From 9db7b89e14c5bcd317548747da9b52b4cd7246bb Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Fri, 17 Apr 2026 13:28:53 +0300 Subject: [PATCH] Add Visual Studio 2026 build and update libs - OpenSSL 3.5.6 - xmlsec1 1.3.11 - zlib 1.3.2 IB-8886, IB-8845 Signed-off-by: Raul Metsma --- .github/workflows/build.yml | 56 +++++--- CMakePresets.json | 23 ++-- examples/android/app/build.gradle | 70 +++++++--- examples/android/build.gradle | 2 +- examples/android/gradle.properties | 5 +- .../gradle/gradle-daemon-jvm.properties | 13 ++ .../gradle/wrapper/gradle-wrapper.properties | 2 +- examples/android/settings.gradle | 3 + examples/ios/README.md | 9 +- .../libdigidocpp.xcodeproj/project.pbxproj | 50 +++++-- libdigidocpp.wxs | 4 +- prepare_osx_build_environment.sh | 67 ++-------- vcpkg-triplets/arm64-ios.cmake | 5 + vcpkg-triplets/arm64-x64-ios-catalyst.cmake | 7 + vcpkg-triplets/arm64-x64-ios-simulator.cmake | 7 + vcpkg.json | 4 +- xmlsec1-1.3.10.legacy.patch | 105 +++++++++++++++ xmlsec1-1.3.5.legacy.patch | 126 ------------------ 18 files changed, 311 insertions(+), 247 deletions(-) create mode 100644 examples/android/gradle/gradle-daemon-jvm.properties create mode 100644 vcpkg-triplets/arm64-ios.cmake create mode 100644 vcpkg-triplets/arm64-x64-ios-catalyst.cmake create mode 100644 vcpkg-triplets/arm64-x64-ios-simulator.cmake create mode 100644 xmlsec1-1.3.10.legacy.patch delete mode 100644 xmlsec1-1.3.5.legacy.patch diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 419c83a8f..7119e7d69 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,12 @@ jobs: runs-on: macos-latest strategy: matrix: - target: [macos, iphoneos, iphonesimulator] + include: + - target: macos + - target: iphoneos + triplet: arm64-ios + - target: iphonesimulator + triplet: arm64-x64-ios-simulator steps: - name: Checkout uses: actions/checkout@v6 @@ -29,39 +34,52 @@ jobs: sudo rm -rf /Library/Frameworks/Python.framework/Versions/3.13 sudo rm -rf /Library/Frameworks/Python.framework/Versions/3.14 - name: Cache + if: matrix.target == 'macos' uses: actions/cache@v5 id: cache with: path: cache key: ${{ matrix.target }}-${{ hashFiles('prepare_osx_build_environment.sh') }} + - name: Cache vcpkg + if: matrix.target != 'macos' + uses: actions/cache@v5 + with: + path: ${{ github.workspace }}/vcpkg_cache + key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json') }} - name: Build openssl - if: steps.cache.outputs.cache-hit != 'true' + if: matrix.target == 'macos' && steps.cache.outputs.cache-hit != 'true' run: ./prepare_osx_build_environment.sh openssl ${{ matrix.target }} - name: Build xmlsec - if: steps.cache.outputs.cache-hit != 'true' + if: matrix.target == 'macos' && steps.cache.outputs.cache-hit != 'true' run: ./prepare_osx_build_environment.sh xmlsec ${{ matrix.target }} - name: Move to cache - if: steps.cache.outputs.cache-hit != 'true' + if: matrix.target == 'macos' && steps.cache.outputs.cache-hit != 'true' run: | mkdir cache sudo mv /Library/libdigidocpp* cache - - name: Setup cache - run: sudo ln -s $PWD/cache/* /Library/ - name: Build macOS if: matrix.target == 'macos' run: | + sudo ln -s $PWD/cache/* /Library/ cmake --preset ${{ matrix.target }} -DCMAKE_BUILD_TYPE=RelWithDebInfo cmake --build --preset ${{ matrix.target }} - cmake --build --preset ${{ matrix.target }} --target test pkcs11sign embedlibs + cmake --build --preset ${{ matrix.target }} --target test pkcs11sign embedlibs cmake --build --preset ${{ matrix.target }} --target zipdebug pkgbuild - name: Build ${{ matrix.target }} if: matrix.target != 'macos' + env: + VCPKG_BINARY_SOURCES: clear;files,${{ github.workspace }}/vcpkg_cache,readwrite run: | + export VCPKG_ROOT=$VCPKG_INSTALLATION_ROOT + git -C $VCPKG_INSTALLATION_ROOT fetch origin f77737496dabd44c63ecc599dc0f4d6cff30d0d5 + git -C $VCPKG_INSTALLATION_ROOT reset --hard f77737496dabd44c63ecc599dc0f4d6cff30d0d5 cmake --preset ${{ matrix.target }} -DCMAKE_BUILD_TYPE=RelWithDebInfo cmake --build --preset ${{ matrix.target }} - sudo cmake --build --preset ${{ matrix.target }} --target install/strip - cd /Library - zip -q -r ${OLDPWD}/libdigidocpp.${{ matrix.target }}.zip libdigidocpp.* + cmake --build --preset ${{ matrix.target }} --target install/strip + mkdir -p libdigidocpp.${{ matrix.target }}/include + cp build/${{ matrix.target }}/vcpkg_installed/${{ matrix.triplet }}/lib/{libcrypto,libssl}.a libdigidocpp.${{ matrix.target }}/lib/ + cp -r build/${{ matrix.target }}/vcpkg_installed/${{ matrix.triplet }}/include/openssl libdigidocpp.${{ matrix.target }}/include/ + zip -q -r libdigidocpp.