[xmltooling] 08/24: Remove redundant OpenSSL EC test/macro.

Etienne Dysli Metref edm-guest at moszumanska.debian.org
Fri Jan 12 15:53:57 UTC 2018 

This is an automated email from the git hooks/post-receive script.

edm-guest pushed a commit to branch master
in repository xmltooling.

commit 886d66a9e7d6d3da20a3c0d04a6fdc8e981e8e60
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Mon Nov 27 17:52:48 2017 -0500

    Remove redundant OpenSSL EC test/macro.
---
 configure.ac                                        |  3 ---
 xmltooling/security/OpenSSLSecurityHelper.h         |  7 +------
 xmltooling/security/impl/ExplicitKeyTrustEngine.cpp |  8 +-------
 xmltooling/security/impl/InlineKeyResolver.cpp      |  3 +++
 xmltooling/security/impl/OpenSSLSecurityHelper.cpp  |  9 ++-------
 xmltooling/security/impl/SecurityHelper.cpp         | 18 ++++++------------
 xmltoolingtest/InlineKeyResolverTest.h              |  7 ++-----
 7 files changed, 15 insertions(+), 40 deletions(-)

diff --git a/configure.ac b/configure.ac
index 5202d1b..baf60e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -248,9 +248,6 @@ if test x_$with_xmlsec != x_no; then
     AC_CHECK_DECL(EVP_sha512,
         [AC_DEFINE([XMLTOOLING_OPENSSL_HAVE_SHA2],[1],[Define to 1 if OpenSSL supports the SHA-2 hash family.])],
 		,[#include <openssl/evp.h>])
-    AC_CHECK_DECL(EVP_PKEY_set1_EC_KEY,
-        [AC_DEFINE([XMLTOOLING_OPENSSL_HAVE_EC],[1],[Define to 1 if OpenSSL has EC support.])],
-        ,[#include <openssl/evp.h>])
 
     # restore master libs
     LIBS="$save_LIBS"
diff --git a/xmltooling/security/OpenSSLSecurityHelper.h b/xmltooling/security/OpenSSLSecurityHelper.h
index 5b63234..68c9f50 100644
--- a/xmltooling/security/OpenSSLSecurityHelper.h
+++ b/xmltooling/security/OpenSSLSecurityHelper.h
@@ -32,11 +32,6 @@
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
-# include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
-#endif
-
-
 namespace xmltooling {
     /**
      * A helper class for working with OpenSSL keys.
@@ -55,7 +50,7 @@ namespace xmltooling {
         static bool matchesPrivate(const RSA* rsa, const XSECCryptoKey& key);
         static bool matchesPublic(const DSA* dsa1, const XSECCryptoKey& key);
         static bool matchesPrivate(const DSA* dsa, const XSECCryptoKey& key);
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
         static bool matchesPublic(const EC_KEY* ec, const XSECCryptoKey& key);
         static bool matchesPrivate(const EC_KEY* ec, const XSECCryptoKey& key);
 #endif
diff --git a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
index 5024142..82aa094 100644
--- a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
+++ b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
@@ -41,12 +41,6 @@
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
 
-#ifdef WIN32
-# if (OPENSSL_VERSION_NUMBER >= 0x00907000)
-#  define XMLTOOLING_OPENSSL_HAVE_EC 1
-# endif
-#endif
-
 #include "security/OpenSSLSecurityHelper.h"
 #include <openssl/ec.h>
 
@@ -287,7 +281,7 @@ bool ExplicitKeyTrustEngine::validate(
                 break;
             }
         }
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
         else if (EVP_PKEY_id(evp) == EVP_PKEY_EC) {
             found = OpenSSLSecurityHelper::matchesPublic(EVP_PKEY_get0_EC_KEY(evp), *key);
             if (found) {
diff --git a/xmltooling/security/impl/InlineKeyResolver.cpp b/xmltooling/security/impl/InlineKeyResolver.cpp
index 3bb06e2..3243933 100644
--- a/xmltooling/security/impl/InlineKeyResolver.cpp
+++ b/xmltooling/security/impl/InlineKeyResolver.cpp
@@ -294,6 +294,7 @@ bool InlineCredential::resolveKey(const KeyInfo* keyInfo, bool followRefs)
                 return true;
             }
 
+#ifdef XSEC_OPENSSL_HAVE_EC
             ECKeyValue* eckv = i->getECKeyValue();
             if (eckv && eckv->getNamedCurve() && eckv->getPublicKey()) {
                 log.warn("resolving ds11:ECKeyValue");
@@ -306,6 +307,8 @@ bool InlineCredential::resolveKey(const KeyInfo* keyInfo, bool followRefs)
                     return true;
                 }
             }
+#endif
+
         }
         catch (ValidationException& ex) {
             log.warn("skipping invalid ds:KeyValue (%s)", ex.what());
diff --git a/xmltooling/security/impl/OpenSSLSecurityHelper.cpp b/xmltooling/security/impl/OpenSSLSecurityHelper.cpp
index e4d3a8c..624e1b4 100644
--- a/xmltooling/security/impl/OpenSSLSecurityHelper.cpp
+++ b/xmltooling/security/impl/OpenSSLSecurityHelper.cpp
@@ -30,17 +30,12 @@
 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
+#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
 
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
-#ifdef WIN32
-# if (OPENSSL_VERSION_NUMBER >= 0x00907000)
-#  define XMLTOOLING_OPENSSL_HAVE_EC 1
-# endif
-#endif
-
 #include "security/OpenSSLSecurityHelper.h"
 
