Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xmlsec1 for openSUSE:Factory checked
in at 2021-12-01 20:46:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xmlsec1 (Old)
and /work/SRC/openSUSE:Factory/.xmlsec1.new.31177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmlsec1"
Wed Dec 1 20:46:48 2021 rev:17 rq:934506 version:1.2.33
Changes:
--------
--- /work/SRC/openSUSE:Factory/xmlsec1/xmlsec1.changes 2021-05-20
19:24:37.882048059 +0200
+++ /work/SRC/openSUSE:Factory/.xmlsec1.new.31177/xmlsec1.changes
2021-12-02 02:28:51.595860195 +0100
@@ -1,0 +2,7 @@
+Sun Nov 28 18:53:47 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 1.2.33:
+ * Fix decrypting session key for two recipients
+ * Added --privkey-openssl-engine option to enhance openssl engine support
+
+-------------------------------------------------------------------
Old:
----
xmlsec1-1.2.32.tar.gz
xmlsec1-1.2.32.tar.gz.sig
New:
----
xmlsec1-1.2.33.tar.gz
xmlsec1-1.2.33.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xmlsec1.spec ++++++
--- /var/tmp/diff_new_pack.dwtNrk/_old 2021-12-02 02:28:52.035858676 +0100
+++ /var/tmp/diff_new_pack.dwtNrk/_new 2021-12-02 02:28:52.039858662 +0100
@@ -23,7 +23,7 @@
%global libgnutls libxmlsec1-gnutls1
%global libnss libxmlsec1-nss1
Name: xmlsec1
-Version: 1.2.32
+Version: 1.2.33
Release: 0
Summary: Library providing support for "XML Signature" and "XML
Encryption" standards
License: MIT
++++++ xmlsec1-1.2.32.tar.gz -> xmlsec1-1.2.33.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/apps/crypto.c
new/xmlsec1-1.2.33/apps/crypto.c
--- old/xmlsec1-1.2.32/apps/crypto.c 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/apps/crypto.c 2021-10-25 15:05:42.000000000 +0200
@@ -142,6 +142,69 @@
return(0);
}
+int
+xmlSecAppCryptoSimpleKeysMngrEngineKeyAndCertsLoad(xmlSecKeysMngrPtr mngr,
+ const char* engineAndKeyId,
+ const char* certFiles,
+ const char* pwd,
+ const char* name,
+ xmlSecKeyDataFormat keyFormat,
+ xmlSecKeyDataFormat certFormat) {
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(engineAndKeyId != NULL, -1);
+ xmlSecAssert2(certFiles != NULL, -1);
+
+ /* load key */
+ key = xmlSecCryptoAppKeyLoad(engineAndKeyId, keyFormat, pwd,
+ xmlSecCryptoAppGetDefaultPwdCallback(), (void*)engineAndKeyId);
+ if(key == NULL) {
+ fprintf(stderr, "Error: xmlSecCryptoAppKeyLoad failed: file=%s\n",
+ xmlSecErrorsSafeString(engineAndKeyId));
+ return(-1);
+ }
+
+ if(name != NULL) {
+ ret = xmlSecKeySetName(key, BAD_CAST name);
+ if(ret < 0) {
+ fprintf(stderr, "Error: xmlSecKeySetName failed: name=%s\n",
+ xmlSecErrorsSafeString(name));
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+ }
+
+ /* load certs (if any) */
+#ifndef XMLSEC_NO_X509
+ for(const char *file = certFiles; (file[0] != '\0'); file += strlen(file)
+ 1) {
+ ret = xmlSecCryptoAppKeyCertLoad(key, file, certFormat);
+ if(ret < 0) {
+ fprintf(stderr, "Error: xmlSecCryptoAppKeyCertLoad failed:
file=%s\n",
+ xmlSecErrorsSafeString(file));
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+ }
+#else /* XMLSEC_NO_X509 */
+ if(certFiles[0] != '\0') {
+ fprintf(stderr, "Error: X509 support is disabled\n");
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+#endif /* XMLSEC_NO_X509 */
+
+ /* add key to KM */
+ ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
+ if(ret < 0) {
+ fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrAdoptKey
failed\n");
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
+ return(0);
+}
int
xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad(xmlSecKeysMngrPtr mngr, const char
*filename, const char* pwd, const char *name) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/apps/crypto.h
new/xmlsec1-1.2.33/apps/crypto.h
--- old/xmlsec1-1.2.32/apps/crypto.h 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/apps/crypto.h 2021-10-25 15:05:42.000000000 +0200
@@ -33,29 +33,36 @@
*
****************************************************************************/
int xmlSecAppCryptoSimpleKeysMngrInit
(xmlSecKeysMngrPtr mngr);
-int xmlSecAppCryptoSimpleKeysMngrLoad
(xmlSecKeysMngrPtr mngr,
- const char
*filename);
-int xmlSecAppCryptoSimpleKeysMngrSave
(xmlSecKeysMngrPtr mngr,
- const char
*filename,
+int xmlSecAppCryptoSimpleKeysMngrLoad
(xmlSecKeysMngrPtr mngr,
+ const char*
filename);
+int xmlSecAppCryptoSimpleKeysMngrSave
(xmlSecKeysMngrPtr mngr,
+ const char*
filename,
xmlSecKeyDataType type);
-int xmlSecAppCryptoSimpleKeysMngrCertLoad
(xmlSecKeysMngrPtr mngr,
- const char
*filename,
+int xmlSecAppCryptoSimpleKeysMngrCertLoad
(xmlSecKeysMngrPtr mngr,
+ const char*
filename,
xmlSecKeyDataFormat format,
xmlSecKeyDataType type);
-int xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad
(xmlSecKeysMngrPtr mngr,
- const char
*files,
- const char*
pwd,
+int xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad
(xmlSecKeysMngrPtr mngr,
+ const char*
files,
+ const char*
pwd,
const char*
name,
xmlSecKeyDataFormat format);
-int xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad
(xmlSecKeysMngrPtr mngr,