${{ matrix.target }}.zip libdigidocpp.${{ matrix.target }} - name: Archive artifacts uses: actions/upload-artifact@v6 with: @@ -88,7 +106,7 @@ jobs: uses: actions/cache@v5 with: path: ${{ github.workspace }}/vcpkg_cache - key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json', 'vcpkg-ports/**') }} + key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json') }} - name: Build env: VCPKG_BINARY_SOURCES: clear;files,${{ github.workspace }}/vcpkg_cache,readwrite @@ -96,6 +114,8 @@ jobs: export VCPKG_ROOT=$VCPKG_INSTALLATION_ROOT export ANDROID_NDK_HOME=$ANDROID_NDK_LATEST_HOME export ANDROID_NDK_ROOT=$ANDROID_NDK_LATEST_HOME + git -C $VCPKG_INSTALLATION_ROOT fetch origin f77737496dabd44c63ecc599dc0f4d6cff30d0d5 + git -C $VCPKG_INSTALLATION_ROOT reset --hard f77737496dabd44c63ecc599dc0f4d6cff30d0d5 cmake --preset ${{ matrix.target }} "-GUnix Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo cmake --build --preset ${{ matrix.target }} cmake --build --preset ${{ matrix.target }} --target install/strip @@ -151,6 +171,9 @@ jobs: steps: - name: Install dependencies run: | + for f in /etc/apt/sources.list /etc/apt/sources.list.d/*.list /etc/apt/sources.list.d/*.sources; do + [ -f "$f" ] && sed -i 's|http://archive.ubuntu.com|http://azure.archive.ubuntu.com|g; s|http://security.ubuntu.com|http://azure.archive.ubuntu.com|g' "$f" + done echo 'path-exclude=/usr/share/man/*' > /etc/dpkg/dpkg.cfg.d/99-nodocs echo 'path-exclude=/usr/share/doc/*' >> /etc/dpkg/dpkg.cfg.d/99-nodocs echo 'path-exclude=/usr/share/doc-base/*' >> /etc/dpkg/dpkg.cfg.d/99-nodocs @@ -175,10 +198,10 @@ jobs: path: libdigidocpp*.* windows: name: Build on Windows - runs-on: windows-2025 + runs-on: windows-2025${{ matrix.toolset == '145' && '-vs2026' || '' }} strategy: matrix: - toolset: [143] + toolset: [143, 145] platform: [x86, x64, arm64] include: - platform: x86 @@ -200,7 +223,7 @@ jobs: uses: actions/cache@v5 with: path: ${{ github.workspace }}/vcpkg_cache - key: vcpkg-${{ matrix.toolset }}-${{ matrix.platform }}-${{ hashFiles('vcpkg.json', 'vcpkg-ports/**') }} + key: vcpkg-${{ matrix.toolset }}-${{ matrix.platform }}-${{ hashFiles('vcpkg.json') }} - name: Install dependencies run: winget install --silent --accept-source-agreements --accept-package-agreements swig doxygen 9NQ7512CXL7T - uses: actions/setup-java@v5 @@ -211,9 +234,12 @@ jobs: env: VCPKG_BINARY_SOURCES: clear;files,${{ github.workspace }}/vcpkg_cache,readwrite run: | + & git -C C:\vcpkg fetch origin f77737496dabd44c63ecc599dc0f4d6cff30d0d5 + & git -C C:\vcpkg reset --hard f77737496dabd44c63ecc599dc0f4d6cff30d0d5 & "$env:LOCALAPPDATA\Microsoft\WindowsApps\py.exe" install --target=.\python\${{ matrix.platform }} 3.13-${{ matrix.python }} $swig = (Get-Item "$env:LOCALAPPDATA\Microsoft\WinGet\Links\swig.exe").Target - & "C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Auxiliary\\Build\\vcvarsall.bat" ${{ matrix.setenv }} "&&" pwsh build.ps1 ` + $vsPath = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -property installationPath + & "$vsPath\VC\Auxiliary\Build\vcvarsall.bat" ${{ matrix.setenv }} "&&" pwsh build.ps1 ` -vcpkg "C:/vcpkg/vcpkg.exe" ` -swig $swig ` -doxygen "C:/Program files/doxygen/bin/doxygen.exe" ` diff --git a/CMakePresets.json b/CMakePresets.json index ab29c36bf..9216c537c 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -36,23 +36,24 @@ "inherits": "default", "installDir": "$env{DEST}", "environment": { - "DEST": "libdigidocpp$env{DEST_SUFFIX}", + "DEST": "${sourceDir}/libdigidocpp$env{DEST_SUFFIX}", "DEST_SUFFIX": ".${presetName}" }, "cacheVariables": { "CMAKE_DISABLE_FIND_PACKAGE_Boost": "YES", "CMAKE_DISABLE_FIND_PACKAGE_Doxygen": "YES", - "BUILD_TOOLS": "NO" + "BUILD_TOOLS": "NO", + "CMAKE_TOOLCHAIN_FILE": "$env{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" } }, { "name": "ios", "hidden": true, - "inherits": ["macos", "mobile"], + "inherits": ["mobile","macos"], "cacheVariables": { "CMAKE_SYSTEM_NAME": "iOS", "CMAKE_OSX_SYSROOT": "${presetName}", - "CMAKE_OSX_DEPLOYMENT_TARGET": "15.0", + "CMAKE_OSX_DEPLOYMENT_TARGET": "16.0", "CMAKE_DISABLE_FIND_PACKAGE_SWIG": "YES", "FRAMEWORK_DESTINATION": "$env{DEST}/lib" } @@ -62,20 +63,25 @@ "inherits": "ios", "description": "This iphoneos build is only available on macOS", "cacheVariables": { - "CMAKE_OSX_ARCHITECTURES": "arm64" + "CMAKE_OSX_ARCHITECTURES": "arm64", + "VCPKG_TARGET_TRIPLET": "arm64-ios" } }, { "name": "iphonesimulator", "inherits": "ios", - "description": "This iphonesimulator build is only available on