Page MenuHome GnuPG
Files F36623081

No OneTemporary
Actions

View Options

This document is not UTF8. It was detected as Shift JIS and converted to UTF8 for display.
diff --git a/AUTHORS b/AUTHORS
index f847d89..6e0a496 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,104 +1,104 @@
Program: Libksba
Download: https://gnupg.org/ftp/gcrypt/libksba/
Repository: git://git.gnupg.org/libksba.git
Maintainer: Werner Koch <wk@gnupg.org>
Bug reports: https://bugs.gnupg.org
Security related bug reports: <security@gnupg.org>
License (library): LGPLv3+/GPLv2+
License (tools, manual): GPLv3+
Libksba is free software. See the files COPYING.* for detailed
copying conditions, and this file for notices about a few
contributions that require these additional notices to be distributed.
License copyright years may be listed using range notation, e.g.,
2000-2013, indicating that every year in the range, inclusive, is a
copyrightable year that would otherwise be listed individually.
List of Authors
===============
g10 Code GmbH
Design and most stuff.
GNUTLS Fabio Fiorina 2001-06-19
[According to CVS log of August 5, 2001 @ 11:38: "renamed cert_* to
x509_*" , further more, the original names must have been changed from
Fabio's orginal ones to cert_* when he commited them to CVS] As of
now the following files contain some of this code:
(asn1-parse.y, asn1-func.[ch])
Copyright
=========
- Copyright (C) 2001-2006, 2010-2015, 2018-2023 g10 Code GmbH
+ Copyright (C) 2001-2006, 2010-2015, 2018-2026 g10 Code GmbH
Copyright (C) 2001-2003, 2007 Free Software Foundation, Inc.
Copyright (C) 2000, 2001 Fabio Fiorina
The library and the header files are distributed under the following
terms (LGPLv3+/GPLv2+):
KSBA is free software; you can redistribute it and/or modify
it under the terms of either
- the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at
your option) any later version.
or
- the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at
your option) any later version.
or both in parallel, as here.
KSBA is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
The other parts (e.g. manual, build system, tests) are distributed
under the following terms (GPLv3):
KSBA is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
KSBA is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
The ASN.1 definition for CMS is based on a specification published
under the following terms (see src/cms.asn):
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/NEWS b/NEWS
index 0179504..632751e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,659 +1,670 @@
-Noteworthy changes in version 1.7.0 (unreleased) [C__/A__/R_]
+Noteworthy changes in version 1.6.8 (2026-02-23) [C22/A14/R8]
------------------------------------------------
+ * Fix double increment in DN parser while counting hexdigits. [T8104]
+
+ * Fix a memory leak in the BER decoder's error handling. [T8105]
+
+ * Fix an assertion failure in the OCSP code. [T8111]
+
+ * Support SHA256 based CertIDs in OCSP. [rK2dd35bef66]
+
+ * Use nonstring attribute for gcc-15. [T7624]
+
+ * Remove remaining WindowsCE support.
Release-info: https://dev.gnupg.org/T7174
Noteworthy changes in version 1.6.7 (2024-06-21) [C22/A14/R7]
------------------------------------------------
* Allow for an empty Subject in certs. [T7171]
Release-info: https://dev.gnupg.org/T7173
Noteworthy changes in version 1.6.6 (2024-02-23) [C22/A14/R6]
------------------------------------------------
* Fix a possible wrong error return from the DER builder. [T6992]
Release-info: https://dev.gnupg.org/T7009
Noteworthy changes in version 1.6.5 (2023-11-16) [C22/A14/R5]
------------------------------------------------
* Add Brainpool curve detection using parameters with compressed base
point. [rKeb23f853f178]
* New configure option --with-libtool-modification. [T6619]
Release-info: https://dev.gnupg.org/T6822
Noteworthy changes in version 1.6.4 (2023-06-19) [C22/A14/R4]
------------------------------------------------
* Correctly detect CMS write errors. [rK9ced7706f2]
Release-info: https://dev.gnupg.org/T6543
Noteworthy changes in version 1.6.3 (2022-12-06) [C22/A14/R3]
------------------------------------------------
* Fix another integer overflow in the CRL parser. [T6284]
Release-info: https://dev.gnupg.org/T6304
Noteworthy changes in version 1.6.2 (2022-10-07) [C22/A14/R2]
------------------------------------------------
* Fix integer overflow in the CRL parser. [rK4b7d9cd4a0]
Release-info: https://dev.gnupg.org/T6230
Noteworthy changes in version 1.6.1 (2022-09-16) [C22/A14/R1]
------------------------------------------------
* Allow an OCSP server not to return the sent nonce. [rK24992a4a7a]
Release-info: https://dev.gnupg.org/T6210
Noteworthy changes in version 1.6.0 (2021-06-10) [C22/A14/R0]
------------------------------------------------
* Limited support for the Authenticated-Enveloped-Data content type.
[81fdcd680c12]
* Support password based decryption. [cb7f2484a09c]
* Fix build problem on macOS. (#5440)
* Silence warnings from static analyzers. (#5395)
* Interface changes relative to the 1.5.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KSBA_CT_AUTHENVELOPED_DATA NEW.
Release-info: https://dev.gnupg.org/T5479
Noteworthy changes in version 1.5.1 (2021-04-06) [C21/A13/R1]
------------------------------------------------
* Support Brainpool curves specified by ECDomainParameters.
Release-info: https://dev.gnupg.org/T5379
Noteworthy changes in version 1.5.0 (2020-11-18) [C21/A13/R0]
------------------------------------------------
* ksba_cms_identify now identifies OpenPGP keyblock content.
* Supports TR-03111 plain format ECDSA signature verification.
* Fixes a CMS signed data parser bug exhibited by a somewhat strange
CMS message. [b6438e768c]
* Interface changes relative to the 1.4.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KSBA_CT_OPENPGP_KEYBLOCK NEW.
Release-info: https://dev.gnupg.org/T5146
Noteworthy changes in version 1.4.0 (2020-05-19) [C20/A12/R0]
------------------------------------------------
* Supports ECDSA and EdDSA certificate creation and parsing. [#4896]
* Supports ECDH enveloped data. [#4920]
* Supports ECDSA and EdDSA signed data. [#4920]
* Supports rsaPSS signature verification. [#4538]
* Supports standard file descriptors in ksba_reader_read. [#3072]
* New configure flag --disable-doc.
* Improves supports for reproducible builds. [#4801]
* Allows for optional elements in keyinfo objects. [#4892]
* Updates the config and M4 scripts to the latest version.
* Fixes error detection in the CMS parser. [#4207]
* Fixes memory leak in ksba_cms_identify.
* Fixes build warnings on macOS. [#2910]
* Uses --disable-new-dtags if LD_LIBRARY_PATH is defined. [#4298]
* New constants KSBA_VERSION and KSBA_VERSION_NUMBER.
* New API to make creation of DER objects easy.
* Interface changes relative to the 1.3.5 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KSBA_VERSION NEW.
KSBA_VERSION_NUMBER NEW.
KSBA_CT_SPC_IND_DATA_CTX NEW.
KSBA_CLASS_* NEW.
KSBA_TYPE_* NEW.
ksba_der_t NEW.
ksba_der_release NEW.
ksba_der_builder_new NEW.
ksba_der_builder_reset NEW.
ksba_der_add_ptr NEW.
ksba_der_add_val NEW.
ksba_der_add_int NEW.
ksba_der_add_oid NEW.
ksba_der_add_bts NEW.
ksba_der_add_der NEW.
ksba_der_add_tag NEW.
ksba_der_add_end NEW.
ksba_der_builder_get NEW.
Release-info: https://dev.gnupg.org/T4943
Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6]
------------------------------------------------
* Limit the allowed size of complex ASN.1 objects (e.g. certificates)
to 16MiB.
* Avoid read access to unitialized memory.
* Improve detection of invalid RDNs.
* Encode the OCSP nonce value as an octet string as described by
RFC-6960.
Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R5]
------------------------------------------------
* Fixed two OOB read access bugs which could be used to force a DoS.
* Fixed a crash due to faulty curve OID lookup code.
* Synced the list of supported curves with those of Libgcrypt.
* New configure option --enable-build-timestamp; a build timestamp is
not anymore used by default.
Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
------------------------------------------------
* Fixed an integer overflow in the DN decoder.
* Now returns an error instead of terminating the process for certain
bad BER encodings.
* Improved the parsing of utf-8 strings in DNs.
* Allow building with newer versions of Bison.
* Improvement building on Windows with newer versions of Mingw.
Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
------------------------------------------------
* Fixed a buffer overflow in ksba_oid_to_str. [CVE-2014-9087]
Noteworthy changes in version 1.3.1 (2014-09-18)
------------------------------------------------
* Fixed memory leak in CRL parsing.
* Build fixes for Windows, Android, and ppc64el.
Noteworthy changes in version 1.3.0 (2012-09-27)
------------------------------------------------
* Changed the license of the library from GPLv3 to LGPLv3/GPLv2; see
the file AUTHORS for details.
