Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(xmlsec-all) Add configure options to disable RSA-PKCS#1.5 and RSA-OAEP key transports #781

Merged
merged 3 commits into from
Apr 13, 2024
Merged

(xmlsec-all) Add configure options to disable RSA-PKCS#1.5 and RSA-OAEP key transports #781

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4897a9b
(xmlsec-all) Add configure options to diable RSA-PKCS#1.5 and RSA-OAE…
lsh123 Apr 13, 2024
ad52566
Add rsa-pkcs15 config on windows
lsh123 Apr 13, 2024
8510fac
Fix NSS includes
lsh123 Apr 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 63 additions & 33 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1855,7 +1855,7 @@ if test "z$build_on_windows" = "zyes" ; then
fi

dnl ==========================================================================
dnl See do we need files support
dnl Check if we need files support
dnl ==========================================================================
AC_MSG_CHECKING(for files support)
AC_ARG_ENABLE([files], [AS_HELP_STRING([--enable-files],[enable files support (yes)])])
Expand All @@ -1871,7 +1871,7 @@ AM_CONDITIONAL(XMLSEC_NO_FILES, test "z$XMLSEC_NO_FILES" = "z1")
AC_SUBST(XMLSEC_NO_FILES)

dnl ==========================================================================
dnl See do we need FTP support
dnl Check if we need FTP support
dnl ==========================================================================
AC_MSG_CHECKING(for FTP support)
AC_ARG_ENABLE([ftp], [AS_HELP_STRING([--enable-ftp],[enable FTP support (no, deprecated)])])
Expand All @@ -1887,7 +1887,7 @@ AM_CONDITIONAL(XMLSEC_NO_FTP, test "z$XMLSEC_NO_FTP" = "z1")
AC_SUBST(XMLSEC_NO_FTP)

dnl ==========================================================================
dnl See do we need HTTP support
dnl Check if we need HTTP support
dnl ==========================================================================
AC_MSG_CHECKING(for HTTP support)
AC_ARG_ENABLE([http], [AS_HELP_STRING([--enable-http],[enable HTTP support (yes)])])
Expand All @@ -1903,7 +1903,7 @@ AM_CONDITIONAL(XMLSEC_NO_HTTP, test "z$XMLSEC_NO_HTTP" = "z1")
AC_SUBST(XMLSEC_NO_HTTP)

dnl ==========================================================================
dnl See do we need MD5 support
dnl Check if we need MD5 support
dnl ==========================================================================
AC_MSG_CHECKING(for MD5 support)
AC_ARG_ENABLE([md5], [AS_HELP_STRING([--enable-md5],[enable MD5 support (no, deprecated)])])
Expand All @@ -1919,7 +1919,7 @@ AM_CONDITIONAL(XMLSEC_NO_MD5, test "z$XMLSEC_NO_MD5" = "z1")
AC_SUBST(XMLSEC_NO_MD5)

dnl ==========================================================================
dnl See do we need RIPEMD-160 support
dnl Check if we need RIPEMD-160 support
dnl ==========================================================================
AC_MSG_CHECKING(for RIPEMD-160 support)
AC_ARG_ENABLE([ripemd160], [AS_HELP_STRING([--enable-ripemd160],[enable RIPEMD-160 support (yes)])])
Expand All @@ -1935,7 +1935,7 @@ AM_CONDITIONAL(XMLSEC_NO_RIPEMD160, test "z$XMLSEC_NO_RIPEMD160" = "z1")
AC_SUBST(XMLSEC_NO_RIPEMD160)

dnl ==========================================================================
dnl See do we need SHA1 support
dnl Check if we need SHA1 support
dnl ==========================================================================
AC_MSG_CHECKING(for SHA1 support)
AC_ARG_ENABLE([sha1], [AS_HELP_STRING([--enable-sha1],[enable SHA1 support (yes, use discouraged)])])
Expand All @@ -1951,7 +1951,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA1, test "z$XMLSEC_NO_SHA1" = "z1")
AC_SUBST(XMLSEC_NO_SHA1)

dnl ==========================================================================
dnl See do we need SHA224 support
dnl Check if we need SHA224 support
dnl ==========================================================================
AC_MSG_CHECKING(for SHA224 support)
AC_ARG_ENABLE([sha224], [AS_HELP_STRING([--enable-sha224],[enable SHA224 support (yes)])])
Expand All @@ -1967,7 +1967,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA224, test "z$XMLSEC_NO_SHA224" = "z1")
AC_SUBST(XMLSEC_NO_SHA224)