macOS" + "description": "This iphonesimulator build is only available on macOS", + "cacheVariables": { + "VCPKG_TARGET_TRIPLET": "arm64-x64-ios-simulator" + } }, { "name": "iphonecatalyst", "inherits": "ios", "description": "This iphonecatalyst build is only available on macOS", "cacheVariables": { - "CMAKE_OSX_SYSROOT": "macosx" + "CMAKE_OSX_SYSROOT": "macosx", + "VCPKG_TARGET_TRIPLET": "arm64-x64-ios-catalyst" } }, { @@ -86,8 +92,7 @@ "CMAKE_SYSTEM_NAME": "Android", "CMAKE_SYSTEM_VERSION": "30", "CMAKE_DISABLE_FIND_PACKAGE_Python3": "YES", - "BUILD_SHARED_LIBS": "NO", - "CMAKE_TOOLCHAIN_FILE": "$env{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" + "BUILD_SHARED_LIBS": "NO" } }, { diff --git a/examples/android/app/build.gradle b/examples/android/app/build.gradle index 410618170..fc0a31cc1 100644 --- a/examples/android/app/build.gradle +++ b/examples/android/app/build.gradle @@ -1,6 +1,15 @@ apply plugin: 'com.android.application' -def libsPath = '/Library/libdigidocpp' +def projectRoot = rootDir.parentFile.parentFile.absolutePath +def cmakeInstall = "${projectDir}/build/cmake" + +def localProps = new Properties() +def localPropsFile = rootDir.toPath().resolve('local.properties').toFile() +if (localPropsFile.exists()) localProps.load(localPropsFile.newDataInputStream()) +def cmake = localProps.getProperty('cmake') ?: { + def sdkCmake = new File(localProps.getProperty('sdk.dir', ''), 'cmake') + sdkCmake.listFiles()?.collect { new File(it, 'bin/cmake') }?.find { it.exists() }?.absolutePath ?: 'cmake' +}() android { compileSdk = 36 @@ -14,7 +23,6 @@ android { versionCode Integer.parseInt(System.getenv("BUILD_NUMBER")) versionName "1.0." + System.getenv("BUILD_NUMBER") } - setProperty("archivesBaseName", "libdigidocpp-android-$versionName") } buildTypes { release { @@ -26,13 +34,51 @@ android { targetCompatibility JavaVersion.VERSION_17 sourceCompatibility JavaVersion.VERSION_17 } - sourceSets.main.java.srcDirs += [libsPath + '.androidarm64/include'] + sourceSets.main.java.srcDirs += ["${cmakeInstall}/androidarm64/include"] namespace 'ee.ria.libdigidocpp' } +def versionNameValue = System.getenv("BUILD_NUMBER") ? "1.0.${System.getenv('BUILD_NUMBER')}" : "1.0" + +androidComponents { + onVariants(selector().all()) { variant -> + variant.outputs.forEach { output -> + output.outputFileName.set("libdigidocpp-android-${versionNameValue}.apk") + } + } +} + +[[preset: 'androidarm', jniDir: 'armeabi-v7a'], + [preset: 'androidarm64', jniDir: 'arm64-v8a'], + [preset: 'androidx86_64', jniDir: 'x86_64']].each { cfg -> + + def configureTask = tasks.register("cmakeConfigure_${cfg.preset}", Exec) { + inputs.files("${projectRoot}/CMakePresets.json", "${projectRoot}/CMakeLists.txt", "${projectRoot}/vcpkg.json") + outputs.dir("${projectRoot}/build/${cfg.preset}") + workingDir projectRoot + commandLine cmake, '--preset', cfg.preset, + '-DCMAKE_BUILD_TYPE=RelWithDebInfo', + "-DCMAKE_INSTALL_PREFIX=${cmakeInstall}/${cfg.preset}" + } + + tasks.register("cmakeBuild_${cfg.preset}", Exec) { + dependsOn configureTask + inputs.dir("${projectRoot}/build/${cfg.preset}") + outputs.dir("${cmakeInstall}/${cfg.preset}") + workingDir projectRoot + commandLine cmake, '--build', '--preset', cfg.preset, '--target', 'install' + } + + tasks.register("copyLib_${cfg.preset}", Copy) { + dependsOn "cmakeBuild_${cfg.preset}" + from "${cmakeInstall}/${cfg.preset}/lib/libdigidoc_java.so" + into "src/main/jniLibs/${cfg.jniDir}" + } +} + tasks.register('schemaZip', Zip) { - println "Create schema zip" - from(libsPath + '.androidarm/etc/digidocpp/schema/') { + dependsOn 'cmakeBuild_androidarm' + from("${cmakeInstall}/androidarm/etc/digidocpp/schema/") { include '*' } destinationDirectory = file('src/main/res/raw/') @@ -40,19 +86,7 @@ tasks.register('schemaZip', Zip) { } tasks.register('copyLibs') { - println "Copy jniLibs" - copy { - from libsPath + '.androidarm/lib/libdigidoc_java.so' - into 'src/main/jniLibs/armeabi-v7a' - } - copy { - from libsPath + '.androidarm64/lib/libdigidoc_java.so' - into 'src/main/jniLibs/arm64-v8a' - } - copy { - from libsPath + '.androidx86_64/lib/libdigidoc_java.so' - into 'src/main/jniLibs/x86_64' - } + dependsOn 'copyLib_androidarm', 'copyLib_androidarm64', 'copyLib_androidx86_64' } preBuild.dependsOn schemaZip, copyLibs diff --git a/examples/android/build.gradle b/examples/android/build.gradle index def288553..091482b0d 100644 --- a/examples/android/build.gradle +++ b/examples/android/build.gradle @@ -5,7 +5,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'com.android.tools.build:gradle:8.13.0' + classpath 