From b6d17e8c82c382da44d82731b8803be593cbc0bc Mon Sep 17 00:00:00 2001
From: Joshua Nitschke <JoshuaNitschke@gmail.com>
Date: Tue, 26 Nov 2024 15:24:33 -0800
Subject: [PATCH 1/2] add features

---
 Cargo.toml            |  6 +++++-
 src/crypto/openssl.rs | 24 ++++++++++++++++++------
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 947447f..fc61325 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,4 +19,8 @@ lazy_static = {version = "^1.4"}
 
 [build-dependencies]
 pkg-config = {version = "^0.3"}
-bindgen    = {version = "^0.65"}
+bindgen    = {version = "^0.70"}
+
+[features]
+MD5 = []
+AesGcm = []
\ No newline at end of file
diff --git a/src/crypto/openssl.rs b/src/crypto/openssl.rs
index 041aae0..5b4e071 100644
--- a/src/crypto/openssl.rs
+++ b/src/crypto/openssl.rs
@@ -11,9 +11,12 @@ pub enum XmlSecSignatureMethod
     Aes128Cbc,
     Aes192Cbc,
     Aes256Cbc,
-    // Aes128Gcm,
-    // Aes192Gcm,
-    // Aes256Gcm,
+    #[cfg(feature = "AesGcm")]
+    Aes128Gcm,
+    #[cfg(feature = "AesGcm")]
+    Aes192Gcm,
+    #[cfg(feature = "AesGcm")]
+    Aes256Gcm,
     KWAes128,
     KWAes192,
     KWAes256,
@@ -26,6 +29,7 @@ pub enum XmlSecSignatureMethod
     EcdsaSha256,
     EcdsaSha384,
     EcdsaSha512,
+    #[cfg(feature = "MD5")]
     HmacMd5,
     HmacRipemd160,
     HmacSha1,
@@ -33,8 +37,10 @@ pub enum XmlSecSignatureMethod
     HmacSha256,
     HmacSha384,
     HmacSha512,
+    #[cfg(feature = "MD5")]
     Md5,
     Ripemd160,
+    #[cfg(feature = "MD5")]
     RsaMd5,
     RsaRipemd160,
     RsaSha1,
@@ -62,9 +68,12 @@ impl XmlSecSignatureMethod
             Self::Aes128Cbc     => unsafe { bindings::xmlSecOpenSSLTransformAes128CbcGetKlass() },
             Self::Aes192Cbc     => unsafe { bindings::xmlSecOpenSSLTransformAes192CbcGetKlass() },
             Self::Aes256Cbc     => unsafe { bindings::xmlSecOpenSSLTransformAes256CbcGetKlass() },
-            // Self::Aes128Gcm     => unsafe { bindings::xmlSecOpenSSLTransformAes128GcmGetKlass() },
-            // Self::Aes192Gcm     => unsafe { bindings::xmlSecOpenSSLTransformAes192GcmGetKlass() },
-            // Self::Aes256Gcm     => unsafe { bindings::xmlSecOpenSSLTransformAes256GcmGetKlass() },
+            #[cfg(feature = "AesGcm")]
+            Self::Aes128Gcm     => unsafe { bindings::xmlSecOpenSSLTransformAes128GcmGetKlass() },
+            #[cfg(feature = "AesGcm")]
+            Self::Aes192Gcm     => unsafe { bindings::xmlSecOpenSSLTransformAes192GcmGetKlass() },
+            #[cfg(feature = "AesGcm")]
+            Self::Aes256Gcm     => unsafe { bindings::xmlSecOpenSSLTransformAes256GcmGetKlass() },
             Self::KWAes128      => unsafe { bindings::xmlSecOpenSSLTransformKWAes128GetKlass() },
             Self::KWAes192      => unsafe { bindings::xmlSecOpenSSLTransformKWAes192GetKlass() },
             Self::KWAes256      => unsafe { bindings::xmlSecOpenSSLTransformKWAes256GetKlass() },
@@ -77,6 +86,7 @@ impl XmlSecSignatureMethod
             Self::EcdsaSha256   => unsafe { bindings::xmlSecOpenSSLTransformEcdsaSha256GetKlass() },
             Self::EcdsaSha384   => unsafe { bindings::xmlSecOpenSSLTransformEcdsaSha384GetKlass() },
             Self::EcdsaSha512   => unsafe { bindings::xmlSecOpenSSLTransformEcdsaSha512GetKlass() },
+            #[cfg(feature = "MD5")]
             Self::HmacMd5       => unsafe { bindings::xmlSecOpenSSLTransformHmacMd5GetKlass() },
             Self::HmacRipemd160 => unsafe { bindings::xmlSecOpenSSLTransformHmacRipemd160GetKlass() },
             Self::HmacSha1      => unsafe { bindings::xmlSecOpenSSLTransformHmacSha1GetKlass() },
@@ -84,8 +94,10 @@ impl XmlSecSignatureMethod
             Self::HmacSha256    => unsafe { bindings::xmlSecOpenSSLTransformHmacSha256GetKlass() },
             Self::HmacSha384    => unsafe { bindings::xmlSecOpenSSLTransformHmacSha384GetKlass() },
             Self::HmacSha512    => unsafe { bindings::xmlSecOpenSSLTransformHmacSha512GetKlass() },
+            #[cfg(feature = "MD5")]
             Self::Md5           => unsafe { bindings::xmlSecOpenSSLTransformMd5GetKlass() },
             Self::Ripemd160     => unsafe { bindings::xmlSecOpenSSLTransformRipemd160GetKlass() },
+            #[cfg(feature = "MD5")]
             Self::RsaMd5        => unsafe { bindings::xmlSecOpenSSLTransformRsaMd5GetKlass() },
             Self::RsaRipemd160  => unsafe { bindings::xmlSecOpenSSLTransformRsaRipemd160GetKlass() },
             Self::RsaSha1       => unsafe { bindings::xmlSecOpenSSLTransformRsaSha1GetKlass() },

