From 9d6b56f5480efccba0bf30cf1211f8f9fda9a927 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Sun, 12 May 2024 21:48:55 -0400 Subject: [PATCH 01/16] (xmlsec-mingw) Fix build --- config.h.in | 0 src/cast_helpers.h | 16 ++++++++++++++++ src/nss/keytrans.c | 6 +++++- src/nss/signatures.c | 6 ++++-- 4 files changed, 25 insertions(+), 3 deletions(-) mode change 100644 => 100755 config.h.in diff --git a/config.h.in b/config.h.in old mode 100644 new mode 100755 diff --git a/src/cast_helpers.h b/src/cast_helpers.h index 684006603..f9b812802 100644 --- a/src/cast_helpers.h +++ b/src/cast_helpers.h @@ -198,6 +198,22 @@ * *****************************************************************************/ + /* Safe cast with limits check: unsigned int -> long (assume uint >= 0) */ +#if (UINT_MAX > LONG_MAX) + +#define XMLSEC_SAFE_CAST_UINT_TO_LONG(srcVal, dstVal, errorAction, errorObject) \ + XMLSEC_SAFE_CAST_MAX_CHECK(unsigned int, (srcVal), "%u", \ + int, (dstVal), "%ld", LONG_MIN, LONG_MAX, \ + errorAction, (errorObject)) + +#else /* UINT_MAX > LONG_MAX */ + +#define XMLSEC_SAFE_CAST_UINT_TO_LONG(srcVal, dstVal, errorAction, errorObject) \ + (dstVal) = (srcVal); + +#endif /* UINT_MAX > LONG_MAX */ + + /* Safe cast with limits check: size_t -> long (assume size_t >= 0) */ #if (SIZE_MAX > LONG_MAX) diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c index 80274fa85..9f6e71704 100644 --- a/src/nss/keytrans.c +++ b/src/nss/keytrans.c @@ -347,6 +347,8 @@ xmlSecNssKeyTransportCtxUpdate(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr #ifndef XMLSEC_NO_RSA_OAEP static int xmlSecNssKeyTransportSetOaepParams(xmlSecNssKeyTransportCtxPtr ctx, CK_RSA_PKCS_OAEP_PARAMS* oaepParams) { + xmlSecSize size; + xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(oaepParams != NULL, -1); @@ -354,7 +356,9 @@ xmlSecNssKeyTransportSetOaepParams(xmlSecNssKeyTransportCtxPtr ctx, CK_RSA_PKCS_ oaepParams->mgf = ctx->oaepMgf ; oaepParams->source = CKZ_DATA_SPECIFIED; oaepParams->pSourceData = xmlSecBufferGetData(&(ctx->oaepParams)); - oaepParams->ulSourceDataLen = xmlSecBufferGetSize(&(ctx->oaepParams)); + + size = xmlSecBufferGetSize(&(ctx->oaepParams)); + XMLSEC_SAFE_CAST_SIZE_TO_ULONG(size, oaepParams->ulSourceDataLen, return(-1), NULL); return(0); } diff --git a/src/nss/signatures.c b/src/nss/signatures.c index 6fa1a242a..6d92cf11f 100644 --- a/src/nss/signatures.c +++ b/src/nss/signatures.c @@ -49,7 +49,7 @@ struct _xmlSecNssSignatureCtx { PLArenaPool* arena; SECOidTag pssHashAlgTag; SECOidTag pssMaskAlgTag; - long pssSaltLength; + unsigned int pssSaltLength; union { struct { @@ -424,6 +424,7 @@ xmlSecNssSignatureCreatePssParams(xmlSecNssSignatureCtxPtr ctx) { SECAlgorithmID maskHashAlg; SECItem *maskHashAlgItem; SECItem *saltLengthItem; + long saltLength; SECStatus rv; SECItem* res; @@ -470,7 +471,8 @@ xmlSecNssSignatureCreatePssParams(xmlSecNssSignatureCtxPtr ctx) { } /* salt length */ - saltLengthItem = SEC_ASN1EncodeInteger(ctx->arena, &(params.saltLength), ctx->pssSaltLength); + XMLSEC_SAFE_CAST_UINT_TO_LONG(ctx->pssSaltLength, saltLength, return(NULL), NULL); + saltLengthItem = SEC_ASN1EncodeInteger(ctx->arena, &(params.saltLength), saltLength); if(saltLengthItem != &(params.saltLength)) { xmlSecNssError("SEC_ASN1EncodeInteger(saltLength)", NULL); return(NULL); From 770d177c1b956b704c92662b4e2438a7bd355fd5 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Sun, 12 May 2024 22:11:48 -0400 Subject: [PATCH 02/16] (xmlsec-mingw) Added debug output --- src/gnutls/x509utils.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c index 08a5840d1..fb25acb2d 100644 --- a/src/gnutls/x509utils.c +++ b/src/gnutls/x509utils.c @@ -1156,6 +1156,9 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const goto done; } if(name != NULL) { + xmlSecGnuTLSError2("gnutls_pkcs12_bag_get_friendly_name", GNUTLS_E_SUCCESS, NULL, + "name: %s", name); + (*keyName) = xmlStrdup(BAD_CAST name); if((*keyName) == NULL) { xmlSecStrdupError(BAD_CAST name, NULL); From cafb5dfa3e1d8397f1ca92bc7c74e4dfd3191d98 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Sun, 12 May 2024 22:39:24 -0400 Subject: [PATCH 03/16] (xmlsec-mingw) Added debug output --- src/gnutls/x509utils.c | 3 --- src/keysmngr.c | 1 + 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c index fb25acb2d..08a5840d1 100644 --- a/src/gnutls/x509utils.c +++ b/src/gnutls/x509utils.c @@ -1156,9 +1156,6 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const goto done; } if(name != NULL) { - xmlSecGnuTLSError2("gnutls_pkcs12_bag_get_friendly_name", GNUTLS_E_SUCCESS, NULL, - "name: %s", name); - (*keyName) = xmlStrdup(BAD_CAST name); if((*keyName) == NULL) { xmlSecStrdupError(BAD_CAST name, NULL); diff --git a/src/keysmngr.c b/src/keysmngr.c index b6b8f5bfc..a2928bd9e 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -786,6 +786,7 @@ xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSe size = xmlSecPtrListGetSize(list); for(pos = 0; pos < size; ++pos) { + fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey %i out of %i\n", (int)pos, (int)size); key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos); if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) { return(xmlSecKeyDuplicate(key)); From dee64a0b1ba80cc9324c31f828f47c5964bb5e97 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Mon, 13 May 2024 18:37:18 -0400 Subject: [PATCH 04/16] (xmlsec-mingw) Added debug output --- src/keys.c | 6 ++++-- src/keysmngr.c | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/keys.c b/src/keys.c index f78489351..d463cf5c2 100644 --- a/src/keys.c +++ b/src/keys.c @@ -404,9 +404,11 @@ xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) { xmlSecAssert2(xmlSecKeyIsValid(key), -1); if((keyReq->keyType != xmlSecKeyDataTypeUnknown) && ((xmlSecKeyGetType(key) & keyReq->keyType) == 0)) { + fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyType=%i; xmlSecKeyGetType(key)=%i\n", (int)keyReq->keyType, (int)xmlSecKeyGetType(key)); return(0); } if((keyReq->keyUsage != xmlSecKeyDataUsageUnknown) && ((keyReq->keyUsage & key->usage) == 0)) { + fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyUsage=%i; key->usage=%i\n", (int)keyReq->keyUsage, (int)key->usage); return(0); } @@ -430,13 +432,13 @@ xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) { if((keyReq->keyId != xmlSecKeyDataIdUnknown) && (!xmlSecKeyDataCheckId(value, keyReq->keyId))) { - + fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyId=%p; value->id=%p\n", (void*)keyReq->keyId, (void*)value->id); return(0); } if((keyReq->keyBitsSize > 0) && (xmlSecKeyDataGetSize(value) > 