summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKurt Zenker <kz@openoffice.org>2009-10-14 16:21:13 +0000
committerKurt Zenker <kz@openoffice.org>2009-10-14 16:21:13 +0000
commit618a4653360de8d1584d9ece2288b475054eac78 (patch)
tree9b64d362c97ab7b1bc4da9c5f5c418729158a23b
parent94fb4f0e7a46d03e57da9156188201882d967aa6 (diff)
CWS-TOOLING: integrate CWS jl135_nss
2009-10-01 15:20:03 +0200 jl r276605 : #1004856# moved to xmlsec1-mingw32.patch 2009-10-01 10:51:24 +0200 jl r276580 : #1004856# build keymgr with mingw 2009-10-01 10:50:52 +0200 jl r276579 : #1004856# build keymgr with mingw 2009-10-01 10:37:28 +0200 jl r276578 : #1004856# do not build xmlsec1 app 2009-09-29 16:01:31 +0200 jl r276532 : #1004856# Using libxml2 from solver if available 2009-09-26 16:31:32 +0200 jl r276477 : #i104856# xmlsec1-mscrypto-1 is now xmlsec1-mscrypto 2009-09-25 17:05:26 +0200 jl r276470 : CWS-TOOLING: rebase CWS jl135_nss to trunk@276429 (milestone: DEV300:m60) 2009-09-24 12:57:10 +0200 jl r276419 : #i104856# libxmlsec update 2009-09-24 12:46:58 +0200 jl r276418 : #i104856# fixing mac configure problem in configure.in and regenerating configure 2009-09-23 16:49:54 +0200 jl r276405 : i#104856# configure failed on mac 2009-09-23 10:21:35 +0200 jl r276369 : #i104856# adapting patches to apply cleanly and readme change 2009-09-21 13:45:47 +0200 jl r276326 : #i104856 updating to 1.2.12, using changes patches from cmc made on xmlsec1_2_12 2009-09-21 11:27:46 +0200 jl r276319 : #i105183# forget to uncomment PATCH_FILES 2009-09-18 17:41:20 +0200 jl r276296 : #i105183# update of nss libs
-rw-r--r--libxmlsec/makefile.mk40
-rw-r--r--libxmlsec/readme.txt50
-rw-r--r--libxmlsec/xmlsec1-1.2.6-mingwport24.patch23
-rw-r--r--libxmlsec/xmlsec1-1.2.6.patch15293
-rw-r--r--libxmlsec/xmlsec1-configure.patch288
-rw-r--r--libxmlsec/xmlsec1-customkeymanage.patch6086
-rw-r--r--libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch62
-rw-r--r--libxmlsec/xmlsec1-mingw32.patch764
-rw-r--r--libxmlsec/xmlsec1-noverify.patch59
-rw-r--r--libxmlsec/xmlsec1-nssdisablecallbacks.patch36
-rw-r--r--libxmlsec/xmlsec1-nssmangleciphers.patch1134
11 files changed, 8484 insertions, 15351 deletions
diff --git a/libxmlsec/makefile.mk b/libxmlsec/makefile.mk
index 2841bc487f78..d0b1b218afc2 100644
--- a/libxmlsec/makefile.mk
+++ b/libxmlsec/makefile.mk
@@ -46,26 +46,37 @@ EXTERNAL_WARNINGS_NOT_ERRORS := TRUE
# --- Files --------------------------------------------------------
-XMLSEC1VERSION=1.2.6
+XMLSEC1VERSION=1.2.12
TARFILE_NAME=$(PRJNAME)-$(XMLSEC1VERSION)
-PATCH_FILES=$(TARFILE_NAME).patch xmlsec1-1.2.6-mingwport24.patch
+
+#xmlsec1-configure.patch: Set up the build. Straightforward
+#configuration
+#xmlsec1-customkeymanage.patch: Could we do this alternatively outside xmlsec
+#xmlsec1-nssmangleciphers.patch: Dubious, do we still need this ?
+#xmlsec1-nssdisablecallbacks.patch: Dubious, do we still need this ?
+#xmlsec1-noverify.patch: As per readme.txt.
+#xmlsec1-mingw32.patch: Mingw32 support.
+#xmlsec1-mingw-customkeymanage-addmscrypto.patch builds the custom keymanager on mingw
+PATCH_FILES=\
+ xmlsec1-configure.patch \
+ xmlsec1-customkeymanage.patch \
+ xmlsec1-nssmangleciphers.patch \
+ xmlsec1-nssdisablecallbacks.patch \
+ xmlsec1-noverify.patch \
+ xmlsec1-mingw32.patch \
+ xmlsec1-mingw-keymgr-mscrypto.patch
ADDITIONAL_FILES= \
+ include$/xmlsec$/mscrypto$/akmngr.h \
+ src$/mscrypto$/akmngr.c \
include$/xmlsec$/nss$/akmngr.h \
include$/xmlsec$/nss$/ciphers.h \
include$/xmlsec$/nss$/tokens.h \
- include$/xmlsec$/mscrypto$/akmngr.h \
src$/nss$/akmngr.c \
- src$/mscrypto$/akmngr.c \
- src$/nss$/keytrans.c \
src$/nss$/keywrapers.c \
- src$/nss$/tokens.c \
- xmlsec-mscrypto.pc.in \
- include$/xmlsec$/mscrypto$/Makefile.in \
- src$/mscrypto$/Makefile.in \
- libxml2-config
+ src$/nss$/tokens.c
.IF "$(GUI)"=="WNT"
CRYPTOLIB=mscrypto
@@ -87,8 +98,9 @@ xmlsec_LIBS=-lmingwthrd
xmlsec_LIBS+=-lstdc++_s
.ENDIF
CONFIGURE_DIR=
-CONFIGURE_ACTION=chmod 777 libxml2-config && .$/configure
-CONFIGURE_FLAGS=--with-libxslt=no --with-openssl=no --with-gnutls=no --with-mozilla_ver=1.7.5 --with-mscrypto --build=i586-pc-mingw32 --host=i586-pc-mingw32 CC="$(xmlsec_CC)" CFLAGS="-D_MT" LDFLAGS="-no-undefined -L$(ILIB:s/;/ -L/)" LIBS="$(xmlsec_LIBS)" LIBXML2LIB=$(LIBXML2LIB) OBJDUMP="$(WRAPCMD) objdump"
+CONFIGURE_ACTION=.$/configure