* Minor bug fixes.
Noteworthy changes in version 1.2.0 (2011-03-01)
------------------------------------------------
* New functions to allow the creation of X.509 certificates.
* Interface changes relative to the 1.1.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_certreq_set_serial NEW.
ksba_certreq_set_issuer NEW.
ksba_certreq_set_validity NEW.
ksba_certreq_set_siginfo NEW.
Noteworthy changes in version 1.1.0 (2010-10-26)
------------------------------------------------
* New functions to fix a leak in dirmngr.
* Interface changes relative to the 1.0.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_reader_set_release_notify NEW
ksba_writer_set_release_notify NEW
Noteworthy changes in version 1.0.8 (2010-07-15)
------------------------------------------------
* Support for WindowsCE.
* Builds cleanly from SVN even when cross-compiling.
* Fixed a CMS parsing bug exhibited by Lotus Notes.
Noteworthy changes in version 1.0.7 (2009-07-03)
------------------------------------------------
* Detect overflow while parsing OIDs. Map BER encoded OIDs to well
known names.
* Allow mixed case names in DNs.
Noteworthy changes in version 1.0.6 (2009-06-05)
------------------------------------------------
* Support SHA-{384,512} based signature generation.
* The RSA algorithmIdentifier ASN.1 sequence is now emitted with an
explicit NULL parameter. Despite the interop testing we did in the
past, some software still requires this and thus we better follow
the best current practise.
Noteworthy changes in version 1.0.5 (2009-01-09)
------------------------------------------------
* Minor bug fixes.
Noteworthy changes in version 1.0.4 (2008-09-22)
------------------------------------------------
* Write smimeCapabilities according to RFC3851 to help Mozilla.
* Support DSA.
* The visibility attribute is now used if supported by the toolchain.
Noteworthy changes in version 1.0.3 (2008-02-12)
------------------------------------------------
* Minor bug fixes.
* Include the used hash algorithm in sig-val structures.
* Fix for unknown tags in issuerAltName and subjectAltName.
Noteworthy changes in version 1.0.2 (2007-07-04)
------------------------------------------------
* Support for SHA-2.
* Fixed a couple of memory leaks.
* Experimental support for ECDSA.
* Minor portability fixes.
* Switched to GPLv3.
Noteworthy changes in version 1.0.1 (2006-11-29)
------------------------------------------------
* Fixes for certificates lacking certain objects.
* Fixes to allow building on systems with a broken ar.
Noteworthy changes in version 1.0.0 (2006-08-31)
------------------------------------------------
* OCSP nonces are now checked to detect replay attacks.
* OCSP extensions may no be retrieved.
* Implemented ksba_ocsp_get_responder_id which used to always return
an error code not_implemented. Thus we can assume that the
function has never been used and we don't need to see this as an
API break.
* Interface changes relative to the 0.9.16 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_ocsp_get_extension NEW
ksba_ocsp_get_responder_id CHANGED: No ABI break.
Noteworthy changes in version 0.9.16 (2006-08-01)
-------------------------------------------------
* Fixed a character set conversion bug in BMPStrings.
* New function for better error reporting of DNs.
* Interface changes relative to the 0.9.13 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_dn_teststr NEW
ksba_dn_str2der NEW
ksba_dn_der2str NEW
Noteworthy changes in version 0.9.15 (2006-06-20)
-------------------------------------------------
* Fixed BER parser which was broken in the last release.
Noteworthy changes in version 0.9.14 (2006-05-16)
-------------------------------------------------
* Fixed broken OCSP requests.
* Ignore invalid bytes appended to a certificate.
Noteworthy changes in version 0.9.13 (2005-11-24)
-------------------------------------------------
* New functions to associate user data with a certificate object.
* Interface changes relative to the 0.9.12 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_cert_set_user_data NEW
ksba_cert_get_user_data NEW
Noteworthy changes in version 0.9.12 (2005-08-01)
-------------------------------------------------
* GeneralNames types dNSName and Uri are now supported.
* Minor changes to some function declarations. This should not
affect any compilation.
* Interface changes relative to the 0.9.7 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_certreq_add_extension CHANGED: Argument DER is now a void*.
ksba_cms_set_content_enc_algo CHANGED: Argument IV is now void*.
ksba_cms_get_content_enc_iv CHANGED: Argument IV is now void*.
ksba_cms_set_message_digest CHANGED: Argument DIGEST is now
unsigned char*.
Noteworthy changes in version 0.9.11 (2005-04-20)
-------------------------------------------------
* New convenience API function for the subjectKeyIdentifier.
* Implemented the keyIdentifier part for authorityKeyIdentifier of
CRLs and certificates.
* Reason codes for CRL items are now returned.
* Interface changes relative to the 0.9.7 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_cert_get_subj_key_id NEW.
Noteworthy changes in version 0.9.10 (2004-12-03)
-------------------------------------------------
* Fixed a CMS parsing bug.
Noteworthy changes in version 0.9.9 (2004-09-27)
------------------------------------------------
* Fixed a couple of bugs which caused parsing errors with some
certificates.
Noteworthy changes in version 0.9.8 (2004-07-22)
------------------------------------------------
* Fixed a bug in the OCSP request generation.
Noteworthy changes in version 0.9.7 (2004-06-08)
------------------------------------------------
* New API function to add arbitrary extensions to pkcs#10 requests.
* Interface changes relative to the 0.9.6 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_certreq_add_extension NEW.
Noteworthy changes in version 0.9.6 (2004-04-29)
------------------------------------------------
* New API functions to support v2 CRLs.
* Interface changes relative to the 0.9.5 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_crl_get_extension NEW.
ksba_crl_get_auth_key_id NEW.
ksba_crl_get_crl_number NEW.
Noteworthy changes in version 0.9.5 (2004-04-06)
------------------------------------------------
* New APIs to get hands on some more information.
* Interface changes relative to the 0.9.4 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_ocsp_get_responder_id NEW.
ksba_ocsp_get_cert NEW.
ksba_cert_get_authority_info_access NEW.
ksba_cert_get_subject_info_access NEW.
ksba_cms_add_smime_capability NEW.
Noteworthy changes in version 0.9.4 (2004-02-20)
------------------------------------------------
* Support for Extended Key Usage.
* ksba_cms_identify may no return a pseudo content type for pkcs#12
files.
* Interface changes relative to the 0.9.3 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_reader_clear NEW.
ksba_cert_get_ext_key_usages NEW.
KSBA_CT_PKCS12 NEW.
Noteworthy changes in version 0.9.3 (2004-01-30)
------------------------------------------------
* Fixed a serious bug shortly after the last release :-(.
Noteworthy changes in version 0.9.2 (2004-01-29)
------------------------------------------------
* Cleaned up the DN label table.
* Fixed a bug in creating CMS signed data.
Noteworthy changes in version 0.9.1 (2003-12-19)
------------------------------------------------
* Support for OCSP (rfc2560).
* The new function ksba_set_hash_buffer_function may be used during
intialization to register a simple hash fucntion for internal use
by libksba.
* Changed the license of the manual to GPL.
* Interface changes relative to the 0.9.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_status_t NEW.
ksba_ocsp_t NEW.
ksba_ocsp_response_status_t NEW.
ksba_ocsp_new NEW.
void ksba_ocsp_release NEW.
ksba_ocsp_set_digest_algo NEW.
ksba_ocsp_set_requestor NEW.
ksba_ocsp_add_target NEW.
ksba_ocsp_set_nonce NEW.
ksba_ocsp_prepare_request NEW.
ksba_ocsp_hash_request NEW.
ksba_ocsp_set_sig_val NEW.
ksba_ocsp_add_cert NEW.
ksba_ocsp_build_request NEW.
ksba_ocsp_parse_response NEW.
ksba_ocsp_get_digest_algo NEW.
ksba_ocsp_hash_respons NEW.
ksba_ocsp_get_sig_val NEW.
ksba_ocsp_get_status NEW.
ksba_set_hash_buffer_function NEW.
Noteworthy changes in version 0.9.0 (2003-11-17)
------------------------------------------------
* The time is not any longer described by time_t but through the new
type ksba_isotime_t which is string of excactly 15 characters in
ISO 8601 format (e.g. "19611107T152010") and always stored as
UTC. This is to allow representation of dates beyond the year 2038.
Comparing is a mere strcmp.
* All type names are nom conforming to the GNU coding standards, the
old names are still available as aliases but flagged as deprecated.
* All error codes have been replaced by libgpg-error ones. Libksba
now depends on this package. Remember to use the gpg_err_code
function when testing for error values other than success.