- const char
*filename,
- const char*
pwd,
- const char
*name);
-int xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad
(xmlSecKeysMngrPtr mngr,
- const char*
keyKlass,
- const char*
filename,
- const char
*name);
-int xmlSecAppCryptoSimpleKeysMngrKeyGenerate
(xmlSecKeysMngrPtr mngr,
+int xmlSecAppCryptoSimpleKeysMngrEngineKeyAndCertsLoad
(xmlSecKeysMngrPtr mngr,
+ const char*
engineAndKeyId,
+ const char*
certFiles,
+ const char*
pwd,
+ const char*
name,
+
xmlSecKeyDataFormat keyFormat,
+
xmlSecKeyDataFormat certFormat);
+int xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad
(xmlSecKeysMngrPtr mngr,
+ const char*
filename,
+ const char*
pwd,
+ const char*
name);
+int xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad
(xmlSecKeysMngrPtr mngr,
+ const char*
keyKlass,
+ const char*
filename,
+ const char*
name);
+int xmlSecAppCryptoSimpleKeysMngrKeyGenerate
(xmlSecKeysMngrPtr mngr,
const char*
keyKlassAndSize,
const char*
name);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/apps/xmlsec.c
new/xmlsec1-1.2.33/apps/xmlsec.c
--- old/xmlsec1-1.2.32/apps/xmlsec.c 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/apps/xmlsec.c 2021-10-25 15:05:42.000000000 +0200
@@ -393,6 +393,20 @@
NULL
};
+static xmlSecAppCmdLineParam privkeyOpensslEngineParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--privkey-openssl-engine",
+ NULL,
+ "--privkey-openssl-engine[:<name>]
<openssl-engine>;<openssl-key-id>[,<crtfile>[,<crtfile>[...]]]"
+ "\n\tload private key by OpenSSL ENGINE interface; specify the name of
engine"
+ "\n\t(like with -engine params), the key specs (like with -inkey or -key
params)"
+ "\n\tand optionally certificates that verify this key",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue |
xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+
/****************************************************************
*
* Common params
@@ -856,6 +870,7 @@
&X509SkipStrictChecksParam,
&X509DontVerifyCerts,
#endif /* XMLSEC_NO_X509 */
+ &privkeyOpensslEngineParam,
/* General configuration params */
&cryptoParam,
@@ -2014,7 +2029,7 @@
/* read all private keys */
for(value = privkeyParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
privkeyParam.fullName);
return(-1);
@@ -2030,7 +2045,7 @@
}
for(value = privkeyDerParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
privkeyDerParam.fullName);
return(-1);
@@ -2046,7 +2061,7 @@
}
for(value = pkcs8PemParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
pkcs8PemParam.fullName);
return(-1);
@@ -2062,7 +2077,7 @@
}
for(value = pkcs8DerParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
pkcs8DerParam.fullName);
return(-1);
@@ -2079,7 +2094,7 @@
/* read all public keys */
for(value = pubkeyParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
pubkeyParam.fullName);
return(-1);
@@ -2095,7 +2110,7 @@
}
for(value = pubkeyDerParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
pubkeyDerParam.fullName);
return(-1);
@@ -2206,7 +2221,7 @@
/* read all public keys in certs */
for(value = pubkeyCertParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
pubkeyCertParam.fullName);
return(-1);
@@ -2222,7 +2237,7 @@
}
for(value = pubkeyCertDerParam.value; value != NULL; value = value->next) {
- if(value->strValue == NULL) {
+ if(value->strListValue == NULL) {
fprintf(stderr, "Error: invalid value for option \"%s\".\n",
pubkeyCertDerParam.fullName);
return(-1);
@@ -2266,6 +2281,28 @@
#endif /* XMLSEC_NO_X509 */
+ for(value = privkeyOpensslEngineParam.value; value != NULL; value =
value->next) {
+ /* we expect at least one parameter for the key's engine+id */
+ if(value->strListValue == NULL || value->strListValue[0] == '\0') {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
privkeyOpensslEngineParam.fullName);
+ return(-1);
+ }
+
+ /* the params format is:
<openssl-engine>;<openssl-key-id>[,<crtfile>[,<crtfile>[...]]] */
+ if(xmlSecAppCryptoSimpleKeysMngrEngineKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ value->strListValue + strlen(value->strListValue) + 1,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatEngine,
+ xmlSecKeyDataFormatPem) < 0) {
+ fprintf(stderr, "Error: failed to load private key from
\"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+
return(0);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/configure new/xmlsec1-1.2.33/configure
--- old/xmlsec1-1.2.32/configure 2021-04-22 05:36:56.000000000 +0200
+++ new/xmlsec1-1.2.33/configure 2021-10-25 15:06:17.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for xmlsec1 1.2.32.
+# Generated by GNU Autoconf 2.69 for xmlsec1 1.2.33.
#
# Report bugs to <http://www.aleksey.com/xmlsec>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='xmlsec1'
PACKAGE_TARNAME='xmlsec1'
-PACKAGE_VERSION='1.2.32'
-PACKAGE_STRING='xmlsec1 1.2.32'
+PACKAGE_VERSION='1.2.33'
+PACKAGE_STRING='xmlsec1 1.2.33'
PACKAGE_BUGREPORT='http://www.aleksey.com/xmlsec'
PACKAGE_URL=''
@@ -1585,7 +1585,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures xmlsec1 1.2.32 to adapt to many kinds of systems.