+CONFIGURE_FLAGS=--with-libxslt=no --with-openssl=no --with-gnutls=no --with-mozilla_ver=1.7.5 --enable-mscrypto --build=i586-pc-mingw32 --host=i586-pc-mingw32 CC="$(xmlsec_CC)" CFLAGS="-D_MT" LDFLAGS="-no-undefined -L$(ILIB:s/;/ -L/)" LIBS="$(xmlsec_LIBS)" LIBXML2LIB=$(LIBXML2LIB) ZLIB3RDLIB=$(ZLIB3RDLIB) OBJDUMP="$(WRAPCMD) objdump"
+
.IF "$(SYSTEM_MOZILLA)" != "YES"
CONFIGURE_FLAGS+=--enable-pkgconfig=no
.ENDIF
@@ -141,7 +153,7 @@ LDFLAGS:=$(xmlsec_LDFLAGS)
.ENDIF
CONFIGURE_DIR=
-CONFIGURE_ACTION=chmod 777 libxml2-config && .$/configure ADDCFLAGS="$(xmlsec_CFLAGS)" CPPFLAGS="$(xmlsec_CPPFLAGS)"
+CONFIGURE_ACTION=.$/configure ADDCFLAGS="$(xmlsec_CFLAGS)" CPPFLAGS="$(xmlsec_CPPFLAGS)"
CONFIGURE_FLAGS=--with-pic --disable-shared --with-libxslt=no --with-openssl=no --with-gnutls=no LIBXML2LIB="$(LIBXML2LIB)"
# system-mozilla needs pkgconfig to get the information about nss
# FIXME: This also will enable pkg-config usage for libxml2. It *seems*
@@ -165,7 +177,7 @@ OUTDIR2INC=include$/xmlsec
.IF "$(OS)"=="WNT"
.IF "$(COM)"=="GCC"
OUT2LIB+=src$/.libs$/libxmlsec1.dll.a src$/nss$/.libs$/libxmlsec1-nss.dll.a src$/mscrypto$/.libs$/libxmlsec1-mscrypto.dll.a
-OUT2BIN+=src$/.libs$/libxmlsec1-1.dll src$/nss$/.libs$/libxmlsec1-nss-1.dll src$/mscrypto$/.libs$/libxmlsec1-mscrypto-1.dll
+OUT2BIN+=src$/.libs$/libxmlsec1.dll src$/nss$/.libs$/libxmlsec1-nss.dll src$/mscrypto$/.libs$/libxmlsec1-mscrypto.dll
.ELSE
OUT2LIB+=win32$/binaries$/*.lib
OUT2BIN+=win32$/binaries$/*.dll
diff --git a/libxmlsec/readme.txt b/libxmlsec/readme.txt
index 6217aef908a7..b518c6222687 100644
--- a/libxmlsec/readme.txt
+++ b/libxmlsec/readme.txt
@@ -1,24 +1,32 @@
-The XML Security library has been modified, so that there is NO verification
-of the certificate during sign or verification operation. On Windows this was
-done in the function xmlSecMSCryptoX509StoreVerify (file
-src/mscrypto/x509vfy.c) and on UNIX in xmlSecNssX509StoreVerify
-(file src/nss/x509vfy.c).
+The XML Security library has been modified, so that there is NO verification of
+the certificate during sign or verification operation. On Windows this was done
+in the function xmlSecMSCryptoX509StoreVerify (file src/mscrypto/x509vfy.c) and
+on UNIX in xmlSecNssX509StoreVerify (file src/nss/x509vfy.c).
-This change requires that the XML Signature contains in
-Signature/KeyInfo/X509Data only entries which represent the same
-certificate.
-The implementation creates certificates from all of the X509Data children
-(X509IssuerSerial, X509Certificate) and used to iterate over all certificates,
-verify them and return the first "good" certificate. Now the first one is
-used.
+The implementation creates certificates from all of the X509Data children, such
+as X509IssuerSerial and X509Certificate and stores them in a certificate store
+(see xmlsec/src/mscrypto/x509.c:xmlSecMSCryptoX509DataNodeRead). It must then
+find the certificate containing the public key which is used for validation
+within that store. This is done in xmlSecMSCryptoX509StoreVerify. This function
+however only takes those certificates into account which can be validated. This
+was changed by the patch xmlsec1-noverify.patch, which prevents this certificate
+validation.
+
+xmlSecMSCryptoX509StoreVerify iterates over all certificates contained or
+referenced in the X509Data elements and selects one which is no issuer of any of
+the other certificates. This certificate is not necessarily the one which was
+used for signing but it must contain the proper validation key, which is
+sufficient to validate the signature. See
+http://www.w3.org/TR/xmldsig-core/#sec-X509Data
+for details.
+
+There is a flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS that can be set
+in a xmlSecKeyInfoCtx (see function xmlSecNssKeyDataX509XmlRead, in file
+src/nss/x509.c), which indicates that one can turn of the validation. However,
+setting it will cause that the validation key is not found. If the flag is set,
+then the key is not extracted from the certificate store which contains all the
+certificates of the X509Data elements. In other words, the certificates which
+are delivered within the XML signature are not used when looking for suitable
+validation key.
-The X509IssuerSerial information is used by XML Security Library to find the
-certificate in the certificate store on the machine. The X509Certificate entry
-is used to create a certificate no matter if this is already contained in the
-certificate store.
