From 4897a9b2260047713f0eb02be1f5097ae79d119b Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Fri, 12 Apr 2024 21:32:05 -0400 Subject: [PATCH 1/3] (xmlsec-all) Add configure options to diable RSA-PKCS#1.5 and RSA-OAEP key transforms --- configure.ac | 96 +++++++++++++++++++++----------- include/xmlsec/gcrypt/crypto.h | 5 +- include/xmlsec/gnutls/crypto.h | 3 +- include/xmlsec/mscng/crypto.h | 4 ++ include/xmlsec/mscrypto/crypto.h | 6 +- include/xmlsec/nss/crypto.h | 4 +- include/xmlsec/openssl/crypto.h | 4 ++ src/gcrypt/crypto.c | 5 ++ src/gcrypt/kt_rsa.c | 8 +++ src/gnutls/crypto.c | 3 + src/gnutls/kt_rsa.c | 15 +++-- src/mscng/crypto.c | 6 +- src/mscng/kt_rsa.c | 96 +++++++++++++++++--------------- src/mscrypto/crypto.c | 6 +- src/mscrypto/kt_rsa.c | 30 +++++----- src/nss/crypto.c | 2 + src/nss/keytrans.c | 15 ++--- src/openssl/crypto.c | 6 +- src/openssl/kt_rsa.c | 6 +- src/openssl/openssl_compat.h | 2 +- src/transforms.c | 3 +- 21 files changed, 206 insertions(+), 119 deletions(-) diff --git a/configure.ac b/configure.ac index 66df92caf..e275cdf6b 100644 --- a/configure.ac +++ b/configure.ac @@ -1855,7 +1855,7 @@ if test "z$build_on_windows" = "zyes" ; then fi dnl ========================================================================== -dnl See do we need files support +dnl Check if we need files support dnl ========================================================================== AC_MSG_CHECKING(for files support) AC_ARG_ENABLE([files], [AS_HELP_STRING([--enable-files],[enable files support (yes)])]) @@ -1871,7 +1871,7 @@ AM_CONDITIONAL(XMLSEC_NO_FILES, test "z$XMLSEC_NO_FILES" = "z1") AC_SUBST(XMLSEC_NO_FILES) dnl ========================================================================== -dnl See do we need FTP support +dnl Check if we need FTP support dnl ========================================================================== AC_MSG_CHECKING(for FTP support) AC_ARG_ENABLE([ftp], [AS_HELP_STRING([--enable-ftp],[enable FTP support (no, deprecated)])]) @@ -1887,7 +1887,7 @@ AM_CONDITIONAL(XMLSEC_NO_FTP, test "z$XMLSEC_NO_FTP" = "z1") AC_SUBST(XMLSEC_NO_FTP) dnl ========================================================================== -dnl See do we need HTTP support +dnl Check if we need HTTP support dnl ========================================================================== AC_MSG_CHECKING(for HTTP support) AC_ARG_ENABLE([http], [AS_HELP_STRING([--enable-http],[enable HTTP support (yes)])]) @@ -1903,7 +1903,7 @@ AM_CONDITIONAL(XMLSEC_NO_HTTP, test "z$XMLSEC_NO_HTTP" = "z1") AC_SUBST(XMLSEC_NO_HTTP) dnl ========================================================================== -dnl See do we need MD5 support +dnl Check if we need MD5 support dnl ========================================================================== AC_MSG_CHECKING(for MD5 support) AC_ARG_ENABLE([md5], [AS_HELP_STRING([--enable-md5],[enable MD5 support (no, deprecated)])]) @@ -1919,7 +1919,7 @@ AM_CONDITIONAL(XMLSEC_NO_MD5, test "z$XMLSEC_NO_MD5" = "z1") AC_SUBST(XMLSEC_NO_MD5) dnl ========================================================================== -dnl See do we need RIPEMD-160 support +dnl Check if we need RIPEMD-160 support dnl ========================================================================== AC_MSG_CHECKING(for RIPEMD-160 support) AC_ARG_ENABLE([ripemd160], [AS_HELP_STRING([--enable-ripemd160],[enable RIPEMD-160 support (yes)])]) @@ -1935,7 +1935,7 @@ AM_CONDITIONAL(XMLSEC_NO_RIPEMD160, test "z$XMLSEC_NO_RIPEMD160" = "z1") AC_SUBST(XMLSEC_NO_RIPEMD160) dnl ========================================================================== -dnl See do we need SHA1 support +dnl Check if we need SHA1 support dnl ========================================================================== AC_MSG_CHECKING(for SHA1 support) AC_ARG_ENABLE([sha1], [AS_HELP_STRING([--enable-sha1],[enable SHA1 support (yes, use discouraged)])]) @@ -1951,7 +1951,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA1, test "z$XMLSEC_NO_SHA1" = "z1") AC_SUBST(XMLSEC_NO_SHA1) dnl ========================================================================== -dnl See do we need SHA224 support +dnl Check if we need SHA224 support dnl ========================================================================== AC_MSG_CHECKING(for SHA224 support) AC_ARG_ENABLE([sha224], [AS_HELP_STRING([--enable-sha224],[enable SHA224 support (yes)])]) @@ -1967,7 +1967,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA224, test "z$XMLSEC_NO_SHA224" = "z1") AC_SUBST(XMLSEC_NO_SHA224) dnl ========================================================================== -dnl See do we need SHA256 support +dnl Check if we need SHA256 support dnl ========================================================================== AC_MSG_CHECKING(for SHA256 support) AC_ARG_ENABLE([sha256], [AS_HELP_STRING([--enable-sha256],[enable SHA256 support (yes)])]) @@ -1983,7 +1983,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA256, test "z$XMLSEC_NO_SHA256" = "z1") AC_SUBST(XMLSEC_NO_SHA256) dnl ========================================================================== -dnl See do we need SHA384 support +dnl Check if we need SHA384 support dnl ========================================================================== AC_MSG_CHECKING(for SHA384 support) AC_ARG_ENABLE([sha384], [AS_HELP_STRING([--enable-sha384],[enable SHA384 support (yes)])]) @@ -1999,7 +1999,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA384, test "z$XMLSEC_NO_SHA384" = "z1") AC_SUBST(XMLSEC_NO_SHA384) dnl ========================================================================== -dnl See do we need SHA512 support +dnl Check if we need SHA512 support dnl ========================================================================== AC_MSG_CHECKING(for SHA512 support) AC_ARG_ENABLE([sha512], [AS_HELP_STRING([--enable-sha512],[enable SHA512 support (yes)])]) @@ -2015,7 +2015,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA512, test "z$XMLSEC_NO_SHA512" = "z1") AC_SUBST(XMLSEC_NO_SHA512) dnl ========================================================================== -dnl See do we need SHA3 support +dnl Check if we need SHA3 support dnl ========================================================================== AC_MSG_CHECKING(for SHA3 support) AC_ARG_ENABLE([sha3], [AS_HELP_STRING([--enable-sha3],[enable SHA3 support (yes)])]) @@ -2031,7 +2031,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA3, test "z$XMLSEC_NO_SHA3" = "z1") AC_SUBST(XMLSEC_NO_SHA3) dnl ========================================================================== -dnl See do we need HMAC support +dnl Check if we need HMAC support dnl ========================================================================== AC_MSG_CHECKING(for HMAC support) AC_ARG_ENABLE([hmac], [AS_HELP_STRING([--enable-hmac],[enable HMAC support (yes)])]) @@ -2047,7 +2047,7 @@ AM_CONDITIONAL(XMLSEC_NO_HMAC, test "z$XMLSEC_NO_HMAC" = "z1") AC_SUBST(XMLSEC_NO_HMAC) dnl ========================================================================== -dnl See do we need DH support +dnl Check if we need DH support dnl ========================================================================== AC_MSG_CHECKING(for DH support) AC_ARG_ENABLE([dh], [AS_HELP_STRING([--enable-dh],[enable DH support (yes)])]) @@ -2064,7 +2064,7 @@ AC_SUBST(XMLSEC_NO_DH) dnl ========================================================================== -dnl See do we need DSA support +dnl Check if we need DSA support dnl ========================================================================== AC_MSG_CHECKING(for DSA support) AC_ARG_ENABLE([dsa], [AS_HELP_STRING([--enable-dsa],[enable DSA support (yes)])]) @@ -2080,7 +2080,7 @@ AM_CONDITIONAL(XMLSEC_NO_DSA, test "z$XMLSEC_NO_DSA" = "z1") AC_SUBST(XMLSEC_NO_DSA) dnl ========================================================================== -dnl See do we need MD5 support +dnl Check if we need MD5 support dnl ========================================================================== AC_MSG_CHECKING(for MD5 support) AC_ARG_ENABLE([md5], [AS_HELP_STRING([--enable-md5],[enable MD5 support (no, deprecated)])]) @@ -2096,7 +2096,7 @@ AM_CONDITIONAL(XMLSEC_NO_MD5, test "z$XMLSEC_NO_MD5" = "z1") AC_SUBST(XMLSEC_NO_MD5) dnl ========================================================================== -dnl See do we need RSA support +dnl Check if we need RSA support dnl ========================================================================== AC_MSG_CHECKING(for RSA support) AC_ARG_ENABLE([rsa], [AS_HELP_STRING([--enable-rsa],[enable RSA support (yes)])]) @@ -2111,9 +2111,40 @@ fi AM_CONDITIONAL(XMLSEC_NO_RSA, test "z$XMLSEC_NO_RSA" = "z1") AC_SUBST(XMLSEC_NO_RSA) +dnl ========================================================================== +dnl Check if we need RSA PKCS 1.5 support +dnl ========================================================================== +AC_MSG_CHECKING(for RSA PKCS 1.5 support) +AC_ARG_ENABLE([rsa-pkcs15], [AS_HELP_STRING([--enable-rsa-pkcs15], [enable RSA PKCS 1.5 support (yes)])]) +if test "z$enable_rsa_pkcs15" = "zno" ; then + XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RSA_PKCS15=1" + XMLSEC_NO_RSA_PKCS15="1" + AC_MSG_RESULT([disabled]) +else + XMLSEC_NO_RSA_PKCS15="0" + AC_MSG_RESULT([yes]) +fi +AM_CONDITIONAL(XMLSEC_NO_RSA_PKCS15, test "z$XMLSEC_NO_RSA_PKCS15" = "z1") +AC_SUBST(XMLSEC_NO_RSA_PKCS15) + +dnl ========================================================================== +dnl Check if we need RSA OAEP support +dnl ========================================================================== +AC_MSG_CHECKING(for RSA OAEP support) +AC_ARG_ENABLE([rsa-oaep], [AS_HELP_STRING([--enable-rsa-oaep], [enable RSA OAEP support (yes)])]) +if test "z$enable_rsa_oaep" = "zno" ; then + XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RSA_OAEP=1" + XMLSEC_NO_RSA_OAEP="1" + AC_MSG_RESULT([disabled]) +else + XMLSEC_NO_RSA_OAEP="0" + AC_MSG_RESULT([yes]) +fi +AM_CONDITIONAL(XMLSEC_NO_RSA_OAEP, test "z$XMLSEC_NO_RSA_OAEP" = "z1") +AC_SUBST(XMLSEC_NO_RSA_OAEP) dnl ========================================================================== -dnl See do we need EC (Eliptic Curve) support +dnl Check if we need EC (Eliptic Curve) support dnl ========================================================================== AC_MSG_CHECKING(for Eliptic Curve support) AC_ARG_ENABLE([ec], [AS_HELP_STRING([--enable-ec],[enable EC support (yes)])]) @@ -2129,7 +2160,7 @@ AM_CONDITIONAL(XMLSEC_NO_EC, test "z$XMLSEC_NO_EC" = "z1") AC_SUBST(XMLSEC_NO_EC) dnl ========================================================================== -dnl See do we need x509 support +dnl Check if we need x509 support dnl ========================================================================== AC_MSG_CHECKING(for x509 support) AC_ARG_ENABLE([x509], [AS_HELP_STRING([--enable-x509],[enable x509 support (yes)])]) @@ -2145,7 +2176,7 @@ AM_CONDITIONAL(XMLSEC_NO_X509, test "z$XMLSEC_NO_X509" = "z1") AC_SUBST(XMLSEC_NO_X509) dnl ========================================================================== -dnl See do we need DES support +dnl Check if we need DES support dnl ========================================================================== AC_MSG_CHECKING(for DES support) AC_ARG_ENABLE([des], [AS_HELP_STRING([--enable-des],[enable DES support (yes, deprecated)])]) @@ -2161,7 +2192,7 @@ AM_CONDITIONAL(XMLSEC_NO_DES, test "z$XMLSEC_NO_DES" = "z1") AC_SUBST(XMLSEC_NO_DES) dnl ========================================================================== -dnl See do we need AES support +dnl Check if we need AES support dnl ========================================================================== AC_MSG_CHECKING(for AES support) AC_ARG_ENABLE([aes], [AS_HELP_STRING([--enable-aes],[enable AES support])]) @@ -2177,7 +2208,7 @@ AM_CONDITIONAL(XMLSEC_NO_AES, test "z$XMLSEC_NO_AES" = "z1") AC_SUBST(XMLSEC_NO_AES) dnl ========================================================================== -dnl See do we need ConcatKDF support +dnl Check if we need ConcatKDF support dnl ========================================================================== AC_MSG_CHECKING(for ConcatKDF support) AC_ARG_ENABLE([concatkdf], [AS_HELP_STRING([--enable-concatkdf],[enable ConcatKDF support (yes)])]) @@ -2193,7 +2224,7 @@ AM_CONDITIONAL(XMLSEC_NO_CONCATKDF, test "z$XMLSEC_NO_CONCATKDF" = "z1") AC_SUBST(XMLSEC_NO_CONCATKDF) dnl ========================================================================== -dnl See do we need PBKDF2 support +dnl Check if we need PBKDF2 support dnl ========================================================================== AC_MSG_CHECKING(for PBKDF2 support) AC_ARG_ENABLE([pbkdf2], [AS_HELP_STRING([--enable-pbkdf2],[enable PBKDF2 support (yes)])]) @@ -2209,10 +2240,10 @@ AM_CONDITIONAL(XMLSEC_NO_PBKDF2, test "z$XMLSEC_NO_PBKDF2" = "z1") AC_SUBST(XMLSEC_NO_PBKDF2) dnl ========================================================================== -dnl See do we need GOST 2001 support +dnl Check if we need GOST 2001 support dnl ========================================================================== AC_MSG_CHECKING(for GOST 2001 support) -AC_ARG_ENABLE([gost], [AS_HELP_STRING([--enable-gost],[enable GOST-2001 support (no)])]) +AC_ARG_ENABLE([gost], [AS_HELP_STRING([--enable-gost], [enable GOST-2001 support (no)])]) if test "z$enable_gost" != "zyes" ; then XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_GOST=1" XMLSEC_NO_GOST="1" @@ -2225,10 +2256,10 @@ AM_CONDITIONAL(XMLSEC_NO_GOST, test "z$XMLSEC_NO_GOST" = "z1") AC_SUBST(XMLSEC_NO_GOST) dnl ========================================================================== -dnl See do we need GOST 2012 support +dnl Check if we need GOST 2012 support dnl ========================================================================== AC_MSG_CHECKING(for GOST 2012 support) -AC_ARG_ENABLE([gost2012], [AS_HELP_STRING([--enable-gost2012],[enable GOST-2012 support (no)])]) +AC_ARG_ENABLE([gost2012], [AS_HELP_STRING([--enable-gost2012], [enable GOST-2012 support (no)])]) if test "z$enable_gost2012" != "zyes" ; then XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_GOST2012=1" XMLSEC_NO_GOST2012="1" @@ -2240,9 +2271,8 @@ fi AM_CONDITIONAL(XMLSEC_NO_GOST2012, test "z$XMLSEC_NO_GOST2012" = "z1") AC_SUBST(XMLSEC_NO_GOST2012) - dnl ========================================================================== -dnl See do we need XMLDSig support +dnl Check if we need XMLDSig support dnl ========================================================================== AC_MSG_CHECKING(for XMLDSig support) AC_ARG_ENABLE([xmldsig], [AS_HELP_STRING([--enable-xmldsig],[enable XMLDSig support (yes)])]) @@ -2258,7 +2288,7 @@ AM_CONDITIONAL(XMLSEC_NO_XMLDSIG, test "z$XMLSEC_NO_XMLDSIG" = "z1") AC_SUBST(XMLSEC_NO_XMLDSIG) dnl ========================================================================== -dnl See do we need XMLEnc support +dnl Check if we need XMLEnc support dnl ========================================================================== AC_MSG_CHECKING(for XMLEnc support) AC_ARG_ENABLE([xmlenc], [AS_HELP_STRING([--enable-xmlenc],[enable XMLEnc support (yes)])]) @@ -2274,7 +2304,7 @@ AM_CONDITIONAL(XMLSEC_NO_XMLENC, test "z$XMLSEC_NO_XMLENC" = "z1") AC_SUBST(XMLSEC_NO_XMLENC) dnl ========================================================================== -dnl See do we need mans +dnl Check if we need mans dnl ========================================================================== AC_MSG_CHECKING(for mans) AC_ARG_ENABLE([mans], [AS_HELP_STRING([--enable-mans],[enable manual pages (yes)])]) @@ -2289,7 +2319,7 @@ AM_CONDITIONAL(XMLSEC_MANS, test "z$XMLSEC_MANS" = "z1") AC_SUBST(XMLSEC_MANS) dnl ========================================================================== -dnl See do we need docs +dnl Check if we need docs dnl ========================================================================== AC_MSG_CHECKING(for docs) AC_ARG_ENABLE([docs], [AS_HELP_STRING([--enable-docs],[enable documentation (yes)])]) @@ -2457,7 +2487,7 @@ AC_MSG_RESULT([$XMLSEC_DOCDIR]) AC_SUBST(XMLSEC_DOCDIR) dnl ========================================================================== -dnl See do we need Simple Keys Manager +dnl Check if we need Simple Keys Manager dnl ========================================================================== AC_MSG_CHECKING(for Simple Keys Manager testing) AC_ARG_ENABLE([skm], [AS_HELP_STRING([--enable-skm],[enable Simple Keys Manager testing (yes)])]) @@ -2469,7 +2499,7 @@ else fi dnl ========================================================================== -dnl See do we need templates tests +dnl Check if we need templates tests dnl ========================================================================== AC_MSG_CHECKING(for templates testing) AC_ARG_ENABLE([tmpl_tests], [AS_HELP_STRING([--enable-tmpl-tests],[enable templates testing in xmlsec utility (yes)])]) diff --git a/include/xmlsec/gcrypt/crypto.h b/include/xmlsec/gcrypt/crypto.h index 706821af9..f70c430f3 100644 --- a/include/xmlsec/gcrypt/crypto.h +++ b/include/xmlsec/gcrypt/crypto.h @@ -536,6 +536,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPssSha3_384GetKla XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPssSha3_512GetKlass(void); #endif /* XMLSEC_NO_SHA3 */ +#ifndef XMLSEC_NO_RSA_PKCS15 /** * xmlSecGCryptTransformRsaPkcs1Id: * @@ -544,7 +545,9 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPssSha3_512GetKla #define xmlSecGCryptTransformRsaPkcs1Id \ xmlSecGCryptTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPkcs1GetKlass(void); +#endif /* XMLSEC_NO_RSA_PKCS15 */ +#ifndef XMLSEC_NO_RSA_OAEP /** * xmlSecGCryptTransformRsaOaepId: * @@ -562,7 +565,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaOaepGetKlass(void #define xmlSecGCryptTransformRsaOaepEnc11Id \ xmlSecGCryptTransformRsaOaepEnc11GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaOaepEnc11GetKlass(void); - +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/include/xmlsec/gnutls/crypto.h b/include/xmlsec/gnutls/crypto.h index 941e2d8e9..6735e6311 100644 --- a/include/xmlsec/gnutls/crypto.h +++ b/include/xmlsec/gnutls/crypto.h @@ -652,7 +652,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPssSha384GetKlass XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPssSha512GetKlass(void); #endif /* XMLSEC_NO_SHA512 */ - +#ifndef XMLSEC_NO_RSA_PKCS15 /** * xmlSecGnuTLSTransformRsaPkcs1Id: * @@ -661,6 +661,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPssSha512GetKlass #define xmlSecGnuTLSTransformRsaPkcs1Id \ xmlSecGnuTLSTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPkcs1GetKlass(void); +#endif /* XMLSEC_NO_RSA_PKCS15 */ #endif /* XMLSEC_NO_RSA */ diff --git a/include/xmlsec/mscng/crypto.h b/include/xmlsec/mscng/crypto.h index 105aa2cf6..5674d2f05 100644 --- a/include/xmlsec/mscng/crypto.h +++ b/include/xmlsec/mscng/crypto.h @@ -203,6 +203,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPssSha384GetKlass( XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPssSha512GetKlass(void); #endif /* XMLSEC_NO_SHA512 */ +#ifndef XMLSEC_NO_RSA_PKCS15 /** * xmlSecMSCngTransformRsaPkcs1Id: * @@ -211,7 +212,9 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPssSha512GetKlass( #define xmlSecMSCngTransformRsaPkcs1Id \ xmlSecMSCngTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPkcs1GetKlass(void); +#endif /* XMLSEC_NO_RSA_PKCS15 */ +#ifndef XMLSEC_NO_RSA_OAEP /** * xmlSecMSCngTransformRsaOaepId: * @@ -230,6 +233,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaOaepGetKlass(void) #define xmlSecMSCngTransformRsaOaepEnc11Id \ xmlSecMSCngTransformRsaOaepEnc11GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaOaepEnc11GetKlass(void); +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h index 27dc4c55e..1600aaa87 100644 --- a/include/xmlsec/mscrypto/crypto.h +++ b/include/xmlsec/mscrypto/crypto.h @@ -212,6 +212,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha384GetKlass( XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha512GetKlass(void); #endif /* XMLSEC_NO_SHA512 */ +#ifndef XMLSEC_NO_RSA_PKCS15 /** * xmlSecMSCryptoTransformRsaPkcs1Id: * @@ -220,17 +221,18 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha512GetKlass( #define xmlSecMSCryptoTransformRsaPkcs1Id \ xmlSecMSCryptoTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaPkcs1GetKlass(void); +#endif /* XMLSEC_NO_RSA_PKCS15 */ +#ifndef XMLSEC_NO_RSA_OAEP /** * xmlSecMSCryptoTransformRsaOaepId: * * The RSA OAEP key transport transform klass. MSCrypto only supports SHA1 for digest and MGF1. */ -#ifndef XMLSEC_NO_SHA1 #define xmlSecMSCryptoTransformRsaOaepId \ xmlSecMSCryptoTransformRsaOaepGetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaOaepGetKlass(void); -#endif /* XMLSEC_NO_SHA1 */ +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h index 782305b86..aa97f1d2f 100644 --- a/include/xmlsec/nss/crypto.h +++ b/include/xmlsec/nss/crypto.h @@ -587,7 +587,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPssSha384GetKlass(vo XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPssSha512GetKlass(void); #endif /* XMLSEC_NO_SHA512 */ - +#ifndef XMLSEC_NO_RSA_PKCS15 /** * xmlSecNssTransformRsaPkcs1Id: * @@ -596,7 +596,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPssSha512GetKlass(vo #define xmlSecNssTransformRsaPkcs1Id \ xmlSecNssTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); - +#endif /* XMLSEC_NO_RSA_PKCS15 */ #ifndef XMLSEC_NO_RSA_OAEP /** diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h index fe1a82170..115367b11 100644 --- a/include/xmlsec/openssl/crypto.h +++ b/include/xmlsec/openssl/crypto.h @@ -900,6 +900,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha384GetKlass(v XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha512GetKlass(void); #endif /* XMLSEC_NO_SHA512 */ +#ifndef XMLSEC_NO_RSA_PKCS15 /** * xmlSecOpenSSLTransformRsaPkcs1Id: * @@ -908,7 +909,9 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha512GetKlass(v #define xmlSecOpenSSLTransformRsaPkcs1Id \ xmlSecOpenSSLTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaPkcs1GetKlass(void); +#endif /* XMLSEC_NO_RSA_PKCS15 */ +#ifndef XMLSEC_NO_RSA_OAEP /** * xmlSecOpenSSLTransformRsaOaepId: * @@ -926,6 +929,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaOaepGetKlass(voi #define xmlSecOpenSSLTransformRsaOaepEnc11Id \ xmlSecOpenSSLTransformRsaOaepEnc11GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaOaepEnc11GetKlass(void); +#endif /* XMLSEC_NO_RSA_OAEP */ #ifndef XMLSEC_NO_SHA1 /** diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c index d1633777f..779897660 100644 --- a/src/gcrypt/crypto.c +++ b/src/gcrypt/crypto.c @@ -246,9 +246,14 @@ xmlSecCryptoGetFunctions_gcrypt(void) { #endif /* XMLSEC_NO_SHA3 */ +#ifndef XMLSEC_NO_RSA_PKCS15 gXmlSecGCryptFunctions->transformRsaPkcs1GetKlass = xmlSecGCryptTransformRsaPkcs1GetKlass; +#endif /* XMLSEC_NO_RSA_PKCS15 */ + +#ifndef XMLSEC_NO_RSA_OAEP gXmlSecGCryptFunctions->transformRsaOaepGetKlass = xmlSecGCryptTransformRsaOaepGetKlass; gXmlSecGCryptFunctions->transformRsaOaepEnc11GetKlass = xmlSecGCryptTransformRsaOaepEnc11GetKlass; +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/src/gcrypt/kt_rsa.c b/src/gcrypt/kt_rsa.c index bab685c4e..be9551c6e 100644 --- a/src/gcrypt/kt_rsa.c +++ b/src/gcrypt/kt_rsa.c @@ -168,6 +168,8 @@ xmlSecGCryptRsaKtDecrypt(gcry_sexp_t s_encrypted_data, gcry_sexp_t s_priv_key, x return(res); } +#ifndef XMLSEC_NO_RSA_PKCS15 + /************************************************************************** * * Internal GCrypt RSA PKCS1 CTX @@ -490,6 +492,9 @@ xmlSecGCryptRsaPkcs1Execute(xmlSecTransformPtr transform, int last, return(0); } +#endif /* XMLSEC_NO_RSA_PKCS15 */ + +#ifndef XMLSEC_NO_RSA_OAEP /************************************************************************** * * Internal GCrypt RSA OAEP CTX @@ -1055,6 +1060,9 @@ xmlSecGCryptRsaOaepExecute(xmlSecTransformPtr transform, int last, } return(0); } + +#endif /* XMLSEC_NO_RSA_OAEP */ + #else /* XMLSEC_NO_RSA */ /* ISO C forbids an empty translation unit */ diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c index 981da84dc..5e81740fc 100644 --- a/src/gnutls/crypto.c +++ b/src/gnutls/crypto.c @@ -258,7 +258,10 @@ xmlSecCryptoGetFunctions_gnutls(void) { gXmlSecGnuTLSFunctions->transformRsaPssSha512GetKlass = xmlSecGnuTLSTransformRsaPssSha512GetKlass; #endif /* XMLSEC_NO_SHA512 */ +#ifndef XMLSEC_NO_RSA_PKCS15 gXmlSecGnuTLSFunctions->transformRsaPkcs1GetKlass = xmlSecGnuTLSTransformRsaPkcs1GetKlass; +#endif /* XMLSEC_NO_RSA_PKCS15 */ + #endif /* XMLSEC_NO_RSA */ /******************************* SHA ********************************/ diff --git a/src/gnutls/kt_rsa.c b/src/gnutls/kt_rsa.c index 379090f1f..f31c9d037 100644 --- a/src/gnutls/kt_rsa.c +++ b/src/gnutls/kt_rsa.c @@ -12,8 +12,11 @@ * SECTION:crypto */ + #include "globals.h" +#ifndef XMLSEC_NO_RSA + #include #include #include @@ -73,11 +76,11 @@ static int xmlSecGnuTLSKeyTransportExecute (xmlSecTransformPtr tran static int xmlSecGnuTLSKeyTransportCheckId(xmlSecTransformPtr transform) { -#ifndef XMLSEC_NO_RSA +#ifndef XMLSEC_NO_RSA_PKCS15 if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformRsaPkcs1Id)) { return(1); } -#endif /* XMLSEC_NO_RSA */ +#endif /* XMLSEC_NO_RSA_PKCS15 */ /* not found */ return(0); @@ -96,13 +99,13 @@ xmlSecGnuTLSKeyTransportInitialize(xmlSecTransformPtr transform) { /* initialize context */ memset(ctx, 0, sizeof(xmlSecGnuTLSKeyTransportCtx)); -#ifndef XMLSEC_NO_RSA +#ifndef XMLSEC_NO_RSA_PKCS15 if(transform->id == xmlSecGnuTLSTransformRsaPkcs1Id) { ctx->getPubKey = xmlSecGnuTLSKeyDataRsaGetPublicKey; ctx->getPrivKey = xmlSecGnuTLSKeyDataRsaGetPrivateKey; ctx->keyId = xmlSecGnuTLSKeyDataRsaId; } else -#endif /* XMLSEC_NO_RSA */ +#endif /* XMLSEC_NO_RSA_PKCS15 */ /* not found */ { @@ -349,8 +352,7 @@ xmlSecGnuTLSKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTr return(0); } - -#ifndef XMLSEC_NO_RSA +#ifndef XMLSEC_NO_RSA_PKCS15 static xmlSecTransformKlass xmlSecGnuTLSRsaPkcs1Klass = { /* klass/object sizes */ @@ -391,4 +393,5 @@ xmlSecGnuTLSTransformRsaPkcs1GetKlass(void) { return(&xmlSecGnuTLSRsaPkcs1Klass); } +#endif /* XMLSEC_NO_RSA_PKCS15 */ #endif /* XMLSEC_NO_RSA */ diff --git a/src/mscng/crypto.c b/src/mscng/crypto.c index 7d8e4630d..e243833c5 100644 --- a/src/mscng/crypto.c +++ b/src/mscng/crypto.c @@ -247,10 +247,14 @@ xmlSecCryptoGetFunctions_mscng(void) { gXmlSecMSCngFunctions->transformRsaPssSha512GetKlass = xmlSecMSCngTransformRsaPssSha512GetKlass; #endif /* XMLSEC_NO_SHA512 */ - +#ifndef XMLSEC_NO_RSA_PKCS15 gXmlSecMSCngFunctions->transformRsaPkcs1GetKlass = xmlSecMSCngTransformRsaPkcs1GetKlass; +#endif /* XMLSEC_NO_RSA_PKCS15 */ + +#ifndef XMLSEC_NO_RSA_OAEP