0) && (xmlSecKeyDataGetSize(value) < keyReq->keyBitsSize)) { - + fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyBitsSize=%i; xmlSecKeyDataGetSize(value)=%i\n", (int)keyReq->keyBitsSize, (int)xmlSecKeyDataGetSize(value)); return(0); } return(1); diff --git a/src/keysmngr.c b/src/keysmngr.c index a2928bd9e..fc0f69cd7 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -786,9 +786,10 @@ xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSe size = xmlSecPtrListGetSize(list); for(pos = 0; pos < size; ++pos) { - fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey %i out of %i\n", (int)pos, (int)size); + fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey %i out of %i, name: %s\n", (int)pos, (int)size, name != NULL ? name : BAD_CAST "NULL"); key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos); if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) { + fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey: found %i out of %i\n", (int)pos, (int)size); return(xmlSecKeyDuplicate(key)); } } From b9788a3c9c93eccb90cbfe8d5090f8157999d72b Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Mon, 13 May 2024 19:29:54 -0400 Subject: [PATCH 05/16] (xmlsec-mingw) Added debug output --- src/keyinfo.c | 4 ++++ src/keys.c | 7 +++---- src/keysmngr.c | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/keyinfo.c b/src/keyinfo.c index bfee01f94..acbc02e17 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -97,6 +97,8 @@ xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtx xmlSecAssert2(keyInfoCtx != NULL, -1); xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1); + fprintf(stderr, "DEBUG: xmlSecKeyInfoNodeRead: keyInfoCtx->keyReq.keyType: %d\n", (int)(keyInfoCtx->keyReq.keyType)); + for(cur = xmlSecGetNextElementNode(keyInfoNode->children); (cur != NULL) && (((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND) != 0) || @@ -117,6 +119,8 @@ xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtx nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead); } if(dataId != xmlSecKeyDataIdUnknown) { + fprintf(stderr, "DEBUG: xmlSecKeyInfoNodeRead: keyInfoCtx->keyReq.keyType: %d, node: %s\n", (int)(keyInfoCtx->keyReq.keyType), (char*)cur->name); + /* read data node */ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx); if(ret < 0) { diff --git a/src/keys.c b/src/keys.c index d463cf5c2..b281cef2f 100644 --- a/src/keys.c +++ b/src/keys.c @@ -404,11 +404,9 @@ xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) { xmlSecAssert2(xmlSecKeyIsValid(key), -1); if((keyReq->keyType != xmlSecKeyDataTypeUnknown) && ((xmlSecKeyGetType(key) & keyReq->keyType) == 0)) { - fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyType=%i; xmlSecKeyGetType(key)=%i\n", (int)keyReq->keyType, (int)xmlSecKeyGetType(key)); return(0); } if((keyReq->keyUsage != xmlSecKeyDataUsageUnknown) && ((keyReq->keyUsage & key->usage) == 0)) { - fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyUsage=%i; key->usage=%i\n", (int)keyReq->keyUsage, (int)key->usage); return(0); } @@ -432,13 +430,11 @@ xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) { if((keyReq->keyId != xmlSecKeyDataIdUnknown) && (!xmlSecKeyDataCheckId(value, keyReq->keyId))) { - fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyId=%p; value->id=%p\n", (void*)keyReq->keyId, (void*)value->id); return(0); } if((keyReq->keyBitsSize > 0) && (xmlSecKeyDataGetSize(value) > 0) && (xmlSecKeyDataGetSize(value) < keyReq->keyBitsSize)) { - fprintf(stderr, "DEBUG: xmlSecKeyReqMatchKey: keyReq->keyBitsSize=%i; xmlSecKeyDataGetSize(value)=%i\n", (int)keyReq->keyBitsSize, (int)xmlSecKeyDataGetSize(value)); return(0); } return(1); @@ -1307,6 +1303,9 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecAssert2(keyInfoCtx != NULL, NULL); + fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d\n", (int)(keyInfoCtx->keyReq.keyType)); + + /* first try to read data from <dsig:KeyInfo/> node */ key = xmlSecKeyCreate(); if(key == NULL) { diff --git a/src/keysmngr.c b/src/keysmngr.c index fc0f69cd7..d7b8a5282 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -786,7 +786,7 @@ xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSe size = xmlSecPtrListGetSize(list); for(pos = 0; pos < size; ++pos) { - fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey %i out of %i, name: %s\n", (int)pos, (int)size, name != NULL ? name : BAD_CAST "NULL"); + fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey %i out of %i, keyInfoCtx->keyReq.keyType: %d, name: %s\n", (int)pos, (int)size, (int)(keyInfoCtx->keyReq.keyType), name != NULL ? name : BAD_CAST "NULL"); key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos); if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) { fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey: found %i out of %i\n", (int)pos, (int)size); From b0ad7c4b70c15014e68e6c51c70567024730a6da Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 14:02:23 -0400 Subject: [PATCH 06/16] (xmlsec-mingw) Added debug output --- src/keyinfo.c | 1 + src/keys.c | 5 +++++ src/keysmngr.c | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/keyinfo.c b/src/keyinfo.c index acbc02e17..e7596a42b 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -123,6 +123,7 @@ xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtx /* read data node */ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx); + fprintf(stderr, "DEBUG: xmlSecKeyInfoNodeRead: keyInfoCtx->keyReq.keyType: %d, node: %s, ret: %d, kv: %p\n", (int)(keyInfoCtx->keyReq.keyType), (char*)cur->name, ret, (void*)xmlSecKeyGetValue(key)); if(ret < 0) { xmlSecInternalError2("xmlSecKeyDataXmlRead", xmlSecKeyDataKlassGetName(dataId), diff --git a/src/keys.c b/src/keys.c index b281cef2f..02dcb21f9 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1324,10 +1324,15 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { return(NULL); } + fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d, kv: %p\n", (int)(keyInfoCtx->keyReq.keyType), (void*)xmlSecKeyGetValue(key)); if((xmlSecKeyGetValue(key) != NULL) && (xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) != 0)) { + + fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d, good key\n", (int)(keyInfoCtx->keyReq.keyType)); return(key); } + + fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d, bad key\n", (int)(keyInfoCtx->keyReq.keyType)); } xmlSecKeyDestroy(key); diff --git a/src/keysmngr.c b/src/keysmngr.c index d7b8a5282..d0f37d644 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -789,7 +789,7 @@ xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSe fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey %i out of %i, keyInfoCtx->keyReq.keyType: %d, name: %s\n", (int)pos, (int)size, (int)(keyInfoCtx->keyReq.keyType), name != NULL ? name : BAD_CAST "NULL"); key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos); if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) { - fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey: found %i out of %i\n", (int)pos, (int)size); + fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey: found keyInfoCtx->keyReq.keyType: %d, name: %s\n", (int)(keyInfoCtx->keyReq.keyType), name != NULL ? name : BAD_CAST "NULL"); return(xmlSecKeyDuplicate(key)); } } From 46b856f2c34ccb8600c1247efbba269999094f3d Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 14:38:28 -0400 Subject: [PATCH 07/16] (xmlsec-mingw) Added debug output --- src/keyinfo.c | 7 +++++++ src/xmlenc.c | 3 +++ 2 files changed, 10 insertions(+) diff --git a/src/keyinfo.c b/src/keyinfo.c index e7596a42b..ea83c6560 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -1582,6 +1582,9 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt xmlSecAssert2(keyInfoCtx != NULL, -1); xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1); + fprintf(stderr, "DEBUG: xmlSecKeyDataEncryptedKeyXmlRead: start: node: %s\n", (char*)node->name); + + /* check the enc level */ if(keyInfoCtx->curEncryptedKeyLevel >= keyInfoCtx->maxEncryptedKeyLevel) { xmlSecOtherError3(XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL, xmlSecKeyDataKlassGetName(id), @@ -1626,6 +1629,8 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt xmlSecInternalError("xmlSecEncCtxDecryptToBuffer", xmlSecKeyDataKlassGetName(id)); return(-1); } + fprintf(stderr, "DEBUG: xmlSecKeyDataEncryptedKeyXmlRead: no key: node: %s\n", (char*)node->name); + return(0); } @@ -1639,6 +1644,8 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt return(-1); } + fprintf(stderr, "DEBUG: xmlSecKeyDataEncryptedKeyXmlRead: done: node: %s\n", (char*)node->name); + return(0); } diff --git a/src/xmlenc.c b/src/xmlenc.c index bd3a5fdb0..1e022b565 100644 --- a/src/xmlenc.c +++ b/src/xmlenc.c @@ -608,6 +608,8 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { encCtx->operation = xmlSecTransformOperationDecrypt; xmlSecAddIDs(node->doc, node, xmlSecEncIds); + fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: start: node: %s\n", (char*)node->name); + ret = xmlSecEncCtxEncDataNodeRead(encCtx, node); if(ret < 0) { xmlSecInternalError("xmlSecEncCtxEncDataNodeRead", NULL); @@ -638,6 +640,7 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* success */ res = encCtx->result = encCtx->transformCtx.result; xmlSecAssert2(encCtx->result != NULL, NULL); + fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: success: node: %s, res: %p\n", (char*)node->name, (void*)res); done: if(data != NULL) { From 774931e9c3b7dccbd5def4225455b7a9ae3080bf Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 14:59:37 -0400 Subject: [PATCH 08/16] (xmlsec-mingw) Added debug output --- src/xmlenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xmlenc.c b/src/xmlenc.c index 1e022b565..30e7f6b3a 100644 --- a/src/xmlenc.c +++ b/src/xmlenc.c @@ -640,7 +640,7 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* success */ res = encCtx->result = encCtx->transformCtx.result; xmlSecAssert2(encCtx->result != NULL, NULL); - fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: success: node: %s, res: %p\n", (char*)node->name, (void*)res); + fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: success: node: %s, res: %p, value: %p, size: %i\n", (char*)node->name, (void*)res, (void*)(res != NULL ? xmlSecBufferGetData(res) : NULL), (int)(res != NULL ? xmlSecBufferGetSize(res) : 0)); done: if(data != NULL) { From ffca83617339edf9fed687f55c700af38b401da8 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 16:03:22 -0400 Subject: [PATCH 09/16] (xmlsec-mingw) Added debug output --- src/keyinfo.c | 13 ------------- src/keys.c | 8 -------- src/keysmngr.c | 2 -- 3 files changed, 23 deletions(-) diff --git a/src/keyinfo.c b/src/keyinfo.c index ea83c6560..33d28c4d2 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -97,8 +97,6 @@ xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtx xmlSecAssert2(keyInfoCtx != NULL, -1); xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1); - fprintf(stderr, "DEBUG: xmlSecKeyInfoNodeRead: keyInfoCtx->keyReq.keyType: %d\n", (int)(keyInfoCtx->keyReq.keyType)); - for(cur = xmlSecGetNextElementNode(keyInfoNode->children); (cur != NULL) && (((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND) != 0) || @@ -119,11 +117,8 @@ xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtx nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead); } if(dataId != xmlSecKeyDataIdUnknown) { - fprintf(stderr, "DEBUG: xmlSecKeyInfoNodeRead: keyInfoCtx->keyReq.keyType: %d, node: %s\n", (int)(keyInfoCtx->keyReq.keyType), (char*)cur->name); - /* read data node */ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx); - fprintf(stderr, "DEBUG: xmlSecKeyInfoNodeRead: keyInfoCtx->keyReq.keyType: %d, node: %s, ret: %d, kv: %p\n", (int)(keyInfoCtx->keyReq.keyType), (char*)cur->name, ret, (void*)xmlSecKeyGetValue(key)); if(ret < 0) { xmlSecInternalError2("xmlSecKeyDataXmlRead", xmlSecKeyDataKlassGetName(dataId), @@ -1582,9 +1577,6 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt xmlSecAssert2(keyInfoCtx != NULL, -1); xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1); - fprintf(stderr, "DEBUG: xmlSecKeyDataEncryptedKeyXmlRead: start: node: %s\n", (char*)node->name); - - /* check the enc level */ if(keyInfoCtx->curEncryptedKeyLevel >= keyInfoCtx->maxEncryptedKeyLevel) { xmlSecOtherError3(XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL, xmlSecKeyDataKlassGetName(id), @@ -1629,8 +1621,6 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt xmlSecInternalError("xmlSecEncCtxDecryptToBuffer", xmlSecKeyDataKlassGetName(id)); return(-1); } - fprintf(stderr, "DEBUG: xmlSecKeyDataEncryptedKeyXmlRead: no key: node: %s\n", (char*)node->name); - return(0); } @@ -1643,9 +1633,6 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt xmlSecKeyDataKlassGetName(id)); return(-1); } - - fprintf(stderr, "DEBUG: xmlSecKeyDataEncryptedKeyXmlRead: done: node: %s\n", (char*)node->name); - return(0); } diff --git a/src/keys.c b/src/keys.c index 02dcb21f9..a124b54d0 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1303,9 +1303,6 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecAssert2(keyInfoCtx != NULL, NULL); - fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d\n", (int)(keyInfoCtx->keyReq.keyType)); - - /* first try to read data from <dsig:KeyInfo/> node */ key = xmlSecKeyCreate(); if(key == NULL) { @@ -1324,15 +1321,10 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { return(NULL); } - fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d, kv: %p\n", (int)(keyInfoCtx->keyReq.keyType), (void*)xmlSecKeyGetValue(key)); if((xmlSecKeyGetValue(key) != NULL) && (xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) != 0)) { - - fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d, good key\n", (int)(keyInfoCtx->keyReq.keyType)); return(key); } - - fprintf(stderr, "DEBUG: xmlSecKeysMngrGetKey: keyInfoCtx->keyReq.keyType: %d, bad key\n", (int)(keyInfoCtx->keyReq.keyType)); } xmlSecKeyDestroy(key); diff --git a/src/keysmngr.c b/src/keysmngr.c index d0f37d644..b6b8f5bfc 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -786,10 +786,8 @@ xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSe size = xmlSecPtrListGetSize(list); for(pos = 0; pos < size; ++pos) { - fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey %i out of %i, keyInfoCtx->keyReq.keyType: %d, name: %s\n", (int)pos, (int)size, (int)(keyInfoCtx->keyReq.keyType), name != NULL ? name : BAD_CAST "NULL"); key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos); if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) { - fprintf(stderr, "DEBUG: xmlSecSimpleKeysStoreFindKey: found keyInfoCtx->keyReq.keyType: %d, name: %s\n", (int)(keyInfoCtx->keyReq.keyType), name != NULL ? name : BAD_CAST "NULL"); return(xmlSecKeyDuplicate(key)); } } From 4b43c97037a909dfc686b81e593914c946533079 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 23:02:59 -0400 Subject: [PATCH 10/16] (xmlsec-mingw) Added debug output --- src/gnutls/kt_rsa.c | 8 ++++++++ src/xmlenc.c | 2 ++ 2 files changed, 10 insertions(+) diff --git a/src/gnutls/kt_rsa.c b/src/gnutls/kt_rsa.c index f31c9d037..252549a59 100644 --- a/src/gnutls/kt_rsa.c +++ b/src/gnutls/kt_rsa.c @@ -248,6 +248,8 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer inSize = xmlSecBufferGetSize(inBuf); xmlSecAssert2(inSize > 0, -1); + fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: size=%d\n", (int)xmlSecBufferGetSize(inBuf)); + /* get key */ privkey = ctx->getPrivKey(ctx->keyData); if(privkey == NULL) { @@ -276,6 +278,8 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer } gnutls_free(plaintext.data); + fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: end: size=%d\n", (int)xmlSecBufferGetSize(outBuf)); + /* success */ return(0); } @@ -292,6 +296,8 @@ xmlSecGnuTLSKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTr xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(transformCtx != NULL, -1); + fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportExecute: start: last=%d, status=%d\n", last, (int)transform->status); + ctx = xmlSecGnuTLSKeyTransportGetCtx(transform); if(ctx == NULL) { xmlSecInternalError("xmlSecGnuTLSKeyTransportGetCtx", xmlSecTransformGetName(transform)); @@ -349,6 +355,8 @@ xmlSecGnuTLSKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTr } } + fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportExecute: end\n"); + return(0); } diff --git a/src/xmlenc.c b/src/xmlenc.c index 30e7f6b3a..48dec7b89 100644 --- a/src/xmlenc.c +++ b/src/xmlenc.c @@ -618,6 +618,8 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* decrypt the data */ if(encCtx->cipherValueNode != NULL) { + fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: cipher value: node: %s\n", (char*)node->name); + data = xmlNodeGetContent(encCtx->cipherValueNode); if(data == NULL) { xmlSecInvalidNodeContentError(encCtx->cipherValueNode, NULL, "empty"); From 77f4e015d881c66892aceb01a3171de82407c861 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 23:20:37 -0400 Subject: [PATCH 11/16] (xmlsec-mingw) Fix error checks; reorder crypto configs --- configure.ac | 485 ++++++++++++++++++++---------------------- src/gnutls/asymkeys.c | 4 +- src/gnutls/kt_rsa.c | 8 +- src/xmlenc.c | 5 - 4 files changed, 239 insertions(+), 263 deletions(-) diff --git a/configure.ac b/configure.ac index e275cdf6b..9dea550d7 100644 --- a/configure.ac +++ b/configure.ac @@ -1223,189 +1223,6 @@ AC_SUBST(NSS_MIN_VERSION) AC_SUBST(NSPR_MIN_VERSION) AC_SUBST(MOZILLA_MIN_VERSION) -dnl ========================================================================== -dnl See if we can find GCrypt -dnl ========================================================================== -GCRYPT_MIN_VERSION="1.4.0" -GCRYPT_INCLUDE_DIR="$COMMON_INCLUDE_DIR /usr/local/gcrypt/include" -GCRYPT_LIB_DIR="$COMMON_LIB_DIR /usr/local/gcrypt/lib" -GCRYPT_CONFIG="libgcrypt-config" -GCRYPT_INCLUDE_MARKER="gcrypt.h" -GCRYPT_LIB_MARKER="libgcrypt$shrext" -GCRYPT_CRYPTO_LIB="$XMLSEC_PACKAGE-gcrypt" -GCRYPT_LIBS_LIST="-lgcrypt" - -XMLSEC_NO_GCRYPT="1" -GCRYPT_VERSION= -GCRYPT_INCLUDE_PATH= -GCRYPT_LIB_PATH= -GCRYPT_FOUND="no" -AC_ARG_WITH([gcrypt], [AS_HELP_STRING([--with-gcrypt@<:@=PFX@:>@],[gcrypt location])]) - -dnl Priority 0: Check if library is not needed -if test "z$with_gcrypt" = "zno" ; then - GCRYPT_FOUND="disabled" -fi - -dnl Priority 1: User specifies the path to installation -if test "z$GCRYPT_FOUND" = "zno" -a "z$with_gcrypt" != "z" -a "z$with_gcrypt" != "zyes" ; then - AC_MSG_CHECKING(for libgcrypt library installation in "$with_gcrypt" folder) - if test "z$ENABLE_CUSTOM_CONFIGS" = "zyes" -a -f "$with_gcrypt/bin/$GCRYPT_CONFIG" ; then - GCRYPT_CONFIG_PATH="$with_gcrypt/bin/$GCRYPT_CONFIG" - GCRYPT_FOUND="yes" - AC_MSG_RESULT([yes]) - elif test -f "$with_gcrypt/include/$GCRYPT_INCLUDE_MARKER" -a -f "$with_gcrypt/lib/$GCRYPT_LIB_MARKER" ; then - GCRYPT_INCLUDE_PATH="$with_gcrypt/include" - GCRYPT_LIB_PATH="$with_gcrypt/lib" - GCRYPT_FOUND="yes" - AC_MSG_RESULT([yes]) - else - AC_MSG_ERROR([not found: "$with_gcrypt/bin/$GCRYPT_CONFIG" tool, or "$with_gcrypt/include/$GCRYPT_INCLUDE_MARKER" and/or "$with_gcrypt/lib/$GCRYPT_LIB_MARKER" files don't exist), typo?]) - fi -fi - -dnl Priority 2: User sets both CFLAGS and LIBS flags -if test "z$GCRYPT_FOUND" = "zno" -a "z$GCRYPT_CFLAGS" != "z" -a "z$GCRYPT_LIBS" != "z" ; then - GCRYPT_FOUND="yes" -fi - -dnl Priority 3: Guess with pkg_config -if test "z$GCRYPT_FOUND" = "zno" -a "z$PKGCONFIG_FOUND" = "zyes" ; then - if test "z$GCRYPT_FOUND" = "zno" ; then - PKG_CHECK_MODULES(GCRYPT, gcrypt >= $GCRYPT_MIN_VERSION, - [GCRYPT_FOUND=yes], - [GCRYPT_FOUND=no]) - fi - if test "z$GCRYPT_FOUND" = "zno" ; then - PKG_CHECK_MODULES(GCRYPT, libgcrypt20 >= $GCRYPT_MIN_VERSION, - [GCRYPT_FOUND=yes], - [GCRYPT_FOUND=no]) - fi - if test "z$GCRYPT_FOUND" = "zno" ; then - PKG_CHECK_MODULES(GCRYPT, libgcrypt11 >= $GCRYPT_MIN_VERSION, - [GCRYPT_FOUND=yes], - [GCRYPT_FOUND=no]) - fi - if test "z$GCRYPT_FOUND" = "zno" ; then - PKG_CHECK_MODULES(GCRYPT, libgcrypt >= $GCRYPT_MIN_VERSION, - [GCRYPT_FOUND=yes], - [GCRYPT_FOUND=no]) - fi -fi - -dnl Priority 4: Guess the config tool location -if test "z$GCRYPT_FOUND" = "zno" -a "z$ENABLE_CUSTOM_CONFIGS" = "zyes" ; then - AC_PATH_PROG(GCRYPT_CONFIG_PATH, [$GCRYPT_CONFIG], [], [$PATH]) - if test "z$GCRYPT_CONFIG_PATH" != "z" ; then - GCRYPT_FOUND="yes" - fi -fi - -dnl Priority 5: Guess using a list of folders. -if test "z$GCRYPT_FOUND" = "zno" -a "z$ENABLE_FOLDERS_SEARCH" = "zyes" ; then - AC_MSG_CHECKING(for libgcrypt library installation in the typical folders) - if test "z$GCRYPT_INCLUDE_PATH" = "z" ; then - AX_FIND_FOLDER(GCRYPT_INCLUDE_PATH, $GCRYPT_INCLUDE_MARKER, $GCRYPT_INCLUDE_DIR) - fi - if test "z$GCRYPT_LIB_PATH" = "z" ; then - AX_FIND_FOLDER(GCRYPT_LIB_PATH, $GCRYPT_LIB_MARKER, $GCRYPT_LIB_DIR) - fi - if test "z$GCRYPT_INCLUDE_PATH" != "z" -a "z$GCRYPT_LIB_PATH" != "z" ; then - GCRYPT_FOUND="yes" - AC_MSG_RESULT([yes ("-I$GCRYPT_INCLUDE_PATH -L$GCRYPT_LIB_PATH")]) - else - AC_MSG_RESULT([not found]) - fi -fi - -dnl Priority 6: Just try to compile/link and hope for the best -if test "z$GCRYPT_FOUND" = "zno" ; then - AC_MSG_CHECKING(for gcrypt library installation) - OLD_CPPFLAGS=$CPPFLAGS - CPPFLAGS="$CPPFLAGS $GCRYPT_CFLAGS" - OLD_LIBS=$LIBS - LIBS="$LIBS $GCRYPT_LIBS $GCRYPT_LIBS_LIST" - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ - #include - ]],[[ - printf("v=%s\n", gcry_check_version("0")); - ]]) - ],[ - GCRYPT_FOUND=yes - GCRYPT_LIBS="$GCRYPT_LIBS $GCRYPT_LIBS_LIST" - AC_MSG_RESULT([yes]) - ],[ - GCRYPT_FOUND=no - AC_MSG_RESULT([not found]) - ]) - CPPFLAGS=$OLD_CPPFLAGS - LIBS=$OLD_LIBS -fi - -dnl Set CFLAGS/LIBS flags -if test "z$GCRYPT_FOUND" = "zyes" ; then - if test "z$GCRYPT_CONFIG_PATH" != "z" -a "z$ENABLE_CUSTOM_CONFIGS" = "zyes" ; then - dnl Get the values using config tool (overwrite CFLAGS/LIBS!) - if test "z$GCRYPT_CFLAGS" = "z" ; then - GCRYPT_CFLAGS="`$GCRYPT_CONFIG_PATH --cflags`" - fi - if test "z$GCRYPT_LIBS" = "z"; then - GCRYPT_LIBS="`$GCRYPT_CONFIG_PATH --libs`" - fi - GCRYPT_CONFIG=$GCRYPT_CONFIG_PATH - GCRYPT_FOUND="yes" - else - dnl Set flags if INCLUDE_PATH or LIB_PATH are set (do NOT overwrite CFLAGS/LIBS!) - if test "z$GCRYPT_INCLUDE_PATH" != "z" ; then - GCRYPT_CFLAGS="$GCRYPT_CFLAGS -I$GCRYPT_INCLUDE_PATH" - fi - if test "z$GCRYPT_LIB_PATH" != "z" ; then - if test "z$with_gnu_ld" = "zyes" ; then - GCRYPT_LIBS="$GCRYPT_LIBS -Wl,-rpath-link -Wl,$GCRYPT_LIB_PATH" - fi - GCRYPT_LIBS="$GCRYPT_LIBS -L$GCRYPT_LIB_PATH $GCRYPT_LIBS_LIST" - fi - fi -fi - -dnl Verify the version -AC_MSG_CHECKING(for libgcrypt library >= $GCRYPT_MIN_VERSION) -if test "z$GCRYPT_FOUND" = "zyes" ; then - OLD_CPPFLAGS=$CPPFLAGS - CPPFLAGS="$CPPFLAGS $GCRYPT_CFLAGS" - dnl gcrypt uses hex digits for version number - minvers=`echo $GCRYPT_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 256 + $2) * 256 + $3;}'` - AC_EGREP_CPP(greater-than-minvers, [ - #include - #if GCRYPT_VERSION_NUMBER >= $minvers - greater-than-minvers - #endif - ],[ - GCRYPT_FOUND=yes - ], [ - GCRYPT_FOUND=no - ]) - CPPFLAGS=$OLD_CPPFLAGS -fi -AC_MSG_RESULT([$GCRYPT_FOUND]) - -dnl Finally set variables -if test "z$GCRYPT_FOUND" = "zyes" ; then - XMLSEC_NO_GCRYPT="0" - GCRYPT_CFLAGS="$GCRYPT_CFLAGS -DXMLSEC_CRYPTO_GCRYPT=1" - XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gcrypt" -else - XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gcrypt" -fi - -AM_CONDITIONAL(XMLSEC_NO_GCRYPT, test "z$XMLSEC_NO_GCRYPT" = "z1") -AC_SUBST(XMLSEC_NO_GCRYPT) -AC_SUBST(GCRYPT_CFLAGS) -AC_SUBST(GCRYPT_LIBS) -AC_SUBST(GCRYPT_CRYPTO_LIB) -AC_SUBST(GCRYPT_MIN_VERSION) - dnl ========================================================================== dnl See if we can find GnuTLS dnl ========================================================================== @@ -1554,6 +1371,80 @@ AC_SUBST(GNUTLS_CRYPTO_LIB) AC_SUBST(GNUTLS_MIN_VERSION) + +dnl ========================================================================== +dnl See if we can find MSCng +dnl ========================================================================== +MSCNG_CRYPTO_LIB="$XMLSEC_PACKAGE-mscng" +dnl This is tested on w64-mingw only so far. +MSCNG_XMLSEC_DEFINES= +MSCNG_LIBS_LIST="-lcrypt32 -lbcrypt -lncrypt" + +XMLSEC_NO_MSCNG="1" +MSCNG_FOUND="no" +AC_ARG_ENABLE([mscng], [AS_HELP_STRING([--enable-mscng],[enable mscng (no)])]) +AC_MSG_CHECKING(for mscng) + +dnl Priority 0: Check if library is not needed +if test "z$enable_mscng" != "zyes" ; then + MSCNG_FOUND="disabled" + AC_MSG_RESULT([disabled]) +fi + +dnl Priority 1: User sets both CFLAGS and LIBS flags +if test "z$MSCNG_FOUND" = "zno" -a "z$MSCNG_CFLAGS" != "z" -a "z$MSCNG_LIBS" != "z" ; then + MSCNG_FOUND=yes + AC_MSG_RESULT([yes]) +fi + +dnl Priority 2: Just try to compile/link and hope for the best +if test "z$MSCNG_FOUND" = "zno" ; then + OLD_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $MSCNG_CFLAGS" + OLD_LIBS=$LIBS + LIBS="$LIBS $MSCNG_LIBS $MSCNG_LIBS_LIST" + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + #include + #include + ]],[[ + BCRYPT_ALG_HANDLE hAlg; + BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_SHA256_ALGORITHM, NULL, 0); + ]]) + ],[ + MSCNG_FOUND=yes + AC_MSG_RESULT([yes]) + ],[ + MSCNG_FOUND=no + AC_MSG_RESULT([not found]) + ]) + CPPFLAGS=$OLD_CPPFLAGS + LIBS=$OLD_LIBS +fi + +dnl Set CFLAGS/LIBS flags, do not change CFLAGS/LIBS if both are set +if test "z$MSCNG_FOUND" = "zyes" ; then + if test "z$MSCNG_CFLAGS" = "z" -o "z$MSCNG_LIBS" = "z" ; then + XMLSEC_DEFINES="$XMLSEC_DEFINES $MSCNG_XMLSEC_DEFINES" + MSCNG_LIBS="$MSCNG_LIBS $MSCNG_LIBS_LIST" + fi +fi + +dnl Finally set all the flags +if test "z$MSCNG_FOUND" = "zyes" ; then + XMLSEC_NO_MSCNG="0" + MSCNG_CFLAGS="$MSCNG_CFLAGS -DXMLSEC_CRYPTO_MSCNG=1" + XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscng" +else + XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscng" +fi + +AM_CONDITIONAL(XMLSEC_NO_MSCNG, [test "z$XMLSEC_NO_MSCNG" = "z1"]) +AC_SUBST(XMLSEC_NO_MSCNG) +AC_SUBST(MSCNG_CFLAGS) +AC_SUBST(MSCNG_LIBS) +AC_SUBST(MSCNG_CRYPTO_LIB) + dnl ========================================================================== dnl See if we can find MSCrypto dnl ========================================================================== @@ -1639,79 +1530,188 @@ AC_SUBST(MSCRYPTO_CFLAGS) AC_SUBST(MSCRYPTO_LIBS) AC_SUBST(MSCRYPTO_CRYPTO_LIB) - dnl ========================================================================== -dnl See if we can find MSCng +dnl See if we can find GCrypt dnl ========================================================================== -MSCNG_CRYPTO_LIB="$XMLSEC_PACKAGE-mscng" -dnl This is tested on w64-mingw only so far. -MSCNG_XMLSEC_DEFINES= -MSCNG_LIBS_LIST="-lcrypt32 -lbcrypt -lncrypt" +GCRYPT_MIN_VERSION="1.4.0" +GCRYPT_INCLUDE_DIR="$COMMON_INCLUDE_DIR /usr/local/gcrypt/include" +GCRYPT_LIB_DIR="$COMMON_LIB_DIR /usr/local/gcrypt/lib" +GCRYPT_CONFIG="libgcrypt-config" +GCRYPT_INCLUDE_MARKER="gcrypt.h" +GCRYPT_LIB_MARKER="libgcrypt$shrext" +GCRYPT_CRYPTO_LIB="$XMLSEC_PACKAGE-gcrypt" +GCRYPT_LIBS_LIST="-lgcrypt" -XMLSEC_NO_MSCNG="1" -MSCNG_FOUND="no" -AC_ARG_ENABLE([mscng], [AS_HELP_STRING([--enable-mscng],[enable mscng (no)])]) -AC_MSG_CHECKING(for mscng) +XMLSEC_NO_GCRYPT="1" +GCRYPT_VERSION= +GCRYPT_INCLUDE_PATH= +GCRYPT_LIB_PATH= +GCRYPT_FOUND="no" +AC_ARG_WITH([gcrypt], [AS_HELP_STRING([--with-gcrypt@<:@=PFX@:>@],[gcrypt location])]) dnl Priority 0: Check if library is not needed -if test "z$enable_mscng" != "zyes" ; then - MSCNG_FOUND="disabled" - AC_MSG_RESULT([disabled]) +if test "z$with_gcrypt" = "zno" ; then + GCRYPT_FOUND="disabled" fi -dnl Priority 1: User sets both CFLAGS and LIBS flags -if test "z$MSCNG_FOUND" = "zno" -a "z$MSCNG_CFLAGS" != "z" -a "z$MSCNG_LIBS" != "z" ; then - MSCNG_FOUND=yes - AC_MSG_RESULT([yes]) +dnl Priority 1: User specifies the path to installation +if test "z$GCRYPT_FOUND" = "zno" -a "z$with_gcrypt" != "z" -a "z$with_gcrypt" != "zyes" ; then + AC_MSG_CHECKING(for libgcrypt library installation in "$with_gcrypt" folder) + if test "z$ENABLE_CUSTOM_CONFIGS" = "zyes" -a -f "$with_gcrypt/bin/$GCRYPT_CONFIG" ; then + GCRYPT_CONFIG_PATH="$with_gcrypt/bin/$GCRYPT_CONFIG" + GCRYPT_FOUND="yes" + AC_MSG_RESULT([yes]) + elif test -f "$with_gcrypt/include/$GCRYPT_INCLUDE_MARKER" -a -f "$with_gcrypt/lib/$GCRYPT_LIB_MARKER" ; then + GCRYPT_INCLUDE_PATH="$with_gcrypt/include" + GCRYPT_LIB_PATH="$with_gcrypt/lib" + GCRYPT_FOUND="yes" + AC_MSG_RESULT([yes]) + else + AC_MSG_ERROR([not found: "$with_gcrypt/bin/$GCRYPT_CONFIG" tool, or "$with_gcrypt/include/$GCRYPT_INCLUDE_MARKER" and/or "$with_gcrypt/lib/$GCRYPT_LIB_MARKER" files don't exist), typo?]) + fi fi -dnl Priority 2: Just try to compile/link and hope for the best -if test "z$MSCNG_FOUND" = "zno" ; then +dnl Priority 2: User sets both CFLAGS and LIBS flags +if test "z$GCRYPT_FOUND" = "zno" -a "z$GCRYPT_CFLAGS" != "z" -a "z$GCRYPT_LIBS" != "z" ; then + GCRYPT_FOUND="yes" +fi + +dnl Priority 3: Guess with pkg_config +if test "z$GCRYPT_FOUND" = "zno" -a "z$PKGCONFIG_FOUND" = "zyes" ; then + if test "z$GCRYPT_FOUND" = "zno" ; then + PKG_CHECK_MODULES(GCRYPT, gcrypt >= $GCRYPT_MIN_VERSION, + [GCRYPT_FOUND=yes], + [GCRYPT_FOUND=no]) + fi + if test "z$GCRYPT_FOUND" = "zno" ; then + PKG_CHECK_MODULES(GCRYPT, libgcrypt20 >= $GCRYPT_MIN_VERSION, + [GCRYPT_FOUND=yes], + [GCRYPT_FOUND=no]) + fi + if test "z$GCRYPT_FOUND" = "zno" ; then + PKG_CHECK_MODULES(GCRYPT, libgcrypt11 >= $GCRYPT_MIN_VERSION, + [GCRYPT_FOUND=yes], + [GCRYPT_FOUND=no]) + fi + if test "z$GCRYPT_FOUND" = "zno" ; then + PKG_CHECK_MODULES(GCRYPT, libgcrypt >= $GCRYPT_MIN_VERSION, + [GCRYPT_FOUND=yes], + [GCRYPT_FOUND=no]) + fi +fi + +dnl Priority 4: Guess the config tool location +if test "z$GCRYPT_FOUND" = "zno" -a "z$ENABLE_CUSTOM_CONFIGS" = "zyes" ; then + AC_PATH_PROG(GCRYPT_CONFIG_PATH, [$GCRYPT_CONFIG], [], [$PATH]) + if test "z$GCRYPT_CONFIG_PATH" != "z" ; then + GCRYPT_FOUND="yes" + fi +fi + +dnl Priority 5: Guess using a list of folders. +if test "z$GCRYPT_FOUND" = "zno" -a "z$ENABLE_FOLDERS_SEARCH" = "zyes" ; then + AC_MSG_CHECKING(for libgcrypt library installation in the typical folders) + if test "z$GCRYPT_INCLUDE_PATH" = "z" ; then + AX_FIND_FOLDER(GCRYPT_INCLUDE_PATH, $GCRYPT_INCLUDE_MARKER, $GCRYPT_INCLUDE_DIR) + fi + if test "z$GCRYPT_LIB_PATH" = "z" ; then + AX_FIND_FOLDER(GCRYPT_LIB_PATH, $GCRYPT_LIB_MARKER, $GCRYPT_LIB_DIR) + fi + if test "z$GCRYPT_INCLUDE_PATH" != "z" -a "z$GCRYPT_LIB_PATH" != "z" ; then + GCRYPT_FOUND="yes" + AC_MSG_RESULT([yes ("-I$GCRYPT_INCLUDE_PATH -L$GCRYPT_LIB_PATH")]) + else + AC_MSG_RESULT([not found]) + fi +fi + +dnl Priority 6: Just try to compile/link and hope for the best +if test "z$GCRYPT_FOUND" = "zno" ; then + AC_MSG_CHECKING(for gcrypt library installation) OLD_CPPFLAGS=$CPPFLAGS - CPPFLAGS="$CPPFLAGS $MSCNG_CFLAGS" + CPPFLAGS="$CPPFLAGS $GCRYPT_CFLAGS" OLD_LIBS=$LIBS - LIBS="$LIBS $MSCNG_LIBS $MSCNG_LIBS_LIST" + LIBS="$LIBS $GCRYPT_LIBS $GCRYPT_LIBS_LIST" AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ - #include - #include + #include ]],[[ - BCRYPT_ALG_HANDLE hAlg; - BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_SHA256_ALGORITHM, NULL, 0); + printf("v=%s\n", gcry_check_version("0")); ]]) ],[ - MSCNG_FOUND=yes + GCRYPT_FOUND=yes + GCRYPT_LIBS="$GCRYPT_LIBS $GCRYPT_LIBS_LIST" AC_MSG_RESULT([yes]) ],[ - MSCNG_FOUND=no + GCRYPT_FOUND=no AC_MSG_RESULT([not found]) ]) CPPFLAGS=$OLD_CPPFLAGS LIBS=$OLD_LIBS fi -dnl Set CFLAGS/LIBS flags, do not change CFLAGS/LIBS if both are set -if test "z$MSCNG_FOUND" = "zyes" ; then - if test "z$MSCNG_CFLAGS" = "z" -o "z$MSCNG_LIBS" = "z" ; then - XMLSEC_DEFINES="$XMLSEC_DEFINES $MSCNG_XMLSEC_DEFINES" - MSCNG_LIBS="$MSCNG_LIBS $MSCNG_LIBS_LIST" +dnl Set CFLAGS/LIBS flags +if test "z$GCRYPT_FOUND" = "zyes" ; then + if test "z$GCRYPT_CONFIG_PATH" != "z" -a "z$ENABLE_CUSTOM_CONFIGS" = "zyes" ; then + dnl Get the values using config tool (overwrite CFLAGS/LIBS!) + if test "z$GCRYPT_CFLAGS" = "z" ; then + GCRYPT_CFLAGS="`$GCRYPT_CONFIG_PATH --cflags`" + fi + if test "z$GCRYPT_LIBS" = "z"; then + GCRYPT_LIBS="`$GCRYPT_CONFIG_PATH --libs`" + fi + GCRYPT_CONFIG=$GCRYPT_CONFIG_PATH + GCRYPT_FOUND="yes" + else + dnl Set flags if INCLUDE_PATH or LIB_PATH are set (do NOT overwrite CFLAGS/LIBS!) + if test "z$GCRYPT_INCLUDE_PATH" != "z" ; then + GCRYPT_CFLAGS="$GCRYPT_CFLAGS -I$GCRYPT_INCLUDE_PATH" + fi + if test "z$GCRYPT_LIB_PATH" != "z" ; then + if test "z$with_gnu_ld" = "zyes" ; then + GCRYPT_LIBS="$GCRYPT_LIBS -Wl,-rpath-link -Wl,$GCRYPT_LIB_PATH" + fi + GCRYPT_LIBS="$GCRYPT_LIBS -L$GCRYPT_LIB_PATH $GCRYPT_LIBS_LIST" + fi fi fi -dnl Finally set all the flags -if test "z$MSCNG_FOUND" = "zyes" ; then - XMLSEC_NO_MSCNG="0" - MSCNG_CFLAGS="$MSCNG_CFLAGS -DXMLSEC_CRYPTO_MSCNG=1" - XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscng" +dnl Verify the version +AC_MSG_CHECKING(for libgcrypt library >= $GCRYPT_MIN_VERSION) +if test "z$GCRYPT_FOUND" = "zyes" ; then + OLD_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $GCRYPT_CFLAGS" + dnl gcrypt uses hex digits for version number + minvers=`echo $GCRYPT_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 256 + $2) * 256 + $3;}'` + AC_EGREP_CPP(greater-than-minvers, [ + #include + #if GCRYPT_VERSION_NUMBER >= $minvers + greater-than-minvers + #endif + ],[ + GCRYPT_FOUND=yes + ], [ + GCRYPT_FOUND=no + ]) + CPPFLAGS=$OLD_CPPFLAGS +fi +AC_MSG_RESULT([$GCRYPT_FOUND]) + +dnl Finally set variables +if test "z$GCRYPT_FOUND" = "zyes" ; then + XMLSEC_NO_GCRYPT="0" + GCRYPT_CFLAGS="$GCRYPT_CFLAGS -DXMLSEC_CRYPTO_GCRYPT=1" + XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gcrypt" else - XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscng" + XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gcrypt" fi -AM_CONDITIONAL(XMLSEC_NO_MSCNG, [test "z$XMLSEC_NO_MSCNG" = "z1"]) -AC_SUBST(XMLSEC_NO_MSCNG) -AC_SUBST(MSCNG_CFLAGS) -AC_SUBST(MSCNG_LIBS) -AC_SUBST(MSCNG_CRYPTO_LIB) +AM_CONDITIONAL(XMLSEC_NO_GCRYPT, test "z$XMLSEC_NO_GCRYPT" = "z1") +AC_SUBST(XMLSEC_NO_GCRYPT) +AC_SUBST(GCRYPT_CFLAGS) +AC_SUBST(GCRYPT_LIBS) +AC_SUBST(GCRYPT_CRYPTO_LIB) +AC_SUBST(GCRYPT_MIN_VERSION) dnl ========================================================================== @@ -2079,22 +2079,6 @@ fi AM_CONDITIONAL(XMLSEC_NO_DSA, test "z$XMLSEC_NO_DSA" = "z1") AC_SUBST(XMLSEC_NO_DSA) -dnl ========================================================================== -dnl Check if we need MD5 support -dnl ========================================================================== -AC_MSG_CHECKING(for MD5 support) -AC_ARG_ENABLE([md5], [AS_HELP_STRING([--enable-md5],[enable MD5 support (no, deprecated)])]) -if test "z$enable_md5" = "zyes" ; then - XMLSEC_NO_MD5="0" - AC_MSG_RESULT([yes (deprecated)]) -else - XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_MD5=1" - XMLSEC_NO_MD5="1" - AC_MSG_RESULT([disabled]) -fi -AM_CONDITIONAL(XMLSEC_NO_MD5, test "z$XMLSEC_NO_MD5" = "z1") -AC_SUBST(XMLSEC_NO_MD5) - dnl ========================================================================== dnl Check if we need RSA support dnl ========================================================================== @@ -2669,25 +2653,26 @@ if test "z$XMLSEC_NO_OPENSSL" != "z1" ; then AC_CONFIG_FILES([include/xmlsec/openssl/Makefile src/openssl/Makefile]) fi +if test "z$XMLSEC_NO_NSS" != "z1" ; then +AC_CONFIG_FILES([include/xmlsec/nss/Makefile src/nss/Makefile]) +fi + if test "z$XMLSEC_NO_GNUTLS" != "z1" ; then AC_CONFIG_FILES([include/xmlsec/gnutls/Makefile src/gnutls/Makefile]) fi -if test "z$XMLSEC_NO_GCRYPT" != "z1" ; then -AC_CONFIG_FILES([include/xmlsec/gcrypt/Makefile src/gcrypt/Makefile]) +if test "z$XMLSEC_NO_MSCNG" != "z1" ; then +AC_CONFIG_FILES([include/xmlsec/mscng/Makefile src/mscng/Makefile]) fi -if test "z$XMLSEC_NO_NSS" != "z1" ; then -AC_CONFIG_FILES([include/xmlsec/nss/Makefile src/nss/Makefile]) +if test "z$XMLSEC_NO_GCRYPT" != "z1" ; then +AC_CONFIG_FILES([include/xmlsec/gcrypt/Makefile src/gcrypt/Makefile]) fi if test "z$XMLSEC_NO_MSCRYPTO" != "z1" ; then AC_CONFIG_FILES([include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile]) fi -if test "z$XMLSEC_NO_MSCNG" != "z1" ; then -AC_CONFIG_FILES([include/xmlsec/mscng/Makefile src/mscng/Makefile]) -fi if test "z$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING" = "z1" ; then (rm -f xmlsec1.pc && $LN_S xmlsec1-$XMLSEC_DEFAULT_CRYPTO.pc xmlsec1.pc) @@ -2707,8 +2692,8 @@ docs/api/Makefile man/Makefile xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in -xmlsec1-gcrypt.pc:xmlsec-gcrypt.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in +xmlsec1-gcrypt.pc:xmlsec-gcrypt.pc.in xmlsec1.spec:xmlsec.spec.in ]) AC_CONFIG_FILES([xmlsec1Conf.sh:xmlsecConf.sh.in], [chmod +x xmlsec1Conf.sh]) diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c index cf0794f3c..927a46abe 100644 --- a/src/gnutls/asymkeys.c +++ b/src/gnutls/asymkeys.c @@ -1650,7 +1650,7 @@ xmlSecGnuTLSKeyDataEcPubKeyFromPrivKey(gnutls_privkey_t privkey) { err = gnutls_privkey_export_ecc_raw2(privkey, &curve, &x, &y, &k, 0); - if((err != GNUTLS_E_SUCCESS) && (curve != GNUTLS_ECC_CURVE_INVALID)) { + if((err != GNUTLS_E_SUCCESS) || (curve == GNUTLS_ECC_CURVE_INVALID)) { xmlSecGnuTLSError("gnutls_privkey_export_ecc_raw2", err, NULL); goto done; } @@ -2190,7 +2190,7 @@ xmlSecGnuTLSKeyDataGostPubKeyFromPrivKey(gnutls_privkey_t privkey) { &curve, &digest, ¶mset, &x, &y, &k, 0); - if((err != GNUTLS_E_SUCCESS) && (curve != GNUTLS_ECC_CURVE_INVALID)) { + if((err != GNUTLS_E_SUCCESS) || (curve == GNUTLS_ECC_CURVE_INVALID)) { xmlSecGnuTLSError("gnutls_privkey_export_gost_raw2", err, NULL); goto done; } diff --git a/src/gnutls/kt_rsa.c b/src/gnutls/kt_rsa.c index 252549a59..841cc2b99 100644 --- a/src/gnutls/kt_rsa.c +++ b/src/gnutls/kt_rsa.c @@ -213,7 +213,7 @@ xmlSecGnuTLSKeyTransportEncrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer 0 /* flags */, &plaintext, &encrypted); - if((err != GNUTLS_E_SUCCESS) && (encrypted.data != NULL)) { + if((err != GNUTLS_E_SUCCESS) || (encrypted.data == NULL)) { xmlSecGnuTLSError("gnutls_pubkey_encrypt_data", err, NULL); return(-1); } @@ -264,7 +264,7 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer 0 /* flags */, &ciphertext, &plaintext); - if((err != GNUTLS_E_SUCCESS) && (plaintext.data != NULL)) { + if((err != GNUTLS_E_SUCCESS) || (plaintext.data == NULL)) { xmlSecGnuTLSError("gnutls_privkey_decrypt_data", err, NULL); return(-1); } @@ -296,8 +296,6 @@ xmlSecGnuTLSKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTr xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(transformCtx != NULL, -1); - fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportExecute: start: last=%d, status=%d\n", last, (int)transform->status); - ctx = xmlSecGnuTLSKeyTransportGetCtx(transform); if(ctx == NULL) { xmlSecInternalError("xmlSecGnuTLSKeyTransportGetCtx", xmlSecTransformGetName(transform)); @@ -355,8 +353,6 @@ xmlSecGnuTLSKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTr } } - fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportExecute: end\n"); - return(0); } diff --git a/src/xmlenc.c b/src/xmlenc.c index 48dec7b89..bd3a5fdb0 100644 --- a/src/xmlenc.c +++ b/src/xmlenc.c @@ -608,8 +608,6 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { encCtx->operation = xmlSecTransformOperationDecrypt; xmlSecAddIDs(node->doc, node, xmlSecEncIds); - fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: start: node: %s\n", (char*)node->name); - ret = xmlSecEncCtxEncDataNodeRead(encCtx, node); if(ret < 0) { xmlSecInternalError("xmlSecEncCtxEncDataNodeRead", NULL); @@ -618,8 +616,6 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* decrypt the data */ if(encCtx->cipherValueNode != NULL) { - fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: cipher value: node: %s\n", (char*)node->name); - data = xmlNodeGetContent(encCtx->cipherValueNode); if(data == NULL) { xmlSecInvalidNodeContentError(encCtx->cipherValueNode, NULL, "empty"); @@ -642,7 +638,6 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* success */ res = encCtx->result = encCtx->transformCtx.result; xmlSecAssert2(encCtx->result != NULL, NULL); - fprintf(stderr, "DEBUG: xmlSecEncCtxDecryptToBuffer: success: node: %s, res: %p, value: %p, size: %i\n", (char*)node->name, (void*)res, (void*)(res != NULL ? xmlSecBufferGetData(res) : NULL), (int)(res != NULL ? xmlSecBufferGetSize(res) : 0)); done: if(data != NULL) { From ad29fc171254819399b2e551b7dd7f1cbb67d5dd Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 23:38:24 -0400 Subject: [PATCH 12/16] (xmlsec-mingw) Fix error checks; reorder crypto configs --- src/gnutls/kt_rsa.