* Interface changes relative to the 0.4.7 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_cert_get_validity CHANGED: Uses ksba_isotime_t instead of time_t.
ksba_crl_get_update_times CHANGED: Uses ksba_isotime_t instead of time_t.
ksba_crl_get_item CHANGED: Uses ksba_isotime_t instead of time_t.
ksba_cms_get_signing_time CHANGED: Uses ksba_isotime_t instead of time_t.
ksba_cms_set_signing_time CHANGED: Uses ksba_isotime_t instead of time_t.
ksba_cert_new CHANGED: Returns an error code now.
ksba_cms_new CHANGED: Returns an error code now.
ksba_name_new CHANGED: Returns an error code now.
ksba_writer_new CHANGED: Returns an error code now.
ksba_reader_new CHANGED: Returns an error code now.
ksba_certreq_new CHANGED: Returns an error code now.
ksba_crl_new CHANGED: Returns an error code now.
ksba_isotime_t NEW.
ksba_error_t NEW: Should be used instead of KsbaError.
ksba_cert_t NEW: Should be used instead of KsbaCert.
ksba_certreq_t NEW: Should be used instead of KsbaCertreq.
ksba_cms_t NEW: Should be used instead of KsbaCMS.
ksba_crl_t NEW: Should be used instead of KsbaCRL.
ksba_name_t NEW: Should be used instead of KsbaName.
ksba_sexp_t NEW: Should be used instead of KsbaSexp.
ksba_reader_t NEW: Should be used instead of KsbaReader.
ksba_writer_t NEW: Should be used instead of KsbaWriter.
ksba_strerror REMOVED: use gpg_strerror instead.
Noteworthy changes in version 0.4.7 (2003-03-17)
------------------------------------------------
* Fixed type detection in creating DNs.
Noteworthy changes in version 0.4.6 (2002-12-04)
------------------------------------------------
* DNs in pkcs#10 request are now created in reversed order as
specified by rfc2253.
* The content-type signed attribute is created.
* Fixed a parser bug with a id-aa-encrypKeyPref attribute.
* Interface changes relative to the 0.4.3 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_cms_get_sigattr_oids NEW
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Noteworthy changes in version 0.4.5 (2002-08-23)
------------------------------------------------
* Removed some debugging output.
* Added an autoconf macro.
Noteworthy changes in version 0.4.4 (2002-08-09)
------------------------------------------------
* Multiple signatures can now be created and parsed.
Noteworthy changes in version 0.4.3 (2002-06-25)
------------------------------------------------
* More bug fixes.
* Interface changes relative to the 0.4.2 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_writer_write_octet_string NEW
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Noteworthy changes in version 0.4.2 (2002-06-04)
------------------------------------------------
* Some bug fixes and a new function.
* Interface changes relative to the 0.4.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ksba_cms_identify NEW
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Noteworthy changes in version 0.4.1 (2002-05-03)
------------------------------------------------
* Minor fixes.
Noteworthy changes in version 0.4.0 (2002-04-15)
------------------------------------------------
* Nearly all stuff needed for the Aegypten project is now in place.
Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008,
2009 g10 Code GmbH
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/README b/README
index ff982ac..7396079 100644
--- a/README
+++ b/README
@@ -1,37 +1,37 @@
LIBKSBA
---------
- Copyright (C) 2001-2006, 2010-2015, 2018-2023 g10 Code GmbH
+ Copyright (C) 2001-2006, 2010-2015, 2018-2026 g10 Code GmbH
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
Libksba itself is distributed under the terms of the GNU General
Public License, see the file AUTHORS for details.
KSBA Overview
-------------
KSBA (pronounced Kasbah) is a library to make X.509 certificates as
well as the CMS easily accessible by other applications. Both
specifications are building blocks of S/MIME and TLS.
KSBA is made available as a standard shared library and reserves
identifiers starting with "ksba" and "_ksba" (also uppercase and mixed
case). It does not rely on another cryptographic library.
Documentation
-------------
A standard info format reference manual is included. However the OCSP
feature has not yet been documented. See the comments in src/ocsp.c
and the example tests/t-ocsp.c. The GnuPG's dirmngr module makes
extensive use of the OCSP feature and may be used as another example.
diff --git a/configure.ac b/configure.ac
index 0a021d6..b740879 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,517 +1,517 @@
# configure.ac - for libksba
# Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
# 2010, 2011, 2012, 2018, 2019 g10 Code GmbH
#
# This file is part of KSBA
#
# KSBA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# KSBA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# Process this file with autoconf to produce a configure script.
AC_PREREQ([2.69])
min_automake_version="1.14"
# To build a release you need to create a tag with the version number
# (git tag -s libksba-n.m.k) and run "./autogen.sh --force". Please
# bump the version number immediately after the release and do another
# commit and push so that the git magic is able to work. See below
# for the LT versions.
m4_define([mym4_package],[libksba])
m4_define([mym4_major], [1])
-m4_define([mym4_minor], [7])
-m4_define([mym4_micro], [0])
+m4_define([mym4_minor], [6])
+m4_define([mym4_micro], [8])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
# flag indicating a development version (mym4_isbeta). Note that the
# m4 processing is done by autoconf and not during the configure run.
m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
mym4_package mym4_major mym4_minor mym4_micro),[:]))
m4_define([mym4_isbeta], m4_argn(2, mym4_verslist))
m4_define([mym4_version], m4_argn(4, mym4_verslist))
m4_define([mym4_revision], m4_argn(7, mym4_verslist))
m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
m4_esyscmd([echo ]mym4_version[>VERSION])
AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
# LT Version numbers: Remember to change them just *before* a release.
# (Interfaces removed: CURRENT++, AGE=0, REVISION=0)
# (Interfaces added: CURRENT++, AGE++, REVISION=0)
# (No interfaces changed: REVISION++)
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=22
LIBKSBA_LT_AGE=14
-LIBKSBA_LT_REVISION=7
+LIBKSBA_LT_REVISION=8
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
NEED_GPG_ERROR_VERSION=1.8
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_SRCDIR([src/ksba.h.in])
AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_CANONICAL_HOST
AB_INIT
AC_USE_SYSTEM_EXTENSIONS
AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
# Taken from mpfr-4.0.1, then modified for LDADD_FOR_TESTS_KLUDGE
dnl Under Linux, make sure that the old dtags are used if LD_LIBRARY_PATH
dnl is defined. The issue is that with the new dtags, LD_LIBRARY_PATH has
dnl the precedence over the run path, so that if a compatible MPFR library
dnl is installed in some directory from $LD_LIBRARY_PATH, then the tested
dnl MPFR library will be this library instead of the MPFR library from the
dnl build tree. Other OS with the same issue might be added later.
dnl
dnl References:
dnl https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859732
dnl http://lists.gnu.org/archive/html/libtool/2017-05/msg00000.html
dnl
dnl We need to check whether --disable-new-dtags is supported as alternate
dnl linkers may be used (e.g., with tcc: CC=tcc LD=tcc).
dnl
case $host in
*-*-linux*)
if test -n "$LD_LIBRARY_PATH"; then
saved_LDFLAGS="$LDFLAGS"
LDADD_FOR_TESTS_KLUDGE="-Wl,--disable-new-dtags"
LDFLAGS="$LDFLAGS $LDADD_FOR_TESTS_KLUDGE"
AC_MSG_CHECKING(whether --disable-new-dtags is supported by the linker)
AC_LINK_IFELSE([AC_LANG_SOURCE([[
int main (void) { return 0; }
]])],
[AC_MSG_RESULT(yes (use it since LD_LIBRARY_PATH is set))],
[AC_MSG_RESULT(no)
LDADD_FOR_TESTS_KLUDGE=""
])
LDFLAGS="$saved_LDFLAGS"
fi
;;
esac
AC_SUBST([LDADD_FOR_TESTS_KLUDGE])
LT_PREREQ([2.2.6])
LT_INIT([win32-dll disable-static])
LT_LANG([Windows Resource])
AM_MAINTAINER_MODE
# We need to compile and run a program on the build machine.
AX_CC_FOR_BUILD
AC_SUBST(LIBKSBA_LT_CURRENT)
AC_SUBST(LIBKSBA_LT_AGE)
AC_SUBST(LIBKSBA_LT_REVISION)
VERSION_NUMBER=m4_esyscmd(printf "0x%02x%02x%02x" mym4_major \
mym4_minor mym4_micro)
AC_SUBST(VERSION_NUMBER)
AH_TOP([
#ifndef _KSBA_CONFIG_H_INCLUDED
#define _KSBA_CONFIG_H_INCLUDED
])
AH_BOTTOM([
#endif /*_KSBA_CONFIG_H_INCLUDED*/
])
# Checks for programs.
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
AM_SILENT_RULES
AC_PROG_AWK
AC_PROG_CC
AC_PROG_CPP
AM_PROG_CC_C_O
if test "x$ac_cv_prog_cc_c89" = "xno" ; then
AC_MSG_ERROR([[No C-89 compiler found]])
fi
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
gl_EARLY
#AC_ARG_PROGRAM
AC_PROG_YACC
AX_PROG_BISON([have_bison=yes],[have_bison=no])
AC_C_INLINE
# We need to compile and run a program on the build machine.
# The AC_PROG_CC_FOR_BUILD macro in the AC archive is broken for
# autoconf 2.57.
AC_MSG_CHECKING(for cc for build)
if test "$cross_compiling" = "yes"; then
CC_FOR_BUILD="${CC_FOR_BUILD-cc}"
else
CC_FOR_BUILD="${CC_FOR_BUILD-$CC}"
fi
AC_MSG_RESULT($CC_FOR_BUILD)
AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
# This is handy for debugging so the compiler doesn't rearrange
# things and eliminate variables.
AC_ARG_ENABLE(optimization,
AS_HELP_STRING([--disable-optimization],
[disable compiler optimization]),
[if test $enableval = no ; then
CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
fi])
if test "$GCC" = yes; then
CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
if test "$USE_MAINTAINER_MODE" = "yes"; then
CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
# We use -W only if -Wno-missing-field-initializers is supported.
# -W is important because it detects errors like "if (foo);"
AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wno-missing-field-initializers"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_wopt" = xyes ; then
CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers"
fi
AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wdeclaration-after-statement"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_wopt" = xyes ; then
CFLAGS="$CFLAGS -Wdeclaration-after-statement"
fi
fi
AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wpointer-arith"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_wopt" = xyes ; then
CFLAGS="$CFLAGS -Wpointer-arith"
fi
AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wno-pointer-sign"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
AC_MSG_RESULT($_gcc_psign)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_psign" = xyes ; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
fi
# Setup some stuff depending on host.
have_w32_system=no
have_w32ce_system=no
case "${host}" in
*-*-mingw32ce*)
have_w32_system=yes
have_w32ce_system=yes
;;
*-*-mingw32*)
have_w32_system=yes
;;
*-apple-darwin*)
AC_DEFINE(_DARWIN_C_SOURCE, 1,
Expose all libc features (__DARWIN_C_FULL).)
;;
*)
;;
esac
if test "$have_w32_system" = yes; then
AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
fi
AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
# For some systems we know that we have ld_version scripts.
# Use it then as default.
have_ld_version_script=no
case "${host}" in
*-*-linux*)
have_ld_version_script=yes
;;
*-*-gnu*)
have_ld_version_script=yes
;;
esac
AC_ARG_ENABLE([ld-version-script],
AS_HELP_STRING([--enable-ld-version-script],
[enable/disable use of linker version script.
(default is system dependent)]),
[have_ld_version_script=$enableval],
[ : ] )
AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")
#
# Specify how we support our local modification of libtool for Windows
# 64-bit. Options are:
#
# (1) apply: when appying patch fails, it results failure of entire build
# (2) never: never apply the patch (no try)
# (3) try: use patched if it goes well, use original if fails
#
AC_ARG_WITH([libtool-modification],
AS_HELP_STRING([--with-libtool-modification=apply|never|try],
[how to handle libtool modification (default=never)]),
build_libtool_modification=$withval,
build_libtool_modification=never)
#
# Apply a patch (locally maintained one of ours) to libtool
#
case $host in
x86_64-*mingw32*)
AC_CONFIG_COMMANDS([libtool-patch],[[
if test "$build_selection" = never; then
echo "patch not applied"
elif (mv -f libtool libtool.orig; \
sed -f $srcdir/build-aux/libtool-patch.sed libtool.orig >libtool); then
echo "applied successfully"
elif test "$build_selection" = try; then
mv -f libtool.orig libtool
echo "patch failed, thus, using original"
else
echo "patch failed"
as_fn_exit 1
fi
]],[build_selection=$build_libtool_modification])
;;
*)
;;
esac
#
# Check for ELF visibility support.
#
AC_CACHE_CHECK(whether the visibility attribute is supported,
ksba_cv_visibility_attribute,
[ksba_cv_visibility_attribute=no
AC_LANG_CONFTEST([AC_LANG_SOURCE(
[[int foo __attribute__ ((visibility ("hidden"))) = 1;
int bar __attribute__ ((visibility ("protected"))) = 1;
]])])
if ${CC-cc} -Werror -S conftest.c -o conftest.s \
1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ; then
if grep '\.hidden.*foo' conftest.s >/dev/null 2>&1 ; then
if grep '\.protected.*bar' conftest.s >/dev/null 2>&1; then
ksba_cv_visibility_attribute=yes
fi
fi
fi
])
if test "$ksba_cv_visibility_attribute" = "yes"; then
AC_CACHE_CHECK(for broken visibility attribute,
ksba_cv_broken_visibility_attribute,
[ksba_cv_broken_visibility_attribute=yes
AC_LANG_CONFTEST([AC_LANG_SOURCE(
[[int foo (int x);
int bar (int x) __asm__ ("foo")
__attribute__ ((visibility ("hidden")));
int bar (int x) { return x; }
]])])
if ${CC-cc} -Werror -S conftest.c -o conftest.s \
1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ; then
if grep '\.hidden@<:@ _@:>@foo' conftest.s >/dev/null 2>&1;
then
ksba_cv_broken_visibility_attribute=no
fi
fi
])
fi
if test "$ksba_cv_visibility_attribute" = "yes"; then
AC_CACHE_CHECK(for broken alias attribute,
ksba_cv_broken_alias_attribute,
[ksba_cv_broken_alias_attribute=yes
AC_LANG_CONFTEST([AC_LANG_SOURCE(
[[extern int foo (int x) __asm ("xyzzy");
int bar (int x) { return x; }
extern __typeof (bar) foo __attribute ((weak, alias ("bar")));
extern int dfoo;
extern __typeof (dfoo) dfoo __asm ("abccb");
int dfoo = 1;
]])])
if ${CC-cc} -Werror -S conftest.c -o conftest.s \
1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ; then
if grep 'xyzzy' conftest.s >/dev/null 2>&1 && \
grep 'abccb' conftest.s >/dev/null 2>&1; then
ksba_cv_broken_alias_attribute=no
fi
fi
])
fi
if test "$ksba_cv_visibility_attribute" = "yes"; then
AC_CACHE_CHECK(if gcc supports -fvisibility=hidden,
ksba_cv_gcc_has_f_visibility,
[ksba_cv_gcc_has_f_visibility=no
_gcc_cflags_save=$CFLAGS
CFLAGS="-fvisibility=hidden"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
ksba_cv_gcc_has_f_visibility=yes)
CFLAGS=$_gcc_cflags_save;
])
fi
if test "$ksba_cv_visibility_attribute" = "yes" \
&& test "$ksba_cv_broken_visibility_attribute" != "yes" \
&& test "$ksba_cv_broken_alias_attribute" != "yes" \
&& test "$ksba_cv_gcc_has_f_visibility" = "yes"
then
AC_DEFINE(KSBA_USE_VISIBILITY, 1,
[Define to use the GNU C visibility attribute.])
CFLAGS="$CFLAGS -fvisibility=hidden"
fi
#
# Checks for libraries.
#
AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION")
if test "x$GPG_ERROR_LIBS" = "x"; then
AC_MSG_ERROR([libgpg-error is needed.
See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .])
fi
AC_DEFINE(GPG_ERR_SOURCE_DEFAULT, GPG_ERR_SOURCE_KSBA,
[The default error source for libksba.])
AM_CONDITIONAL(USE_GPGRT_CONFIG, [test -n "$GPGRT_CONFIG" \
&& test "$ac_cv_path_GPG_ERROR_CONFIG" = no])
# Checks for header files.
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_BIGENDIAN
AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_TYPES([u32])
# Checks for library functions.
AC_CHECK_FUNCS([stpcpy gmtime_r getenv])
# GNUlib checks
gl_SOURCE_BASE(gl)
gl_M4_BASE(gl/m4)
gl_MODULES(alloca valgrind-tests)
gl_INIT
# To be used in ksba-config
KSBA_CONFIG_LIBS="-lksba"
KSBA_CONFIG_CFLAGS=""
KSBA_CONFIG_HOST="$host"
AC_SUBST(KSBA_CONFIG_LIBS)
AC_SUBST(KSBA_CONFIG_CFLAGS)
AC_SUBST(KSBA_CONFIG_API_VERSION)
AC_SUBST(KSBA_CONFIG_HOST)
# The Makefiles need to know about cross compiling
AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling != xno)
# Generate extended version information for W32.
if test "$have_w32_system" = yes; then
changequote(,)dnl
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
changequote([,])dnl
BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec"
fi
AC_SUBST(BUILD_REVISION)
AC_SUBST(BUILD_FILEVERSION)
BUILD_REVISION="mym4_revision"
AC_SUBST(BUILD_REVISION)
AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION",
[GIT commit id revision used to build this package])
AC_ARG_ENABLE([build-timestamp],
AS_HELP_STRING([--enable-build-timestamp],
[set an explicit build timestamp for reproducibility.