dnl ==========================================================================
dnl See do we need SHA256 support
dnl Check if we need SHA256 support
dnl ==========================================================================
AC_MSG_CHECKING(for SHA256 support)
AC_ARG_ENABLE([sha256], [AS_HELP_STRING([--enable-sha256],[enable SHA256 support (yes)])])
Expand All @@ -1983,7 +1983,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA256, test "z$XMLSEC_NO_SHA256" = "z1")
AC_SUBST(XMLSEC_NO_SHA256)

dnl ==========================================================================
dnl See do we need SHA384 support
dnl Check if we need SHA384 support
dnl ==========================================================================
AC_MSG_CHECKING(for SHA384 support)
AC_ARG_ENABLE([sha384], [AS_HELP_STRING([--enable-sha384],[enable SHA384 support (yes)])])
Expand All @@ -1999,7 +1999,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA384, test "z$XMLSEC_NO_SHA384" = "z1")
AC_SUBST(XMLSEC_NO_SHA384)

dnl ==========================================================================
dnl See do we need SHA512 support
dnl Check if we need SHA512 support
dnl ==========================================================================
AC_MSG_CHECKING(for SHA512 support)
AC_ARG_ENABLE([sha512], [AS_HELP_STRING([--enable-sha512],[enable SHA512 support (yes)])])
Expand All @@ -2015,7 +2015,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA512, test "z$XMLSEC_NO_SHA512" = "z1")
AC_SUBST(XMLSEC_NO_SHA512)

dnl ==========================================================================
dnl See do we need SHA3 support
dnl Check if we need SHA3 support
dnl ==========================================================================
AC_MSG_CHECKING(for SHA3 support)
AC_ARG_ENABLE([sha3], [AS_HELP_STRING([--enable-sha3],[enable SHA3 support (yes)])])
Expand All @@ -2031,7 +2031,7 @@ AM_CONDITIONAL(XMLSEC_NO_SHA3, test "z$XMLSEC_NO_SHA3" = "z1")
AC_SUBST(XMLSEC_NO_SHA3)

dnl ==========================================================================
dnl See do we need HMAC support
dnl Check if we need HMAC support
dnl ==========================================================================
AC_MSG_CHECKING(for HMAC support)
AC_ARG_ENABLE([hmac], [AS_HELP_STRING([--enable-hmac],[enable HMAC support (yes)])])
Expand All @@ -2047,7 +2047,7 @@ AM_CONDITIONAL(XMLSEC_NO_HMAC, test "z$XMLSEC_NO_HMAC" = "z1")
AC_SUBST(XMLSEC_NO_HMAC)

dnl ==========================================================================
dnl See do we need DH support
dnl Check if we need DH support
dnl ==========================================================================
AC_MSG_CHECKING(for DH support)
AC_ARG_ENABLE([dh], [AS_HELP_STRING([--enable-dh],[enable DH support (yes)])])
Expand All @@ -2064,7 +2064,7 @@ AC_SUBST(XMLSEC_NO_DH)


dnl ==========================================================================
dnl See do we need DSA support
dnl Check if we need DSA support
dnl ==========================================================================
AC_MSG_CHECKING(for DSA support)
AC_ARG_ENABLE([dsa], [AS_HELP_STRING([--enable-dsa],[enable DSA support (yes)])])
Expand All @@ -2080,7 +2080,7 @@ AM_CONDITIONAL(XMLSEC_NO_DSA, test "z$XMLSEC_NO_DSA" = "z1")
AC_SUBST(XMLSEC_NO_DSA)

dnl ==========================================================================
dnl See do we need MD5 support
dnl Check if we need MD5 support
dnl ==========================================================================
AC_MSG_CHECKING(for MD5 support)
AC_ARG_ENABLE([md5], [AS_HELP_STRING([--enable-md5],[enable MD5 support (no, deprecated)])])
Expand All @@ -2096,7 +2096,7 @@ AM_CONDITIONAL(XMLSEC_NO_MD5, test "z$XMLSEC_NO_MD5" = "z1")
AC_SUBST(XMLSEC_NO_MD5)

