Skip to content

Commit

Permalink
(xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the…
Browse files Browse the repository at this point in the history 
… xmlSecTransform; fixed typos
  • Loading branch information
@lsh123
lsh123 committed Jan 9, 2025
1 parent adf033e commit af54e63
Show file tree
Hide file tree
Showing 8 changed files with 35 additions and 20 deletions.
3 changes: 3 additions & 0 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ <h1>XML Security Library</h1>
<li>TBD<br>
The <a href="download.html">XML Security Library 1.3.7</a> release includes the following changes:
<ul>
<li>Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically
added by XMLSec library.
</li>
<li>(xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).</li>
<li>(xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".<li>
<li>(xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.</li>
Expand Down
13 changes: 12 additions & 1 deletion include/xmlsec/transforms.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,15 @@ XMLSEC_EXPORT xmlSecSize xmlSecTransformCtxGetDefaultBinaryChunkS
XMLSEC_EXPORT void xmlSecTransformCtxSetDefaultBinaryChunkSize(xmlSecSize binaryChunkSize);


/**
* XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED:
*
* If this flag is set then this transform was specified in the XML file
* (vs a transform added by the XMLSec library).
*/
#define XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED 0x00000001


/**************************************************************************
*
* xmlSecTransform
Expand Down Expand Up @@ -436,9 +445,11 @@ struct _xmlSecTransform {
/* used for some transform (e.g. KDF) to determine the desired output size */
xmlSecSize expectedOutputSize;

/* transform flags */
xmlSecSize flags;

/* reserved for the future */
void* reserved0;
void* reserved1;
};

XMLSEC_EXPORT xmlSecTransformPtr xmlSecTransformCreate (xmlSecTransformId id);
Expand Down
10 changes: 5 additions & 5 deletions src/gcrypt/hmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ typedef struct _xmlSecGCryptHmacCtx xmlSecGCryptHmacCtx, *xmlSecGCry
struct _xmlSecGCryptHmacCtx {
int digest;
gcry_md_hd_t digestCtx;
xmlSecByte dgst[XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE];
xmlSecByte dgst[XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE];
xmlSecSize dgstSizeInBits; /* dgst size in bits */
};

Expand Down Expand Up @@ -179,7 +179,7 @@ xmlSecGCryptHmacInitialize(xmlSecTransformPtr transform) {

hmacSize = gcry_md_get_algo_dlen(ctx->digest);
xmlSecAssert2(hmacSize > 0, -1);
xmlSecAssert2(hmacSize <= XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE, -1);
xmlSecAssert2(hmacSize <= XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE, -1);
ctx->dgstSizeInBits = 8 * hmacSize;

/* open context */
Expand Down Expand Up @@ -230,7 +230,7 @@ xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node,
return(-1);
}
xmlSecAssert2(ctx->dgstSizeInBits > 0, -1);
xmlSecAssert2(XMLSEC_TRASNFORM_HMAC_BITS_TO_BYTES(ctx->dgstSizeInBits) < XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE, -1);
xmlSecAssert2(XMLSEC_TRANSFORM_HMAC_BITS_TO_BYTES(ctx->dgstSizeInBits) < XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE, -1);

return(0);
}
Expand Down Expand Up @@ -378,11 +378,11 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC
xmlSecTransformGetName(transform));
return(-1);
}
memcpy(ctx->dgst, dgst, XMLSEC_TRASNFORM_HMAC_BITS_TO_BYTES(ctx->dgstSizeInBits));
memcpy(ctx->dgst, dgst, XMLSEC_TRANSFORM_HMAC_BITS_TO_BYTES(ctx->dgstSizeInBits));

/* write results if needed */
if(transform->operation == xmlSecTransformOperationSign) {
ret = xmlSecTransformHmacWriteOutput(ctx->dgst, ctx->dgstSizeInBits, XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE, out);
ret = xmlSecTransformHmacWriteOutput(ctx->dgst, ctx->dgstSizeInBits, XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE, out);
if(ret < 0) {
xmlSecInternalError("xmlSecTransformHmacWriteOutput", xmlSecTransformGetName(transform));
return(-1);
Expand Down
10 changes: 5 additions & 5 deletions src/gnutls/hmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ struct _xmlSecGnuTLSHmacCtx {
gnutls_hmac_hd_t hmac;
gnutls_mac_algorithm_t hmacAlgo;
xmlSecSize hmacSizeInBits;
xmlSecByte hmacOutput[XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE];
xmlSecByte hmacOutput[XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE];
};

/******************************************************************************
Expand Down Expand Up @@ -156,7 +156,7 @@ xmlSecGnuTLSHmacInitialize(xmlSecTransformPtr transform) {
xmlSecGnuTLSError("gnutls_hmac_get_len", 0, NULL);
return(-1);
}
xmlSecAssert2(hmacSize < XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE, -1);
xmlSecAssert2(hmacSize < XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE, -1);
ctx->hmacSizeInBits = 8 * hmacSize;