(default is the current time in ISO-8601 format)]),
[if test "$enableval" = "yes"; then
BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
else
BUILD_TIMESTAMP="$enableval"
fi],
[BUILD_TIMESTAMP="<none>"])
AC_SUBST(BUILD_TIMESTAMP)
AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP",
[The time this package was configured for a build])
build_doc=yes
AC_ARG_ENABLE([doc], AS_HELP_STRING([--disable-doc],
[do not build the documentation]),
build_doc=$enableval, build_doc=yes)
AM_CONDITIONAL([BUILD_DOC], [test "x$build_doc" != xno])
AC_CONFIG_FILES([
Makefile
m4/Makefile
gl/Makefile
src/Makefile
src/ksba.h
src/ksba-config
src/ksba.pc
src/versioninfo.rc
tests/Makefile
doc/Makefile
])
AC_OUTPUT
if test x"$have_bison" = xno; then
AC_MSG_NOTICE([[
***
*** Note: The installed yacc version is not GNU Bison. You need
*** to install Bison if you want to change any grammar (.y) file.
***]])
fi
echo "
Libksba v${VERSION} has been configured as follows:
Revision: mym4_revision (mym4_revision_dec)
Platform: $host
"
diff --git a/src/ksba.h.in b/src/ksba.h.in
index 60f6140..0f36e3b 100644
--- a/src/ksba.h.in
+++ b/src/ksba.h.in
@@ -1,647 +1,647 @@
/* ksba.h - X.509 library used by GnuPG
- * Copyright (C) 2001-2006, 2010-2015, 2018-2023 g10 Code GmbH
+ * Copyright (C) 2001-2006, 2010-2015, 2018-2026 g10 Code GmbH
*
* This file is part of KSBA.
*
* KSBA is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* KSBA is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
* License for more details.
*
* You should have received a copies of the GNU General Public License
* and the GNU Lesser General Public License along with this program;
* if not, see <http://www.gnu.org/licenses/>.
* SPDX-License-Identifier: LGPL-3.0-or-later OR GPL-2.0-or-later
*/
#ifndef KSBA_H
#define KSBA_H 1
#include <gpg-error.h>
#include <stdio.h>
#ifdef __cplusplus
extern "C" {
#if 0
}
#endif
#endif
/* The version of this header should match the one of the library. Do
* not use this symbol in your application; use assuan_check_version
* instead. */
#define KSBA_VERSION "@VERSION@"
/* The version number of this header. It may be used to handle minor
* API incompatibilities. */
#define KSBA_VERSION_NUMBER @VERSION_NUMBER@
/* Check for compiler features. */
#ifdef __GNUC__
#define _KSBA_GCC_VERSION (__GNUC__ * 10000 \
+ __GNUC_MINOR__ * 100 \
+ __GNUC_PATCHLEVEL__)
#if _KSBA_GCC_VERSION > 30100
#define _KSBA_DEPRECATED __attribute__ ((__deprecated__))
#endif
#if _KSBA_GCC_VERSION >= 80000
#define _KSBA_NONSTRING __attribute__((__nonstring__))
#endif
#endif /*__GNUC__*/
#ifndef _KSBA_DEPRECATED
#define _KSBA_DEPRECATED
#endif
#ifndef _KSBA_NONSTRING
# define _KSBA_NONSTRING
#endif
#define KSBA_CLASS_UNIVERSAL 0
#define KSBA_CLASS_APPLICATION 1
#define KSBA_CLASS_CONTEXT 2
#define KSBA_CLASS_PRIVATE 3
#define KSBA_CLASS_ENCAPSULATE 0x80 /* Pseudo class. */
#define KSBA_TYPE_BOOLEAN 1
#define KSBA_TYPE_INTEGER 2
#define KSBA_TYPE_BIT_STRING 3
#define KSBA_TYPE_OCTET_STRING 4
#define KSBA_TYPE_NULL 5
#define KSBA_TYPE_OBJECT_ID 6
#define KSBA_TYPE_OBJECT_DESCRIPTOR 7
#define KSBA_TYPE_EXTERNAL 8
#define KSBA_TYPE_REAL 9
#define KSBA_TYPE_ENUMERATED 10
#define KSBA_TYPE_EMBEDDED_PDV 11
#define KSBA_TYPE_UTF8_STRING 12
#define KSBA_TYPE_RELATIVE_OID 13
#define KSBA_TYPE_TIME 14
#define KSBA_TYPE_SEQUENCE 16
#define KSBA_TYPE_SET 17
#define KSBA_TYPE_NUMERIC_STRING 18
#define KSBA_TYPE_PRINTABLE_STRING 19
#define KSBA_TYPE_TELETEX_STRING 20
#define KSBA_TYPE_VIDEOTEX_STRING 21
#define KSBA_TYPE_IA5_STRING 22
#define KSBA_TYPE_UTC_TIME 23
#define KSBA_TYPE_GENERALIZED_TIME 24
#define KSBA_TYPE_GRAPHIC_STRING 25
#define KSBA_TYPE_VISIBLE_STRING 26
#define KSBA_TYPE_GENERAL_STRING 27
#define KSBA_TYPE_UNIVERSAL_STRING 28
#define KSBA_TYPE_CHARACTER_STRING 29
#define KSBA_TYPE_BMP_STRING 30
#define KSBA_TYPE_DATE 31
#define KSBA_TYPE_TIME_OF_DAY 32
#define KSBA_TYPE_DATE_TIME 33
#define KSBA_TYPE_DURATION 34
#define KSBA_TYPE_OID_IRI 35
#define KSBA_TYPE_RELATIVE_OID_IRI 36
typedef gpg_error_t KsbaError _KSBA_DEPRECATED;
typedef enum
{
KSBA_CT_NONE = 0,
KSBA_CT_DATA = 1,
KSBA_CT_SIGNED_DATA = 2,
KSBA_CT_ENVELOPED_DATA = 3,
KSBA_CT_DIGESTED_DATA = 4,
KSBA_CT_ENCRYPTED_DATA = 5,
KSBA_CT_AUTH_DATA = 6,
KSBA_CT_PKCS12 = 7,
KSBA_CT_SPC_IND_DATA_CTX = 8,
KSBA_CT_OPENPGP_KEYBLOCK = 9,
KSBA_CT_AUTHENVELOPED_DATA = 10
}
ksba_content_type_t;
typedef ksba_content_type_t KsbaContentType _KSBA_DEPRECATED;
typedef enum
{
KSBA_SR_NONE = 0, /* Never seen by libksba user. */
KSBA_SR_RUNNING = 1, /* Never seen by libksba user. */
KSBA_SR_GOT_CONTENT = 2,
KSBA_SR_NEED_HASH = 3,
KSBA_SR_BEGIN_DATA = 4,
KSBA_SR_END_DATA = 5,
KSBA_SR_READY = 6,
KSBA_SR_NEED_SIG = 7,
KSBA_SR_DETACHED_DATA = 8,
KSBA_SR_BEGIN_ITEMS = 9,
KSBA_SR_GOT_ITEM = 10,
KSBA_SR_END_ITEMS = 11
}
ksba_stop_reason_t;
typedef ksba_stop_reason_t KsbaStopReason _KSBA_DEPRECATED;
typedef enum
{
KSBA_CRLREASON_UNSPECIFIED = 1,
KSBA_CRLREASON_KEY_COMPROMISE = 2,
KSBA_CRLREASON_CA_COMPROMISE = 4,
KSBA_CRLREASON_AFFILIATION_CHANGED = 8,
KSBA_CRLREASON_SUPERSEDED = 16,
KSBA_CRLREASON_CESSATION_OF_OPERATION = 32,
KSBA_CRLREASON_CERTIFICATE_HOLD = 64,
KSBA_CRLREASON_REMOVE_FROM_CRL = 256,
KSBA_CRLREASON_PRIVILEGE_WITHDRAWN = 512,
KSBA_CRLREASON_AA_COMPROMISE = 1024,
KSBA_CRLREASON_OTHER = 32768
}
ksba_crl_reason_t;
typedef ksba_crl_reason_t KsbaCRLReason _KSBA_DEPRECATED;
typedef enum
{
KSBA_OCSP_RSPSTATUS_SUCCESS = 0,
KSBA_OCSP_RSPSTATUS_MALFORMED = 1,
KSBA_OCSP_RSPSTATUS_INTERNAL = 2,
KSBA_OCSP_RSPSTATUS_TRYLATER = 3,
KSBA_OCSP_RSPSTATUS_SIGREQUIRED = 5,
KSBA_OCSP_RSPSTATUS_UNAUTHORIZED = 6,
KSBA_OCSP_RSPSTATUS_REPLAYED = 253,
KSBA_OCSP_RSPSTATUS_OTHER = 254,
KSBA_OCSP_RSPSTATUS_NONE = 255
}
ksba_ocsp_response_status_t;
typedef enum
{
KSBA_STATUS_NONE = 0,
KSBA_STATUS_UNKNOWN = 1,
KSBA_STATUS_GOOD = 2,
KSBA_STATUS_REVOKED = 4
}
ksba_status_t;
typedef enum
{
KSBA_KEYUSAGE_DIGITAL_SIGNATURE = 1,
KSBA_KEYUSAGE_NON_REPUDIATION = 2,
KSBA_KEYUSAGE_KEY_ENCIPHERMENT = 4,
KSBA_KEYUSAGE_DATA_ENCIPHERMENT = 8,
KSBA_KEYUSAGE_KEY_AGREEMENT = 16,
KSBA_KEYUSAGE_KEY_CERT_SIGN = 32,
KSBA_KEYUSAGE_CRL_SIGN = 64,
KSBA_KEYUSAGE_ENCIPHER_ONLY = 128,
KSBA_KEYUSAGE_DECIPHER_ONLY = 256
}
ksba_key_usage_t;
typedef ksba_key_usage_t KsbaKeyUsage _KSBA_DEPRECATED;
/* ISO format, e.g. "19610711T172059", assumed to be UTC. */
typedef char ksba_isotime_t[16];
/* X.509 certificates are represented by this object.