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/gnutls/kt_rsa.c b/src/gnutls/kt_rsa.c index 841cc2b99..23591c31a 100644 --- a/src/gnutls/kt_rsa.c +++ b/src/gnutls/kt_rsa.c @@ -34,6 +34,7 @@ #include "../cast_helpers.h" #include "../transform_helpers.h" +#include "private.h" /********************************************************************* @@ -248,7 +249,7 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer inSize = xmlSecBufferGetSize(inBuf); xmlSecAssert2(inSize > 0, -1); - fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: size=%d\n", (int)xmlSecBufferGetSize(inBuf)); + fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: size=%d, key size=%d\n", (int)xmlSecBufferGetSize(inBuf), (int)xmlSecGnuTLSAsymKeyDataGetSize(ctx->keyData)); /* get key */ privkey = ctx->getPrivKey(ctx->keyData); @@ -257,6 +258,8 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer return(-1); } + fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: algo=%d\n", gnutls_privkey_get_pk_algorithm(privkey, NULL)); + /* decrypt: only PKCS 1.5 is currently supported by gnutls */ ciphertext.data = xmlSecBufferGetData(inBuf); XMLSEC_SAFE_CAST_SIZE_TO_UINT(inSize, ciphertext.size, return(-1), NULL) @@ -278,8 +281,6 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer } gnutls_free(plaintext.data); - fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: end: size=%d\n", (int)xmlSecBufferGetSize(outBuf)); - /* success */ return(0); } From 950fb45546bbe7b48ba13c794888fa5e02e7b16b Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 23:45:49 -0400 Subject: [PATCH 13/16] (xmlsec-mingw) Added debug output --- src/gnutls/kt_rsa.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/gnutls/kt_rsa.c b/src/gnutls/kt_rsa.c index 23591c31a..e93c239f0 100644 --- a/src/gnutls/kt_rsa.c +++ b/src/gnutls/kt_rsa.c @@ -34,8 +34,6 @@ #include "../cast_helpers.h" #include "../transform_helpers.h" -#include "private.h" - /********************************************************************* * @@ -240,6 +238,8 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer xmlSecSize inSize; int ret; int err; + int algo; + unsigned int bits = 0; xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->keyData != NULL, -1); @@ -249,8 +249,6 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer inSize = xmlSecBufferGetSize(inBuf); xmlSecAssert2(inSize > 0, -1); - fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: size=%d, key size=%d\n", (int)xmlSecBufferGetSize(inBuf), (int)xmlSecGnuTLSAsymKeyDataGetSize(ctx->keyData)); - /* get key */ privkey = ctx->getPrivKey(ctx->keyData); if(privkey == NULL) { @@ -258,7 +256,8 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer return(-1); } - fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: algo=%d\n", gnutls_privkey_get_pk_algorithm(privkey, NULL)); + algo = gnutls_privkey_get_pk_algorithm(privkey, &bits); + fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: algo=%d, key size=%d, config=%s\n", algo, (int)bits, gnutls_get_system_config_file()); /* decrypt: only PKCS 1.5 is currently supported by gnutls */ ciphertext.data = xmlSecBufferGetData(inBuf); From 55acb036f967ac5c3b363f7edaefd00b39eee84e Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Tue, 14 May 2024 23:58:43 -0400 Subject: [PATCH 14/16] (xmlsec-mingw) Reenable RSA-PKCS 1.5 for gnutls --- .github/workflows/make-check.yml | 2 ++ src/gnutls/kt_rsa.c | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/make-check.yml b/.github/workflows/make-check.yml index 01aa7ad9b..75e7e3120 100755 --- a/.github/workflows/make-check.yml +++ b/.github/workflows/make-check.yml @@ -192,6 +192,8 @@ jobs: - name: make check working-directory: build.dir run: | + mkdir -p /etc/gnutls && touch /etc/gnutls/config + mkdir -p /c/etc/gnutls && touch /c/etc/gnutls/config make check - name: make install working-directory: build.dir diff --git a/src/gnutls/kt_rsa.c b/src/gnutls/kt_rsa.c index e93c239f0..45ff264d7 100644 --- a/src/gnutls/kt_rsa.c +++ b/src/gnutls/kt_rsa.c @@ -238,8 +238,6 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer xmlSecSize inSize; int ret; int err; - int algo; - unsigned int bits = 0; xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->keyData != NULL, -1); @@ -256,9 +254,6 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer return(-1); } - algo = gnutls_privkey_get_pk_algorithm(privkey, &bits); - fprintf(stderr, "DEBUG: xmlSecGnuTLSKeyTransportDecrypt: start: algo=%d, key size=%d, config=%s\n", algo, (int)bits, gnutls_get_system_config_file()); - /* decrypt: only PKCS 1.5 is currently supported by gnutls */ ciphertext.data = xmlSecBufferGetData(inBuf); XMLSEC_SAFE_CAST_SIZE_TO_UINT(inSize, ciphertext.size, return(-1), NULL) From 85e3cdf61d7ede18d381922c56bf38b2a41b0ac6 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Wed, 15 May 2024 00:14:17 -0400 Subject: [PATCH 15/16] (xmlsec-mingw) Reenable RSA-PKCS 1.5 for gnutls --- .github/workflows/make-check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/make-check.yml b/.github/workflows/make-check.yml index 75e7e3120..2095016d5 100755 --- a/.github/workflows/make-check.yml +++ b/.github/workflows/make-check.yml @@ -192,8 +192,8 @@ jobs: - name: make check working-directory: build.dir run: | - mkdir -p /etc/gnutls && touch /etc/gnutls/config - mkdir -p /c/etc/gnutls && touch /c/etc/gnutls/config + mkdir -p /etc/gnutls && touch /etc/gnutls/config && cat /etc/gnutls/config + mkdir -p /c/etc/gnutls && touch /c/etc/gnutls/config && cat /c/etc/gnutls/config make check - name: make install working-directory: build.dir From 3e32434f89c5e354cc6c61718238b37cfac4eb50 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Wed, 15 May 2024 08:54:17 -0400 Subject: [PATCH 16/16] Remove hack --- .github/workflows/make-check.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/make-check.yml b/.github/workflows/make-check.yml index 2095016d5..01aa7ad9b 100755 --- a/.github/workflows/make-check.yml +++ b/.github/workflows/make-check.yml @@ -192,8 +192,6 @@ jobs: - name: make check working-directory: build.dir run: | - mkdir -p /etc/gnutls && touch /etc/gnutls/config && cat /etc/gnutls/config - mkdir -p /c/etc/gnutls && touch /c/etc/gnutls/config && cat /c/etc/gnutls/config make check - name: make install working-directory: build.dir