-Do not forget: Suggest to XML Security Library to provide a way to carry out
-signature operations without verification of certificates. There is flag
-XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS that can be set in a
-xmlSecKeyInfoCtx (see function xmlSecNssKeyDataX509XmlRead, in file src/nss/x509.c),
-which indicates such a possibility but it does not work.
diff --git a/libxmlsec/xmlsec1-1.2.6-mingwport24.patch b/libxmlsec/xmlsec1-1.2.6-mingwport24.patch
deleted file mode 100644
index faa1ee233fd7..000000000000
--- a/libxmlsec/xmlsec1-1.2.6-mingwport24.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- misc/xmlsec1-1.2.6/configure 2009-09-18 17:19:00.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/configure 2009-09-18 17:18:43.000000000 +0200
-@@ -21749,6 +21749,10 @@
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-+case $host_os in
-+mingw*)
-+;;
-+*)
- echo "$as_me:$LINENO: checking for shl_load" >&5
- echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
- if test "${ac_cv_func_shl_load+set}" = set; then
-@@ -22299,7 +22303,8 @@
-
-
- fi
--
-+;;
-+esac
-
- if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes
- then
diff --git a/libxmlsec/xmlsec1-1.2.6.patch b/libxmlsec/xmlsec1-1.2.6.patch
deleted file mode 100644
index dc720e144c06..000000000000
--- a/libxmlsec/xmlsec1-1.2.6.patch
+++ /dev/null
@@ -1,15293 +0,0 @@
---- misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/apps/Makefile.in 2008-06-29 23:44:19.000000000 +0200
-@@ -370,7 +370,7 @@
- $(CRYPTO_DEPS) \
- $(NULL)
-
--all: all-am
-+all:
-
- .SUFFIXES:
- .SUFFIXES: .c .lo .o .obj
---- misc/xmlsec1-1.2.6/configure 2004-08-26 08:00:34.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/configure 2008-06-29 23:44:19.000000000 +0200
-@@ -463,7 +463,7 @@
- # include <unistd.h>
- #endif"
-
--ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS'
-+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION MSCRYPTO_CFLAGS MSCRYPTO_LIBS XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS'
- ac_subst_files=''
-
- # Initialize some variables set by options.
-@@ -1072,6 +1072,7 @@
- --with-nss=PFX nss location
- --with-nspr=PFX nspr location (needed for NSS)
- --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr)
-+ --with-mscrypto try to use mscrypto
- --with-html-dir=PATH path to installed docs
-
- Some influential environment variables:
-@@ -2045,8 +2046,8 @@
-
- ac_ext=c
- ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-+ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-+ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-@@ -2698,15 +2699,15 @@
- CFLAGS=$ac_save_CFLAGS
- elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
-- CFLAGS="-g -O2"
-+ CFLAGS="$ADDCFLAGS -g -O2"
- else
-- CFLAGS="-g"
-+ CFLAGS="$ADDCFLAGS -g"
- fi
- else
- if test "$GCC" = yes; then
-- CFLAGS="-O2"
-+ CFLAGS="$ADDCFLAGS -O2"
- else
-- CFLAGS=
-+ CFLAGS="$ADDCFLAGS"
- fi
- fi
- echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
-@@ -6350,11 +6351,11 @@
- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
- ;;
-
-- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
-- mingw* | pw32* | os2*)
-+ pw32* | os2*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
-@@ -6409,7 +6410,7 @@
- fi
- ;;
-
-- mingw* | pw32* | os2*)
-+ pw32* | os2*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
-@@ -6752,7 +6753,7 @@
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
-
- if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
-+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-@@ -7778,7 +7779,7 @@
- ;;
-
- freebsd*)
-- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
-@@ -9046,7 +9047,7 @@
- ;;
- esac
- output_verbose_link_cmd='echo'
-- archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring'
-+ archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring'
- module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
- # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
- archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-@@ -10088,7 +10089,7 @@
- enable_shared_with_static_runtimes_CXX=yes
-
- if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
-+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-@@ -10816,10 +10817,10 @@
- # like `-m68040'.
- lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
- ;;
-- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-- mingw* | os2* | pw32*)
-+ os2* | pw32*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
-@@ -11497,7 +11498,7 @@
- ;;
-
- freebsd*)
-- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
-@@ -13259,11 +13260,11 @@
- lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4'
- ;;
-
-- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
-- mingw* | pw32* | os2*)
-+ pw32* | os2*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic_F77='-DDLL_EXPORT'
-@@ -13661,7 +13662,7 @@
- export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
-
- if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-- archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
-+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-@@ -14667,7 +14668,7 @@
- ;;
-
- freebsd*)
-- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
-@@ -15607,11 +15608,11 @@
- lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4'
- ;;
-
-- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
-- mingw* | pw32* | os2*)
-+ pw32* | os2*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
-@@ -15666,7 +15667,7 @@
- fi
- ;;
-
-- mingw* | pw32* | os2*)
-+ pw32* | os2*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
-@@ -16009,7 +16010,7 @@
- export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
-
- if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-- archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
-+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-@@ -17035,7 +17036,7 @@
- ;;
-
- freebsd*)
-- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
-@@ -25678,12 +25679,26 @@
-
- XMLSEC_NO_NSS="1"
- MOZILLA_MIN_VERSION="1.4"
-+if test "z$MOZ_FLAVOUR" = "zfirefox" ; then
-+ MOZILLA_MIN_VERSION="1.0"
-+fi
- NSS_MIN_VERSION="3.2"
- NSPR_MIN_VERSION="4.0"
- NSS_CFLAGS=""
- NSS_LIBS=""
--NSS_LIBS_LIST="-lnss3 -lsmime3"
--NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
-+
-+case $host_os in
-+cygwin* | mingw* | pw32*)
-+ NSS_LIBS_LIST="-lnss3 -lsmime3"
-+ NSPR_LIBS_LIST="-lnspr4"
-+ ;;
-+
-+*)
-+ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
-+ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
-+ ;;
-+esac
-+
- NSS_CRYPTO_LIB="$PACKAGE-nss"
- NSS_FOUND="no"
-
-@@ -25766,23 +25781,122 @@
- else
- PKG_CONFIG_MIN_VERSION=0.9.0
- if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
-- echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5
--echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6
-+ echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5
-+echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6
-+
-+ if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then
-+ echo "$as_me:$LINENO: result: yes" >&5
-+echo "${ECHO_T}yes" >&6
-+ succeeded=yes
-+
-+ echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5
-+echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6
-+ NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"`
-+ echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5
-+echo "${ECHO_T}$NSS_CFLAGS" >&6
-+
-+ echo "$as_me:$LINENO: checking NSS_LIBS" >&5
-+echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6
-+ NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"`
-+ echo "$as_me:$LINENO: result: $NSS_LIBS" >&5
-+echo "${ECHO_T}$NSS_LIBS" >&6
-+ else
-+ NSS_CFLAGS=""
-+ NSS_LIBS=""
-+ ## If we have a custom action on failure, don't print errors, but
-+ ## do set a variable so people can do so.