ksba_cert_new() creates such an object */
struct ksba_cert_s;
typedef struct ksba_cert_s *ksba_cert_t;
typedef struct ksba_cert_s *KsbaCert _KSBA_DEPRECATED;
/* CMS objects are controlled by this object.
ksba_cms_new() creates it */
struct ksba_cms_s;
typedef struct ksba_cms_s *ksba_cms_t;
typedef struct ksba_cms_s *KsbaCMS _KSBA_DEPRECATED;
/* CRL objects are controlled by this object.
ksba_crl_new() creates it */
struct ksba_crl_s;
typedef struct ksba_crl_s *ksba_crl_t;
typedef struct ksba_crl_s *KsbaCRL _KSBA_DEPRECATED;
/* OCSP objects are controlled by this object.
ksba_ocsp_new() creates it. */
struct ksba_ocsp_s;
typedef struct ksba_ocsp_s *ksba_ocsp_t;
/* PKCS-10 creation is controlled by this object.
ksba_certreq_new() creates it */
struct ksba_certreq_s;
typedef struct ksba_certreq_s *ksba_certreq_t;
typedef struct ksba_certreq_s *KsbaCertreq _KSBA_DEPRECATED;
/* This is a reader object for various purposes
see ksba_reader_new et al. */
struct ksba_reader_s;
typedef struct ksba_reader_s *ksba_reader_t;
typedef struct ksba_reader_s *KsbaReader _KSBA_DEPRECATED;
/* This is a writer object for various purposes
see ksba_writer_new et al. */
struct ksba_writer_s;
typedef struct ksba_writer_s *ksba_writer_t;
typedef struct ksba_writer_s *KsbaWriter _KSBA_DEPRECATED;
/* This is an object to store an ASN.1 parse tree as
create by ksba_asn_parse_file() */
struct ksba_asn_tree_s;
typedef struct ksba_asn_tree_s *ksba_asn_tree_t;
typedef struct ksba_asn_tree_s *KsbaAsnTree _KSBA_DEPRECATED;
/* This is an object to reference a General Name. Such an object is
returned by several functions. */
struct ksba_name_s;
typedef struct ksba_name_s *ksba_name_t;
typedef struct ksba_name_s *KsbaName _KSBA_DEPRECATED;
/* KsbaSexp is just an unsigned char * which should be used for
documentation purpose. The S-expressions returned by libksba are
always in canonical representation with an extra 0 byte at the end,
so that one can print the values in the debugger and at least see
the first bytes */
typedef unsigned char *ksba_sexp_t;
typedef unsigned char *KsbaSexp _KSBA_DEPRECATED;
typedef const unsigned char *ksba_const_sexp_t;
typedef const unsigned char *KsbaConstSexp _KSBA_DEPRECATED;
/* This is a generic object used by various functions. */
struct ksba_der_s;
typedef struct ksba_der_s *ksba_der_t;
/*-- cert.c --*/
gpg_error_t ksba_cert_new (ksba_cert_t *acert);
void ksba_cert_ref (ksba_cert_t cert);
void ksba_cert_release (ksba_cert_t cert);
gpg_error_t ksba_cert_set_user_data (ksba_cert_t cert, const char *key,
const void *data, size_t datalen);
gpg_error_t ksba_cert_get_user_data (ksba_cert_t cert, const char *key,
void *buffer, size_t bufferlen,
size_t *datalen);
gpg_error_t ksba_cert_read_der (ksba_cert_t cert, ksba_reader_t reader);
gpg_error_t ksba_cert_init_from_mem (ksba_cert_t cert,
const void *buffer, size_t length);
const unsigned char *ksba_cert_get_image (ksba_cert_t cert, size_t *r_length);
gpg_error_t ksba_cert_hash (ksba_cert_t cert,
int what,
void (*hasher)(void *,
const void *,
size_t length),
void *hasher_arg);
const char *ksba_cert_get_digest_algo (ksba_cert_t cert);
ksba_sexp_t ksba_cert_get_serial (ksba_cert_t cert);
char *ksba_cert_get_issuer (ksba_cert_t cert, int idx);
gpg_error_t ksba_cert_get_validity (ksba_cert_t cert, int what,
ksba_isotime_t r_time);
char *ksba_cert_get_subject (ksba_cert_t cert, int idx);
ksba_sexp_t ksba_cert_get_public_key (ksba_cert_t cert);
ksba_sexp_t ksba_cert_get_sig_val (ksba_cert_t cert);
gpg_error_t ksba_cert_get_extension (ksba_cert_t cert, int idx,
char const **r_oid, int *r_crit,
size_t *r_deroff, size_t *r_derlen);
gpg_error_t ksba_cert_is_ca (ksba_cert_t cert, int *r_ca, int *r_pathlen);
gpg_error_t ksba_cert_get_key_usage (ksba_cert_t cert, unsigned int *r_flags);
gpg_error_t ksba_cert_get_cert_policies (ksba_cert_t cert, char **r_policies);
gpg_error_t ksba_cert_get_ext_key_usages (ksba_cert_t cert, char **result);
gpg_error_t ksba_cert_get_crl_dist_point (ksba_cert_t cert, int idx,
ksba_name_t *r_distpoint,
ksba_name_t *r_issuer,
ksba_crl_reason_t *r_reason);
gpg_error_t ksba_cert_get_auth_key_id (ksba_cert_t cert,
ksba_sexp_t *r_keyid,
ksba_name_t *r_name,
ksba_sexp_t *r_serial);
gpg_error_t ksba_cert_get_subj_key_id (ksba_cert_t cert,
int *r_crit,
ksba_sexp_t *r_keyid);
gpg_error_t ksba_cert_get_authority_info_access (ksba_cert_t cert, int idx,
char **r_method,
ksba_name_t *r_location);
gpg_error_t ksba_cert_get_subject_info_access (ksba_cert_t cert, int idx,
char **r_method,
ksba_name_t *r_location);
/*-- cms.c --*/
ksba_content_type_t ksba_cms_identify (ksba_reader_t reader);
gpg_error_t ksba_cms_new (ksba_cms_t *r_cms);
void ksba_cms_release (ksba_cms_t cms);
gpg_error_t ksba_cms_set_reader_writer (ksba_cms_t cms,
ksba_reader_t r, ksba_writer_t w);
gpg_error_t ksba_cms_parse (ksba_cms_t cms, ksba_stop_reason_t *r_stopreason);
gpg_error_t ksba_cms_build (ksba_cms_t cms, ksba_stop_reason_t *r_stopreason);
ksba_content_type_t ksba_cms_get_content_type (ksba_cms_t cms, int what);
const char *ksba_cms_get_content_oid (ksba_cms_t cms, int what);
gpg_error_t ksba_cms_get_content_enc_iv (ksba_cms_t cms, void *iv,
size_t maxivlen, size_t *ivlen);
const char *ksba_cms_get_digest_algo_list (ksba_cms_t cms, int idx);
gpg_error_t ksba_cms_get_issuer_serial (ksba_cms_t cms, int idx,
char **r_issuer,
ksba_sexp_t *r_serial);
const char *ksba_cms_get_digest_algo (ksba_cms_t cms, int idx);
ksba_cert_t ksba_cms_get_cert (ksba_cms_t cms, int idx);
gpg_error_t ksba_cms_get_message_digest (ksba_cms_t cms, int idx,
char **r_digest, size_t *r_digest_len);
gpg_error_t ksba_cms_get_signing_time (ksba_cms_t cms, int idx,
ksba_isotime_t r_sigtime);
gpg_error_t ksba_cms_get_sigattr_oids (ksba_cms_t cms, int idx,
const char *reqoid, char **r_value);
ksba_sexp_t ksba_cms_get_sig_val (ksba_cms_t cms, int idx);
ksba_sexp_t ksba_cms_get_enc_val (ksba_cms_t cms, int idx);
void ksba_cms_set_hash_function (ksba_cms_t cms,
void (*hash_fnc)(void *, const void *, size_t),
void *hash_fnc_arg);
gpg_error_t ksba_cms_hash_signed_attrs (ksba_cms_t cms, int idx);
gpg_error_t ksba_cms_set_content_type (ksba_cms_t cms, int what,
ksba_content_type_t type);
gpg_error_t ksba_cms_add_digest_algo (ksba_cms_t cms, const char *oid);
gpg_error_t ksba_cms_add_signer (ksba_cms_t cms, ksba_cert_t cert);
gpg_error_t ksba_cms_add_cert (ksba_cms_t cms, ksba_cert_t cert);
gpg_error_t ksba_cms_add_smime_capability (ksba_cms_t cms, const char *oid,
const unsigned char *der,
size_t derlen);
gpg_error_t ksba_cms_set_message_digest (ksba_cms_t cms, int idx,
const unsigned char *digest,
size_t digest_len);
gpg_error_t ksba_cms_set_signing_time (ksba_cms_t cms, int idx,
const ksba_isotime_t sigtime);
gpg_error_t ksba_cms_set_sig_val (ksba_cms_t cms,
int idx, ksba_const_sexp_t sigval);
gpg_error_t ksba_cms_set_content_enc_algo (ksba_cms_t cms,
const char *oid,
const void *iv,
size_t ivlen);
gpg_error_t ksba_cms_add_recipient (ksba_cms_t cms, ksba_cert_t cert);
gpg_error_t ksba_cms_set_enc_val (ksba_cms_t cms,