+\`configure' configures xmlsec1 1.2.33 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1656,7 +1656,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of xmlsec1 1.2.32:";;
+ short | recursive ) echo "Configuration of xmlsec1 1.2.33:";;
esac
cat <<\_ACEOF
@@ -1856,7 +1856,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-xmlsec1 configure 1.2.32
+xmlsec1 configure 1.2.33
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2408,7 +2408,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by xmlsec1 $as_me 1.2.32, which was
+It was created by xmlsec1 $as_me 1.2.33, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2760,7 +2760,7 @@
XMLSEC_PACKAGE=xmlsec1
XMLSEC_VERSION_MAJOR=1
XMLSEC_VERSION_MINOR=2
-XMLSEC_VERSION_SUBMINOR=32
+XMLSEC_VERSION_SUBMINOR=33
XMLSEC_VERSION="$XMLSEC_VERSION_MAJOR.$XMLSEC_VERSION_MINOR.$XMLSEC_VERSION_SUBMINOR"
XMLSEC_VERSION_INFO=`echo $XMLSEC_VERSION | awk -F. '{ printf "%d:%d:%d",
$1+$2, $3, $2 }'`
XMLSEC_VERSION_SAFE=`echo $XMLSEC_VERSION | sed 's/\./_/g'`
@@ -3368,7 +3368,7 @@
# Define the identity of the package.
PACKAGE='xmlsec1'
- VERSION='1.2.32'
+ VERSION='1.2.33'
cat >>confdefs.h <<_ACEOF
@@ -18840,7 +18840,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by xmlsec1 $as_me 1.2.32, which was
+This file was extended by xmlsec1 $as_me 1.2.33, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18906,7 +18906,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-xmlsec1 config.status 1.2.32
+xmlsec1 config.status 1.2.33
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/configure.ac
new/xmlsec1-1.2.33/configure.ac
--- old/xmlsec1-1.2.32/configure.ac 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/configure.ac 2021-10-25 15:05:42.000000000 +0200
@@ -1,10 +1,10 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT([xmlsec1],[1.2.32],[http://www.aleksey.com/xmlsec])
+AC_INIT([xmlsec1],[1.2.33],[http://www.aleksey.com/xmlsec])
XMLSEC_PACKAGE=xmlsec1
XMLSEC_VERSION_MAJOR=1
XMLSEC_VERSION_MINOR=2
-XMLSEC_VERSION_SUBMINOR=32
+XMLSEC_VERSION_SUBMINOR=33
XMLSEC_VERSION="$XMLSEC_VERSION_MAJOR.$XMLSEC_VERSION_MINOR.$XMLSEC_VERSION_SUBMINOR"
XMLSEC_VERSION_INFO=`echo $XMLSEC_VERSION | awk -F. '{ printf "%d:%d:%d",
$1+$2, $3, $2 }'`
XMLSEC_VERSION_SAFE=`echo $XMLSEC_VERSION | sed 's/\./_/g'`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/docs/api/xmlsec-keysdata.html
new/xmlsec1-1.2.33/docs/api/xmlsec-keysdata.html
--- old/xmlsec1-1.2.32/docs/api/xmlsec-keysdata.html 2021-04-22
05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/docs/api/xmlsec-keysdata.html 2021-10-25
15:05:43.000000000 +0200
@@ -3011,6 +3011,11 @@
<td class="enum_member_description"><p>the DER cert.</p></td>
<td class="enum_member_annotations">??</td>
</tr>
+<tr>
+<td class="enum_member_name"><p><a
name="xmlSecKeyDataFormatEngine"></a>xmlSecKeyDataFormatEngine</p></td>
+<td class="enum_member_description"><p>the crypto engine (e.g. OpenSSL
ENGINE).</p></td>
+<td class="enum_member_annotations">??</td>
+</tr>
</tbody>
</table></div>
</div>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/docs/api/xmlsec-version.html
new/xmlsec1-1.2.33/docs/api/xmlsec-version.html
--- old/xmlsec1-1.2.32/docs/api/xmlsec-version.html 2021-04-22
05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/docs/api/xmlsec-version.html 2021-10-25
15:05:43.000000000 +0200
@@ -78,7 +78,7 @@
<a name="xmlsec-version.other_details"></a><h2>Types and Values</h2>
<div class="refsect2">
<a name="XMLSEC-VERSION:CAPS"></a><h3>XMLSEC_VERSION</h3>
-<pre class="programlisting">#define XMLSEC_VERSION "1.2.32"
+<pre class="programlisting">#define XMLSEC_VERSION "1.2.33"
</pre>
<p>The library version string in the format
"$major_number.$minor_number.$sub_minor_number".</p>
@@ -100,14 +100,14 @@
<hr>
<div class="refsect2">
<a name="XMLSEC-VERSION-SUBMINOR:CAPS"></a><h3>XMLSEC_VERSION_SUBMINOR</h3>
-<pre class="programlisting">#define XMLSEC_VERSION_SUBMINOR 32
+<pre class="programlisting">#define XMLSEC_VERSION_SUBMINOR 33
</pre>
<p>The library sub-minor version number.</p>
</div>
<hr>
<div class="refsect2">
<a name="XMLSEC-VERSION-INFO:CAPS"></a><h3>XMLSEC_VERSION_INFO</h3>
-<pre class="programlisting">#define XMLSEC_VERSION_INFO "3:32:2"
+<pre class="programlisting">#define XMLSEC_VERSION_INFO "3:33:2"
</pre>
<p>The library version info string in the format
"$major_number+$minor_number:$sub_minor_number:$minor_number".</p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/docs/download.html
new/xmlsec1-1.2.33/docs/download.html
--- old/xmlsec1-1.2.32/docs/download.html 2021-04-22 05:36:22.000000000
+0200
+++ new/xmlsec1-1.2.33/docs/download.html 2021-10-25 15:05:43.000000000
+0200
@@ -420,10 +420,10 @@
<h1>Download</h1>
</div>
<h2>Stable releases.</h2>
-<p>The latest stable XML Security Library version is <b>1.2.32</b>:</p>