gXmlSecMSCngFunctions->transformRsaOaepGetKlass = xmlSecMSCngTransformRsaOaepGetKlass; gXmlSecMSCngFunctions->transformRsaOaepEnc11GetKlass = xmlSecMSCngTransformRsaOaepEnc11GetKlass; +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/src/mscng/kt_rsa.c b/src/mscng/kt_rsa.c index 1f1277a97..4e3235485 100644 --- a/src/mscng/kt_rsa.c +++ b/src/mscng/kt_rsa.c @@ -399,51 +399,6 @@ xmlSecMSCngRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, return(0); } -/********************************************************************** - * - * RSA/PKCS1 transform - * - **********************************************************************/ -static xmlSecTransformKlass xmlSecMSCngRsaPkcs1Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSeccMSCngRsaPkcs1OaepSize, /* xmlSecSize objSize */ - - xmlSecNameRsaPkcs1, /* const xmlChar* name; */ - xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecMSCngRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecMSCngRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecMSCngRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecMSCngRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecMSCngRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecMSCngTransformRsaPkcs1GetKlass: - * - * The RSA-PKCS1 key transport transform klass. - * - * Returns: RSA-PKCS1 key transport transform klass. - */ -xmlSecTransformId -xmlSecMSCngTransformRsaPkcs1GetKlass(void) { - return(&xmlSecMSCngRsaPkcs1Klass); -} - - static int xmlSecMSCngRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx ATTRIBUTE_UNUSED) { @@ -584,6 +539,7 @@ xmlSecMSCngRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, return(0); } +#ifndef XMLSEC_NO_RSA_OAEP static xmlSecTransformKlass xmlSecMSCngRsaOaepKlass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ @@ -662,5 +618,55 @@ xmlSecTransformId xmlSecMSCngTransformRsaOaepEnc11GetKlass(void) { return(&xmlSecMSCngRsaOaepEnc11Klass); } +#endif /* XMLSEC_NO_RSA_OAEP */ + +#ifndef XMLSEC_NO_RSA_PKCS15 + +/********************************************************************** + * + * RSA/PKCS1 transform + * + **********************************************************************/ +static xmlSecTransformKlass xmlSecMSCngRsaPkcs1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSeccMSCngRsaPkcs1OaepSize, /* xmlSecSize objSize */ + + xmlSecNameRsaPkcs1, /* const xmlChar* name; */ + xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaPkcs1GetKlass: + * + * The RSA-PKCS1 key transport transform klass. + * + * Returns: RSA-PKCS1 key transport transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaPkcs1GetKlass(void) { + return(&xmlSecMSCngRsaPkcs1Klass); +} + +#endif /* XMLSEC_NO_RSA_PKCS15 */ + #endif /* XMLSEC_NO_RSA */ diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c index 1eb2983aa..97045b40b 100644 --- a/src/mscrypto/crypto.c +++ b/src/mscrypto/crypto.c @@ -218,11 +218,13 @@ xmlSecCryptoGetFunctions_mscrypto(void) { gXmlSecMSCryptoFunctions->transformRsaSha512GetKlass = xmlSecMSCryptoTransformRsaSha512GetKlass; #endif /* XMLSEC_NO_SHA512 */ +#ifndef XMLSEC_NO_RSA_PKCS15 gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass; +#endif /* XMLSEC_NO_RSA_PKCS15 */ -#ifndef XMLSEC_NO_SHA1 +#ifndef XMLSEC_NO_RSA_OAEP gXmlSecMSCryptoFunctions->transformRsaOaepGetKlass = xmlSecMSCryptoTransformRsaOaepGetKlass; -#endif /* XMLSEC_NO_SHA1 */ +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/src/mscrypto/kt_rsa.c b/src/mscrypto/kt_rsa.c index 4d122d1f6..7ad6fa32e 100644 --- a/src/mscrypto/kt_rsa.c +++ b/src/mscrypto/kt_rsa.c @@ -73,15 +73,17 @@ static int xmlSecMSCryptoRsaPkcs1OaepProcess (xmlSecTransform static int xmlSecMSCryptoRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) { +#ifndef XMLSEC_NO_RSA_PKCS15 if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) { return(1); } else +#endif /* XMLSEC_NO_RSA_PKCS15 */ -#ifndef XMLSEC_NO_SHA1 +#ifndef XMLSEC_NO_RSA_OAEP if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) { return(1); } else -#endif /* XMLSEC_NO_SHA1 */ +#endif /* XMLSEC_NO_RSA_OAEP */ /* not found */ { @@ -110,15 +112,17 @@ xmlSecMSCryptoRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) { return(-1); } +#ifndef XMLSEC_NO_RSA_PKCS15 if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) { ctx->dwFlags = 0; } else +#endif /* XMLSEC_NO_RSA_PKCS15 */ -#ifndef XMLSEC_NO_SHA1 +#ifndef XMLSEC_NO_RSA_OAEP if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) { ctx->dwFlags = CRYPT_OAEP; } else -#endif /* XMLSEC_NO_SHA1 */ +#endif /* XMLSEC_NO_RSA_OAEP */ /* not found */ { @@ -215,7 +219,7 @@ xmlSecMSCryptoRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, } if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) { - /* just do nothing */ + /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { ret = xmlSecMSCryptoRsaPkcs1OaepProcess(transform); if(ret < 0) { @@ -311,7 +315,7 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { xmlSecAssert2(outBuf != NULL, -1); -#ifndef XMLSEC_NO_SHA1 +#ifndef XMLSEC_NO_RSA_OAEP /* set OAEP parameter for the key * * aleksey: I don't understand how this would work in multi-threaded @@ -331,7 +335,7 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { return (-1); } } -#endif /* XMLSEC_NO_SHA1 */ +#endif /* XMLSEC_NO_RSA_OAEP */ /* encrypt */ if (!CryptEncrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwInLen, dwBufLen)) { @@ -359,7 +363,7 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { return (-1); } -#ifndef XMLSEC_NO_SHA1 +#ifndef XMLSEC_NO_RSA_OAEP /* set OAEP parameter for the key * * aleksey: I don't understand how this would work in multi-threaded @@ -379,7 +383,7 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { return (-1); } } -#endif /* XMLSEC_NO_SHA1 */ +#endif /* XMLSEC_NO_RSA_OAEP */ /* decrypt */ if (!CryptDecrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwOutLen)) { @@ -407,7 +411,7 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { return(0); } - +#ifndef XMLSEC_NO_RSA_PKCS15 /********************************************************************** * * RSA/PKCS1 transform @@ -452,15 +456,15 @@ xmlSecTransformId xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) { return(&xmlSecMSCryptoRsaPkcs1Klass); } +#endif /* XMLSEC_NO_RSA_PKCS15 */ - +#ifndef XMLSEC_NO_RSA_OAEP /********************************************************************** * * RSA/OAEP transform: only SHA1 is supported for digest and MGF1! * **********************************************************************/ -#ifndef XMLSEC_NO_SHA1 static int xmlSecMSCryptoRsaOaepNodeRead (xmlSecTransformPtr transform, xmlNodePtr node, @@ -553,6 +557,6 @@ xmlSecMSCryptoRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformRsaOaepParamsFinalize(&oaepParams); return(0); } -#endif /* XMLSEC_NO_SHA1 */ +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/src/nss/crypto.c b/src/nss/crypto.c index 7ba0c77ac..2c5b24fbe 100644 --- a/src/nss/crypto.c +++ b/src/nss/crypto.c @@ -298,7 +298,9 @@ xmlSecCryptoGetFunctions_nss(void) { #endif /* XMLSEC_NO_SHA512 */ +#ifndef XMLSEC_NO_RSA_PKCS15 gXmlSecNssFunctions->transformRsaPkcs1GetKlass = xmlSecNssTransformRsaPkcs1GetKlass; +#endif /* XMLSEC_NO_RSA_PKCS15*/ #ifndef XMLSEC_NO_RSA_OAEP gXmlSecNssFunctions->transformRsaOaepGetKlass = xmlSecNssTransformRsaOaepGetKlass; diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c index 65095a8cf..866d6acde 100644 --- a/src/nss/keytrans.c +++ b/src/nss/keytrans.c @@ -80,12 +80,12 @@ static int xmlSecNssKeyTransportCheckId(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_RSA +#ifndef XMLSEC_NO_RSA_PKCS15 if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaPkcs1Id)) { return(1); } -#endif /* XMLSEC_NO_RSA */ +#endif /* XMLSEC_NO_RSA_PKCS15 */ -#ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_RSA_OAEP if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaOaepId)) { return (1); @@ -118,13 +118,14 @@ xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { memset(context, 0, sizeof(xmlSecNssKeyTransportCtx)); #ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_RSA_PKCS15 if(transform->id == xmlSecNssTransformRsaPkcs1Id) { context->cipher = CKM_RSA_PKCS; context->keyId = xmlSecNssKeyDataRsaId; } else -#endif /* XMLSEC_NO_RSA */ +#endif /* XMLSEC_NO_RSA_PKCS15 */ -#ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_RSA_OAEP if(transform->id == xmlSecNssTransformRsaOaepId) { context->cipher = CKM_RSA_PKCS_OAEP; @@ -134,6 +135,7 @@ xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { context->keyId = xmlSecNssKeyDataRsaId; } else #endif /* XMLSEC_NO_RSA_OAEP */ + #endif /* XMLSEC_NO_RSA */ /* not found */ @@ -671,6 +673,7 @@ xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTrans #ifndef XMLSEC_NO_RSA +#ifndef XMLSEC_NO_RSA_PKCS15 static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { /* klass/object sizes */ @@ -710,9 +713,7 @@ xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void) { return(&xmlSecNssRsaPkcs1Klass); } -#endif /* XMLSEC_NO_RSA */ - -#ifndef XMLSEC_NO_RSA +#endif /* XMLSEC_NO_RSA_PKCS15 */ #ifndef XMLSEC_NO_RSA_OAEP diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c index 6ca70289e..22fee6085 100644 --- a/src/openssl/crypto.c +++ b/src/openssl/crypto.c @@ -363,12 +363,14 @@ xmlSecCryptoGetFunctions_openssl(void) { gXmlSecOpenSSLFunctions->transformRsaPssSha3_512GetKlass = xmlSecOpenSSLTransformRsaPssSha3_512GetKlass; #endif /* XMLSEC_NO_SHA3 */ +#ifndef XMLSEC_NO_RSA_PKCS15 gXmlSecOpenSSLFunctions->transformRsaPkcs1GetKlass = xmlSecOpenSSLTransformRsaPkcs1GetKlass; +#endif /* XMLSEC_NO_RSA_PKCS15 */ -#ifndef XMLSEC_OPENSSL_NO_RSA_OAEP +#ifndef XMLSEC_NO_RSA_OAEP gXmlSecOpenSSLFunctions->transformRsaOaepGetKlass = xmlSecOpenSSLTransformRsaOaepGetKlass; gXmlSecOpenSSLFunctions->transformRsaOaepEnc11GetKlass = xmlSecOpenSSLTransformRsaOaepEnc11GetKlass; -#endif /* XMLSEC_OPENSSL_NO_RSA_OAEP */ +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c index 030e23b97..c0c7394a3 100644 --- a/src/openssl/kt_rsa.c +++ b/src/openssl/kt_rsa.c @@ -44,6 +44,7 @@ #include "../cast_helpers.h" #include "../transform_helpers.h" +#ifndef XMLSEC_NO_RSA_PKCS15 /************************************************************************** * @@ -509,8 +510,9 @@ xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform) { return(0); } +#endif /* XMLSEC_NO_RSA_PKCS15 */ -#ifndef XMLSEC_OPENSSL_NO_RSA_OAEP +#ifndef XMLSEC_NO_RSA_OAEP /************************************************************************** * * Internal OpenSSL RSA OAEP CTX @@ -1367,7 +1369,7 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform) { return(0); } -#endif /* XMLSEC_OPENSSL_NO_RSA_OAEP */ +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ diff --git a/src/openssl/openssl_compat.h b/src/openssl/openssl_compat.h index 7b80cc08e..93fdde42e 100644 --- a/src/openssl/openssl_compat.h +++ b/src/openssl/openssl_compat.h @@ -24,7 +24,7 @@ #define XMLSEC_OPENSSL_NO_STORE 1 #define XMLSEC_OPENSSL_NO_DEEP_COPY 1 #define XMLSEC_OPENSSL_NO_CRL_VERIFICATION 1 -#define XMLSEC_OPENSSL_NO_RSA_OAEP 1 +#define XMLSEC_NO_RSA_OAEP 1 #define XMLSEC_NO_DH 1 #define XMLSEC_NO_DSA 1 #define XMLSEC_NO_SHA3 1 diff --git a/src/transforms.c b/src/transforms.c index 9749b716b..4bd96ff2d 100644 --- a/src/transforms.c +++ b/src/transforms.c @@ -3519,6 +3519,7 @@ xmlSecTransformPbkdf2ParamsRead(xmlSecTransformPbkdf2ParamsPtr params, xmlNodePt #ifndef XMLSEC_NO_RSA +#ifndef XMLSEC_NO_RSA_OAEP int xmlSecTransformRsaOaepParamsInitialize(xmlSecTransformRsaOaepParamsPtr oaepParams) { int ret; @@ -3604,5 +3605,5 @@ xmlSecTransformRsaOaepParamsRead(xmlSecTransformRsaOaepParamsPtr oaepParams, xml /* done */ return(0); } - +#endif /* XMLSEC_NO_RSA_OAEP */ #endif /* XMLSEC_NO_RSA */ From ad52566908d62b804e1804c0350388056c880a4b Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Fri, 12 Apr 2024 21:54:33 -0400 Subject: [PATCH 2/3] Add rsa-pkcs15 config on windows --- src/mscng/kt_rsa.c | 37 ++++++++++++++++++----- win32/Makefile.msvc | 12 +++++++- win32/configure.js | 74 ++++++++++++++++++++++++++------------------- win32/mycfg.bat | 2 +- 4 files changed, 85 insertions(+), 40 deletions(-) diff --git a/src/mscng/kt_rsa.c b/src/mscng/kt_rsa.c index 4e3235485..41710c75d 100644 --- a/src/mscng/kt_rsa.c +++ b/src/mscng/kt_rsa.c @@ -57,15 +57,23 @@ XMLSEC_TRANSFORM_DECLARE(MSCngRsaPkcs1Oaep, xmlSecMSCngRsaPkcs1OaepCtx) static int xmlSecMSCngRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) { +#ifndef XMLSEC_NO_RSA_PKCS15 if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaPkcs1Id)) { return(1); - } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId)) { + } else +#endif /* XMLSEC_NO_RSA_PKCS15 */ + +#ifndef XMLSEC_NO_RSA_OAEP + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId)) { return(1); } else if (xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepEnc11Id)) { return(1); - } + } else +#endif /* XMLSEC_NO_RSA_OAEP */ - return(0); + { + return(0); + } } static int @@ -236,6 +244,7 @@ xmlSecMSCngRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { } /* encrypt */ +#ifndef XMLSEC_NO_RSA_PKCS15 if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaPkcs1Id)) { status = BCryptEncrypt(hPubKey, inBuf, @@ -252,7 +261,11 @@ xmlSecMSCngRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { xmlSecTransformGetName(transform), status); return(-1); } - } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId) || xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepEnc11Id)) { + } else +#endif /* XMLSEC_NO_RSA_PKCS15 */ + +#ifndef XMLSEC_NO_RSA_OAEP + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId) || xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepEnc11Id)) { BCRYPT_OAEP_PADDING_INFO paddingInfo; xmlSecSize oaepParamsSize; @@ -276,10 +289,13 @@ xmlSecMSCngRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { xmlSecMSCngNtError("BCryptEncrypt", xmlSecTransformGetName(transform), status); return(-1); } - } else { + } else +#endif /* XMLSEC_NO_RSA_OAEP */ + { xmlSecInvalidTransfromError(transform) return(-1); } + } else { /* this should be true since we checked above, but let's double check */ if (inSize != outSize) { @@ -297,6 +313,7 @@ xmlSecMSCngRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { } /* decrypt */ +#ifndef XMLSEC_NO_RSA_PKCS15 if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaPkcs1Id)) { securityStatus = NCryptDecrypt(hPrivKey, inBuf, @@ -311,7 +328,11 @@ xmlSecMSCngRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { xmlSecTransformGetName(transform), securityStatus); return(-1); } - } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId) || xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepEnc11Id)) { + } else +#endif /* XMLSEC_NO_RSA_PKCS15 */ + +#ifndef XMLSEC_NO_RSA_OAEP + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId) || xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepEnc11Id)) { BCRYPT_OAEP_PADDING_INFO paddingInfo; xmlSecSize oaepParamsSize; @@ -334,7 +355,9 @@ xmlSecMSCngRsaPkcs1OaepProcess(xmlSecTransformPtr transform) { xmlSecTransformGetName(transform), securityStatus); return(-1); } - } else { + } else +#endif /* XMLSEC_NO_RSA_OAEP */ + { xmlSecInvalidTransfromError(transform) return(-1); } diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc index 1980169f7..dad0bc497 100755 --- a/win32/Makefile.msvc +++ b/win32/Makefile.msvc @@ -371,10 +371,20 @@ CFLAGS = $(CFLAGS) /D "HAVE_STDIO_H" /D "HAVE_STDLIB_H" CFLAGS = $(CFLAGS) /D "HAVE_STRING_H" /D "HAVE_CTYPE_H" CFLAGS = $(CFLAGS) /D "HAVE_MALLOC_H" /D "HAVE_MEMORY_H" CFLAGS = $(CFLAGS) /D "WIN32_LEAN_AND_MEAN" -CFLAGS = $(CFLAGS) /D "XMLSEC_NO_GOST" /D "XMLSEC_NO_GOST2012" CFLAGS = $(CFLAGS) /I$(BASEDIR) /I$(BASEDIR)\include CFLAGS = $(CFLAGS) /I$(INCPREFIX) +!if "$(WITH_GOST)" == "1" +CFLAGS = $(CFLAGS) +!else +CFLAGS = $(CFLAGS) /D "XMLSEC_NO_GOST" /D "XMLSEC_NO_GOST2012" +!endif + +!if "$(WITH_RSA_PKCS15)" == "1" +CFLAGS = $(CFLAGS) +!else +CFLAGS = $(CFLAGS) /D "XMLSEC_NO_RSA_PKCS15" +!endif !if "$(WITH_LEGACY_CRYPTO)" == "1" CFLAGS = $(CFLAGS) diff --git a/win32/configure.js b/win32/configure.js index 5e9f18209..ef07b6768 100644 --- a/win32/configure.js +++ b/win32/configure.js @@ -52,6 +52,8 @@ var withLibXSLT = 1; var withIconv = 1; var withFTP = 0; /* disable ftp by default */ var withHTTP = 1; +var withGost = 0; +var withRsaPkcs15 = 1; var withLegacyCrypto = 0; /* Win32 build options. */ @@ -121,7 +123,9 @@ function usage() txt += " iconv: Use the iconv library (" + (withIconv? "yes" : "no") + ")\n"; txt += " ftp: Enable FTP support (" + (withFTP ? "yes" : "no") + ")\n"; txt += " http: Enable HTTP support (" + (withHTTP ? "yes" : "no") + ")\n"; - txt += " legacy - crypto: Use the size_t (" + (withLegacyCrypto ? "yes" : "no") + ")\n"; + txt += " rsa-pkcs15: Enable RSA PKCS#1.5 key transport (" + (withRsaPkcs15 ? "yes" : "no") + ")\n"; + txt += " gost: Enable GOST algorithms (" + (withGost ? "yes" : "no") + ")\n"; + txt += " legacy-crypto: Enable legacy crypto algorithms (" + (withLegacyCrypto ? "yes" : "no") + ")\n"; txt += "\nWin32 build options, default value given in parentheses:\n\n"; txt += " unicode: Build Unicode version (" + (buildUnicode? "yes" : "no") + ")\n"; txt += " debug: Build unoptimised debug executables (" + (buildDebug? "yes" : "no") + ")\n"; @@ -195,6 +199,8 @@ function discoverVersion() vf.WriteLine("WITH_ICONV=" + (withIconv ? "1" : "0")); vf.WriteLine("WITH_FTP=" + (withFTP ? "1" : "0")); vf.WriteLine("WITH_HTTP=" + (withHTTP ? "1" : "0")); + vf.WriteLine("WITH_GOST=" + (withGost ? "1" : "0")); + vf.WriteLine("WITH_RSA_PKCS15=" + (withRsaPkcs15 ? "1" : "0")); vf.WriteLine("WITH_LEGACY_CRYPTO=" + (withLegacyCrypto ? "1" : "0")); vf.WriteLine("UNICODE=" + (buildUnicode? "1" : "0")); vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0")); @@ -334,6 +340,10 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) { withFTP = strToBool(arg.substring(opt.length + 1, arg.length)); else if (opt == "http") withHTTP = strToBool(arg.substring(opt.length + 1, arg.length)); + else if (opt == "rsa-pkcs15") + withRsaPkcs15 = strToBool(arg.substring(opt.length + 1, arg.length)); + else if (opt == "gost") + withGost = strToBool(arg.substring(opt.length + 1, arg.length)); else if (opt == "legacy-crypto") withLegacyCrypto = strToBool(arg.substring(opt.length + 1, arg.length)); else if (opt == "unicode") @@ -469,42 +479,44 @@ WScript.Echo("Created Makefile."); // Display the final configuration. var txtOut = "\nXMLSEC configuration\n"; txtOut += "----------------------------\n"; -txtOut += " Use Crypto: " + withCrypto + "\n"; -txtOut += " Use Default Crypto: " + withDefaultCrypto + "\n"; -txtOut += " Use OpenSSL: " + boolToStr(withOpenSSL) + "\n"; -txtOut += "Use OpenSSL Version: " + withOpenSSLVersion + "\n"; -txtOut += " Use NSS: " + boolToStr(withNss) + "\n"; -txtOut += " Use MSCrypto: " + boolToStr(withMSCrypto) + "\n"; -txtOut += " Use MSCng: " + boolToStr(withMSCng) + "\n"; -txtOut += " Use LibXSLT: " + boolToStr(withLibXSLT) + "\n"; -txtOut += " Use iconv: " + boolToStr(withIconv) + "\n"; -txtOut += " Use legacy crypto: " + boolToStr(withLegacyCrypto) + "\n"; -txtOut += " Support FTP: " + boolToStr(withFTP) + "\n"; -txtOut += " Support HTTP: " + boolToStr(withHTTP) + "\n"; +txtOut += " Use Crypto: " + withCrypto + "\n"; +txtOut += " Use Default Crypto: " + withDefaultCrypto + "\n"; +txtOut += " Use OpenSSL: " + boolToStr(withOpenSSL) + "\n"; +txtOut += " Use OpenSSL Version: " + withOpenSSLVersion + "\n"; +txtOut += " Use NSS: " + boolToStr(withNss) + "\n"; +txtOut += " Use MSCrypto: " + boolToStr(withMSCrypto) + "\n"; +txtOut += " Use MSCng: " + boolToStr(withMSCng) + "\n"; +txtOut += " Use LibXSLT: " + boolToStr(withLibXSLT) + "\n"; +txtOut += " Use iconv: " + boolToStr(withIconv) + "\n"; +txtOut += " Enable RSA PKCS#1.5: " + boolToStr(withRsaPkcs15) + "\n"; +txtOut += " Enable GOST: " + boolToStr(withGost) + "\n"; +txtOut += "Enable legacy crypto: " + boolToStr(withLegacyCrypto) + "\n"; +txtOut += " Support FTP: " + boolToStr(withFTP) + "\n"; +txtOut += " Support HTTP: " + boolToStr(withHTTP) + "\n"; txtOut += "\n"; txtOut += "Win32 build configuration\n"; txtOut += "-------------------------\n"; -txtOut += " C-Runtime option: " + cruntime + "\n"; -txtOut += " Unicode: " + boolToStr(buildUnicode) + "\n"; -txtOut += " Debug symbols: " + boolToStr(buildDebug) + "\n"; -txtOut += " Memcheck: " + boolToStr(buildWithMemcheck) + "\n"; -txtOut += "Warnings as errors: " + boolToStr(buildWerror) + "\n"; -txtOut += " Pedantic: " + boolToStr(buildPedantic) + "\n"; -txtOut += " C compiler: " + buildCc + "\n"; -txtOut += " C compiler flags: " + buildCflags + "\n"; -txtOut += "Static xmlsec libs: " + boolToStr(buildStatic) + "\n"; -txtOut += " Enable DL support: " + boolToStr(buildWithDLSupport) + "\n"; -txtOut += " Install prefix: " + buildPrefix + "\n"; -txtOut += " Put tools in: " + buildBinPrefix + "\n"; -txtOut += " Put headers in: " + buildIncPrefix + "\n"; -txtOut += "Put static libs in: " + buildLibPrefix + "\n"; -txtOut += "Put shared libs in: " + buildSoPrefix + "\n"; -txtOut += " Include path: " + buildInclude + "\n"; -txtOut += " Lib path: " + buildLib + "\n"; +txtOut += " C-Runtime option: " + cruntime + "\n"; +txtOut += " Unicode: " + boolToStr(buildUnicode) + "\n"; +txtOut += " Debug symbols: " + boolToStr(buildDebug) + "\n"; +txtOut += " Memcheck: " + boolToStr(buildWithMemcheck) + "\n"; +txtOut += " Warnings as errors: " + boolToStr(buildWerror) + "\n"; +txtOut += " Pedantic: " + boolToStr(buildPedantic) + "\n"; +txtOut += " C compiler: " + buildCc + "\n"; +txtOut += " C compiler flags: " + buildCflags + "\n"; +txtOut += " Static xmlsec libs: " + boolToStr(buildStatic) + "\n"; +txtOut += " Enable DL support: " + boolToStr(buildWithDLSupport) + "\n"; +txtOut += " Install prefix: " + buildPrefix + "\n"; +txtOut += " Put tools in: " + buildBinPrefix + "\n"; +txtOut += " Put headers in: " + buildIncPrefix + "\n"; +txtOut += " Put static libs in: " + buildLibPrefix + "\n"; +txtOut += " Put shared libs in: " + buildSoPrefix + "\n"; +txtOut += " Include path: " + buildInclude + "\n"; +txtOut += " Lib path: " + buildLib + "\n"; txtOut += "\n"; txtOut += "Crypto configuration\n"; txtOut += "-------------------------\n"; -txtOut += "Use OpenSSL3 Engine: " + boolToStr(withOpenSSL3Engines) + "\n"; +txtOut += " Use OpenSSL3 Engine: " + boolToStr(withOpenSSL3Engines) + "\n"; WScript.Echo(txtOut); // Done. diff --git a/win32/mycfg.bat b/win32/mycfg.bat index bfea3edae..2edc63acf 100644 --- a/win32/mycfg.bat +++ b/win32/mycfg.bat @@ -18,7 +18,7 @@ SET XMLSEC_PREFIX=%PREFIX%\xmlsec SET XMLSEC_INCLUDE=%LIBXML2_PREFIX%\include;%LIBXML2_PREFIX%\include\libxml2;%LIBXSLT_PREFIX%\include;%OPENSSL_PREFIX%\include;%MSSDK_INCLUDE% SET XMLSEC_LIB=%LIBXML2_PREFIX%\lib;%LIBXSLT_PREFIX%\lib;%OPENSSL_PREFIX%\lib;%MSSDK_LIB% -SET XMLSEC_OPTIONS=pedantic=yes static=yes with-dl=yes iconv=no cruntime=/MD debug=yes xslt=yes crypto=%XMLSEC_CRYPTO% unicode=yes legacy-crypto=yes +SET XMLSEC_OPTIONS=pedantic=yes static=yes with-dl=yes iconv=no cruntime=/MD debug=yes xslt=yes crypto=%XMLSEC_CRYPTO% unicode=yes legacy-crypto=yes nmake clean del /F Makefile configure.txt From 8510fac3891375f0e45d1267fe7a29dd630592b1 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Fri, 12 Apr 2024 22:04:26 -0400 Subject: [PATCH 3/3] Fix NSS includes --- include/xmlsec/nss/crypto.h | 2 +- src/nss/app.c | 2 +- src/nss/ciphers_cbc.c | 2 +- src/nss/ciphers_gcm.c | 2 +- src/nss/crypto.c | 2 +- src/nss/digests.c | 2 +- src/nss/hmac.c | 2 +- src/nss/keysstore.c | 2 +- src/nss/keytrans.c | 2 +- src/nss/kw_aes.c | 2 +- src/nss/kw_des.c | 2 +- src/nss/pbkdf2.c | 2 +- src/nss/pkikeys.c | 2 +- src/nss/x509.c | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h index aa97f1d2f..2ec4e8bab 100644 --- a/include/xmlsec/nss/crypto.h +++ b/include/xmlsec/nss/crypto.h @@ -12,7 +12,7 @@ #include #include -#include +#include #include #include diff --git a/src/nss/app.c b/src/nss/app.c index a640bcaa8..38ba1b317 100644 --- a/src/nss/app.c +++ b/src/nss/app.c @@ -26,7 +26,7 @@ #include #include #include -#include +#include #include #include /* diff --git a/src/nss/ciphers_cbc.c b/src/nss/ciphers_cbc.c index d9389358e..da70b5adb 100644 --- a/src/nss/ciphers_cbc.c +++ b/src/nss/ciphers_cbc.c @@ -20,7 +20,7 @@ #include #include #include -#include +#include #include #include diff --git a/src/nss/ciphers_gcm.c b/src/nss/ciphers_gcm.c index a6cb120f7..902815782 100644 --- a/src/nss/ciphers_gcm.c +++ b/src/nss/ciphers_gcm.c @@ -19,7 +19,7 @@ #include #include #include -#include +#include #include #include diff --git a/src/nss/crypto.c b/src/nss/crypto.c index 2c5b24fbe..9775f31ef 100644 --- a/src/nss/crypto.c +++ b/src/nss/crypto.c @@ -22,7 +22,7 @@ #include #include -#include +#include #include #include #include diff --git a/src/nss/digests.c b/src/nss/digests.c index bf1428d33..91564ccd5 100644 --- a/src/nss/digests.c +++ b/src/nss/digests.c @@ -20,7 +20,7 @@ #include #include #include -#include +#include #include #include diff --git a/src/nss/hmac.c b/src/nss/hmac.c index cb97e6bbc..26aa3453f 100644 --- a/src/nss/hmac.c +++ b/src/nss/hmac.c @@ -21,7 +21,7 @@ #include #include #include -#include +#include #include #include diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c index 04f221e62..d233ec8b4 100644 --- a/src/nss/keysstore.c +++ b/src/nss/keysstore.c @@ -30,7 +30,7 @@ #include #include -#include +#include #include #include diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c index 866d6acde..80274fa85 100644 --- a/src/nss/keytrans.c +++ b/src/nss/keytrans.c @@ -19,7 +19,7 @@ #include #include -#include +#include #include #include diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c index 2d4933f8d..d5f1a63cd 100644 --- a/src/nss/kw_aes.c +++ b/src/nss/kw_aes.c @@ -22,7 +22,7 @@ #include #include -#include +#include #include #include diff --git a/src/nss/kw_des.c b/src/nss/kw_des.c index 90133dd4d..88f573ab5 100644 --- a/src/nss/kw_des.c +++ b/src/nss/kw_des.c @@ -21,7 +21,7 @@ #include #include -#include +#include #include #include diff --git a/src/nss/pbkdf2.c b/src/nss/pbkdf2.c index a50e36d8c..6cf04d304 100644 --- a/src/nss/pbkdf2.c +++ b/src/nss/pbkdf2.c @@ -22,7 +22,7 @@ #include #include -#include +#include #include #include diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c index d609fcb9a..87916e13e 100644 --- a/src/nss/pkikeys.c +++ b/src/nss/pkikeys.c @@ -20,7 +20,7 @@ #include -#include +#include #include #include diff --git a/src/nss/x509.c b/src/nss/x509.c index 98c63528e..115d542e2 100644 --- a/src/nss/x509.c +++ b/src/nss/x509.c @@ -33,7 +33,7 @@ #include #include #include -#include +#include #include #include