forked from lsh123/xmlsec
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9ad3029
commit 601d9c4
Showing
127 changed files
with
1,666 additions
and
3,879 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,176 +1,4 @@ | ||
Rules for commits on the xmlsec module | ||
========================================= | ||
If you are interesting in contributing to XMLSec, then consider sending a PR on github: | ||
|
||
0) DO NOT COMMIT DIRECTLY ! | ||
If you have a patch send a mail to xmlsec@aleksey.com mailing | ||
list (you must be subscribed to the list, go to | ||
http://www.aleksey.com/mailman/listinfo/xmlsec to subscribe). | ||
|
||
If there is a problem in xmlsec module that prevents you | ||
from building other major components then feel free to patch | ||
first and then send a mail. This is an EXCEPTIONAL case and | ||
you should be VERY carefull when you are doing this. | ||
|
||
Igor Zlatkovic get an exception for the send before commit rule. | ||
|
||
1) Coding style. | ||
- Formatting. Just for clarification, the formating is: | ||
|
||
tab size=8;indentation=4;insert spaces=yes | ||
|
||
- Use explicit "!= NULL", "!= 0", etc. This makes code | ||
easier to read and remove warnings on some platform. | ||
Example: | ||
BAD: | ||
if(a) | ||
GOOD: | ||
if(a != NULL) | ||
or | ||
if(a != 0) | ||
|
||
- Put figure brackets '{}' even if you have only one operator | ||
in "if", "for", etc. This also makes code easier to read and | ||
saves a lot of time when you need to quickly change something. | ||
Example: | ||
BAD: | ||
if(a != NULL) | ||
xmlFree(a); | ||
GOOD: | ||
if(a != NULL) { | ||
xmlFree(a); | ||
} | ||
|
||
- Use round brackets '()' in conditions to show the precedence order. | ||
I don't remember what goes first '<<' or '*', do you? | ||
Example: | ||
BAD: | ||
if(privkey == NULL || pubkey == NULL) | ||
GOOD: | ||
if((privkey == NULL) || (pubkey == NULL)) | ||
|
||
- Use round brackets '()' for "return". | ||
Example: | ||
BAD: | ||
return 0; | ||
GOOD: | ||
return(0); | ||
|
||
- Check for warnings! Use "--enable-pedantic" option | ||
for "configure.in" script to enable as much warnings as possible. | ||
Your patch should produce no new warnings and if you'll | ||
see something that you can fix, then do it. | ||
|
||
- Check for memory leaks. There is a built in support for | ||
valgrind (http://devel-home.kde.org/~sewardj/). In order to use it, | ||
use "enable_static_linking" option for "configure.in" script to | ||
force static linking of xmlsec command line utility and run | ||
"make memcheck" from the top xmlsec source folder. The results are printed | ||
at the end. More detailed logs could be found in /tmp/test*.log files. | ||
|
||
2) Coding practice | ||
- You should trust nobody! Anyone can fool you: user or another application | ||
might provide you incorrect data; call to xmlsec or system function might | ||
fail with an error code; worse, the same call might fail but the return | ||
code is "success" and so on. The patch fixes a lot of places where the | ||
original code failed to check input data or function return values. | ||
One of my favorite examples is the code that *silently* assumed that | ||
base64 decoded value of a RSA public exponent obtained from XML fits | ||
in a DWORD. And after that the code did memcpy to copy from xmlSecBuffer | ||
to a DWORD variable *without* checking how much data are actualy copied! | ||
The trivial DoS attack (at least DoS!!!) is to put very long base64 string | ||
in XML file and enjoy the server crash. | ||
One of the strongest sides of xmlsec library is that there are very few | ||
known ways to crash it (and all of them are related to running the | ||
application in an environment with a very limited memory to force a malloc | ||
failure). To be a little paranoid is good in this context :) | ||
|
||
- malloc/free vs. xmlMalloc/xmlFree | ||
xmlsec library use libxml2 memory management functions. This provides an | ||