int idx, ksba_const_sexp_t encval);
/*-- crl.c --*/
gpg_error_t ksba_crl_new (ksba_crl_t *r_crl);
void ksba_crl_release (ksba_crl_t crl);
gpg_error_t ksba_crl_set_reader (ksba_crl_t crl, ksba_reader_t r);
void ksba_crl_set_hash_function (ksba_crl_t crl,
void (*hash_fnc)(void *,
const void *, size_t),
void *hash_fnc_arg);
const char *ksba_crl_get_digest_algo (ksba_crl_t crl);
gpg_error_t ksba_crl_get_issuer (ksba_crl_t crl, char **r_issuer);
gpg_error_t ksba_crl_get_extension (ksba_crl_t crl, int idx,
char const **oid, int *critical,
unsigned char const **der, size_t *derlen);
gpg_error_t ksba_crl_get_auth_key_id (ksba_crl_t crl,
ksba_sexp_t *r_keyid,
ksba_name_t *r_name,
ksba_sexp_t *r_serial);
gpg_error_t ksba_crl_get_crl_number (ksba_crl_t crl, ksba_sexp_t *number);
gpg_error_t ksba_crl_get_update_times (ksba_crl_t crl,
ksba_isotime_t this_update,
ksba_isotime_t next_update);
gpg_error_t ksba_crl_get_item (ksba_crl_t crl,
ksba_sexp_t *r_serial,
ksba_isotime_t r_revocation_date,
ksba_crl_reason_t *r_reason);
ksba_sexp_t ksba_crl_get_sig_val (ksba_crl_t crl);
gpg_error_t ksba_crl_parse (ksba_crl_t crl, ksba_stop_reason_t *r_stopreason);
/*-- ocsp.c --*/
gpg_error_t ksba_ocsp_new (ksba_ocsp_t *r_oscp);
void ksba_ocsp_release (ksba_ocsp_t ocsp);
gpg_error_t ksba_ocsp_set_digest_algo (ksba_ocsp_t ocsp, const char *oid);
gpg_error_t ksba_ocsp_set_requestor (ksba_ocsp_t ocsp, ksba_cert_t cert);
gpg_error_t ksba_ocsp_add_target (ksba_ocsp_t ocsp,
ksba_cert_t cert, ksba_cert_t issuer_cert);
/* Note that !NONCE and NONCELEN !=0 has a special semantic. */
size_t ksba_ocsp_set_nonce (ksba_ocsp_t ocsp,
unsigned char *nonce, size_t noncelen);
gpg_error_t ksba_ocsp_prepare_request (ksba_ocsp_t ocsp);
gpg_error_t ksba_ocsp_hash_request (ksba_ocsp_t ocsp,
void (*hasher)(void *, const void *,
size_t length),
void *hasher_arg);
gpg_error_t ksba_ocsp_set_sig_val (ksba_ocsp_t ocsp,
ksba_const_sexp_t sigval);
gpg_error_t ksba_ocsp_add_cert (ksba_ocsp_t ocsp, ksba_cert_t cert);
gpg_error_t ksba_ocsp_build_request (ksba_ocsp_t ocsp,
unsigned char **r_buffer,
size_t *r_buflen);
gpg_error_t ksba_ocsp_parse_response (ksba_ocsp_t ocsp,
const unsigned char *msg, size_t msglen,
ksba_ocsp_response_status_t *resp_status);
const char *ksba_ocsp_get_digest_algo (ksba_ocsp_t ocsp);
gpg_error_t ksba_ocsp_hash_response (ksba_ocsp_t ocsp,
const unsigned char *msg, size_t msglen,
void (*hasher)(void *, const void *,
size_t length),
void *hasher_arg);
ksba_sexp_t ksba_ocsp_get_sig_val (ksba_ocsp_t ocsp,
ksba_isotime_t produced_at);
gpg_error_t ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
char **r_name,
ksba_sexp_t *r_keyid);
ksba_cert_t ksba_ocsp_get_cert (ksba_ocsp_t ocsp, int idx);
gpg_error_t ksba_ocsp_get_status (ksba_ocsp_t ocsp, ksba_cert_t cert,
ksba_status_t *r_status,
ksba_isotime_t r_this_update,
ksba_isotime_t r_next_update,
ksba_isotime_t r_revocation_time,
ksba_crl_reason_t *r_reason);
gpg_error_t ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert,
int idx,
char const **r_oid, int *r_crit,
unsigned char const **r_der,
size_t *r_derlen);
/*-- certreq.c --*/
gpg_error_t ksba_certreq_new (ksba_certreq_t *r_cr);
void ksba_certreq_release (ksba_certreq_t cr);
gpg_error_t ksba_certreq_set_writer (ksba_certreq_t cr, ksba_writer_t w);
void ksba_certreq_set_hash_function (
ksba_certreq_t cr,
void (*hash_fnc)(void *, const void *, size_t),
void *hash_fnc_arg);
gpg_error_t ksba_certreq_add_subject (ksba_certreq_t cr, const char *name);
gpg_error_t ksba_certreq_set_public_key (ksba_certreq_t cr,
ksba_const_sexp_t key);
gpg_error_t ksba_certreq_add_extension (ksba_certreq_t cr,
const char *oid, int is_crit,
const void *der,
size_t derlen);
gpg_error_t ksba_certreq_set_sig_val (ksba_certreq_t cr,
ksba_const_sexp_t sigval);
gpg_error_t ksba_certreq_build (ksba_certreq_t cr,
ksba_stop_reason_t *r_stopreason);
/* The functions below are used to switch to X.509 certificate creation. */
gpg_error_t ksba_certreq_set_serial (ksba_certreq_t cr, ksba_const_sexp_t sn);
gpg_error_t ksba_certreq_set_issuer (ksba_certreq_t cr, const char *name);
gpg_error_t ksba_certreq_set_validity (ksba_certreq_t cr, int what,
const ksba_isotime_t timebuf);
gpg_error_t ksba_certreq_set_siginfo (ksba_certreq_t cr,
ksba_const_sexp_t siginfo);
/*-- reader.c --*/
gpg_error_t ksba_reader_new (ksba_reader_t *r_r);
void ksba_reader_release (ksba_reader_t r);
gpg_error_t ksba_reader_set_release_notify (ksba_reader_t r,
void (*notify)(void*,ksba_reader_t),
void *notify_value);
gpg_error_t ksba_reader_clear (ksba_reader_t r,
unsigned char **buffer, size_t *buflen);
gpg_error_t ksba_reader_error (ksba_reader_t r);
gpg_error_t ksba_reader_set_mem (ksba_reader_t r,
const void *buffer, size_t length);
gpg_error_t ksba_reader_set_fd (ksba_reader_t r, int fd);
gpg_error_t ksba_reader_set_file (ksba_reader_t r, FILE *fp);
gpg_error_t ksba_reader_set_cb (ksba_reader_t r,
int (*cb)(void*,char *,size_t,size_t*),
void *cb_value );
gpg_error_t ksba_reader_read (ksba_reader_t r,
char *buffer, size_t length, size_t *nread);
gpg_error_t ksba_reader_unread (ksba_reader_t r, const void *buffer, size_t count);
unsigned long ksba_reader_tell (ksba_reader_t r);
/*-- writer.c --*/
gpg_error_t ksba_writer_new (ksba_writer_t *r_w);
void ksba_writer_release (ksba_writer_t w);
gpg_error_t ksba_writer_set_release_notify (ksba_writer_t w,
void (*notify)(void*,ksba_writer_t),
void *notify_value);
int ksba_writer_error (ksba_writer_t w);
unsigned long ksba_writer_tell (ksba_writer_t w);
gpg_error_t ksba_writer_set_fd (ksba_writer_t w, int fd);
gpg_error_t ksba_writer_set_file (ksba_writer_t w, FILE *fp);
gpg_error_t ksba_writer_set_cb (ksba_writer_t w,
int (*cb)(void*,const void *,size_t),
void *cb_value);
gpg_error_t ksba_writer_set_mem (ksba_writer_t w, size_t initial_size);
const void *ksba_writer_get_mem (ksba_writer_t w, size_t *nbytes);
void * ksba_writer_snatch_mem (ksba_writer_t w, size_t *nbytes);
gpg_error_t ksba_writer_set_filter (ksba_writer_t w,
gpg_error_t (*filter)(void*,
const void *,size_t, size_t *,
void *, size_t, size_t *),
void *filter_arg);
gpg_error_t ksba_writer_write (ksba_writer_t w, const void *buffer, size_t length);
gpg_error_t ksba_writer_write_octet_string (ksba_writer_t w,
const void *buffer, size_t length,
int flush);
/*-- asn1-parse.y --*/
int ksba_asn_parse_file (const char *filename, ksba_asn_tree_t *result,
int debug);
void ksba_asn_tree_release (ksba_asn_tree_t tree);
/*-- asn1-func.c --*/
void ksba_asn_tree_dump (ksba_asn_tree_t tree, const char *name, FILE *fp);
gpg_error_t ksba_asn_create_tree (const char *mod_name, ksba_asn_tree_t *result);
/*-- oid.c --*/
char *ksba_oid_to_str (const char *buffer, size_t length);
gpg_error_t ksba_oid_from_str (const char *string,
unsigned char **rbuf, size_t *rlength);
/*-- dn.c --*/
gpg_error_t ksba_dn_der2str (const void *der, size_t derlen, char **r_string);
gpg_error_t ksba_dn_str2der (const char *string,
unsigned char **rder, size_t *rderlen);
gpg_error_t ksba_dn_teststr (const char *string, int seq,