 #if !defined(XMLTOOLING_NO_XMLSEC) && defined (XSEC_HAVE_OPENSSL)
@@ -84,7 +79,7 @@ bool OpenSSLSecurityHelper::matchesPrivate(const DSA* dsa, const XSECCryptoKey&
     const DSA* dsa2 = static_cast<const OpenSSLCryptoKeyDSA&>(key).getOpenSSLDSA();
     return (dsa && dsa2 && BN_cmp(DSA_get0_privkey(dsa), DSA_get0_privkey(dsa2)) == 0);
 }
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
 bool OpenSSLSecurityHelper::matchesPublic(const EC_KEY* ec, const XSECCryptoKey& key)
 {
     // If one key is public or both, just compare the public key half.
diff --git a/xmltooling/security/impl/SecurityHelper.cpp b/xmltooling/security/impl/SecurityHelper.cpp
index 96214ff..5f817f2 100644
--- a/xmltooling/security/impl/SecurityHelper.cpp
+++ b/xmltooling/security/impl/SecurityHelper.cpp
@@ -45,12 +45,6 @@
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
 #include <xercesc/util/Base64.hpp>
 
-#ifdef WIN32
-# if (OPENSSL_VERSION_NUMBER >= 0x00907000)
-#  define XMLTOOLING_OPENSSL_HAVE_EC 1
-# endif
-#endif
-
 #include "security/OpenSSLSecurityHelper.h"
 
 using namespace xmltooling::logging;
@@ -214,7 +208,7 @@ XSECCryptoKey* SecurityHelper::loadKeyFromFile(const char* pathname, const char*
                 ret=new OpenSSLCryptoKeyDSA(pkey);
                 break;
 
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
             case EVP_PKEY_EC:
                 ret=new OpenSSLCryptoKeyEC(pkey);
                 break;
@@ -496,7 +490,7 @@ bool SecurityHelper::matches(const XSECCryptoKey& key1, const XSECCryptoKey& key
         return OpenSSLSecurityHelper::matchesPrivate(static_cast<const OpenSSLCryptoKeyDSA&>(key1).getOpenSSLDSA(), key2);
     }
 
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
     if (key1.getKeyType()==XSECCryptoKey::KEY_EC_PUBLIC || key1.getKeyType()==XSECCryptoKey::KEY_EC_PAIR) {
         return OpenSSLSecurityHelper::matchesPublic(static_cast<const OpenSSLCryptoKeyEC&>(key1).getOpenSSLEC(), key2);
     }
@@ -562,7 +556,7 @@ string SecurityHelper::getDEREncoding(const XSECCryptoKey& key, const char* hash
 
     const RSA* rsa = nullptr;
     const DSA* dsa = nullptr;
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
     const EC_KEY* ec = nullptr;
 #endif
 
@@ -580,7 +574,7 @@ string SecurityHelper::getDEREncoding(const XSECCryptoKey& key, const char* hash
             return ret;
         }
     }
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
     else if (key.getKeyType() == XSECCryptoKey::KEY_EC_PUBLIC || key.getKeyType() == XSECCryptoKey::KEY_EC_PAIR) {
         ec = static_cast<const OpenSSLCryptoKeyEC&>(key).getOpenSSLEC();
         if (!ec) {
@@ -618,7 +612,7 @@ string SecurityHelper::getDEREncoding(const XSECCryptoKey& key, const char* hash
         i2d_RSA_PUBKEY_bio(chain, const_cast<RSA*>(rsa));
     else if (dsa)
         i2d_DSA_PUBKEY_bio(chain, const_cast<DSA*>(dsa));
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
     else
         i2d_EC_PUBKEY_bio(chain, const_cast<EC_KEY*>(ec));
 #endif
@@ -760,7 +754,7 @@ XSECCryptoKey* SecurityHelper::fromDEREncoding(const char* buf, unsigned long bu
                     ret = new OpenSSLCryptoKeyDSA(pkey);
                     break;
 
-#ifdef XMLTOOLING_OPENSSL_HAVE_EC
+#ifdef XSEC_OPENSSL_HAVE_EC
                 case EVP_PKEY_EC:
                     ret = new OpenSSLCryptoKeyEC(pkey);
                     break;
diff --git a/xmltoolingtest/InlineKeyResolverTest.h b/xmltoolingtest/InlineKeyResolverTest.h
index 9a8bcd0..2e99fb9 100644
--- a/xmltoolingtest/InlineKeyResolverTest.h
+++ b/xmltoolingtest/InlineKeyResolverTest.h
@@ -40,10 +40,6 @@ extern "C" {
 #endif
 }
 
-// Force XMLSEC to assume OpenSSL
-#define XSEC_HAVE_OPENSSL 1
-#define XSEC_OPENSSL_HAVE_EC (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-
 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
@@ -129,6 +125,7 @@ public:
 
     }
 
+#ifdef XSEC_OPENSSL_HAVE_EC
     void testOpenSSLEC() {
 
         string path=data_path + "KeyInfoEC.xml";
@@ -167,7 +164,7 @@ public:
         bool worked = sslCredFromKeyInfo->verifyBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], len);
         TSM_ASSERT("EC Round Trip Signature via KeyInfo Failed", worked);
     }
-
+#endif
 
     void testOpenSSLRSA() {
         string path=data_path + "KeyInfo1.xml";

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/xmltooling.git

More information about the Pkg-shibboleth-devel mailing list