="-arch ${ARCHS// / -arch } -isysroot ${SYSROOT}" export CXXFLAGS="${CFLAGS} -std=gnu++11 -Wno-null-conversion" @@ -87,8 +87,8 @@ case "$@" in TARGET_PATH=/Library/libdigidocpp.iphoneos CONFIGURE="--host=arm-apple-darwin --enable-static --disable-shared --disable-dependency-tracking" SYSROOT=$(xcrun -sdk iphoneos --show-sdk-path) - : ${ARCHS:="armv7 arm64"} - : ${IPHONEOS_DEPLOYMENT_TARGET:="9.0"} + : ${ARCHS:="arm64"} + : ${IPHONEOS_DEPLOYMENT_TARGET:="12.0"} export IPHONEOS_DEPLOYMENT_TARGET export CFLAGS="-arch ${ARCHS// / -arch } -isysroot ${SYSROOT}" export CXXFLAGS="${CFLAGS} -std=gnu++11 -Wno-null-conversion" @@ -99,7 +99,7 @@ case "$@" in CONFIGURE="--disable-static --enable-shared --disable-dependency-tracking" SYSROOT=$(xcrun -sdk macosx --show-sdk-path) : ${ARCHS:="x86_64 arm64"} - : ${MACOSX_DEPLOYMENT_TARGET:="10.13"} + : ${MACOSX_DEPLOYMENT_TARGET:="10.14"} export MACOSX_DEPLOYMENT_TARGET export CFLAGS="-arch ${ARCHS// / -arch } " export CXXFLAGS="${CFLAGS} -std=gnu++11 -Wno-null-conversion" @@ -433,10 +433,10 @@ case "$@" in echo " tasks: xerces, xalan, openssl, xmlsec, xsd, all, help" echo "To control iOS, macOS builds set environment variables:" echo " minimum deployment target" - echo " - MACOSX_DEPLOYMENT_TARGET=10.11" - echo " - IPHONEOS_DEPLOYMENT_TARGET=9.0" + echo " - MACOSX_DEPLOYMENT_TARGET=10.14" + echo " - IPHONEOS_DEPLOYMENT_TARGET=12.0" echo " archs to build on iOS" - echo " - ARCHS=\"armv7 arm64\" (iOS)" + echo " - ARCHS=\"arm64\" (iOS)" echo " - ARCHS=\"x86_64\" (iPhoneSimulator)" ;; esac diff --git a/src/crypto/TS.cpp b/src/crypto/TS.cpp index 01fd2438e..506ec9e13 100644 --- a/src/crypto/TS.cpp +++ b/src/crypto/TS.cpp @@ -48,6 +48,7 @@ static void TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f) static void TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len) { + OPENSSL_free(ctx->imprint); ctx->imprint = hexstr; ctx->imprint_len = unsigned(len); } @@ -257,11 +258,10 @@ void TS::verify(const Digest &digest) { SCOPE(TS_VERIFY_CTX, ctx, TS_VERIFY_CTX_new()); TS_VERIFY_CTX_set_flags(ctx.get(), TS_VFY_IMPRINT|TS_VFY_VERSION|TS_VFY_SIGNATURE); - TS_VERIFY_CTX_set_imprint(ctx.get(), data.data(), long(data.size())); + TS_VERIFY_CTX_set_imprint(ctx.get(), + (unsigned char*)OPENSSL_memdup(data.data(), data.size()), long(data.size())); TS_VERIFY_CTX_set_store(ctx.get(), store.release()); - int err = TS_RESP_verify_token(ctx.get(), d.get()); - TS_VERIFY_CTX_set_imprint(ctx.get(), nullptr, 0); //Avoid CRYPTO_free - if(err != 1) + if(TS_RESP_verify_token(ctx.get(), d.get()) != 1) { unsigned long err = ERR_get_error(); if(ERR_GET_LIB(err) == ERR_LIB_TS && ERR_GET_REASON(err) == TS_R_CERTIFICATE_VERIFY_ERROR)