-+ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"`
-+
-+ fi
-+
-+
-+
-+ else
-+ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
-+ echo "*** See http://www.freedesktop.org/software/pkgconfig"
-+ fi
-+ fi
-+
-+ if test $succeeded = yes; then
-+ NSS_FOUND=yes
-+ else
-+ NSS_FOUND=no
-+ fi
-+
-+ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5
-+echo "${ECHO_T}$NSS_FOUND" >&6
-+ if test "z$NSS_FOUND" = "zno" ; then
-+
-+ succeeded=no
-+
-+ if test -z "$PKG_CONFIG"; then
-+ # Extract the first word of "pkg-config", so it can be a program name with args.
-+set dummy pkg-config; ac_word=$2
-+echo "$as_me:$LINENO: checking for $ac_word" >&5
-+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
-+ echo $ECHO_N "(cached) $ECHO_C" >&6
-+else
-+ case $PKG_CONFIG in
-+ [\\/]* | ?:[\\/]*)
-+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
-+ ;;
-+ *)
-+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-+for as_dir in $PATH
-+do
-+ IFS=$as_save_IFS
-+ test -z "$as_dir" && as_dir=.
-+ for ac_exec_ext in '' $ac_executable_extensions; do
-+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
-+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ break 2
-+ fi
-+done
-+done
-+
-+ test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no"
-+ ;;
-+esac
-+fi
-+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-+
-+if test -n "$PKG_CONFIG"; then
-+ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
-+echo "${ECHO_T}$PKG_CONFIG" >&6
-+else
-+ echo "$as_me:$LINENO: result: no" >&5
-+echo "${ECHO_T}no" >&6
-+fi
-+
-+ fi
-+
-+ if test "$PKG_CONFIG" = "no" ; then
-+ echo "*** The pkg-config script could not be found. Make sure it is"
-+ echo "*** in your path, or set the PKG_CONFIG environment variable"
-+ echo "*** to the full path to pkg-config."
-+ echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config."
-+ else
-+ PKG_CONFIG_MIN_VERSION=0.9.0
-+ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
-+ echo "$as_me:$LINENO: checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" >&5
-+echo $ECHO_N "checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION... $ECHO_C" >&6
-
-- if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then
-+ if $PKG_CONFIG --exists "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" ; then
- echo "$as_me:$LINENO: result: yes" >&5
- echo "${ECHO_T}yes" >&6
- succeeded=yes
-
- echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5
- echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6
-- NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"`
-+ NSS_CFLAGS=`$PKG_CONFIG --cflags "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"`
- echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5
- echo "${ECHO_T}$NSS_CFLAGS" >&6
-
- echo "$as_me:$LINENO: checking NSS_LIBS" >&5
- echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6
-- NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"`
-+ NSS_LIBS=`$PKG_CONFIG --libs "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"`
- echo "$as_me:$LINENO: result: $NSS_LIBS" >&5
- echo "${ECHO_T}$NSS_LIBS" >&6
- else
-@@ -25790,7 +25904,7 @@
- NSS_LIBS=""
- ## If we have a custom action on failure, don't print errors, but
- ## do set a variable so people can do so.
-- NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"`
-+ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"`
-
- fi
-
-@@ -25808,6 +25922,9 @@
- NSS_FOUND=no
- fi
-
-+ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5
-+echo "${ECHO_T}$NSS_FOUND" >&6
-+ fi
- fi
-
- if test "z$NSS_FOUND" = "zno" ; then
-@@ -25817,8 +25934,8 @@
- ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
- fi
-
-- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
-- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
-+ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
-+ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
-
- echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
- echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
-@@ -25853,8 +25970,11 @@
- done
-
- for dir in $ac_nss_lib_dir ; do
-- if test -f $dir/libnspr4.so ; then
-- if test "z$dir" = "z/usr/lib" ; then
-+ case $host_os in
-+ cygwin* | mingw* | pw32*)
-+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then
-+ # do not add -L/usr/lib because compiler does it anyway
-+ if test "z$dir" = "z/usr/lib" ; then
- NSPR_LIBS="$NSPR_LIBS_LIST"
- else
- if test "z$with_gnu_ld" = "zyes" ; then
-@@ -25865,7 +25985,26 @@
- fi
- NSPR_LIBS_FOUND="yes"
- break
-- fi
-+ fi
-+ ;;
-+
-+ *)
-+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
-+ # do not add -L/usr/lib because compiler does it anyway
-+ if test "z$dir" = "z/usr/lib" ; then
-+ NSPR_LIBS="$NSPR_LIBS_LIST"
-+ else
-+ if test "z$with_gnu_ld" = "zyes" ; then
-+ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
-+ else
-+ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
-+ fi
-+ fi
-+ NSPR_LIBS_FOUND="yes"
-+ break
-+ fi
-+ ;;
-+ esac
- done
- fi
-
-@@ -25939,8 +26078,11 @@
- done
-
- for dir in $ac_nss_lib_dir ; do
-- if test -f $dir/libnss3.so ; then
-- if test "z$dir" = "z/usr/lib" ; then
-+ case $host_os in
-+ cygwin* | mingw* | pw32*)
-+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then
-+ # do not add -L/usr/lib because compiler does it anyway
-+ if test "z$dir" = "z/usr/lib" ; then
- NSS_LIBS="$NSS_LIBS_LIST"
- else
- if test "z$with_gnu_ld" = "zyes" ; then
-@@ -25951,7 +26093,26 @@
- fi
- NSS_LIBS_FOUND="yes"
- break
-- fi
-+ fi
-+ ;;
-+
-+ *)
-+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
-+ # do not add -L/usr/lib because compiler does it anyway
-+ if test "z$dir" = "z/usr/lib" ; then
-+ NSS_LIBS="$NSS_LIBS_LIST"
-+ else
-+ if test "z$with_gnu_ld" = "zyes" ; then
-+ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
-+ else
-+ NSS_LIBS="-L$dir $NSS_LIBS_LIST"
-+ fi
-+ fi
-+ NSS_LIBS_FOUND="yes"
-+ break
-+ fi
-+ ;;
-+ esac
- done
- fi
-
-@@ -26004,6 +26165,12 @@
- fi
- fi
-
-+case $host_os in
-+darwin*)
-+ NSS_LIBS="$NSS_LIBS "`"$PERL" "$SOLARENV/bin/macosx-dylib-link-list.pl" $NSS_LIBS`
-+ ;;
-+esac
-+
- if test "z$NSS_FOUND" = "zyes" ; then
- XMLSEC_NO_NSS="0"
- NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1"
-@@ -26037,6 +26204,109 @@
-
-
-
-+MSCRYPTO_CFLAGS=""
-+MSCRYPTO_LIBS=""
-+MSCRYPTO_FOUND="no"
-+
-+
-+# Check whether --with-mscrypto or --without-mscrypto was given.
