Permalink
Commits on Sep 22, 2018
  1. win32: allow custom compiler flags (#223)

    vmiklos authored and lsh123 committed Sep 22, 2018
    Use-case is e.g. wanting to build the code with -arch:SSE. And this improves
    consistency, autotools allows custom compiler flags as well.
Commits on Sep 14, 2018
  1. nss: improve assert in xmlSecNssASN1IntegerWrite() (#222)

    vmiklos authored and lsh123 committed Sep 14, 2018
    The intention is that either we have data which can be represented with
    a 64bit unsigned integer, or if the data is larger than that, then it's
    just leading zeros one can ignore.
Commits on Sep 8, 2018
  1. nss: fix undefined behavior due to too large shift (#221)

    vmiklos authored and lsh123 committed Sep 8, 2018
    When building with clang -fsanitize=undefined, ubsan says:
    
    x509.c:1750:46: runtime error: shift exponent 64 is too large for 64-bit type 'PRUint64' (aka 'unsigned long')
        #0 0x444d45 in xmlSecNssASN1IntegerWrite src/nss/x509.c:1750:46
        #1 0x4443ec in xmlSecNssX509IssuerSerialNodeWrite src/nss/x509.c:1259:11
        #2 0x4403ba in xmlSecNssKeyDataX509XmlWrite src/nss/x509.c:769:19
        #3 0x45962a in xmlSecKeyInfoNodeWrite src/keyinfo.c:180:19
        #4 0x480149 in xmlSecDSigCtxProcessKeyInfoNode src/xmldsig.c:807:15
        #5 0x47c774 in xmlSecDSigCtxProcessSignatureNode src/xmldsig.c:506:11
        #6 0x47bfb2 in xmlSecDSigCtxSign src/xmldsig.c:289:11
    
    And indeed shifting a 64bit value by 64 bits happens in practice there
    as num->len is 9. At the same time (at least in case of the test) in all
    3 cases the value that would be shifted is 0.
    
    Avoid undefined behavior by simply not shifting if the value is 0
    anyway.
    
    Testcase: make check-crypto-nss XMLSEC_TEST_NAME="aleksey-xmldsig-01/x509data-sn-test"
Commits on Sep 6, 2018
  1. nss: fix memory leak in GetCertName() (#220)

    vmiklos authored and lsh123 committed Sep 6, 2018
    As pointed out by valgrind:
    
    ==18992== 75 bytes in 1 blocks are definitely lost in loss record 47 of 69
    ==18992==    at 0x4C2E08F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==18992==    by 0x5100DE1: xmlStrndup (in /usr/lib64/libxml2.so.2.9.7)
    ==18992==    by 0x53DAC44: xmlSecNssGetCertName (x509vfy.c:373)
    ==18992==    by 0x53DB08B: xmlSecNssX509FindCert (x509vfy.c:447)
    ==18992==    by 0x53DB08B: xmlSecNssX509StoreFindCert (x509vfy.c:147)
    ==18992==    by 0x53D9029: xmlSecNssX509IssuerSerialNodeRead (x509.c:1177)
    ==18992==    by 0x53D9029: xmlSecNssX509DataNodeRead (x509.c:918)
    ==18992==    by 0x53D9029: xmlSecNssKeyDataX509XmlRead (x509.c:683)
    ==18992==    by 0x56107FF: xmlSecKeyInfoNodeRead (keyinfo.c:112)
    ==18992==    by 0x5615D56: xmlSecKeysMngrGetKey (keys.c:1225)
    ==18992==    by 0x562F034: xmlSecDSigCtxProcessKeyInfoNode (xmldsig.c:785)
    ==18992==    by 0x562F034: xmlSecDSigCtxProcessSignatureNode (xmldsig.c:501)
    ==18992==    by 0x562FC45: xmlSecDSigCtxVerify (xmldsig.c:339)
Commits on Aug 28, 2018
  1. mscng: implement rsa oaep decrypt/encrypt (#219)

    vmiklos authored and lsh123 committed Aug 28, 2018
    * mscng: implement RsaOAEP decryption
    