easy way to replace default memory management functions with custom ones. | ||
And this might be very usefull in some cases. | ||
Note that crypto library might use a different memory management | ||
functions! Be very carefully to do not mix them (i.e. get memory | ||
allocated by crypto library function and free it with xmFree). | ||
|
||
- Errors reporting (XMLSEC_ERRORS_R_XMLSEC_FAILED vs. XMLSEC_ERRORS_R_CRYPTO_FAILED) | ||
The correct usage rule is: | ||
if the failed function starts with "xmlSec" then use | ||
xmlSecInternalError() aka XMLSEC_ERRORS_R_XMLSEC_FAILED | ||
else if it is xmlMalloc/xmlFree/etc then use | ||
xmlSecMallocError() aka XMLSEC_ERRORS_R_MALLOC_FAILED | ||
else if the function starts with "xml" or "xslt" (i.e. it comes | ||
from libxml or libxslt) then use | ||
xmlSecXmlError/xmlSecXmlParserError aka XMLSEC_ERRORS_R_XML_FAILED | ||
else if it is related to IO (fopen, fread, fwrite, etc.) then use | ||
XMLSEC_ERRORS_R_IO_FAILED | ||
else if the function could be used only from xmlsec-crypto (i.e. | ||
it is crypto engine related) then use | ||
xmlSecOpenSSLError/... aka XMLSEC_ERRORS_R_CRYPTO_FAILED | ||
else if there is another reason (invalid data, invalid size, etc.) | ||
corresponding error reason should be used | ||
else | ||
it is something new and should be discussed | ||
fi | ||
Correct error reason is very important. For example, some applications | ||
ignore all the XMLSEC_ERRORS_R_XMLSEC_FAILED errors to get to the bottom of | ||
the errors stack and report the actual problem. | ||
|
||
- Errors reporting: "size=%d;error=%d" instead of "size %d, error: %d": | ||
It would be great if xmlsec-crypto libraries can follow the error message | ||
standard adopted in the other files of xmlsec library: | ||
"<name1>=<value1>;<name2>=<value2>;..." | ||
This greatly helps when one needs to write a logs parser. For example, to | ||
find the reason of memory allocation failures. | ||
|
||
3) Preparing and submitting a patch. | ||
If you want to submit a patch please create a pull request on GitHub and then | ||
send your pull request along with a short description of the problem or feature | ||
you are fixing/implementing to the xmlsec@aleksey.com mailing list | ||
(you must be subscribed to the list, go to http://www.aleksey.com/mailman/listinfo/xmlsec to subscribe). | ||
If you are fixing a bug, it might be a good idea to create a GitHub ticket first | ||
(http://www.aleksey.com/xmlsec/bugs.html) for the record. | ||
|
||
4) Building a release | ||
- Cleanup, make sure no other changes are pending | ||
- make distclean | ||
- git status | ||
- Update Changelog | ||
- Write about release changes in the release | ||
- docs/index.html and docs/news.html | ||
- Update release number in | ||
- configure.in (2 places at the top) | ||
- docs/download.html | ||
- Create build | ||
- ./autogen.sh | ||
- make | ||
- Build docs (watch for errors!) | ||
- make docs | ||
- Commit the "prepare for X.Y.Z" release | ||
- git commit -m"prepare for X.Y.Z release" -a | ||
- Run tests, make sure everything is OK | ||
- make check | ||
- Build release | ||
- sudo ./scripts/build_release.sh | ||
- Extract tar file, make sure it works | ||
- cd /tmp | ||
- tar xvfz /usr/src/redhat/SOURCE/xmlsec1-X.Y.z.tar.gz | ||
- cd xmlsec1-X.Y.z | ||
- ./configure | ||
- make | ||
- make check | ||
- Copy tar file to FTP/Web Download | ||
- Copy docs/ folder to Web folder | ||
- Write an announcement email to xmlsec@aleksey.com | ||
- Update freshmeat.net | ||
- Relax | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
https://github.com/lsh123/xmlsec | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,47 +1,2 @@ | ||
Compilation | ||
See README.md | ||
|
||
1. How to compile XMLSec? | ||
|
||
As most UNIX libraries XMLSec follows the "standard": | ||
|
||
gunzip -c xmlsec-xxx.tar.gz | tar xvf - | ||
cd xmlsec-xxxx | ||
./configure --help | ||
|
||