'com.android.tools.build:gradle:9.1.1' } } diff --git a/examples/android/gradle.properties b/examples/android/gradle.properties index bb40acb4a..579f44adf 100644 --- a/examples/android/gradle.properties +++ b/examples/android/gradle.properties @@ -17,4 +17,7 @@ org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8 android.useAndroidX=true org.gradle.unsafe.configuration-cache=true android.nonTransitiveRClass=true -android.nonFinalResIds=true \ No newline at end of file +android.nonFinalResIds=true +android.uniquePackageNames=false +android.dependency.useConstraints=true +android.r8.strictFullModeForKeepRules=false \ No newline at end of file diff --git a/examples/android/gradle/gradle-daemon-jvm.properties b/examples/android/gradle/gradle-daemon-jvm.properties new file mode 100644 index 000000000..5c34300fa --- /dev/null +++ b/examples/android/gradle/gradle-daemon-jvm.properties @@ -0,0 +1,13 @@ +#This file is generated by updateDaemonJvm +toolchainUrl.FREE_BSD.AARCH64=https\://api.foojay.io/disco/v3.0/ids/56a19bc915b9ba2eb62ba7554c61b919/redirect +toolchainUrl.FREE_BSD.X86_64=https\://api.foojay.io/disco/v3.0/ids/398ffe3949748bfb1d5636f023d228fd/redirect +toolchainUrl.LINUX.AARCH64=https\://api.foojay.io/disco/v3.0/ids/56a19bc915b9ba2eb62ba7554c61b919/redirect +toolchainUrl.LINUX.X86_64=https\://api.foojay.io/disco/v3.0/ids/398ffe3949748bfb1d5636f023d228fd/redirect +toolchainUrl.MAC_OS.AARCH64=https\://api.foojay.io/disco/v3.0/ids/e99bae143b75f9a10ead10248f02055e/redirect +toolchainUrl.MAC_OS.X86_64=https\://api.foojay.io/disco/v3.0/ids/04e088f8677de3b384108493cc9481d0/redirect +toolchainUrl.UNIX.AARCH64=https\://api.foojay.io/disco/v3.0/ids/56a19bc915b9ba2eb62ba7554c61b919/redirect +toolchainUrl.UNIX.X86_64=https\://api.foojay.io/disco/v3.0/ids/398ffe3949748bfb1d5636f023d228fd/redirect +toolchainUrl.WINDOWS.AARCH64=https\://api.foojay.io/disco/v3.0/ids/e55dccbfe27cb97945148c61a39c89c5/redirect +toolchainUrl.WINDOWS.X86_64=https\://api.foojay.io/disco/v3.0/ids/dbd05c4936d573642f94cd149e1356c8/redirect +toolchainVendor=JETBRAINS +toolchainVersion=21 diff --git a/examples/android/gradle/wrapper/gradle-wrapper.properties b/examples/android/gradle/wrapper/gradle-wrapper.properties index bb85f020b..b32e267ee 100644 --- a/examples/android/gradle/wrapper/gradle-wrapper.properties +++ b/examples/android/gradle/wrapper/gradle-wrapper.properties @@ -3,4 +3,4 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-all.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-9.3.1-all.zip diff --git a/examples/android/settings.gradle b/examples/android/settings.gradle index 7e72ac4fe..f8a779d7e 100644 --- a/examples/android/settings.gradle +++ b/examples/android/settings.gradle @@ -1,3 +1,6 @@ +plugins { + id 'org.gradle.toolchains.foojay-resolver-convention' version '0.10.0' +} dependencyResolutionManagement { repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS) repositories { diff --git a/examples/ios/README.md b/examples/ios/README.md index 01c8b63b6..9d4f1cbeb 100644 --- a/examples/ios/README.md +++ b/examples/ios/README.md @@ -3,13 +3,10 @@ ### macOS 1. Install dependencies see [README.md](../../README.md#macOS) -2. Build example +2. Build example and run on simulator - xcodebuild -project libdigidocpp.xcodeproj - -3. Execute - - Open Xcode project and run on simulator + xcodebuild -project libdigidocpp.xcodeproj -sdk iphonesimulator + Or open the Xcode project and run on a simulator or device directly. AppDelegate.mm contains how to override digidoc::XmlConf to point right cache folder for TSL lists. diff --git a/examples/ios/libdigidocpp.xcodeproj/project.pbxproj b/examples/ios/libdigidocpp.xcodeproj/project.pbxproj index 0cbf19db2..d62d127f5 100644 --- a/examples/ios/libdigidocpp.xcodeproj/project.pbxproj +++ b/examples/ios/libdigidocpp.xcodeproj/project.pbxproj @@ -122,6 +122,7 @@ isa = PBXNativeTarget; buildConfigurationList = 4E7663BE1B5A37AC00672ACF /* Build configuration list for PBXNativeTarget "libdigidocpp" */; buildPhases = ( + 4E34C8432AE9292A00DD78B0 /* Build libdigidocpp */, 4E7663941B5A37AC00672ACF /* Sources */, 4E7663951B5A37AC00672ACF /* Frameworks */, 4E7663961B5A37AC00672ACF /* Resources */, @@ -143,7 +144,7 @@ isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = YES; - LastUpgradeCheck = 1640; + LastUpgradeCheck = 2640; ORGANIZATIONNAME = RIA; TargetAttributes = { 4E7663971B5A37AC00672ACF = { @@ -183,6 +184,31 @@ }; /* End PBXResourcesBuildPhase section */ +/* Begin PBXShellScriptBuildPhase section */ + 4E34C8432AE9292A00DD78B0 /* Build libdigidocpp */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + ); + inputPaths = ( + "$(PROJECT_DIR)/../../CMakePresets.json", + "$(PROJECT_DIR)/../../CMakeLists.txt", + "$(PROJECT_DIR)/../../vcpkg.json", + ); + name = "Build libdigidocpp"; + outputFileListPaths = ( + ); + outputPaths = ( + "$(DERIVED_FILE_DIR)/lib/digidocpp.framework", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "set -e\nPROJECT_ROOT=\"${SRCROOT}/../..