-+if test "${with_mscrypto+set}" = set; then
-+ withval="$with_mscrypto"
-+
-+fi;
-+if test "z$with_mscrypto" = "zno" ; then
-+ echo "$as_me:$LINENO: checking for MSCRYPTO libraries" >&5
-+echo $ECHO_N "checking for MSCRYPTO libraries... $ECHO_C" >&6
-+ echo "$as_me:$LINENO: result: no" >&5
-+echo "${ECHO_T}no" >&6
-+ MSCRYPTO_FOUND="without"
-+else
-+ ac_mscrypto_lib_dir="${PSDK_HOME}/lib"
-+ ac_mscrypto_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external/mingw/include ${COMPATH}/include ${COMPATH}/include/w32api"
-+ echo "$as_me:$LINENO: checking for mscrypto libraries" >&5
-+echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6
-+ MSCRYPTO_INCLUDES_FOUND="no"
-+ MSCRYPTO_LIBS_FOUND="no"
-+ WINCRYPT_H=""
-+
-+ for dir in $ac_mscrypto_inc_dir ; do
-+ if test -f $dir/wincrypt.h ; then
-+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -I$dir"
-+ MSCRYPTO_INCLUDES_FOUND="yes"
-+ WINCRYPT_H="$dir/wincrypt.h"
-+ break
-+ fi
-+ done
-+
-+ for dir in $ac_mscrypto_lib_dir ; do
-+ if test -f $dir/crypt32.lib ; then
-+ if test "z$with_gnu_ld" = "zyes" ; then
-+ MSCRYPTO_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $dir/crypt32.lib"
-+ else
-+ MSCRYPTO_LIBS="-L$dir $dir/crypt32.lib"
-+ fi
-+ MSCRYPTO_LIBS_FOUND="yes"
-+ break
-+ fi
-+ done
-+
-+ if test "z$MSCRYPTO_INCLUDES_FOUND" = "zyes" -a "z$MSCRYPTO_LIBS_FOUND" = "zyes" ; then
-+ OLD_CPPFLAGS=$CPPFLAGS
-+ CPPFLAGS="$MSCRYPTO_CFLAGS"
-+ cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+
-+ #include <wincrypt.h>
-+ #if defined(_WINCRYPT_H) || defined(__WINCRYPT_H__)
-+ yes
-+ #endif
-+
-+_ACEOF
-+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-+ $EGREP "yes" >/dev/null 2>&1; then
-+
-+ MSCRYPTO_FOUND=yes
-+
-+else
-+
-+ MSCRYPTO_FOUND=no
-+
-+fi
-+rm -f conftest*
-+
-+ CPPFLAGS="$OLD_CPPFLAGS"
-+ fi
-+
-+ if test "z$MSCRYPTO_FOUND" = "zyes" ; then
-+ echo "$as_me:$LINENO: result: yes" >&5
-+echo "${ECHO_T}yes" >&6
-+ else
-+ echo "$as_me:$LINENO: result: no" >&5
-+echo "${ECHO_T}no" >&6
-+ fi
-+
-+fi
-+
-+if test "z$MSCRYPTO_FOUND" = "zyes" ; then
-+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1"
-+
-+ if test "z$XMLSEC_CRYPTO" = "z" ; then
-+ XMLSEC_CRYPTO="mscrypto"
-+ XMLSEC_CRYPTO_LIB="$PACKAGE-mscrypto"
-+ XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS"
-+ XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS"
-+ fi
-+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto"
-+else
-+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto"
-+fi
-+
-+
-+
- echo "$as_me:$LINENO: checking for crypto library" >&5
- echo $ECHO_N "checking for crypto library... $ECHO_C" >&6
- if test "z$XMLSEC_CRYPTO" = "z" ; then
-@@ -26604,7 +26874,7 @@
- done
-
-
-- ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in"
-+ ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1-mscrypto.pc:xmlsec-mscrypto.pc.in xmlsec1.spec:xmlsec.spec.in"
- cat >confcache <<\_ACEOF
- # This file is a shell script that caches the results of configure
- # tests run on this system so they can be shared between configure
-@@ -27521,6 +27791,8 @@
- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
- s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
- s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
-+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
-+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
- s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
- s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
- s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
-@@ -29231,6 +29503,8 @@
- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
- s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
- s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
-+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
-+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
- s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
- s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
- s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
-@@ -30941,6 +31215,8 @@
- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
- s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
- s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
-+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
-+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
- s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
- s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
- s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