+<p>The latest stable XML Security Library version is <b>1.2.33</b>:</p>
<ul>
<li>
-<a href="http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.32.tar.gz";>Sources
for latest version</a>.</li>
+<a href="http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.33.tar.gz";>Sources
for latest version</a>.</li>
<li>
<a href="http://www.zlatkovic.com/projects/libxml/index.html";>Windows
binaries</a> for XMLSec Library
(as well as LibXML2, LibXSLT and OpenSSL) from <a
href="mailto:i...@zlatkovic.com";>Igor Zlatkovic</a>.</li>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/docs/index.html
new/xmlsec1-1.2.33/docs/index.html
--- old/xmlsec1-1.2.32/docs/index.html 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/docs/index.html 2021-10-25 15:05:43.000000000 +0200
@@ -439,6 +439,15 @@
see the Copyright file in the distribution for details.<br><br></p>
<p><b>News</b></p>
<ul>
+<li>October 25 2021<br>
+ The <a href="download.html">XML Security Library 1.2.33</a> release
includes the following changes:
+ <ul>
+ <li>Added --privkey-openssl-engine option to enhance openssl engine
support (Leonardo Secci).</li>
+ <li>Fixed decrypting session key for two recipients.</li>
+ <li>Several other small fixes (<a
href="https://github.com/lsh123/xmlsec/commits/master";>more details</a>).</li>
+ </ul>
+</li>
+<br>
<li>April 21 2021<br>
The <a href="download.html">XML Security Library 1.2.32</a> release
includes the following changes:
<ul>
@@ -469,17 +478,7 @@
<li>Several other small fixes (<a
href="https://github.com/lsh123/xmlsec/commits/master";>more details</a>).</li>
</ul>
</li>
-<br><li>April 16 2019<br>
- The <a href="download.html">XML Security Library 1.2.28</a> release
includes the following changes:
- <ul>
- <li>Added BoringSSL support (chenbd).</li>
- <li>Added gnutls-3.6.x support (alonbl).</li>
- <li>Added DSA and ECDSA key size getter for MSCNG (vmiklos).</li>
- <li>Added --enable-mans configuration option (alonbl).</li>
- <li>Added coninuous build integration for MacOSX (vmiklos).</li>
- <li>Several other small fixes (<a
href="https://github.com/lsh123/xmlsec/commits/master";>more details</a>).</li>
- </ul>
-</li>
+<br><li>See <a href="news.html">News page</a> for older announcements.</li>
</ul>
</td></tr></table></td>
</tr></table></body>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/docs/news.html
new/xmlsec1-1.2.33/docs/news.html
--- old/xmlsec1-1.2.32/docs/news.html 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/docs/news.html 2021-10-25 15:05:43.000000000 +0200
@@ -420,6 +420,15 @@
<h1>XML Security Library News</h1>
</div>
<ul>
+<li>October 25 2021<br>
+ The <a href="download.html">XML Security Library 1.2.33</a> release
includes the following changes:
+ <ul>
+ <li>Added --privkey-openssl-engine option to enhance openssl engine
support (Leonardo Secci).</li>
+ <li>Fixed decrypting session key for two recipients.</li>
+ <li>Several other small fixes (<a
href="https://github.com/lsh123/xmlsec/commits/master";>more details</a>).</li>
+ </ul>
+</li>
+<br>
<li>April 21 2021<br>
The <a href="download.html">XML Security Library 1.2.32</a> release
includes the following changes:
<ul>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/include/xmlsec/keysdata.h
new/xmlsec1-1.2.33/include/xmlsec/keysdata.h
--- old/xmlsec1-1.2.32/include/xmlsec/keysdata.h 2021-04-22
05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/include/xmlsec/keysdata.h 2021-10-25
15:05:43.000000000 +0200
@@ -220,6 +220,7 @@
* @xmlSecKeyDataFormatPkcs12: the PKCS12 format (bag of keys and
certs)
* @xmlSecKeyDataFormatCertPem: the PEM cert.
* @xmlSecKeyDataFormatCertDer: the DER cert.
+ * @xmlSecKeyDataFormatEngine: the crypto engine (e.g. OpenSSL
ENGINE).
*
* The key data format (binary, der, pem, etc.).
*/
@@ -232,7 +233,8 @@
xmlSecKeyDataFormatPkcs8Der,
xmlSecKeyDataFormatPkcs12,
xmlSecKeyDataFormatCertPem,
- xmlSecKeyDataFormatCertDer
+ xmlSecKeyDataFormatCertDer,
+ xmlSecKeyDataFormatEngine
} xmlSecKeyDataFormat;
/**************************************************************************
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/include/xmlsec/version.h
new/xmlsec1-1.2.33/include/xmlsec/version.h
--- old/xmlsec1-1.2.32/include/xmlsec/version.h 2021-04-22 05:37:51.000000000
+0200
+++ new/xmlsec1-1.2.33/include/xmlsec/version.h 2021-10-25 15:07:12.000000000
+0200
@@ -26,7 +26,7 @@
* The library version string in the format
* "$major_number.$minor_number.$sub_minor_number".
*/
-#define XMLSEC_VERSION "1.2.32"
+#define XMLSEC_VERSION "1.2.33"
/**
* XMLSEC_VERSION_MAJOR:
@@ -47,7 +47,7 @@
*
* The library sub-minor version number.
*/
-#define XMLSEC_VERSION_SUBMINOR 32
+#define XMLSEC_VERSION_SUBMINOR 33
/**
* XMLSEC_VERSION_INFO:
@@ -55,7 +55,7 @@
* The library version info string in the format
* "$major_number+$minor_number:$sub_minor_number:$minor_number".