\"\n\ncase \"$PLATFORM_NAME\" in\n iphoneos) PRESET=iphoneos ;;\n iphonesimulator) PRESET=iphonesimulator ;;\n macosx) PRESET=iphonecatalyst ;;\n *)\n echo \"error: Unknown platform: $PLATFORM_NAME\"\n exit 1\n ;;\nesac\n\nif ! CMAKE=$(which cmake 2>/dev/null); then\n CMAKE=/opt/homebrew/bin/cmake\nfi\n\ncd \"$PROJECT_ROOT\"\n\"$CMAKE\" --preset \"$PRESET\" -DCMAKE_BUILD_TYPE=RelWithDebInfo \"-DCMAKE_INSTALL_PREFIX=${DERIVED_FILE_DIR}\" \"-DFRAMEWORK_DESTINATION=${DERIVED_FILE_DIR}/lib\"\n\"$CMAKE\" --build --preset \"$PRESET\" --target install\n"; + }; +/* End PBXShellScriptBuildPhase section */ + /* Begin PBXSourcesBuildPhase section */ 4E7663941B5A37AC00672ACF /* Sources */ = { isa = PBXSourcesBuildPhase; @@ -215,7 +241,7 @@ ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++23"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; @@ -247,7 +273,7 @@ ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; - GCC_C_LANGUAGE_STANDARD = gnu17; + GCC_C_LANGUAGE_STANDARD = gnu23; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; @@ -261,9 +287,10 @@ GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; - IPHONEOS_DEPLOYMENT_TARGET = 15.0; + IPHONEOS_DEPLOYMENT_TARGET = 16.6; ONLY_ACTIVE_ARCH = YES; SDKROOT = iphoneos; + STRING_CATALOG_GENERATE_SYMBOLS = YES; TARGETED_DEVICE_FAMILY = "1,2"; }; name = Debug; @@ -275,7 +302,7 @@ ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++23"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; @@ -306,7 +333,7 @@ ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; - GCC_C_LANGUAGE_STANDARD = gnu17; + GCC_C_LANGUAGE_STANDARD = gnu23; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; @@ -314,8 +341,9 @@ GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; - IPHONEOS_DEPLOYMENT_TARGET = 15.0; + IPHONEOS_DEPLOYMENT_TARGET = 16.6; SDKROOT = iphoneos; + STRING_CATALOG_GENERATE_SYMBOLS = YES; TARGETED_DEVICE_FAMILY = "1,2"; VALIDATE_PRODUCT = YES; }; @@ -331,6 +359,7 @@ CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = "$(BUILD_NUMBER)"; "ENABLE_HARDENED_RUNTIME[sdk=macosx*]" = YES; + ENABLE_USER_SCRIPT_SANDBOXING = NO; FRAMEWORK_SEARCH_PATHS = "$(SDKPATH)/lib"; GCC_PREPROCESSOR_DEFINITIONS = ( "$(inherited)", @@ -357,8 +386,7 @@ MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = ee.ria.libdigidocpp.app; PRODUCT_NAME = "$(TARGET_NAME)"; - SDKPATH = "$(LOCAL_LIBRARY_DIR)/libdigidocpp.$(PLATFORM_NAME)"; - "SDKPATH[sdk=macosx*]" = "$(LOCAL_LIBRARY_DIR)/libdigidocpp.iphonecatalyst"; + SDKPATH = "$(DERIVED_FILE_DIR)"; SUPPORTS_MACCATALYST = YES; SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD = NO; TESTING = 0; @@ -375,6 +403,7 @@ CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = "$(BUILD_NUMBER)"; "ENABLE_HARDENED_RUNTIME[sdk=macosx*]" = YES; + ENABLE_USER_SCRIPT_SANDBOXING = NO; FRAMEWORK_SEARCH_PATHS = "$(SDKPATH)/lib"; GCC_PREPROCESSOR_DEFINITIONS = ( "$(inherited)", @@ -401,8 +430,7 @@ MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = ee.ria.libdigidocpp.app; PRODUCT_NAME = "$(TARGET_NAME)"; - SDKPATH = "$(LOCAL_LIBRARY_DIR)/libdigidocpp.$(PLATFORM_NAME)"; - "SDKPATH[sdk=macosx*]" = "$(LOCAL_LIBRARY_DIR)/libdigidocpp.iphonecatalyst"; + SDKPATH = "$(DERIVED_FILE_DIR)"; SUPPORTS_MACCATALYST = YES; SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD = NO; TESTING = 0; diff --git a/libdigidocpp.wxs b/libdigidocpp.wxs index f4a5a4e6a..2e1321e3b 100644 --- a/libdigidocpp.wxs +++ b/libdigidocpp.wxs @@ -12,7 +12,9 @@ - + + + diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh index 13acc2153..b5394c273 100755 --- a/prepare_osx_build_environment.sh +++ b/prepare_osx_build_environment.sh @@ -1,50 +1,19 @@ #!