Skip to content

Commit

Permalink
merge master
Browse files Browse the repository at this point in the history
  • Loading branch information
@lsh123
lsh123 committed Feb 27, 2023
2 parents d030e8a + 0e6f056 commit d3dda5d
Show file tree
Hide file tree
Showing 36 changed files with 1,782 additions and 871 deletions.
3 changes: 2 additions & 1 deletion docs/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ <h1>XML Security Library</h1>
<li>(<b>ABI breaking change</b>) Added support for the <a href="https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfoReference">KeyInfoReference Element</a>.</li>
<li>(<b>ABI breaking change</b>) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to
restore the old behaviour (note that this behaviour is deprecated and will be removed in the future.</li>
<li>(<b>API breaking change</b>) Changed the key search to srtict mode: only keys referenced by KeyInfo are used. To resore the old "lax" mode,
<li>(<b>API breaking change</b>) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode,
set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
</li>
<li>Disabled MD5 digest method by default. Use "--enable-md5" configure options ("legacy-crypto" option on Windows) to re-enable MD5.</li>
Expand Down Expand Up @@ -141,6 +141,7 @@ <h1>XML Security Library</h1>
Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-ConcatKDF">ConcatKDF key</a> and
<a href="https://www.w3.org/TR/xmlenc-core1/#sec-PBKDF2">PBKDF2</a> derivation algorithms.
</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-X509Data">X509Digest</a> element for keys and certificates lookup from the system stores (only SHA1 is supported).</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-DEREncodedKeyValue">DEREncodedKeyValue</a> element.</li>
</ul>
</li>
Expand Down
3 changes: 2 additions & 1 deletion docs/news.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ <h1>XML Security Library News</h1>
<li>(<b>ABI breaking change</b>) Added support for the <a href="https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfoReference">KeyInfoReference Element</a>.</li>
<li>(<b>ABI breaking change</b>) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to
restore the old behaviour (note that this behaviour is deprecated and will be removed in the future.</li>
<li>(<b>API breaking change</b>) Changed the key search to srtict mode: only keys referenced by KeyInfo are used. To resore the old "lax" mode,
<li>(<b>API breaking change</b>) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode,
set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
</li>
<li>Disabled MD5 digest method by default. Use "--enable-md5" configure options ("legacy-crypto" option on Windows) to re-enable MD5.</li>
Expand Down Expand Up @@ -122,6 +122,7 @@ <h1>XML Security Library News</h1>
Added support for <a href="https://www.w3.org/TR/xmlenc-core1/#sec-ConcatKDF">ConcatKDF key</a> and
<a href="https://www.w3.org/TR/xmlenc-core1/#sec-PBKDF2">PBKDF2</a> derivation algorithms.
</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-X509Data">X509Digest</a> element for keys and certificates lookup from the system stores (only SHA1 is supported).</li>
<li>Added support for <a href="https://www.w3.org/TR/xmldsig-core1/#sec-DEREncodedKeyValue">DEREncodedKeyValue</a> element.</li>
</ul>
</li>
Expand Down
35 changes: 18 additions & 17 deletions docs/xmldsig.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1112,7 +1112,7 @@ <h3>XMLSec Cryptographic Libraries features</h3>
<td valign="top" bgcolor="#C1E1C1">Yes</td><!-- OpenSSL-->
<td valign="top" bgcolor="#C1E1C1">Yes</td><!-- NSS -->
<td valign="top" bgcolor="#C1E1C1">Yes</td><!-- GnuTLS -->
<td valign="top">No</td><!-- MSCng -->
<td valign="top" bgcolor="#C1E1C1">Yes <a href="#mscng-x509-digest"><sup>(5)</sup></a></td><!-- MSCng -->
<td valign="top">No</td><!-- MSCrypto -->
<td valign="top">No</td><!-- GCrypt -->
</tr>
Expand Down Expand Up @@ -1168,22 +1168,23 @@ <h3>XMLSec Cryptographic Libraries features</h3>
</div>

<div id="notes">
<ul>
<li>
<a name="xslt" id="xslt"></a><sup>(1)</sup> Requires <a href="http://xmlsoft.org/XSLT/downloads.html">LibXSLT</a> library.
</li>
<li>
<a name="gost-openssl" id="gost-openssl"></a><sup>(2)</sup> Requires installation of the <a
href="https://github.com/gost-engine/engine">GOST OpenSSL Engine</a>.
</li>
<li>
<a name="gost-mscrypto" id="gost-mscrypto"></a><sup>(3)</sup> Requires installation of a GOST CSP.
</li>
<li>
<a name="dsa-ke-value" id="dsa-ke-value"></a><sup>(4)</sup> Seed and PgenCounter are not
supported.
</li>
</ul>
<ul>
<li>
<a name="xslt" id="xslt"></a><sup>(1)</sup> Requires <a href="http://xmlsoft.org/XSLT/downloads.html">LibXSLT</a> library.
</li>
<li>
<a name="gost-openssl" id="gost-openssl"></a><sup>(2)</sup> GOST support for the xmlsec-openssl library requires installation of the <a href="https://github.com/gost-engine/engine">GOST OpenSSL Engine</a>.
</li>
<li>
<a name="gost-mscrypto" id="gost-mscrypto"></a><sup>(3)</sup> GOST support for the xmlsec-mscrypto library requires installation of a GOST CSP.
</li>
<li>
<a name="dsa-ke-value" id="dsa-ke-value"></a><sup>(4)</sup> Seed and PgenCounter are not supported in DSAKeyValue element.
</li>
<li>
<a name="mscng-x509-digest" id="mscng-x509-digest"></a><sup>(5)</sup> The xmlsec-mscng library only supports SHA1 digest algorithm for X509Digest element.
</li>
</ul>
</div>