size_t *rerroff, size_t *rerrlen);
/*-- name.c --*/
gpg_error_t ksba_name_new (ksba_name_t *r_name);
void ksba_name_ref (ksba_name_t name);
void ksba_name_release (ksba_name_t name);
const char *ksba_name_enum (ksba_name_t name, int idx);
char *ksba_name_get_uri (ksba_name_t name, int idx);
/*-- der-builder.c --*/
void ksba_der_release (ksba_der_t d);
ksba_der_t ksba_der_builder_new (unsigned int nitems);
void ksba_der_builder_reset (ksba_der_t d);
void ksba_der_add_ptr (ksba_der_t d, int cls, int tag,
void *value, size_t valuelen);
void ksba_der_add_val (ksba_der_t d, int cls, int tag,
const void *value, size_t valuelen);
void ksba_der_add_int (ksba_der_t d, const void *value, size_t valuelen,
int force_positive);
void ksba_der_add_oid (ksba_der_t d, const char *oidstr);
void ksba_der_add_bts (ksba_der_t d, const void *value, size_t valuelen,
unsigned int unusedbits);
void ksba_der_add_der (ksba_der_t d, const void *der, size_t derlen);
void ksba_der_add_tag (ksba_der_t d, int cls, int tag);
void ksba_der_add_end (ksba_der_t d);
gpg_error_t ksba_der_builder_get (ksba_der_t d,
unsigned char **r_obj, size_t *r_objlen);
/*-- util.c --*/
void ksba_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
void *(*new_realloc_func)(void *p, size_t n),
void (*new_free_func)(void*) );
void ksba_set_hash_buffer_function ( gpg_error_t (*fnc)
(void *arg, const char *oid,
const void *buffer, size_t length,
size_t resultsize,
unsigned char *result,
size_t *resultlen),
void *fnc_arg);
void *ksba_malloc (size_t n );
void *ksba_calloc (size_t n, size_t m );
void *ksba_realloc (void *p, size_t n);
char *ksba_strdup (const char *p);
void ksba_free ( void *a );
/*--version.c --*/
const char *ksba_check_version (const char *req_version);
#ifdef __cplusplus
}
#endif
#endif /*KSBA_H*/
diff --git a/src/version.c b/src/version.c
index a744808..a67908e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -1,142 +1,142 @@
/* version.c - Version checking
* Copyright (C) 2001, 2002, 2012 g10 Code GmbH
*
* This file is part of KSBA.
*
* KSBA is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* KSBA is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
* License for more details.
*
* You should have received a copies of the GNU General Public License
* and the GNU Lesser General Public License along with this program;
* if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "util.h"
static const char*
parse_version_number (const char *s, int *number)
{
int val = 0;
if (*s == '0' && digitp (s+1))
return NULL; /* Leading zeros are not allowed. */
for (; digitp (s); s++)
{
val *= 10;
val += *s - '0';
}
*number = val;
return val < 0 ? NULL : s;
}
static const char *
parse_version_string (const char *s, int *major, int *minor, int *micro)
{
s = parse_version_number (s, major);
if (!s || *s != '.')
return NULL;
s++;
s = parse_version_number (s, minor);
if (!s || *s != '.')
return NULL;
s++;
s = parse_version_number (s, micro);
if (!s)
return NULL;
return s; /* Patchlevel. */
}
static const char *
compare_versions (const char *my_version, const char *req_version)
{
int my_major, my_minor, my_micro;
int rq_major, rq_minor, rq_micro;
const char *my_plvl, *rq_plvl;
if (!req_version)
return my_version;
if (!my_version)
return NULL;
my_plvl = parse_version_string (my_version, &my_major, &my_minor, &my_micro);
if (!my_plvl)
return NULL; /* Very strange: our own version is bogus. */
rq_plvl = parse_version_string(req_version,
&rq_major, &rq_minor, &rq_micro);
if (!rq_plvl)
return NULL; /* Requested version string is invalid. */
if (my_major > rq_major
|| (my_major == rq_major && my_minor > rq_minor)
|| (my_major == rq_major && my_minor == rq_minor
&& my_micro > rq_micro)
|| (my_major == rq_major && my_minor == rq_minor
&& my_micro == rq_micro))
{
return my_version;
}
return NULL;
}
/* This is actually a dummy function to make sure that is module is
not empty. Some compilers barf on empty modules. */
static const char *
cright_blurb (void)
{
static const char blurb[] =
"\n\n"
"This is Libksba " PACKAGE_VERSION " - An X.509 and CMS Library\n"
- "Copyright 2001-2006,2010-2015,2018-2021 g10 Code GmbH\n"
+ "Copyright 2001-2006,2010-2015,2018-2026 g10 Code GmbH\n"
"\n"
"SPDX-License-Identifier: LGPL-3.0-or-later OR GPL-2.0-or-later\n"
"(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n"
"\n\n";
return blurb;
}
/**
* ksba_check_version:
* @req_version: A string with a version
*
* Check that the the version of the library is at minimum the requested one
* and return the version string; return NULL if the condition is not
* met. If a NULL is passed to this function, no check is done and
* the version string is simply returned. It is a pretty good idea to
* run this function as soon as possible, because it also intializes
* some subsystems. In a multithreaded environment if should be called
* before the first thread is created.
*
* Return value: The version string or NULL
**/
const char *
ksba_check_version (const char *req_version)
{
/* fixme: if we need global initializations.
Note that the malloc hook might not have been run yet */
if (req_version && req_version[0] == 1 && req_version[1] == 1)
return cright_blurb ();
return compare_versions (VERSION, req_version);
}
diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in
index 60bc150..172c1ba 100644
--- a/src/versioninfo.rc.in
+++ b/src/versioninfo.rc.in
@@ -1,52 +1,52 @@
/* versioninfo.rc.in - for libksba
* Copyright (C) 2007 g10 Code GmbH
*
* This file is free software; as a special exception the author gives
* unlimited permission to copy and/or distribute it, with or without
* modifications, as long as this notice is preserved.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/* This file is processed by configure to create versioninfo.rc */
#line __LINE__ "versioninfo.rc.in"
#include <afxres.h>
VS_VERSION_INFO VERSIONINFO
FILEVERSION @BUILD_FILEVERSION@
PRODUCTVERSION @BUILD_FILEVERSION@
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x21L
#else
FILEFLAGS 0x20L
#endif
FILEOS 0x40004L
FILETYPE 0x1L
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "040904b0"
BEGIN
/* Note that the Windows version falls under the GPL. */
VALUE "Comments", "Provided under the terms of the GNU Lesser General Public License, version 3.\0"
VALUE "CompanyName", "g10 Code GmbH\0"
VALUE "FileDescription", "Libksba - X.509 and CMS Library\0"
VALUE "FileVersion", "@LIBKSBA_LT_CURRENT@.@LIBKSBA_LT_AGE@.@LIBKSBA_LT_REVISION@.@BUILD_REVISION@\0"
VALUE "InternalName", "libksba\0"
- VALUE "LegalCopyright", "Copyright ゥ 2023 g10 Code GmbH\0"
+ VALUE "LegalCopyright", "Copyright ゥ 2026 g10 Code GmbH\0"
VALUE "LegalTrademarks", "\0"
VALUE "OriginalFilename", "libksba.dll\0"
VALUE "PrivateBuild", "\0"
VALUE "ProductName", "libksba\0"
VALUE "ProductVersion", "@VERSION@\0"
VALUE "SpecialBuild", "@BUILD_TIMESTAMP@\0"
END
END
END

File Metadata

Mime Type
text/x-diff
Expires
Thu, Feb 26, 6:40 PM (14 h, 51 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
3f/1d/a11d4c8b5eff4d021ebb89220e22

Event Timeline