/bin/sh set -e -OPENSSL_DIR=openssl-3.5.5 -XMLSEC_DIR=xmlsec1-1.3.9 -ARGS="$@" +OPENSSL_DIR=openssl-3.5.6 +XMLSEC_DIR=xmlsec1-1.3.10 case "$@" in -*android*) - echo "vcpkg is used for managing android dependencies " +*android*|*iphone*|*simulator*) + echo "vcpkg is used for managing iOS/Android dependencies" exit ;; -*simulator*) - echo "Building for iOS Simulator" - TARGET_PATH=/Library/libdigidocpp.iphonesimulator - SYSROOT=$(xcrun -sdk iphonesimulator --show-sdk-path) - : ${ARCHS:="arm64 x86_64"} - : ${IPHONEOS_DEPLOYMENT_TARGET:="15.0"} - export IPHONEOS_DEPLOYMENT_TARGET - export CFLAGS="-arch ${ARCHS// / -arch } -isysroot ${SYSROOT}" - ;; -*iphonecatalyst*) - echo "Building for iOS macOS Catalyst" - TARGET_PATH=/Library/libdigidocpp.iphonecatalyst - SYSROOT=$(xcrun -sdk macosx --show-sdk-path) - : ${ARCHS:="arm64 x86_64"} - : ${IPHONEOS_DEPLOYMENT_TARGET:="15.0"} - export IPHONEOS_DEPLOYMENT_TARGET - export CFLAGS="-arch ${ARCHS// / -arch } -target x86_64-apple-ios${IPHONEOS_DEPLOYMENT_TARGET}-macabi -isysroot ${SYSROOT}" - ;; -*iphoneos*) - echo "Building for iOS" - TARGET_PATH=/Library/libdigidocpp.iphoneos - SYSROOT=$(xcrun -sdk iphoneos --show-sdk-path) - : ${ARCHS:="arm64"} - : ${IPHONEOS_DEPLOYMENT_TARGET:="15.0"} - export IPHONEOS_DEPLOYMENT_TARGET - export CFLAGS="-arch ${ARCHS// / -arch } -isysroot ${SYSROOT}" - ;; *) - echo "Building for macOS" TARGET_PATH=/Library/libdigidocpp - SYSROOT=$(xcrun -sdk macosx --show-sdk-path) : ${ARCHS:="arm64 x86_64"} : ${MACOSX_DEPLOYMENT_TARGET:="13.0"} export MACOSX_DEPLOYMENT_TARGET - export CFLAGS="-arch ${ARCHS// / -arch } " ;; esac @@ -57,12 +26,9 @@ function xmlsec { rm -rf ${XMLSEC_DIR} tar xf ${XMLSEC_DIR}.tar.gz cd ${XMLSEC_DIR} - patch -Np1 -i ../xmlsec1-1.3.5.legacy.patch - case "${ARGS}" in - *iphone*) CONFIGURE="--host=aarch64-apple-darwin --enable-static --disable-shared --without-libxslt" ;; - *) CONFIGURE="--disable-static --enable-shared" ;; - esac - ./configure --prefix=${TARGET_PATH} ${CONFIGURE} \ + patch -Np1 -i ../xmlsec1-1.3.10.legacy.patch + sed -i '' 's/XMLSEC_VERSION_INFO=.*/XMLSEC_VERSION_INFO="1:0:0"/' configure + ./configure CFLAGS="-arch ${ARCHS// / -arch }" --prefix=${TARGET_PATH} --disable-static --enable-shared \ --disable-dependency-tracking \ --disable-crypto-dl \ --disable-apps-crypto-dl \ @@ -88,12 +54,7 @@ function openssl { pushd ${OPENSSL_DIR} for ARCH in ${ARCHS} do - case "${ARGS}" in - *simulator*) CC="" CFLAGS="" ./Configure iossimulator-${ARCH}-xcrun --prefix=${TARGET_PATH} no-apps no-shared no-dso no-module no-engine no-tests no-ui-console enable-ec_nistp_64_gcc_128 ;; - *catalyst*) CC="" CFLAGS="-target ${ARCH}-apple-ios${IPHONEOS_DEPLOYMENT_TARGET}-macabi" ./Configure darwin64-${ARCH} --prefix=${TARGET_PATH} no-apps no-shared no-dso no-module no-engine no-tests no-ui-console enable-ec_nistp_64_gcc_128 ;; - *iphone*) CC="" CFLAGS="" ./Configure ios64-xcrun --prefix=${TARGET_PATH} no-apps no-shared no-dso no-module no-engine no-tests no-ui-console enable-ec_nistp_64_gcc_128 ;; - *) CC="" CFLAGS="" ./Configure darwin64-${ARCH} --prefix=${TARGET_PATH} no-apps shared no-module no-tests enable-ec_nistp_64_gcc_128 - esac + ./Configure darwin64-${ARCH} --prefix=${TARGET_PATH} no-apps shared no-module no-tests enable-ec_nistp_64_gcc_128 make -s > /dev/null if [[ ${ARCHS} == ${ARCH}* ]]; then sudo make install_sw > /dev/null @@ -121,16 +82,10 @@ case "$@" in ;; *) echo "Usage:" - echo " $0 [target] [task]" - echo " target: macos iphoneos iphonesimulator iphonecatalyst" - echo " tasks: openssl, xmlsec, all, help" + echo " $0 [task]" + echo " tasks: openssl, xmlsec, all" echo "To control builds set environment variables:" - echo " minimum deployment target" echo " - MACOSX_DEPLOYMENT_TARGET=13.0" - echo " - IPHONEOS_DEPLOYMENT_TARGET=15.0" - echo " archs to build on macOS/iOS" - echo " - ARCHS=\"arm64 x86_64\" (macOS)" - echo " - ARCHS=\"arm64\" (iOS)" - echo " - ARCHS=\"arm64 x86_64\" (iPhoneSimulator)" + echo " - ARCHS=\"arm64 x86_64\"" ;; esac diff --git a/vcpkg-triplets/arm64-ios.cmake b/vcpkg-triplets/arm64-ios.cmake new file mode 100644 index 000000000..a3159b8bc --- /dev/null +++ b/vcpkg-triplets/arm64-ios.cmake @@ -0,0 +1,5 @@ +set(VCPKG_TARGET_ARCHITECTURE arm64) +set(VCPKG_CRT_LINKAGE dynamic) +set(VCPKG_LIBRARY_LINKAGE static) +set(VCPKG_CMAKE_SYSTEM_NAME iOS) +set(VCPKG_OSX_DEPLOYMENT_TARGET 16.0) diff --git a/vcpkg-triplets/arm64-x64-ios-catalyst.cmake b/vcpkg-triplets/arm64-x64-ios-catalyst.cmake new file mode 100644 index 000000000..08effaba0 --- /dev/null +++ b/vcpkg-triplets/arm64-x64-ios-catalyst.cmake @@ -0,0 +1,7 @@ +set(VCPKG_TARGET_ARCHITECTURE arm64) +set(VCPKG_CRT_LINKAGE dynamic) +set(VCPKG_LIBRARY_LINKAGE static) +set(VCPKG_CMAKE_SYSTEM_NAME iOS) +set(VCPKG_OSX_SYSROOT macosx) +set(VCPKG_OSX_ARCHITECTURES arm64 x86_64) +set(VCPKG_OSX_DEPLOYMENT_TARGET 16.0) diff --git a/vcpkg-triplets/arm64-x64-ios-simulator.cmake b/vcpkg-triplets/arm64-x64-ios-simulator.cmake