-@@ -32653,6 +32929,1724 @@
- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
- s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
- s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
-+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
-+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
-+s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
-+s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
-+s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
-+s,@XMLSEC_NO_RIPEMD160_TRUE@,$XMLSEC_NO_RIPEMD160_TRUE,;t t
-+s,@XMLSEC_NO_RIPEMD160_FALSE@,$XMLSEC_NO_RIPEMD160_FALSE,;t t
-+s,@XMLSEC_NO_RIPEMD160@,$XMLSEC_NO_RIPEMD160,;t t
-+s,@XMLSEC_NO_HMAC_TRUE@,$XMLSEC_NO_HMAC_TRUE,;t t
-+s,@XMLSEC_NO_HMAC_FALSE@,$XMLSEC_NO_HMAC_FALSE,;t t
-+s,@XMLSEC_NO_HMAC@,$XMLSEC_NO_HMAC,;t t
-+s,@XMLSEC_NO_DSA_TRUE@,$XMLSEC_NO_DSA_TRUE,;t t
-+s,@XMLSEC_NO_DSA_FALSE@,$XMLSEC_NO_DSA_FALSE,;t t
-+s,@XMLSEC_NO_DSA@,$XMLSEC_NO_DSA,;t t
-+s,@XMLSEC_NO_RSA_TRUE@,$XMLSEC_NO_RSA_TRUE,;t t
-+s,@XMLSEC_NO_RSA_FALSE@,$XMLSEC_NO_RSA_FALSE,;t t
-+s,@XMLSEC_NO_RSA@,$XMLSEC_NO_RSA,;t t
-+s,@XMLSEC_NO_X509_TRUE@,$XMLSEC_NO_X509_TRUE,;t t
-+s,@XMLSEC_NO_X509_FALSE@,$XMLSEC_NO_X509_FALSE,;t t
-+s,@XMLSEC_NO_X509@,$XMLSEC_NO_X509,;t t
-+s,@XMLSEC_NO_DES_TRUE@,$XMLSEC_NO_DES_TRUE,;t t
-+s,@XMLSEC_NO_DES_FALSE@,$XMLSEC_NO_DES_FALSE,;t t
-+s,@XMLSEC_NO_DES@,$XMLSEC_NO_DES,;t t
-+s,@XMLSEC_NO_AES_TRUE@,$XMLSEC_NO_AES_TRUE,;t t
-+s,@XMLSEC_NO_AES_FALSE@,$XMLSEC_NO_AES_FALSE,;t t
-+s,@XMLSEC_NO_AES@,$XMLSEC_NO_AES,;t t
-+s,@XMLSEC_NO_XMLDSIG_TRUE@,$XMLSEC_NO_XMLDSIG_TRUE,;t t
-+s,@XMLSEC_NO_XMLDSIG_FALSE@,$XMLSEC_NO_XMLDSIG_FALSE,;t t
-+s,@XMLSEC_NO_XMLDSIG@,$XMLSEC_NO_XMLDSIG,;t t
-+s,@XMLSEC_NO_XMLENC_TRUE@,$XMLSEC_NO_XMLENC_TRUE,;t t
-+s,@XMLSEC_NO_XMLENC_FALSE@,$XMLSEC_NO_XMLENC_FALSE,;t t
-+s,@XMLSEC_NO_XMLENC@,$XMLSEC_NO_XMLENC,;t t
-+s,@XMLSEC_NO_XKMS_TRUE@,$XMLSEC_NO_XKMS_TRUE,;t t
-+s,@XMLSEC_NO_XKMS_FALSE@,$XMLSEC_NO_XKMS_FALSE,;t t
-+s,@XMLSEC_NO_XKMS@,$XMLSEC_NO_XKMS,;t t
-+s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE,;t t
-+s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE,;t t
-+s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING,;t t
-+s,@XMLSEC_DL_INCLUDES@,$XMLSEC_DL_INCLUDES,;t t
-+s,@XMLSEC_DL_LIBS@,$XMLSEC_DL_LIBS,;t t
-+s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE,;t t
-+s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE,;t t
-+s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,;t t
-+s,@XMLSEC_DOCDIR@,$XMLSEC_DOCDIR,;t t
-+s,@XMLSEC_STATIC_BINARIES@,$XMLSEC_STATIC_BINARIES,;t t
-+s,@XMLSEC_CORE_CFLAGS@,$XMLSEC_CORE_CFLAGS,;t t
-+s,@XMLSEC_CORE_LIBS@,$XMLSEC_CORE_LIBS,;t t
-+s,@XMLSEC_LIBDIR@,$XMLSEC_LIBDIR,;t t
-+s,@XMLSEC_OPENSSL_CFLAGS@,$XMLSEC_OPENSSL_CFLAGS,;t t
-+s,@XMLSEC_OPENSSL_LIBS@,$XMLSEC_OPENSSL_LIBS,;t t
-+s,@XMLSEC_GNUTLS_CFLAGS@,$XMLSEC_GNUTLS_CFLAGS,;t t
-+s,@XMLSEC_GNUTLS_LIBS@,$XMLSEC_GNUTLS_LIBS,;t t
-+s,@XMLSEC_NSS_CFLAGS@,$XMLSEC_NSS_CFLAGS,;t t
-+s,@XMLSEC_NSS_LIBS@,$XMLSEC_NSS_LIBS,;t t
-+s,@XMLSEC_CFLAGS@,$XMLSEC_CFLAGS,;t t
-+s,@XMLSEC_LIBS@,$XMLSEC_LIBS,;t t
-+s,@XMLSEC_DEFINES@,$XMLSEC_DEFINES,;t t
-+s,@XMLSEC_APP_DEFINES@,$XMLSEC_APP_DEFINES,;t t
-+s,@XMLSEC_CRYPTO@,$XMLSEC_CRYPTO,;t t
-+s,@XMLSEC_CRYPTO_LIST@,$XMLSEC_CRYPTO_LIST,;t t
-+s,@XMLSEC_CRYPTO_DISABLED_LIST@,$XMLSEC_CRYPTO_DISABLED_LIST,;t t
-+s,@XMLSEC_CRYPTO_LIB@,$XMLSEC_CRYPTO_LIB,;t t
-+s,@XMLSEC_CRYPTO_CFLAGS@,$XMLSEC_CRYPTO_CFLAGS,;t t
-+s,@XMLSEC_CRYPTO_LIBS@,$XMLSEC_CRYPTO_LIBS,;t t
-+s,@XMLSEC_CRYPTO_PC_FILES_LIST@,$XMLSEC_CRYPTO_PC_FILES_LIST,;t t
-+s,@LIBOBJS@,$LIBOBJS,;t t
-+s,@LTLIBOBJS@,$LTLIBOBJS,;t t
-+CEOF
-+
-+_ACEOF
-+
-+ cat >>$CONFIG_STATUS <<\_ACEOF
-+ # Split the substitutions into bite-sized pieces for seds with
-+ # small command number limits, like on Digital OSF/1 and HP-UX.
-+ ac_max_sed_lines=48
-+ ac_sed_frag=1 # Number of current file.
-+ ac_beg=1 # First line for current file.
-+ ac_end=$ac_max_sed_lines # Line after last line for current file.
-+ ac_more_lines=:
-+ ac_sed_cmds=
-+ while $ac_more_lines; do
-+ if test $ac_beg -gt 1; then
-+ sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-+ else
-+ sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-+ fi
-+ if test ! -s $tmp/subs.frag; then
-+ ac_more_lines=false
-+ else
-+ # The purpose of the label and of the branching condition is to
-+ # speed up the sed processing (if there are no `@' at all, there
-+ # is no need to browse any of the substitutions).