*/
-#define XMLSEC_VERSION_INFO "3:32:2"
+#define XMLSEC_VERSION_INFO "3:33:2"
#ifdef __cplusplus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/man/xmlsec1-config.1
new/xmlsec1-1.2.33/man/xmlsec1-config.1
--- old/xmlsec1-1.2.32/man/xmlsec1-config.1 2021-04-22 05:36:22.000000000
+0200
+++ new/xmlsec1-1.2.33/man/xmlsec1-config.1 2021-10-25 15:05:43.000000000
+0200
@@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
-.TH XMLSEC1-CONFIG "1" "April 2021" "xmlsec1-config 1.2.32" "User Commands"
+.TH XMLSEC1-CONFIG "1" "October 2021" "xmlsec1-config 1.2.33" "User Commands"
.SH NAME
xmlsec1-config \- detail installed version of xmlsec library
.SH SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/man/xmlsec1.1
new/xmlsec1-1.2.33/man/xmlsec1.1
--- old/xmlsec1-1.2.32/man/xmlsec1.1 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/man/xmlsec1.1 2021-10-25 15:05:43.000000000 +0200
@@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
-.TH XMLSEC1 "1" "April 2021" "xmlsec1 1.2.32 (openssl)" "User Commands"
+.TH XMLSEC1 "1" "October 2021" "xmlsec1 1.2.33 (openssl)" "User Commands"
.SH NAME
xmlsec1 \- sign, verify, encrypt and decrypt XML documents
.SH SYNOPSIS
@@ -242,6 +242,12 @@
.IP
do not verify certificates
.HP
+\fB\-\-privkey\-openssl\-engine[\fR:<name>]
<openssl\-engine>;<openssl\-key\-id>[,<crtfile>[,<crtfile>[...]]]
+.IP
+load private key by OpenSSL ENGINE interface; specify the name of engine
+(like with \fB\-engine\fR params), the key specs (like with \fB\-inkey\fR or
\fB\-key\fR params)
+and optionally certificates that verify this key
+.HP
\fB\-\-crypto\fR <name>
.IP
the name of the crypto engine to use from the following
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/src/keyinfo.c
new/xmlsec1-1.2.33/src/keyinfo.c
--- old/xmlsec1-1.2.32/src/keyinfo.c 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/src/keyinfo.c 2021-10-25 15:05:43.000000000 +0200
@@ -1342,6 +1342,7 @@
if(ret < 0) {
xmlSecInternalError("xmlSecKeyInfoCtxCreateEncCtx",
xmlSecKeyDataKlassGetName(id));
+ --keyInfoCtx->curEncryptedKeyLevel;
return(-1);
}
}
@@ -1356,8 +1357,10 @@
if((keyInfoCtx->flags &
XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION) != 0) {
xmlSecInternalError("xmlSecEncCtxDecryptToBuffer",
xmlSecKeyDataKlassGetName(id));
+ --keyInfoCtx->curEncryptedKeyLevel;
return(-1);
}
+ --keyInfoCtx->curEncryptedKeyLevel;
return(0);
}
@@ -1368,6 +1371,7 @@
if(ret < 0) {
xmlSecInternalError("xmlSecKeyDataBinRead",
xmlSecKeyDataKlassGetName(id));
+ --keyInfoCtx->curEncryptedKeyLevel;
return(-1);
}
--keyInfoCtx->curEncryptedKeyLevel;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/src/mscng/certkeys.c
new/xmlsec1-1.2.33/src/mscng/certkeys.c
--- old/xmlsec1-1.2.32/src/mscng/certkeys.c 2021-04-22 05:36:22.000000000
+0200
+++ new/xmlsec1-1.2.33/src/mscng/certkeys.c 2021-10-25 15:05:43.000000000
+0200
@@ -35,6 +35,7 @@
#include <xmlsec/bn.h>
#include <xmlsec/mscng/crypto.h>
+#include <xmlsec/mscng/certkeys.h>
typedef struct _xmlSecMSCngKeyDataCtx xmlSecMSCngKeyDataCtx,
*xmlSecMSCngKeyDataCtxPtr;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/src/openssl/app.c
new/xmlsec1-1.2.33/src/openssl/app.c
--- old/xmlsec1-1.2.32/src/openssl/app.c 2021-04-22 05:36:22.000000000
+0200
+++ new/xmlsec1-1.2.33/src/openssl/app.c 2021-10-25 15:05:43.000000000
+0200
@@ -27,6 +27,7 @@
#include <openssl/pkcs12.h>
#include <openssl/conf.h>
#include <openssl/engine.h>
+#include <openssl/ui.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
@@ -52,12 +53,18 @@
int bufsize,
int verify,
void *userdata);
+static xmlSecKeyPtr xmlSecOpenSSLAppEngineKeyLoad (const char
*engineName,
+ const char
*engineKeyId,
+ xmlSecKeyDataFormat
format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+
/* conversion from ptr to func "the right way" */
XMLSEC_PTR_TO_FUNC_IMPL(pem_password_cb)
XMLSEC_FUNC_TO_PTR_IMPL(pem_password_cb)
-
/**
* xmlSecOpenSSLAppInit:
* @config: the path to certs.