dnl ==========================================================================
dnl See do we need RSA support
dnl Check if we need RSA support
dnl ==========================================================================
AC_MSG_CHECKING(for RSA support)
AC_ARG_ENABLE([rsa], [AS_HELP_STRING([--enable-rsa],[enable RSA support (yes)])])
Expand All @@ -2111,9 +2111,40 @@ fi
AM_CONDITIONAL(XMLSEC_NO_RSA, test "z$XMLSEC_NO_RSA" = "z1")
AC_SUBST(XMLSEC_NO_RSA)

dnl ==========================================================================
dnl Check if we need RSA PKCS 1.5 support
dnl ==========================================================================
AC_MSG_CHECKING(for RSA PKCS 1.5 support)
AC_ARG_ENABLE([rsa-pkcs15], [AS_HELP_STRING([--enable-rsa-pkcs15], [enable RSA PKCS 1.5 support (yes)])])
if test "z$enable_rsa_pkcs15" = "zno" ; then
XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RSA_PKCS15=1"
XMLSEC_NO_RSA_PKCS15="1"
AC_MSG_RESULT([disabled])
else
XMLSEC_NO_RSA_PKCS15="0"
AC_MSG_RESULT([yes])
fi
AM_CONDITIONAL(XMLSEC_NO_RSA_PKCS15, test "z$XMLSEC_NO_RSA_PKCS15" = "z1")
AC_SUBST(XMLSEC_NO_RSA_PKCS15)

dnl ==========================================================================
dnl Check if we need RSA OAEP support
dnl ==========================================================================
AC_MSG_CHECKING(for RSA OAEP support)
AC_ARG_ENABLE([rsa-oaep], [AS_HELP_STRING([--enable-rsa-oaep], [enable RSA OAEP support (yes)])])
if test "z$enable_rsa_oaep" = "zno" ; then
XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RSA_OAEP=1"
XMLSEC_NO_RSA_OAEP="1"
AC_MSG_RESULT([disabled])
else
XMLSEC_NO_RSA_OAEP="0"
AC_MSG_RESULT([yes])
fi
AM_CONDITIONAL(XMLSEC_NO_RSA_OAEP, test "z$XMLSEC_NO_RSA_OAEP" = "z1")
AC_SUBST(XMLSEC_NO_RSA_OAEP)

dnl ==========================================================================
dnl See do we need EC (Eliptic Curve) support
dnl Check if we need EC (Eliptic Curve) support
dnl ==========================================================================
AC_MSG_CHECKING(for Eliptic Curve support)
AC_ARG_ENABLE([ec], [AS_HELP_STRING([--enable-ec],[enable EC support (yes)])])
Expand All @@ -2129,7 +2160,7 @@ AM_CONDITIONAL(XMLSEC_NO_EC, test "z$XMLSEC_NO_EC" = "z1")
AC_SUBST(XMLSEC_NO_EC)

dnl ==========================================================================
dnl See do we need x509 support
dnl Check if we need x509 support
dnl ==========================================================================
AC_MSG_CHECKING(for x509 support)
AC_ARG_ENABLE([x509], [AS_HELP_STRING([--enable-x509],[enable x509 support (yes)])])
Expand All @@ -2145,7 +2176,7 @@ AM_CONDITIONAL(XMLSEC_NO_X509, test "z$XMLSEC_NO_X509" = "z1")
AC_SUBST(XMLSEC_NO_X509)

dnl ==========================================================================
dnl See do we need DES support
dnl Check if we need DES support
dnl ==========================================================================
AC_MSG_CHECKING(for DES support)
AC_ARG_ENABLE([des], [AS_HELP_STRING([--enable-des],[enable DES support (yes, deprecated)])])
Expand All @@ -2161,7 +2192,7 @@ AM_CONDITIONAL(XMLSEC_NO_DES, test "z$XMLSEC_NO_DES" = "z1")
AC_SUBST(XMLSEC_NO_DES)

dnl ==========================================================================
dnl See do we need AES support
dnl Check if we need AES support
dnl ==========================================================================
AC_MSG_CHECKING(for AES support)
AC_ARG_ENABLE([aes], [AS_HELP_STRING([--enable-aes],[enable AES support])])
Expand All @@ -2177,7 +2208,7 @@ AM_CONDITIONAL(XMLSEC_NO_AES, test "z$XMLSEC_NO_AES" = "z1")
AC_SUBST(XMLSEC_NO_AES)