-+ # These are the two extra sed commands mentioned above.
-+ (echo ':t
-+ /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
-+ if test -z "$ac_sed_cmds"; then
-+ ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
-+ else
-+ ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
-+ fi
-+ ac_sed_frag=`expr $ac_sed_frag + 1`
-+ ac_beg=$ac_end
-+ ac_end=`expr $ac_end + $ac_max_sed_lines`
-+ fi
-+ done
-+ if test -z "$ac_sed_cmds"; then
-+ ac_sed_cmds=cat
-+ fi
-+fi # test -n "$CONFIG_FILES"
-+
-+_ACEOF
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
-+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-+ case $ac_file in
-+ - | *:- | *:-:* ) # input from stdin
-+ cat >$tmp/stdin
-+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-+ * ) ac_file_in=$ac_file.in ;;
-+ esac
-+
-+ # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
-+ ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$ac_file" : 'X\(//\)[^/]' \| \
-+ X"$ac_file" : 'X\(//\)$' \| \
-+ X"$ac_file" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$ac_file" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ { if $as_mkdir_p; then
-+ mkdir -p "$ac_dir"
-+ else
-+ as_dir="$ac_dir"
-+ as_dirs=
-+ while test ! -d "$as_dir"; do
-+ as_dirs="$as_dir $as_dirs"
-+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
-+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$as_dir" : 'X\(//\)[^/]' \| \
-+ X"$as_dir" : 'X\(//\)$' \| \
-+ X"$as_dir" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$as_dir" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ done
-+ test ! -n "$as_dirs" || mkdir $as_dirs
-+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
-+ { (exit 1); exit 1; }; }; }
-+
-+ ac_builddir=.
-+
-+if test "$ac_dir" != .; then
-+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-+ # A "../" for each directory in $ac_dir_suffix.
-+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-+else
-+ ac_dir_suffix= ac_top_builddir=
-+fi
-+
-+case $srcdir in
-+ .) # No --srcdir option. We are building in place.
-+ ac_srcdir=.
-+ if test -z "$ac_top_builddir"; then
-+ ac_top_srcdir=.
-+ else
-+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-+ fi ;;
-+ [\\/]* | ?:[\\/]* ) # Absolute path.
-+ ac_srcdir=$srcdir$ac_dir_suffix;
-+ ac_top_srcdir=$srcdir ;;
-+ *) # Relative path.
-+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
-+esac
-+
-+# Do not use `cd foo && pwd` to compute absolute paths, because
-+# the directories may not exist.
-+case `pwd` in
-+.) ac_abs_builddir="$ac_dir";;
-+*)
-+ case "$ac_dir" in
-+ .) ac_abs_builddir=`pwd`;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
-+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
-+ esac;;
-+esac
-+case $ac_abs_builddir in
-+.) ac_abs_top_builddir=${ac_top_builddir}.;;
-+*)
-+ case ${ac_top_builddir}. in
-+ .) ac_abs_top_builddir=$ac_abs_builddir;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
-+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
-+ esac;;
-+esac
-+case $ac_abs_builddir in
-+.) ac_abs_srcdir=$ac_srcdir;;
-+*)
-+ case $ac_srcdir in
-+ .) ac_abs_srcdir=$ac_abs_builddir;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
-+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
-+ esac;;
-+esac
-+case $ac_abs_builddir in
-+.) ac_abs_top_srcdir=$ac_top_srcdir;;
-+*)
-+ case $ac_top_srcdir in
-+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
-+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
-+ esac;;
-+esac
-+
-+
-+ case $INSTALL in
-+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
-+ *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
-+ esac
-+
-+ if test x"$ac_file" != x-; then
-+ { echo "$as_me:$LINENO: creating $ac_file" >&5
-+echo "$as_me: creating $ac_file" >&6;}
-+ rm -f "$ac_file"
-+ fi
-+ # Let's still pretend it is `configure' which instantiates (i.e., don't
-+ # use $as_me), people would be surprised to read:
-+ # /* config.h. Generated by config.status. */
-+ if test x"$ac_file" = x-; then
-+ configure_input=
-+ else
-+ configure_input="$ac_file. "
-+ fi
-+ configure_input=$configure_input"Generated from `echo $ac_file_in |
-+ sed 's,.*/,,'` by configure."
-+
-+ # First look for the input files in the build tree, otherwise in the
-+ # src tree.
-+ ac_file_inputs=`IFS=:
-+ for f in $ac_file_in; do
-+ case $f in
-+ -) echo $tmp/stdin ;;
-+ [\\/$]*)
-+ # Absolute (can't be DOS-style, as IFS=:)
-+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-+echo "$as_me: error: cannot find input file: $f" >&2;}
-+ { (exit 1); exit 1; }; }
-+ echo "$f";;
-+ *) # Relative
-+ if test -f "$f"; then
-+ # Build tree
-+ echo "$f"
-+ elif test -f "$srcdir/$f"; then
-+ # Source tree
-+ echo "$srcdir/$f"
-+ else
-+ # /dev/null tree
-+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-+echo "$as_me: error: cannot find input file: $f" >&2;}
-+ { (exit 1); exit 1; }; }
-+ fi;;
-+ esac
-+ done` || { (exit 1); exit 1; }
-+_ACEOF
-+cat >>$CONFIG_STATUS <<_ACEOF
-+ sed "$ac_vpsub
-+$extrasub
-+_ACEOF
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+:t
-+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-+s,@configure_input@,$configure_input,;t t
-+s,@srcdir@,$ac_srcdir,;t t
-+s,@abs_srcdir@,$ac_abs_srcdir,;t t
-+s,@top_srcdir@,$ac_top_srcdir,;t t
-+s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
-+s,@builddir@,$ac_builddir,;t t
-+s,@abs_builddir@,$ac_abs_builddir,;t t
-+s,@top_builddir@,$ac_top_builddir,;t t
-+s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
-+s,@INSTALL@,$ac_INSTALL,;t t
-+" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
-+ rm -f $tmp/stdin
-+ if test x"$ac_file" != x-; then
-+ mv $tmp/out $ac_file
-+ else
-+ cat $tmp/out
-+ rm -f $tmp/out
-+ fi
-+
-+done
-+_ACEOF
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+
-+#
-+# CONFIG_HEADER section.