@@ -157,28 +164,65 @@
xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
const char *pwd, void* pwdCallback,
void* pwdCallbackCtx) {
- BIO* bio;
xmlSecKeyPtr key;
xmlSecAssert2(filename != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
- bio = BIO_new_file(filename, "rb");
- if(bio == NULL) {
- xmlSecOpenSSLError2("BIO_new_file", NULL,
- "filename=%s", xmlSecErrorsSafeString(filename));
- return(NULL);
- }
+ if(format == xmlSecKeyDataFormatEngine) {
+ char* buffer = NULL;
+ char* engineName;
+ char* engineKeyId;
+
+ /* for loading key from an engine, the filename format is:
+ * <openssl-engine>;<openssl-key-id>
+ */
+ buffer = (char*)xmlStrdup(BAD_CAST filename);
+ if(buffer == NULL) {
+ xmlSecStrdupError(BAD_CAST filename, NULL);
+ return(NULL);
+ }
+
+ engineName = buffer;
+ engineKeyId = strchr(buffer, ';');
+ if(engineKeyId == NULL) {
+ xmlSecInvalidStringDataError("openssl-engine-and-key", buffer,
"<openssl-engine>;<openssl-key-id>", NULL);
+ xmlFree(buffer);
+ return(NULL);
+ }
+ (*engineKeyId) = '\0';
+ ++engineKeyId;
+
+ key = xmlSecOpenSSLAppEngineKeyLoad(engineName, engineKeyId, format,
pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecInternalError2("xmlSecOpenSSLAppEngineKeyLoad", NULL,
+ "filename=%s",
xmlSecErrorsSafeString(filename));
+ xmlFree(buffer);
+ return(NULL);
+ }
+
+ xmlFree(buffer);
+ } else {
+ BIO* bio;
+
+ bio = BIO_new_file(filename, "rb");
+ if(bio == NULL) {
+ xmlSecOpenSSLError2("BIO_new_file", NULL,
+ "filename=%s",
xmlSecErrorsSafeString(filename));
+ return(NULL);
+ }
+
+ key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback,
pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecInternalError2("xmlSecOpenSSLAppKeyLoadBIO", NULL,
+ "filename=%s",
xmlSecErrorsSafeString(filename));
+ BIO_free(bio);
+ return(NULL);
+ }
- key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback,
pwdCallbackCtx);
- if(key == NULL) {
- xmlSecInternalError2("xmlSecOpenSSLAppKeyLoadBIO", NULL,
- "filename=%s", xmlSecErrorsSafeString(filename));
BIO_free(bio);
- return(NULL);
}
- BIO_free(bio);
return(key);
}
@@ -358,6 +402,105 @@
return(key);
}
+
+
+static xmlSecKeyPtr
+xmlSecOpenSSLAppEngineKeyLoad(const char *engineName, const char *engineKeyId,
+ xmlSecKeyDataFormat format, const char *pwd
ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED, void*
pwdCallbackCtx ATTRIBUTE_UNUSED) {
+
+ ENGINE* engine = NULL;
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr data = NULL;
+ EVP_PKEY* pKey = NULL;
+ int engineInit = 0;
+ int ret;
+
+#ifndef OPENSSL_NO_ENGINE
+ xmlSecAssert2(engineName != NULL, NULL);
+ xmlSecAssert2(engineKeyId != NULL, NULL);
+ xmlSecAssert2(format == xmlSecKeyDataFormatEngine, NULL);
+
+ /* load and initialize the engine */
+ engine = ENGINE_by_id(engineName);
+ if(engine == NULL) {
+ engine = ENGINE_by_id("dynamic");
+ if(engine != NULL) {
+ if(ENGINE_ctrl_cmd_string(engine, "SO_PATH", engineName, 0) <= 0) {
+ xmlSecOpenSSLError("ENGINE_ctrl_cmd_string(SO_PATH)", NULL);
+ goto done;
+ }
+ if(ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0) <= 0) {
+ xmlSecOpenSSLError("ENGINE_ctrl_cmd_string(LOAD)", NULL);
+ goto done;
+ }
+ }
+ }
+
+ if(ENGINE_ctrl_cmd(engine, "SET_USER_INTERFACE", 0, (void *)UI_null(), 0,
1) < 0) {
+ xmlSecOpenSSLError("ENGINE_ctrl_cmd_string(SET_USER_INTERFACE)", NULL);
+ goto done;
+ }
+ if(!ENGINE_set_default(engine, ENGINE_METHOD_ALL)) {
+ xmlSecOpenSSLError("ENGINE_set_default", NULL);
+ goto done;
+ }
+ if(!ENGINE_init(engine)) {
+ xmlSecOpenSSLError("ENGINE_init", NULL);
+ goto done;
+ }
+ engineInit = 1;
+
+ /* load private key */
+ pKey = ENGINE_load_private_key(engine, engineKeyId,
+ (UI_METHOD *)UI_null(),
+ NULL);
+ if(pKey == NULL) {
+ xmlSecOpenSSLError("ENGINE_load_private_key", NULL);
+ goto done;
+ }
+
+ /* create xmlsec key */
+ data = xmlSecOpenSSLEvpKeyAdopt(pKey);
+ if(data == NULL) {
+ xmlSecInternalError("xmlSecOpenSSLEvpKeyAdopt", NULL);
+ goto done;
+ }
+ pKey = NULL;
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecInternalError("xmlSecKeyCreate", xmlSecKeyDataGetName(data));
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecKeySetValue", xmlSecKeyDataGetName(data));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
+ }
+ data = NULL;
+
+done:
+ /* cleanup */
+ if(pKey != NULL) {
+ EVP_PKEY_free(pKey);
+ }
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ if(engine !=NULL) {
+ if(engineInit != 0) {
+ ENGINE_finish(engine);
+ }
+ ENGINE_free(engine);
+ }
+#endif /* OPENSSL_NO_ENGINE */
+
+ return(key);
+}
#ifndef XMLSEC_NO_X509
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/xmlsec1-1.2.32/tests/aleksey-xmlenc-01/enc-two-recipients.data
new/xmlsec1-1.2.33/tests/aleksey-xmlenc-01/enc-two-recipients.data
--- old/xmlsec1-1.2.32/tests/aleksey-xmlenc-01/enc-two-recipients.data
1970-01-01 01:00:00.000000000 +0100