new file mode 100644 index 000000000..6d50c5204 --- /dev/null +++ b/vcpkg-triplets/arm64-x64-ios-simulator.cmake @@ -0,0 +1,7 @@ +set(VCPKG_TARGET_ARCHITECTURE arm64) +set(VCPKG_CRT_LINKAGE dynamic) +set(VCPKG_LIBRARY_LINKAGE static) +set(VCPKG_CMAKE_SYSTEM_NAME iOS) +set(VCPKG_OSX_SYSROOT iphonesimulator) +set(VCPKG_OSX_ARCHITECTURES arm64 x86_64) +set(VCPKG_OSX_DEPLOYMENT_TARGET 16.0) diff --git a/vcpkg.json b/vcpkg.json index 64d18fd26..541f41720 100644 --- a/vcpkg.json +++ b/vcpkg.json @@ -15,7 +15,7 @@ "features": { "tests": { "description": "Build tests", "dependencies": ["boost-test"] } }, - "builtin-baseline": "425d0412a2c1d5f9a0071d77ccee88c96e0f70d0", + "builtin-baseline": "f77737496dabd44c63ecc599dc0f4d6cff30d0d5", "vcpkg-configuration": { "overlay-triplets": ["./vcpkg-triplets"], "registries": [ @@ -23,7 +23,7 @@ "kind": "git", "repository": "https://github.com/open-eid/vcpkg-ports", "reference": "vcpkg-registry", - "baseline": "316f4d642f489b7d23d97891ed73431e7394d749", + "baseline": "926b3b63ed3a9416deaf4978a1a9faaf419447df", "packages": ["openssl", "xmlsec"] } ] diff --git a/xmlsec1-1.3.10.legacy.patch b/xmlsec1-1.3.10.legacy.patch new file mode 100644 index 000000000..32ab7d52a --- /dev/null +++ b/xmlsec1-1.3.10.legacy.patch @@ -0,0 +1,105 @@ +--- a/src/openssl/signatures.c 2026-04-20 08:56:41 ++++ b/src/openssl/signatures.c 2026-04-20 08:56:41 +@@ -38,6 +38,8 @@ + #endif /* XMLSEC_OPENSSL_API_300 */ + + #include "../cast_helpers.h" ++#include ++ + #include "../transform_helpers.h" + #include "openssl_compat.h" + +@@ -1068,7 +1070,11 @@ + goto error; + } + } else { +- ret = EVP_PKEY_verify_init(pKeyCtx); ++ if(ctx->rsaPadding == RSA_PKCS1_PADDING) { ++ ret = EVP_PKEY_verify_recover_init(pKeyCtx); ++ } else { ++ ret = EVP_PKEY_verify_init(pKeyCtx); ++ } + if(ret <= 0) { + xmlSecOpenSSLError2("EVP_PKEY_verify_init", xmlSecTransformGetName(transform), + "ret=%d", ret); +@@ -1076,11 +1082,13 @@ + } + } + +- ret = EVP_PKEY_CTX_set_signature_md(pKeyCtx, ctx->digest); +- if(ret <= 0) { +- xmlSecOpenSSLError2("EVP_PKEY_CTX_set_signature_md", xmlSecTransformGetName(transform), +- "ret=%d", ret); +- goto error; ++ if(transform->operation == xmlSecTransformOperationSign || ctx->rsaPadding != RSA_PKCS1_PADDING) { ++ ret = EVP_PKEY_CTX_set_signature_md(pKeyCtx, ctx->digest); ++ if(ret <= 0) { ++ xmlSecOpenSSLError2("EVP_PKEY_CTX_set_signature_md", xmlSecTransformGetName(transform), ++ "ret=%d", ret); ++ goto error; ++ } + } + } + #if defined(XMLSEC_OPENSSL_API_350) +@@ -1214,7 +1222,60 @@ + case xmlSecOpenSSLEvpSignatureFormat_DoNothing: + /* signature is saved to XML as it was generated by OpenSSL */ + XMLSEC_SAFE_CAST_SIZE_TO_UINT(dataSize, dataLen, goto done, xmlSecTransformGetName(transform)); +- ret = EVP_PKEY_verify(pKeyCtx, (xmlSecByte*)data, dataLen, dataToSign, dataToSignSize); ++ if(ctx->rsaPadding != RSA_PKCS1_PADDING) { ++ ret = EVP_PKEY_verify(pKeyCtx, (xmlSecByte*)data, dataLen, dataToSign, dataToSignSize); ++ } else { ++ unsigned char * recvData = NULL; ++ size_t recvDataLen = 0; ++ const unsigned char * recvDataPtr; ++ X509_SIG * sig = NULL; ++ const X509_ALGOR *algor = NULL; ++ const ASN1_OCTET_STRING *value = NULL; ++ unsigned int dgstSize; ++ ++ ret = EVP_PKEY_verify_recover(pKeyCtx, NULL, &recvDataLen, data, dataLen); ++ if((ret <= 0) || (recvDataLen <= 0)) { ++ xmlSecOpenSSLError("EVP_PKEY_verify_recover", xmlSecTransformGetName(transform)); ++ goto done; ++ } ++ ++ recvData = OPENSSL_malloc(recvDataLen); ++ ret = EVP_PKEY_verify_recover(pKeyCtx, recvData, &recvDataLen, data, dataLen); ++ if((ret <= 0) || (recvDataLen <= 0)) { ++ xmlSecOpenSSLError("EVP_PKEY_verify_recover", xmlSecTransformGetName(transform)); ++ OPENSSL_free(recvData); ++ goto done; ++ } ++ ++ recvDataPtr = recvData; ++ sig = d2i_X509_SIG(NULL, &recvDataPtr, (long)recvDataLen); ++ OPENSSL_free(recvData); ++ if(!sig) { ++ xmlSecOpenSSLError("d2i_X509_SIG", xmlSecTransformGetName(transform)); ++ goto done; ++ } ++ ++ X509_SIG_get0(sig, &algor, &value); ++ if((algor->parameter != NULL) && (ASN1_TYPE_get(algor->parameter) != V_ASN1_NULL)) { ++ xmlSecInternalError("Signature algorithm parameter type is not ASN1 NULL", xmlSecTransformGetName(transform)); ++ X509_SIG_free(sig); ++ goto done; ++ } ++ ++ if(EVP_MD_nid(ctx->digest) != OBJ_obj2nid(algor->algorithm)) { ++ xmlSecInternalError("Signature digest method does not match expected digest method", xmlSecTransformGetName(transform)); ++ X509_SIG_free(sig); ++ goto done; ++ } ++ ++ dgstSize = (unsigned