dnl ==========================================================================
dnl See do we need ConcatKDF support
dnl Check if we need ConcatKDF support
dnl ==========================================================================
AC_MSG_CHECKING(for ConcatKDF support)
AC_ARG_ENABLE([concatkdf], [AS_HELP_STRING([--enable-concatkdf],[enable ConcatKDF support (yes)])])
Expand All @@ -2193,7 +2224,7 @@ AM_CONDITIONAL(XMLSEC_NO_CONCATKDF, test "z$XMLSEC_NO_CONCATKDF" = "z1")
AC_SUBST(XMLSEC_NO_CONCATKDF)

dnl ==========================================================================
dnl See do we need PBKDF2 support
dnl Check if we need PBKDF2 support
dnl ==========================================================================
AC_MSG_CHECKING(for PBKDF2 support)
AC_ARG_ENABLE([pbkdf2], [AS_HELP_STRING([--enable-pbkdf2],[enable PBKDF2 support (yes)])])
Expand All @@ -2209,10 +2240,10 @@ AM_CONDITIONAL(XMLSEC_NO_PBKDF2, test "z$XMLSEC_NO_PBKDF2" = "z1")
AC_SUBST(XMLSEC_NO_PBKDF2)

dnl ==========================================================================
dnl See do we need GOST 2001 support
dnl Check if we need GOST 2001 support
dnl ==========================================================================
AC_MSG_CHECKING(for GOST 2001 support)
AC_ARG_ENABLE([gost], [AS_HELP_STRING([--enable-gost],[enable GOST-2001 support (no)])])
AC_ARG_ENABLE([gost], [AS_HELP_STRING([--enable-gost], [enable GOST-2001 support (no)])])
if test "z$enable_gost" != "zyes" ; then
XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_GOST=1"
XMLSEC_NO_GOST="1"
Expand All @@ -2225,10 +2256,10 @@ AM_CONDITIONAL(XMLSEC_NO_GOST, test "z$XMLSEC_NO_GOST" = "z1")
AC_SUBST(XMLSEC_NO_GOST)

dnl ==========================================================================
dnl See do we need GOST 2012 support
dnl Check if we need GOST 2012 support
dnl ==========================================================================
AC_MSG_CHECKING(for GOST 2012 support)
AC_ARG_ENABLE([gost2012], [AS_HELP_STRING([--enable-gost2012],[enable GOST-2012 support (no)])])
AC_ARG_ENABLE([gost2012], [AS_HELP_STRING([--enable-gost2012], [enable GOST-2012 support (no)])])
if test "z$enable_gost2012" != "zyes" ; then
XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_GOST2012=1"
XMLSEC_NO_GOST2012="1"
Expand All @@ -2240,9 +2271,8 @@ fi
AM_CONDITIONAL(XMLSEC_NO_GOST2012, test "z$XMLSEC_NO_GOST2012" = "z1")
AC_SUBST(XMLSEC_NO_GOST2012)


dnl ==========================================================================
dnl See do we need XMLDSig support
dnl Check if we need XMLDSig support
dnl ==========================================================================
AC_MSG_CHECKING(for XMLDSig support)
AC_ARG_ENABLE([xmldsig], [AS_HELP_STRING([--enable-xmldsig],[enable XMLDSig support (yes)])])
Expand All @@ -2258,7 +2288,7 @@ AM_CONDITIONAL(XMLSEC_NO_XMLDSIG, test "z$XMLSEC_NO_XMLDSIG" = "z1")
AC_SUBST(XMLSEC_NO_XMLDSIG)

dnl ==========================================================================
dnl See do we need XMLEnc support
dnl Check if we need XMLEnc support
dnl ==========================================================================
AC_MSG_CHECKING(for XMLEnc support)
AC_ARG_ENABLE([xmlenc], [AS_HELP_STRING([--enable-xmlenc],[enable XMLEnc support (yes)])])
Expand All @@ -2274,7 +2304,7 @@ AM_CONDITIONAL(XMLSEC_NO_XMLENC, test "z$XMLSEC_NO_XMLENC" = "z1")
AC_SUBST(XMLSEC_NO_XMLENC)

dnl ==========================================================================
dnl See do we need mans
dnl Check if we need mans
dnl ==========================================================================
AC_MSG_CHECKING(for mans)
AC_ARG_ENABLE([mans], [AS_HELP_STRING([--enable-mans],[enable manual pages (yes)])])
Expand All @@ -2289,7 +2319,7 @@ AM_CONDITIONAL(XMLSEC_MANS, test "z$XMLSEC_MANS" = "z1")
AC_SUBST(XMLSEC_MANS)