/* done */
Expand Down Expand Up @@ -199,7 +199,7 @@ xmlSecGnuTLSHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node,
xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(XMLSEC_TRASNFORM_HMAC_BITS_TO_BYTES(ctx->hmacSizeInBits) <= XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE, -1);
xmlSecAssert2(XMLSEC_TRANSFORM_HMAC_BITS_TO_BYTES(ctx->hmacSizeInBits) <= XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE, -1);

return(0);
}
Expand Down Expand Up @@ -287,7 +287,7 @@ xmlSecGnuTLSHmacVerify(xmlSecTransformPtr transform,
xmlSecAssert2(ctx->hmacSizeInBits > 0, -1);

/* Returns 1 for match, 0 for no match, <0 for errors. */
ret = xmlSecTransformHmacVerify(data, dataSize, ctx->hmacOutput, ctx->hmacSizeInBits, XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE);
ret = xmlSecTransformHmacVerify(data, dataSize, ctx->hmacOutput, ctx->hmacSizeInBits, XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE);
if(ret < 0) {
xmlSecInternalError("xmlSecTransformHmacVerify", xmlSecTransformGetName(transform));
return(-1);
Expand Down Expand Up @@ -355,7 +355,7 @@ xmlSecGnuTLSHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC

/* write results if needed */
if(transform->operation == xmlSecTransformOperationSign) {
ret = xmlSecTransformHmacWriteOutput(ctx->hmacOutput, ctx->hmacSizeInBits, XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE, out);
ret = xmlSecTransformHmacWriteOutput(ctx->hmacOutput, ctx->hmacSizeInBits, XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE, out);
if(ret < 0) {
xmlSecInternalError("xmlSecTransformHmacWriteOutput", xmlSecTransformGetName(transform));
return(-1);
Expand Down
4 changes: 2 additions & 2 deletions src/mscrypto/hmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ struct _xmlSecMSCryptoHmacCtx {
ALG_ID alg_id;
const xmlSecMSCryptoProviderInfo * providers;
HCRYPTHASH mscHash;
unsigned char dgst[XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE];
unsigned char dgst[XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE];
xmlSecSize dgstSize;
xmlSecSize dgstSizeInBits; /* dgst size in bytes */
int ctxInitialized;
Expand Down Expand Up @@ -459,7 +459,7 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
}

if(last) {
DWORD retLen = XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE;
DWORD retLen = XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE;

ret = CryptGetHashParam(ctx->mscHash,
HP_HASHVAL,
Expand Down
4 changes: 2 additions & 2 deletions src/nss/hmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ typedef struct _xmlSecNssHmacCtx xmlSecNssHmacCtx, *xmlSecNssHmac
struct _xmlSecNssHmacCtx {
CK_MECHANISM_TYPE digestType;
PK11Context* digestCtx;
xmlSecByte dgst[XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE];
xmlSecByte dgst[XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE];
xmlSecSize dgstSizeInBits; /* dgst size in bits */
};

Expand Down Expand Up @@ -230,7 +230,7 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node,
xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(XMLSEC_TRASNFORM_HMAC_BITS_TO_BYTES(ctx->dgstSizeInBits) <= XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE, -1);
xmlSecAssert2(XMLSEC_TRANSFORM_HMAC_BITS_TO_BYTES(ctx->dgstSizeInBits) <= XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE, -1);

return(0);
}
Expand Down
10 changes: 5 additions & 5 deletions src/transform_helpers.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
*
* Copyright (C) 2002-2024 Aleksey Sanin <[email protected]>. All Rights Reserved.
*/
#ifndef __XMLSEC_TRASNFORMS_HELPERS_H__
#define __XMLSEC_TRASNFORMS_HELPERS_H__
#ifndef __XMLSEC_TRANSFORMS_HELPERS_H__
#define __XMLSEC_TRANSFORMS_HELPERS_H__


#ifndef XMLSEC_PRIVATE
Expand Down Expand Up @@ -73,9 +73,9 @@ XMLSEC_EXPORT int xmlSecTransformConcatKdfParamsGetFixedInfo (xmlSecTransform
#ifndef XMLSEC_NO_HMAC

/* max HMAC output size in bytes */
#define XMLSEC_TRASNFORM_HMAC_MAX_OUTPUT_SIZE 128U
#define XMLSEC_TRANSFORM_HMAC_MAX_OUTPUT_SIZE 128U

#define XMLSEC_TRASNFORM_HMAC_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
#define XMLSEC_TRANSFORM_HMAC_BITS_TO_BYTES(bits) (((bits) + 7) / 8)

XMLSEC_EXPORT int xmlSecTransformHmacReadOutputBitsSize (xmlNodePtr node,
xmlSecSize defaultSize,
Expand Down Expand Up @@ -131,4 +131,4 @@ XMLSEC_EXPORT int xmlSecTransformRsaOaepParamsRead (xmlSecTransformRsaO

#endif /* XMLSEC_NO_RSA */

#endif /* __XMLSEC_TRASNFORMS_HELPERS_H__ */
#endif /* __XMLSEC_TRANSFORMS_HELPERS_H__ */
1 change: 1 addition & 0 deletions src/transforms.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -678,6 +678,7 @@ xmlSecTransformCtxNodesListRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node, xmlS
xmlSecNodeGetName(cur));
return(-1);
}
transform->flags |= XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED;

ret = xmlSecTransformCtxAppend(ctx, transform);
if(ret < 0) {
Expand Down

0 comments on commit af54e63

Please sign in to comment.