int)EVP_MD_size(ctx->digest); ++ if(((const unsigned int)value->length == dgstSize) && (memcmp(value->data, dataToSign, dgstSize) == 0)) { ++ ret = 1; ++ } else { ++ ret = 0; ++ } ++ X509_SIG_free(sig); ++ } + break; + + case xmlSecOpenSSLEvpSignatureFormat_Dsa: diff --git a/xmlsec1-1.3.5.legacy.patch b/xmlsec1-1.3.5.legacy.patch deleted file mode 100644 index afcc0dee7..000000000 --- a/xmlsec1-1.3.5.legacy.patch +++ /dev/null @@ -1,126 +0,0 @@ ---- xmlsec1-1.3.7.orig/src/openssl/signatures.c 2025-02-11 16:33:03 -+++ xmlsec1-1.3.7/src/openssl/signatures.c 2025-02-12 15:32:02 -@@ -35,6 +35,7 @@ - #ifdef XMLSEC_OPENSSL_API_300 - #include - #endif /* XMLSEC_OPENSSL_API_300 */ -+#include - - #include "../cast_helpers.h" - #include "openssl_compat.h" -@@ -921,15 +922,22 @@ - "ret=%d", ret); - goto error; - } -+ ret = EVP_PKEY_CTX_set_signature_md(pKeyCtx, ctx->digest); - } else { -- ret = EVP_PKEY_verify_init(pKeyCtx); -+ if((ctx->mode == xmlSecOpenSSLEvpSignatureMode_RsaPadding) && (ctx->rsaPadding == RSA_PKCS1_PADDING)) { -+ ret = EVP_PKEY_verify_recover_init(pKeyCtx); -+ } else { -+ ret = EVP_PKEY_verify_init(pKeyCtx); -+ } - if(ret <= 0) { - xmlSecOpenSSLError2("EVP_PKEY_verify_init", xmlSecTransformGetName(transform), - "ret=%d", ret); - goto error; - } -+ if((ctx->mode != xmlSecOpenSSLEvpSignatureMode_RsaPadding) || (ctx->rsaPadding != RSA_PKCS1_PADDING)) { -+ ret = EVP_PKEY_CTX_set_signature_md(pKeyCtx, ctx->digest); -+ } - } -- ret = EVP_PKEY_CTX_set_signature_md(pKeyCtx, ctx->digest); - if(ret <= 0) { - xmlSecOpenSSLError2("EVP_PKEY_CTX_set_signature_md", xmlSecTransformGetName(transform), - "ret=%d", ret); -@@ -983,6 +991,9 @@ - xmlSecByte dgst[EVP_MAX_MD_SIZE]; - unsigned int dgstSize = sizeof(dgst); - EVP_PKEY_CTX *pKeyCtx = NULL; -+ unsigned char * recvData = NULL; -+ size_t recvDataLen = 0; -+ const unsigned char * recvDataPtr; - #if !defined(XMLSEC_NO_DSA) || !defined(XMLSEC_NO_EC) - unsigned char * fixedData = NULL; - int fixedDataLen = 0; -@@ -990,6 +1001,9 @@ - unsigned int dataLen; - int ret; - int res = -1; -+ X509_SIG * sig = NULL; -+ const X509_ALGOR *algor = NULL; -+ const ASN1_OCTET_STRING *value = NULL; - - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); - xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); -@@ -1021,8 +1035,51 @@ - - switch(ctx->mode) { - case xmlSecOpenSSLEvpSignatureMode_RsaPadding: -+ XMLSEC_SAFE_CAST_SIZE_TO_UINT(dataSize, dataLen, goto done, xmlSecTransformGetName(transform)); -+ if(ctx->rsaPadding != RSA_PKCS1_PADDING) { -+ ret = EVP_PKEY_verify(pKeyCtx, (xmlSecByte*)data, dataLen, dgst, dgstSize); -+ break; -+ } -+ -+ ret = EVP_PKEY_verify_recover(pKeyCtx, NULL, &recvDataLen, data, dataLen); -+ if((ret <= 0) || (recvDataLen <= 0)) { -+ xmlSecOpenSSLError("EVP_PKEY_verify_recover", xmlSecTransformGetName(transform)); -+ goto done; -+ } -+ -+ recvData = OPENSSL_malloc(recvDataLen); -+ ret = EVP_PKEY_verify_recover(pKeyCtx, recvData, &recvDataLen, data, dataLen); -+ if((ret <= 0) || (recvDataLen <= 0)) { -+ xmlSecOpenSSLError("EVP_PKEY_verify_recover", xmlSecTransformGetName(transform)); -+ goto done; -+ } -+ -+ recvDataPtr = recvData; -+ sig = d2i_X509_SIG(NULL, &recvDataPtr, (long)recvDataLen); -+ if(!sig) { -+ xmlSecOpenSSLError("d2i_X509_SIG", xmlSecTransformGetName(transform)); -+ goto done; -+ } -+ -+ X509_SIG_get0(sig, &algor, &value); -+ if((algor->parameter != NULL) && (ASN1_TYPE_get(algor->parameter) != V_ASN1_NULL)) { -+ xmlSecInternalError("Signature algorithm parameter type is not ASN1 NULL", xmlSecTransformGetName(transform)); -+ goto done; -+ } -+ -+ if(EVP_MD_nid(ctx->digest) != OBJ_obj2nid(algor->algorithm)) { -+ xmlSecInternalError("Signature digest method does not match excpected digest method", xmlSecTransformGetName(transform)); -+ goto done; -+ } -+ -+ if(((const unsigned int)value->length == dgstSize) && (memcmp(value->data, dgst, dgstSize) == 0)) { -+ ret = 1; -+ } else { -+ ret = 0; -+ } -+ break; -+ - case xmlSecOpenSSLEvpSignatureMode_Gost: -- /* simple RSA or GOST padding */ - XMLSEC_SAFE_CAST_SIZE_TO_UINT(dataSize, dataLen, goto done, xmlSecTransformGetName(transform)); - ret = EVP_PKEY_verify(pKeyCtx, (xmlSecByte*)data, dataLen, dgst, dgstSize); - break; -@@ -1077,11 +1134,17 @@ - res = 0; - - done: -+ if(sig != NULL) { -+ X509_SIG_free(sig); -+ } - #if !defined(XMLSEC_NO_DSA) || !defined(XMLSEC_NO_EC) - if(fixedData != NULL) { - OPENSSL_free(fixedData); - } - #endif -+ if(recvData != NULL) { -+ OPENSSL_free(recvData); -+ } - if(pKeyCtx != NULL) { - EVP_PKEY_CTX_free(pKeyCtx); - }