    Testcase: XMLSEC_TEST_NAME="aleksey-xmlenc-01/enc-aes256-kt-rsa_oaep_sha1-params" nmake check-enc (only partially passes)
    
    * mscng: implement RsaOAEP encryption
    
    Testcase: XMLSEC_TEST_NAME="aleksey-xmlenc-01/enc-aes256-kt-rsa_oaep_sha1-params" nmake check-enc (now fully passes)
Commits on Aug 21, 2018
  1. fix RSA OAEP params in openssl (#215)

    lsh123 committed Aug 21, 2018
Commits on Aug 10, 2018
  1. mscrypto: fix the last cl.exe warning (#214)

    vmiklos authored and lsh123 committed Aug 10, 2018
    And then turn on appveyor werror for that backend as well.
Commits on Aug 4, 2018
  1. appveyor: enable werror for the mscng backend (#213)

    vmiklos authored and lsh123 committed Aug 4, 2018
    This works for me locally, so start with that as a first step.
Commits on Aug 1, 2018
  1. mscng: fix cl.exe warnings (#211)

    vmiklos authored and lsh123 committed Aug 1, 2018
    * win32: include relevant header to avoid macro redefinition warning
    
    c:\Program Files (x86)\Windows Kits\8.1\Include\um\winnt.h(2081): warning C4005: 'UNREFERENCED_PARAMETER': macro redefinition
    C:\xmlsec\include\xmlsec/private.h(522): note: see previous definition of 'UNREFERENCED_PARAMETER'
    
    * win32: disable warnings about constant asserts
    
    static asserts would be C11.
    
    * win32: disable function-pointer conversion warning
    
    It's interesting that a simple cast doesn't trigger a warning for me with
    VS2015, but seeing this macro was explicitly introduced to fix warnings, just
    disable the warning. And at the least the warning is also emitted by VS2017.
    
    * core, mscng: fix warning C4100: 'keysMngr': unreferenced formal parameter
    
    A from-scratch werror=yes build now finishes for me with this.
Commits on Jul 20, 2018
  1. mscng: add ECDSA-SHA384 support (#210)

    vmiklos authored and lsh123 committed Jul 20, 2018
    Testcase: XMLSEC_TEST_NAME="aleksey-xmldsig-01/enveloping-sha384-ecdsa-sha384" nmake check-dsig
Commits on Jul 16, 2018
  1. travis: enable warnings as errors (#209)

    vmiklos authored and lsh123 committed Jul 16, 2018
    The intention is to catch new warnings early, rather than fixing them in
    separate follow-up commits.
Commits on Jul 10, 2018
  1. NSS: add ECDSA-SHA384 support (#208)

    vmiklos authored and lsh123 committed Jul 10, 2018
    * Fix -Werror=unused-parameter warnings
    
    * tests: add ecdsa sha384 testcase
    
    * nss: add ECDSA-SHA384 support
    
    Testcase: make check-crypto-nss XMLSEC_TEST_NAME="aleksey-xmldsig-01/enveloping-sha384-ecdsa-sha384"
    
    * relationship: fix non-matching function name in xmlSecError() calls
Commits on Jul 6, 2018
  1. oss-fuzz: Added one test harness and fuzzer config (#204)

    bshastry authored and lsh123 committed Jul 6, 2018
  2. support signatures w/o SignatureMethod (#206)

    lsh123 committed Jul 6, 2018
Commits on Jul 3, 2018
  1. support multiple keynames (issue #200) (#203)

    lsh123 committed Jul 3, 2018
Commits on Jul 2, 2018
  1. fix xmlSecParseMemory() memory leak (issue #199) (#202)

    lsh123 committed Jul 2, 2018
  2. nss: add dsa sha256 support (#201)

    vmiklos authored and lsh123 committed Jul 2, 2018
    * mscng: avoid double free when xmlSecMSCngCertAdopt() fails
    
    It's free'd in the done block later.
    