+++ new/xmlsec1-1.2.33/tests/aleksey-xmlenc-01/enc-two-recipients.data
2021-10-25 15:05:43.000000000 +0200
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<note>
+ <to>Tove</to>
+ <from>Jani</from>
+ <heading>Reminder</heading>
+ <body>Don't forget me this weekend!</body>
+</note>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/xmlsec1-1.2.32/tests/aleksey-xmlenc-01/enc-two-recipients.tmpl
new/xmlsec1-1.2.33/tests/aleksey-xmlenc-01/enc-two-recipients.tmpl
--- old/xmlsec1-1.2.32/tests/aleksey-xmlenc-01/enc-two-recipients.tmpl
1970-01-01 01:00:00.000000000 +0100
+++ new/xmlsec1-1.2.33/tests/aleksey-xmlenc-01/enc-two-recipients.tmpl
2021-10-25 15:05:43.000000000 +0200
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#";
Type="http://www.w3.org/2001/04/xmlenc#Element";>
+ <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <KeyName>pub1</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue/>
+ </CipherData>
+ </EncryptedKey>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <KeyName>pub2</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue/>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue/>
+ </CipherData>
+</EncryptedData>
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/xmlsec1-1.2.32/tests/aleksey-xmlenc-01/enc-two-recipients.xml
new/xmlsec1-1.2.33/tests/aleksey-xmlenc-01/enc-two-recipients.xml
--- old/xmlsec1-1.2.32/tests/aleksey-xmlenc-01/enc-two-recipients.xml
1970-01-01 01:00:00.000000000 +0100
+++ new/xmlsec1-1.2.33/tests/aleksey-xmlenc-01/enc-two-recipients.xml
2021-10-25 15:05:43.000000000 +0200
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#";
Type="http://www.w3.org/2001/04/xmlenc#Element";>
+ <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <KeyName>pub1</KeyName>
+ </KeyInfo>
+ <CipherData>
+
<CipherValue>T6kbZNTA14Fn7L6Amt6ryIULW7RazQtKWRo+TpXNqtuHQHNwz9mpg+r5YablgxAN
+KA4LRLMQjAwjxaKIWpgsfg==</CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <KeyName>pub2</KeyName>
+ </KeyInfo>
+ <CipherData>
+
<CipherValue>HPUbu+U/kjtKQzpSzFiVcNAdRsfu3CztlUJ/DZQnLdtZRkdy9dhR14pF3RPc18Z5
+1mYDpD0H8+rb9lRAC2j9I9X2dZfQj+Lm4hRvXuVwD9TL082IllRPWq4LAJ/cg4PL
+PyPFGH8kpSX6E2aJFkNwWh13f1aZLhwG/Jc0+1NxaU+OZh79ueSQbNp0V4FxEasa
+tBG6k/Y3k2ga5uQ96DTx7EdD5dLTSVpyrsnUjmtc3XwLdLQPrBmQY2GJok1kN5Wr
+r0bRnazhK4cUaqcxTw/QJ9Oxghc8sWDo1ES4ftC4gp19YqrCdkUqTcDRT+TcEKtR
+celmM1mXuQJUwOYqdO/8N2YPozGwXKDrcGIhiJdOpppiXcbShQjTUAAwkSfhjwl1
+A4PZ8JLjozZ1IS+kQ4+7r3KkZwVNbuD3ac/X0+vyAtwY7/yeRk+E2qadKnJc4Jak
+6/MwRXJ8PjMbGBJnraFpSyQ58yWvAqUvVecZV4PrJkQ2JoSaUkFHaInKe8LDDYus
+BA+bYGvudb7O/WK4EnsJNFT8faHuvmPkOH4skR6fbLnlV3cg1JFuvkenlqQfvqNN
++xOdigxWSt0fBN+tCmVOfXY/MOSKLmx8PLgUT/rLIM4ang0NDMK+uIcPkdfoz7bs
+gXihxtcmXtYgbRhwTQ19oYGcAlkQH8fueyM29aPSSGM=</CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+
<CipherValue>xRu54xo+Q/yA9sRkWg4eczD7t8BVonhhz+6l1JKJxnGo1GZPjo7oFepeKRIxoHMa
+weH+Epukhp1XX0NMilWSJndQDAk28YPUOaxZ8LDwHa547tm1tEZCN1RFsj+ler//
+sqAhHzvaP59y8OavMD6VoKeNpR9rPre7rhlxobCaERlc+lde7y71qg==</CipherValue>
+ </CipherData>
+</EncryptedData>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/tests/testEnc.sh
new/xmlsec1-1.2.33/tests/testEnc.sh
--- old/xmlsec1-1.2.32/tests/testEnc.sh 2021-04-22 05:36:22.000000000 +0200
+++ new/xmlsec1-1.2.33/tests/testEnc.sh 2021-10-25 15:05:43.000000000 +0200
@@ -29,6 +29,7 @@
#
##########################################################################
+
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-des3cbc-keyname" \
@@ -115,6 +116,22 @@
"$priv_key_option:my-rsa-key $topfolder/keys/largersakey.$priv_key_format
--pwd secret123 --session-key aes-256 --enabled-key-data key-name --xml-data
$topfolder/aleksey-xmlenc-01/enc-aes256-kt-rsa_oaep_sha1-params.data
--node-name http://example.org/paymentv2:CreditCard"; \
"$priv_key_option:my-rsa-key $topfolder/keys/largersakey.$priv_key_format
--pwd secret123"
+# same test but decrypt using two different keys
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-two-recipients" \
+ "tripledes-cbc rsa-1_5" \
+ "$priv_key_option:pub1 $topfolder/keys/rsakey.$priv_key_format --pwd
secret123" \
+ "--pubkey-cert-$cert_format:pub1 $topfolder/keys/rsacert.$cert_format
--pubkey-cert-$cert_format:pub2 $topfolder/keys/largersacert.$cert_format
--session-key des-192 --xml-data
$topfolder/aleksey-xmlenc-01/enc-two-recipients.data" \
+ "$priv_key_option:pub1 $topfolder/keys/rsakey.$priv_key_format --pwd
secret123"
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-two-recipients" \
+ "tripledes-cbc rsa-1_5" \
+ "$priv_key_option:pub1 $topfolder/keys/largersakey.$priv_key_format --pwd
secret123" \
+ "--pubkey-cert-$cert_format:pub1 $topfolder/keys/rsacert.$cert_format
--pubkey-cert-$cert_format:pub2 $topfolder/keys/largersacert.$cert_format
--session-key des-192 --xml-data
$topfolder/aleksey-xmlenc-01/enc-two-recipients.data" \
+ "$priv_key_option:pub1 $topfolder/keys/largersakey.$priv_key_format --pwd
secret123"
+