From 21f2ecbf7bc75747167a00448b08b2364de86145 Mon Sep 17 00:00:00 2001
From: Joshua Nitschke <JoshuaNitschke@gmail.com>
Date: Wed, 27 Nov 2024 02:33:58 -0800
Subject: [PATCH 2/2] try to get the MAC github build working

---
 Cargo.toml  |  4 +++-
 src/keys.rs | 35 +++++++++++++++++++++++++++++++++--
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index fc61325..cd0d537 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,4 +23,6 @@ bindgen    = {version = "^0.70"}
 
 [features]
 MD5 = []
-AesGcm = []
\ No newline at end of file
+AesGcm = []
+xmlSecOpenSSLAppKeyLoad = []
+xmlSecOpenSSLAppKeyLoadEx = []
diff --git a/src/keys.rs b/src/keys.rs
index 7905de6..5d56205 100644
--- a/src/keys.rs
+++ b/src/keys.rs
@@ -44,6 +44,7 @@ impl XmlSecKey
 {
     /// Load key from file by specifying path, its format in the file, and optionally the password required to
     /// decrypt/unlock.
+    #[cfg(feature = "xmlSecOpenSSLAppKeyLoad")]
     pub fn from_file(path: &str, format: XmlSecKeyFormat, password: Option<&str>) -> XmlSecResult<Self>
     {
         // TODO deprecate internals for Rust read-from-file and then loading with `from_memory`
@@ -73,6 +74,36 @@ impl XmlSecKey
         Ok(Self(key))
     }
 
+    #[cfg(feature = "xmlSecOpenSSLAppKeyLoadEx")]
+    pub fn from_file(path: &str, format: XmlSecKeyDataType, password: Option<&str>) -> XmlSecResult<Self>
+    {
+        // TODO deprecate internals for Rust read-from-file and then loading with `from_memory`
+
+        crate::xmlsec::guarantee_xmlsec_init();
+
+        // TODO proper sanitization/error handling of input
+        let cpath   = CString::new(path).unwrap();
+        let cpasswd = password.map(|p| CString::new(p).unwrap());
+
+        let cpasswd_ptr = cpasswd.map(|cstr| cstr.as_ptr())
+            .unwrap_or(null());
+
+        // Load key from file
+        let key = unsafe { bindings::xmlSecOpenSSLAppKeyLoadEx(
+            cpath.as_ptr(),
+            format as u32,
+            cpasswd_ptr,
+            null_mut(),
+            null_mut()
+        ) };
+
+        if key.is_null() {
+            return Err(XmlSecError::KeyLoadError);
+        }
+
+        Ok(Self(key))
+    }
+
     /// Load key from buffer in memory, specifying format and optionally the password required to decrypt/unlock.
     pub fn from_memory(buffer: &[u8], format: XmlSecKeyFormat, password: Option<&str>) -> XmlSecResult<Self>
     {
@@ -87,7 +118,7 @@ impl XmlSecKey
         // Load key from buffer
         let key = unsafe { bindings::xmlSecOpenSSLAppKeyLoadMemory(
             buffer.as_ptr(),
-            buffer.len() as u32,
+            (buffer.len() as u32).try_into().unwrap(),
             format as u32,
             cpasswd_ptr,
             null_mut(),
@@ -122,7 +153,7 @@ impl XmlSecKey
             bindings::xmlSecOpenSSLAppKeyCertLoadMemory(
                 self.0,
                 buff.as_ptr(),
-                buff.len() as u32,
+                (buff.len() as u32).try_into().unwrap(),
                 format as u32
             )
         };