    * templates: improve precision of error reporting
    
    Stating exactly what function failed.
    
    * nss: add DSA-SHA256 support
    
    Testcase: make check-crypto-nss XMLSEC_TEST_NAME="aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256"
Commits on Jun 26, 2018
  1. Fix xmlSecKeyUsage values comments that describe their purpose. (#198)

    adelton authored and lsh123 committed Jun 26, 2018
Commits on Jun 25, 2018
  1. configure: macOS improvement (#197)

    vmiklos authored and lsh123 committed Jun 25, 2018
    * mscng, x509 verify: implement recursive check for untrusted certs
    
    This is the case when the issuer certificate is not trusted, parents are not in
    the trusted store, but we can find a parent in the untrusted store which has a
    parent in the trusted store.
    
    Testcase: XMLSEC_TEST_NAME="merlin-xmldsig-twenty-three/signature" nmake check-dsig
    
    * mscng: implement loading .der keys
    
    Testcase: XMLSEC_TEST_NAME="signature-big" nmake check-dsig
    
    * xmlenc: fix non-matching function name in xmlSecError() calls
    
    * xmldsig: fix non-matching function name in xmlSecError() calls
    
    * configure: fix shared library suffix on macOS
    
    See <https://lists.gnu.org/archive/html/libtool/2010-04/msg00020.html>,
    shrext_cmds is a command to be evaluated. Linux uses .so for both
    loadable and shared libraries (in terms of libtool), so the problem is
    not visible there, but on macOS this caused configure to literally look
    for
    
    libnspr4`test .$module = .yes && echo .so || echo .dylib`
    
    for the nss backend, while nss provides libnspr4.dylib.
Commits on Jun 21, 2018
Commits on Jun 20, 2018
  1. fix appveyor.yml (#195)

    lsh123 committed Jun 20, 2018
  2. aesgcmtests (based on snargit PR) (#190)

    lsh123 committed Jun 20, 2018
  3. Mingw fix (#194)

    lsh123 committed Jun 20, 2018
    * enable mscng on mingw
    
    * enable unicode builds for cygwin and mingw
Commits on Jun 19, 2018
  1. MSCNG: ci fixes (#193)

    vmiklos authored and lsh123 committed Jun 19, 2018
    * mscng, x509 verify: implement recursive check for untrusted certs
    
    This is the case when the issuer certificate is not trusted, parents are not in
    the trusted store, but we can find a parent in the untrusted store which has a
    parent in the trusted store.
    
    Testcase: XMLSEC_TEST_NAME="merlin-xmldsig-twenty-three/signature" nmake check-dsig
    
    * mscng: implement loading .der keys
    
    Testcase: XMLSEC_TEST_NAME="signature-big" nmake check-dsig
Commits on Jun 17, 2018
  1. mscng: fix use-after-free, implement adoption of private key as part …

    vmiklos authored and lsh123 committed Jun 17, 2018
    …of key extraction (#192)
Commits on Jun 16, 2018
  1. make tests better (#191)

    lsh123 committed Jun 16, 2018
    - Report totals ok/failed/skipped tests at the end
    - Print failed tests log
    - Fail make check if test fails
  2. update docs

    lsh123 committed Jun 16, 2018
Commits on Jun 15, 2018
  1. Cleanup build warnings

    lsh123 committed Jun 15, 2018
  2. Update Appveyor integration

    lsh123 committed Jun 15, 2018
Commits on Jun 14, 2018
  1. Remove debugging

    lsh123 committed Jun 14, 2018
Commits on Jun 13, 2018
  1. First-pass at aes-gcm support for mscng and openssl backends (#183)

    snargit authored and lsh123 committed Jun 13, 2018
  2. Travis integration (#186)

    lsh123 committed Jun 13, 2018
  3. update travis integration

    lsh123 committed Jun 13, 2018
  4. update travis integration

    lsh123 committed Jun 13, 2018
  5. add travis ci integration

    lsh123 committed Jun 13, 2018