dnl ==========================================================================
dnl See do we need docs
dnl Check if we need docs
dnl ==========================================================================
AC_MSG_CHECKING(for docs)
AC_ARG_ENABLE([docs], [AS_HELP_STRING([--enable-docs],[enable documentation (yes)])])
Expand Down Expand Up @@ -2457,7 +2487,7 @@ AC_MSG_RESULT([$XMLSEC_DOCDIR])
AC_SUBST(XMLSEC_DOCDIR)

dnl ==========================================================================
dnl See do we need Simple Keys Manager
dnl Check if we need Simple Keys Manager
dnl ==========================================================================
AC_MSG_CHECKING(for Simple Keys Manager testing)
AC_ARG_ENABLE([skm], [AS_HELP_STRING([--enable-skm],[enable Simple Keys Manager testing (yes)])])
Expand All @@ -2469,7 +2499,7 @@ else
fi

dnl ==========================================================================
dnl See do we need templates tests
dnl Check if we need templates tests
dnl ==========================================================================
AC_MSG_CHECKING(for templates testing)
AC_ARG_ENABLE([tmpl_tests], [AS_HELP_STRING([--enable-tmpl-tests],[enable templates testing in xmlsec utility (yes)])])
Expand Down
5 changes: 4 additions & 1 deletion include/xmlsec/gcrypt/crypto.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPssSha3_384GetKla
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPssSha3_512GetKlass(void);
#endif /* XMLSEC_NO_SHA3 */

#ifndef XMLSEC_NO_RSA_PKCS15
/**
* xmlSecGCryptTransformRsaPkcs1Id:
*
Expand All @@ -544,7 +545,9 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPssSha3_512GetKla
#define xmlSecGCryptTransformRsaPkcs1Id \
xmlSecGCryptTransformRsaPkcs1GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaPkcs1GetKlass(void);
#endif /* XMLSEC_NO_RSA_PKCS15 */

#ifndef XMLSEC_NO_RSA_OAEP
/**
* xmlSecGCryptTransformRsaOaepId:
*
Expand All @@ -562,7 +565,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaOaepGetKlass(void
#define xmlSecGCryptTransformRsaOaepEnc11Id \
xmlSecGCryptTransformRsaOaepEnc11GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaOaepEnc11GetKlass(void);

#endif /* XMLSEC_NO_RSA_OAEP */

#endif /* XMLSEC_NO_RSA */

Expand Down
3 changes: 2 additions & 1 deletion include/xmlsec/gnutls/crypto.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -652,7 +652,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPssSha384GetKlass
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPssSha512GetKlass(void);
#endif /* XMLSEC_NO_SHA512 */


#ifndef XMLSEC_NO_RSA_PKCS15
/**
* xmlSecGnuTLSTransformRsaPkcs1Id:
*
Expand All @@ -661,6 +661,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPssSha512GetKlass
#define xmlSecGnuTLSTransformRsaPkcs1Id \
xmlSecGnuTLSTransformRsaPkcs1GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaPkcs1GetKlass(void);
#endif /* XMLSEC_NO_RSA_PKCS15 */

#endif /* XMLSEC_NO_RSA */

Expand Down
4 changes: 4 additions & 0 deletions include/xmlsec/mscng/crypto.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPssSha384GetKlass(
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPssSha512GetKlass(void);
#endif /* XMLSEC_NO_SHA512 */

#ifndef XMLSEC_NO_RSA_PKCS15
/**
* xmlSecMSCngTransformRsaPkcs1Id:
*
Expand All @@ -211,7 +212,9 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPssSha512GetKlass(
#define xmlSecMSCngTransformRsaPkcs1Id \
xmlSecMSCngTransformRsaPkcs1GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaPkcs1GetKlass(void);
#endif /* XMLSEC_NO_RSA_PKCS15 */

#ifndef XMLSEC_NO_RSA_OAEP
/**
* xmlSecMSCngTransformRsaOaepId:
*
Expand All @@ -230,6 +233,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaOaepGetKlass(void)
#define xmlSecMSCngTransformRsaOaepEnc11Id \
xmlSecMSCngTransformRsaOaepEnc11GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCngTransformRsaOaepEnc11GetKlass(void);
#endif /* XMLSEC_NO_RSA_OAEP */

#endif /* XMLSEC_NO_RSA */

Expand Down
Loading
Loading