<div id="test-vectores">
Expand Down
6 changes: 3 additions & 3 deletions docs/xmlenc.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -587,8 +587,8 @@ <h3>XMLSec Cryptographic Libraries features</h3>
(<a href="https://github.com/lsh123/xmlsec/issues/514">more details</a>).
</li>
<li>
<a name="mscng-old-win" id="mscng-old-win"><sup>(4)</sup></a> Not supported on Windows 8, Windows Server 2008, Windows Vista,
Windows Server 2003 and Windows XP.
<a name="mscng-old-win" id="mscng-old-win"><sup>(4)</sup></a> The xmlsec-mscng library does not support some cryptographic algortihms
on Windows 8, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP.
</li>
<li>
<a name="pbkdf2" id="pbkdf2"><sup>(5)</sup></a> Only "specified" salt is supported for PBKDF2.
Expand All @@ -598,7 +598,7 @@ <h3>XMLSec Cryptographic Libraries features</h3>
must be the same.
</li>
<li>
<a name="openssl-dhx" id="openssl-dhx"><sup>(7)</sup></a> Only DHX (X9.42 format) keys are supported.
<a name="openssl-dhx" id="openssl-dhx"><sup>(7)</sup></a> The xmlsec-openssl library only supports DHX (X9.42 format) keys for DH algorithm.
</li>
</ul>
</div>
Expand Down
6 changes: 3 additions & 3 deletions include/xmlsec/mscng/x509.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,20 +67,20 @@ XMLSEC_CRYPTO_EXPORT int xmlSecMSCngX509StoreAdoptUntrustedStore(
XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCngX509StoreVerify (xmlSecKeyDataStorePtr store,
HCERTSTORE certs,
xmlSecKeyInfoCtx* keyInfoCtx);
PCCERT_CONTEXT xmlSecMSCngX509StoreFindCert (xmlSecKeyDataStorePtr store,
XMLSEC_DEPRECATED XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCngX509StoreFindCert(xmlSecKeyDataStorePtr store,
xmlChar *subjectName,
xmlChar *issuerName,
xmlChar *issuerSerial,
xmlChar *ski,
xmlSecKeyInfoCtx* keyInfoCtx);
PCCERT_CONTEXT xmlSecMSCngX509StoreFindCert_ex (xmlSecKeyDataStorePtr store,
XMLSEC_DEPRECATED XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCngX509StoreFindCert_ex (xmlSecKeyDataStorePtr store,
xmlChar* subjectName,
xmlChar* issuerName,
xmlChar* issuerSerial,
xmlSecByte* ski,
xmlSecSize skiSize,
xmlSecKeyInfoCtx* keyInfoCtx);
PCCERT_CONTEXT xmlSecMSCngX509FindCertBySubject (HCERTSTORE store,
XMLSEC_DEPRECATED XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCngX509FindCertBySubject(HCERTSTORE store,
LPTSTR wcSubject,
DWORD dwCertEncodingType);

Expand Down
17 changes: 16 additions & 1 deletion include/xmlsec/private.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -703,7 +703,8 @@ struct _xmlSecCryptoDLFunctions {
* <dsig:X509Digest/> node found or would be written back.
*/
#define XMLSEC_X509DATA_DIGEST_NODE 0x00000020
/**

/**
* XMLSEC_X509DATA_DEFAULT:
*
* Default set of nodes to write in case of empty
Expand All @@ -713,6 +714,20 @@ struct _xmlSecCryptoDLFunctions {
(XMLSEC_X509DATA_CERTIFICATE_NODE | XMLSEC_X509DATA_CRL_NODE)



/**
* XMLSEC_X509DATA_SHIFT_IF_NOT_EMPTY:
*
* Shift bits if node present but and not empty.
*/
#define XMLSEC_X509DATA_SHIFT_IF_NOT_EMPTY 16


/* helper macros */
#define XMLSEC_X509DATA_HAS_EMPTY_NODE(content, flag) ( ((content) & (flag)) != 0 )
#define XMLSEC_X509DATA_HAS_NON_EMPTY_NODE(content, flag) ( ((content) & ((flag) << XMLSEC_X509DATA_SHIFT_IF_NOT_EMPTY)) != 0 )
#define XMLSEC_X509DATA_HAS_NODE(content, flag) ( XMLSEC_X509DATA_HAS_EMPTY_NODE(content, flag) || XMLSEC_X509DATA_HAS_NON_EMPTY_NODE(content, flag))

#ifdef __cplusplus
}
#endif /* __cplusplus */
Expand Down
Loading

0 comments on commit d3dda5d

Please sign in to comment.