##########################################################################
#
# merlin-xmlenc-five
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1-config
new/xmlsec1-1.2.33/xmlsec1-config
--- old/xmlsec1-1.2.32/xmlsec1-config 2021-04-22 05:37:51.000000000 +0200
+++ new/xmlsec1-1.2.33/xmlsec1-config 2021-10-25 15:07:13.000000000 +0200
@@ -95,7 +95,7 @@
;;
--version)
- echo 1.2.32
+ echo 1.2.33
exit 0
;;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1-gcrypt.pc
new/xmlsec1-1.2.33/xmlsec1-gcrypt.pc
--- old/xmlsec1-1.2.32/xmlsec1-gcrypt.pc 2021-04-22 05:37:51.000000000
+0200
+++ new/xmlsec1-1.2.33/xmlsec1-gcrypt.pc 2021-10-25 15:07:13.000000000
+0200
@@ -4,7 +4,7 @@
includedir=${prefix}/include
Name: xmlsec1-gcrypt
-Version: 1.2.32
+Version: 1.2.33
Description: XML Security Library implements XML Signature and XML Encryption
standards
Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20
Cflags: -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1
-DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1
-I/home/aleksey/local/include -DXMLSEC_CRYPTO_GCRYPT=1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1-gnutls.pc
new/xmlsec1-1.2.33/xmlsec1-gnutls.pc
--- old/xmlsec1-1.2.32/xmlsec1-gnutls.pc 2021-04-22 05:37:51.000000000
+0200
+++ new/xmlsec1-1.2.33/xmlsec1-gnutls.pc 2021-10-25 15:07:12.000000000
+0200
@@ -4,7 +4,7 @@
includedir=${prefix}/include
Name: xmlsec1-gnutls
-Version: 1.2.32
+Version: 1.2.33
Description: XML Security Library implements XML Signature and XML Encryption
standards
Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20
Cflags: -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1
-DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1
-I/usr/include/p11-kit-1 -DXMLSEC_CRYPTO_GNUTLS=1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1-nss.pc
new/xmlsec1-1.2.33/xmlsec1-nss.pc
--- old/xmlsec1-1.2.32/xmlsec1-nss.pc 2021-04-22 05:37:51.000000000 +0200
+++ new/xmlsec1-1.2.33/xmlsec1-nss.pc 2021-10-25 15:07:13.000000000 +0200
@@ -4,7 +4,7 @@
includedir=${prefix}/include
Name: xmlsec1-nss
-Version: 1.2.32
+Version: 1.2.33
Description: XML Security Library implements XML Signature and XML Encryption
standards
Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20 xulrunner-nspr >= 1.4
xulrunner-nss >= 1.4
Cflags: -DXMLSEC_CRYPTO_NSS=1 -D__XMLSEC_FUNCTION__=__func__
-DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1
-I${prefix}/include/xmlsec1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1-openssl.pc
new/xmlsec1-1.2.33/xmlsec1-openssl.pc
--- old/xmlsec1-1.2.32/xmlsec1-openssl.pc 2021-04-22 05:37:51.000000000
+0200
+++ new/xmlsec1-1.2.33/xmlsec1-openssl.pc 2021-10-25 15:07:12.000000000
+0200
@@ -4,7 +4,7 @@
includedir=${prefix}/include
Name: xmlsec1-openssl
-Version: 1.2.32
+Version: 1.2.33
Description: XML Security Library implements XML Signature and XML Encryption
standards
Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20
Cflags: -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1
-DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1
-DXMLSEC_CRYPTO_OPENSSL=1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1.pc
new/xmlsec1-1.2.33/xmlsec1.pc
--- old/xmlsec1-1.2.32/xmlsec1.pc 2021-04-22 05:37:50.000000000 +0200
+++ new/xmlsec1-1.2.33/xmlsec1.pc 2021-10-25 15:07:12.000000000 +0200
@@ -4,7 +4,7 @@
includedir=${prefix}/include
Name: xmlsec1
-Version: 1.2.32
+Version: 1.2.33
Description: XML Security Library implements XML Signature and XML Encryption
standards
Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20
Cflags: -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -D__XMLSEC_FUNCTION__=__func__
-DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1
-I${prefix}/include/xmlsec1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1.spec
new/xmlsec1-1.2.33/xmlsec1.spec
--- old/xmlsec1-1.2.32/xmlsec1.spec 2021-04-22 05:37:51.000000000 +0200
+++ new/xmlsec1-1.2.33/xmlsec1.spec 2021-10-25 15:07:13.000000000 +0200
@@ -1,6 +1,6 @@
Summary: Library providing support for "XML Signature" and "XML Encryption"
standards
Name: xmlsec1
-Version: 1.2.32
+Version: 1.2.33
Release: 1
License: MIT
Group: Development/Libraries
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xmlsec1-1.2.32/xmlsec1Conf.sh
new/xmlsec1-1.2.33/xmlsec1Conf.sh
--- old/xmlsec1-1.2.32/xmlsec1Conf.sh 2021-04-22 05:37:51.000000000 +0200
+++ new/xmlsec1-1.2.33/xmlsec1Conf.sh 2021-10-25 15:07:13.000000000 +0200
@@ -9,5 +9,5 @@
XMLSEC_LIBDIR="${exec_prefix}/lib"
XMLSEC_INCLUDEDIR=" -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1
-DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1
-I/usr/include/libxml2 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_OPENSSL=1"
XMLSEC_LIBS="-L${exec_prefix}/lib -lxmlsec1-openssl -lxmlsec1 -lltdl -lxml2
-lxslt -lxml2 -lssl -lcrypto"
-MODULE_VERSION="xmlsec-1.2.32-openssl"
+MODULE_VERSION="xmlsec-1.2.33-openssl"
