GNOME Bugzilla – Bug 142105
new crypto namespace and hash functions for libexslt
Last modified: 2009-08-15 18:40:50 UTC
Malcolm Tredinnick <malcolm@commsecure.com.au> recommended i create a tracking bug for the following patch (posted to xslt.gnome.org mailing list as well) the attached patch implements a new crypto namespace for libexslt. the following stylesheet shows the 3 implemented functions: md5sum, sha1sum, and ripemd160sum: <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:crypto="http://exslt.org/crypto" extension-element-prefixes="crypto"> <xsl:template match="foo/bar"> md5sum=<xsl:value-of select="crypto:md5sum(.)"/> sha1sum=<xsl:value-of select="crypto:sha1sum(.)"/> ripemd160sum=<xsl:value-of select="crypto:ripemd160sum(.)"/> </xsl:template> </xsl:stylesheet> the patch makes libexslt and by extension ;) xsltproc dependent on openssl. if this is acceptable, please accept this patch for inclusion. if not, let me know what i can do to fix any blocking issues. thanks! i hope in the future other crypto functions can be added to this namespace.
Created attachment 27472 [details] [review] implement md5sum,sha1sum, and ripemd160sum extension functions
Small problem with the patch, it will break the build if the openssl development environment is not present. Can you tell me more about the PKG_CHECK_MODULES(OPENSSL, openssl) test in the configure.in, is there a way to have a HAVE_OPENSSL macro defined if present and not defined otherwise. Then the C module should conditionally compile the openssl code or not. I don't think I can integrate the patch as-is, but with conditional compilation provided then, I think it would be possible, Daniel
Daniel, i'm attaching a new version of this patch (version 0.3) that only compiles the crypto code in if openssl is found. when not found ./configure says: checking for openssl... Package openssl was not found in the pkg-config search path. Perhaps you should add the directory containing `openssl.pc' to the PKG_CONFIG_PATH environment variable No package 'openssl' found configure: crypto extensions will not be available. i used: PKG_CHECK_MODULES(OPENSSL, openssl, HAVE_OPENSSL=1, AC_MSG_NOTICE(crypto extensions will not be available.) ) AC_DEFINE(HAVE_OPENSSL)
Created attachment 27556 [details] [review] version 0.3 - conditionally compile in crypto.c code
Looks better, the C code needed some cleanup, but it's stuck on the configure.in code: gnome:~/XSLT -> autoheader WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' WARNING: and `config.h.top', to define templates for `config.h.in' WARNING: is deprecated and discouraged. WARNING: Using the third argument of `AC_DEFINE' and WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without WARNING: `acconfig.h': WARNING: AC_DEFINE([NEED_MAIN], 1, WARNING: [Define if a function `main' is needed.]) WARNING: More sophisticated templates can also be produced, see the WARNING: documentation. autoheader: missing template: HAVE_OPENSSL Use AC_DEFINE([HAVE_OPENSSL], [], [Description])gnome:~/XSLT -> gnome:~/XSLT -> rpm -q openssl-devel openssl-devel-0.9.7a-33.10 gnome:~/XSLT -> and nothing is added in terms of HAVE_OPENSSL in the config.h.in That's a bad start, I'm a bit dubious about the portability of the PKG_CHECK_MODULES , can you rewrite the test without relying on the PKG stuff ? thanks, Daniel
ok, Daniel. I can say that I did not use autoheader, just aclocal && autoconf && automake; ./configure when testing my changes. i will retest with autoheader as well (probably an easy fix). regarding PKG_CHECK_MODULES, i believe its the preferred new approach, but you are right that if pkg-config is not in the path and openssl.pc somewhere in PKG_CONFIG_PATH, it won't work, even if the library is installed. may i first address the autoheader issue? (i'm on a debian box, btw)
Well maybe the PKG_CHECK_MODULES is fine, but so far it's not working for me. The standard way to build the configure is autogen.sh . It should work that way and it didn't, and if it doesn't work for me I can hardly push that on others ... Daniel
ok, so without running aclocal again i get Warning: Missing libxml2-python ./configure: line 21828: syntax error near unexpected token `OPENSSL,' ./configure: line 21828: `PKG_CHECK_MODULES(OPENSSL, openssl, HAVE_OPENSSL=1,' aclocal adds the m4 macro for PKG_CHECK_MODULES. up until now, i've been using libxslt-1.1.6.tar.gz, but that doesn't include autogen.sh, so fetching from CVS to test with that instead of my original "aclocal && autoconf && automake; ./configure" testing.
Created attachment 27564 [details] [review] fixed for autoheader && /bin/sh autogen.sh && make usage
Hum, the direct link to openssl seems to be a problem anyway http://mail.gnome.org/archives/xslt/2004-May/thread.html please join the xslt@gnome.org list to discuss the topic, thanks, Daniel
Created attachment 28131 [details] [review] dynamically load crypto on nix I reworked my exslt crypto namespace patch to dynamically load openssl to implement MD5 and SHA1 hashing. This patch uses ltdl per Aleksey's advice (http://mail.gnome.org/archives/xml/2004-May/msg00103.html) If it looks good, a libltdl directory would also need to be created and populated with the command "libtoolize --ltdl" per http://www.gnu.org/software/libtool/manual.html#TOC52 finally, on win32, the patch uses CryptoApi, which _seems_ to be the best win32 solution.
Created attachment 28351 [details] [review] more commenting and code cleanup, add crypto:md2, remove "sum" from method names I've commented all the functions now, added md2 hashing function, and removed "sum" from the method names (it seemed superfluous). I still wish there was a exsltFooUnregister method available which would help optimize the *nix dynamic crypto loading code.
a new sample usage stylesheet <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:crypto="http://exslt.org/crypto" extension-element-prefixes="crypto"> <xsl:template match="editor/plaintext"> md2=<xsl:value-of select="crypto:md2(.)"/> md5=<xsl:value-of select="crypto:md5(.)"/> sha1=<xsl:value-of select="crypto:sha1(.)"/> </xsl:template> </xsl:stylesheet>
Created attachment 28956 [details] [review] use libgcrypt instead of openssl, add rc4_encrypt and rc4_decrypt functions will discuss patch on xslt mailing list.
updated test stylesheet <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:crypto="http://exslt.org/crypto" extension-element-prefixes="crypto"> <xsl:template match="editor/plaintext"> md4=<xsl:value-of select="crypto:md4(.)"/> md5=<xsl:value-of select="crypto:md5(.)"/> sha1=<xsl:value-of select="crypto:sha1(.)"/> rc4_encrypt=<xsl:value-of select="crypto:rc4_encrypt('samplekey', 'sampletext')"/> rc4_decrypt=<xsl:value-of select="crypto:rc4_decrypt('samplekey', crypto:rc4_encrypt('samplekey', 'sampletext'))"/> </xsl:template> </xsl:stylesheet>
Created attachment 29119 [details] [review] fix configure breakage when libgcrypt-dev not present when no libgcrypt dev installed you get: checking for libgcrypt-config... no configure: Crypto extensions will not be available. Install libgcrypt and reconfigure to make available.
Okay, commited the last patch in CVS looks fine .. Daniel
This should be closed in libxslt-1.1.8, thanks, Daniel