to see the options, then the compilation/installation proper | ||
|
||
./configure [possible options] | ||
make | ||
make install | ||
|
||
Probably you may have to rerun ldconfig or similar utility to | ||
update your list of installed shared libs. At this point you can check | ||
that the library is compiled successfully by running | ||
|
||
make check | ||
|
||
Alternatively there are several community maintained ports to CMake | ||
build system: | ||
|
||
* https://github.com/vmiklos/odfsig/tree/master/extern/xmlsec | ||
|
||
* https://github.com/microsoft/vcpkg/tree/master/ports/xmlsec | ||
|
||
|
||
2.What other libraries are needed to compile/install XMLSec? | ||
XMLSec requires following libraries: | ||
|
||
LibXML2 (http://xmlsoft.org): a very powerfull XML parsing and | ||
manipulating library | ||
LibXSLT (http://xmlsoft.org/XSLT/): a nice XSLT processor based | ||
on LibXML2 | ||
OpenSSL (http://www.openssl.org): well known cryptographic library | ||
|
||
If you are running a Linux system then there is a good chance that | ||
you already have all libraries installed. Also XMLSec requires the | ||
normal C ANSI API (please report any violation to this rule you may find). | ||
|
||
|
||
Aleksey Sanin <aleksey@aleksey.com> | ||
|
||
$Id$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
Check ChangeLog file :) | ||
See https://www.aleksey.com/xmlsec/news.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
# XMLSec Library | ||
|
||
XMLSec library provides C based implementation for major XML Security | ||
standards: | ||
- [XML Signature Syntax and Processing](https://www.w3.org/TR/xmldsig-core) | ||
- [XML Encryption Syntax and Processing](https://www.w3.org/TR/xmlenc-core/) | ||
|
||
## Documentation | ||
Complete XMLSec library documentation is published on [XMLSec website](https://www.aleksey.com/xmlsec/). | ||
|
||
## License | ||
XMLSec library is released under the MIT Licence (see the [Copyright file](Copyright). | ||
|
||
## Building and installing XMLSec | ||
|
||
### Prerequisites | ||
XMLSec requires the following libraries: | ||
- [LibXML2](http://xmlsoft.org) | ||
- [LibXSLT](http://xmlsoft.org/XSLT/) | ||
|
||
And at least one of the following cryptographic libraries: | ||
- [OpenSSL](http://www.openssl.org) | ||
- [NSS](https://firefox-source-docs.mozilla.org/security/nss/index.html) | ||
- [GCrypt/GnuTLS](https://www.gnutls.org/) | ||
- MS Crypto API (Windows only) | ||
- MS Crypto API NG (Windows only) | ||
|
||
For example, the following packages need to be installed on Ubuntu to build | ||
XMLSec library: | ||
``` | ||
# common build tools | ||
apt install automake autoconf libtool libtool-bin gcc | ||
# ltdl is required to support dynamic crypto libs loading | ||
apt install libltdl7 libltdl-dev | ||
# core libxml2 and libxslt libraries | ||
apt install libxml2 libxml2-dev libxslt1.1 libxslt1-dev | ||
# openssl libraries | ||
apt install libssl1.1 libssl-dev | ||
# nspr/nss libraries | ||
apt install libnspr4 libnspr4-dev libnss3 libnss3-dev libnss3-tools | ||
# gcrypt/gnutls libraries | ||
apt install libgcrypt20 libgcrypt20-dev libgnutls28-dev | ||
# required for building man pages and docs | ||
apt install help2man man2html gtk-doc-tools | ||
``` | ||
|
||
### Building XMLSec on Linux, Unix, MacOSX, MinGW, Cygwin, etc | ||
|
||
To build and install XMLSec library on Unix-like systems run the following commands: | ||
|
||
``` | ||
gunzip -c xmlsec1-xxx.tar.gz | tar xvf - | ||
cd xmlsec1-xxxx | ||
./configure [possible options] | ||
make | ||
make check | ||
make install | ||
``` | ||
|
||
To see the configuration options, run: | ||
|
||
``` | ||
./configure --help | ||
``` | ||
|
||
|
||
### Building XMLSec on Windows | ||
|
||
See [win32/README.txt](win32/README.txt) for details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
https://github.com/lsh123/xmlsec/issues | ||
See https://github.com/lsh123/xmlsec/issues |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.