-+#
-+
-+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-+# NAME is the cpp macro being defined and VALUE is the value it is being given.
-+#
-+# ac_d sets the value in "#define NAME VALUE" lines.
-+ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)'
-+ac_dB='[ ].*$,\1#\2'
-+ac_dC=' '
-+ac_dD=',;t'
-+# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-+ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
-+ac_uB='$,\1#\2define\3'
-+ac_uC=' '
-+ac_uD=',;t'
-+
-+for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
-+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-+ case $ac_file in
-+ - | *:- | *:-:* ) # input from stdin
-+ cat >$tmp/stdin
-+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-+ * ) ac_file_in=$ac_file.in ;;
-+ esac
-+
-+ test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
-+echo "$as_me: creating $ac_file" >&6;}
-+
-+ # First look for the input files in the build tree, otherwise in the
-+ # src tree.
-+ ac_file_inputs=`IFS=:
-+ for f in $ac_file_in; do
-+ case $f in
-+ -) echo $tmp/stdin ;;
-+ [\\/$]*)
-+ # Absolute (can't be DOS-style, as IFS=:)
-+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-+echo "$as_me: error: cannot find input file: $f" >&2;}
-+ { (exit 1); exit 1; }; }
-+ # Do quote $f, to prevent DOS paths from being IFS'd.
-+ echo "$f";;
-+ *) # Relative
-+ if test -f "$f"; then
-+ # Build tree
-+ echo "$f"
-+ elif test -f "$srcdir/$f"; then
-+ # Source tree
-+ echo "$srcdir/$f"
-+ else
-+ # /dev/null tree
-+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-+echo "$as_me: error: cannot find input file: $f" >&2;}
-+ { (exit 1); exit 1; }; }
-+ fi;;
-+ esac
-+ done` || { (exit 1); exit 1; }
-+ # Remove the trailing spaces.
-+ sed 's/[ ]*$//' $ac_file_inputs >$tmp/in
-+
-+_ACEOF
-+
-+# Transform confdefs.h into two sed scripts, `conftest.defines' and
-+# `conftest.undefs', that substitutes the proper values into
-+# config.h.in to produce config.h. The first handles `#define'
-+# templates, and the second `#undef' templates.
-+# And first: Protect against being on the right side of a sed subst in
-+# config.status. Protect against being in an unquoted here document
-+# in config.status.
-+rm -f conftest.defines conftest.undefs
-+# Using a here document instead of a string reduces the quoting nightmare.
-+# Putting comments in sed scripts is not portable.
-+#
-+# `end' is used to avoid that the second main sed command (meant for
-+# 0-ary CPP macros) applies to n-ary macro definitions.
-+# See the Autoconf documentation for `clear'.
-+cat >confdef2sed.sed <<\_ACEOF
-+s/[\\&,]/\\&/g
-+s,[\\$`],\\&,g
-+t clear
-+: clear
-+s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
-+t end
-+s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
-+: end
-+_ACEOF
-+# If some macros were called several times there might be several times
-+# the same #defines, which is useless. Nevertheless, we may not want to
-+# sort them, since we want the *last* AC-DEFINE to be honored.
-+uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
-+sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
-+rm -f confdef2sed.sed
-+
-+# This sed command replaces #undef with comments. This is necessary, for
-+# example, in the case of _POSIX_SOURCE, which is predefined and required
-+# on some systems where configure will not decide to define it.
-+cat >>conftest.undefs <<\_ACEOF
-+s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
-+_ACEOF
-+
-+# Break up conftest.defines because some shells have a limit on the size
-+# of here documents, and old seds have small limits too (100 cmds).
-+echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
-+echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
-+echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
-+echo ' :' >>$CONFIG_STATUS
-+rm -f conftest.tail
-+while grep . conftest.defines >/dev/null
-+do
-+ # Write a limited-size here document to $tmp/defines.sed.
-+ echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
-+ # Speed up: don't consider the non `#define' lines.
-+ echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS
-+ # Work around the forget-to-reset-the-flag bug.
-+ echo 't clr' >>$CONFIG_STATUS
-+ echo ': clr' >>$CONFIG_STATUS
-+ sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
-+ echo 'CEOF
-+ sed -f $tmp/defines.sed $tmp/in >$tmp/out
-+ rm -f $tmp/in
-+ mv $tmp/out $tmp/in
-+' >>$CONFIG_STATUS
-+ sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
-+ rm -f conftest.defines
-+ mv conftest.tail conftest.defines
-+done
-+rm -f conftest.defines
-+echo ' fi # grep' >>$CONFIG_STATUS
-+echo >>$CONFIG_STATUS
-+
-+# Break up conftest.undefs because some shells have a limit on the size
-+# of here documents, and old seds have small limits too (100 cmds).
-+echo ' # Handle all the #undef templates' >>$CONFIG_STATUS
-+rm -f conftest.tail
-+while grep . conftest.undefs >/dev/null
-+do
-+ # Write a limited-size here document to $tmp/undefs.sed.
-+ echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
-+ # Speed up: don't consider the non `#undef'
-+ echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS
-+ # Work around the forget-to-reset-the-flag bug.
-+ echo 't clr' >>$CONFIG_STATUS
-+ echo ': clr' >>$CONFIG_STATUS
-+ sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
-+ echo 'CEOF
-+ sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-+ rm -f $tmp/in
-+ mv $tmp/out $tmp/in
-+' >>$CONFIG_STATUS
-+ sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
-+ rm -f conftest.undefs
-+ mv conftest.tail conftest.undefs
-+done
-+rm -f conftest.undefs
-+
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+ # Let's still pretend it is `configure' which instantiates (i.e., don't
-+ # use $as_me), people would be surprised to read:
-+ # /* config.h. Generated by config.status. */
-+ if test x"$ac_file" = x-; then
-+ echo "/* Generated by configure. */" >$tmp/config.h
-+ else
-+ echo "/* $ac_file. Generated by configure. */" >$tmp/config.h
-+ fi
-+ cat $tmp/in >>$tmp/config.h
-+ rm -f $tmp/in
-+ if test x"$ac_file" != x-; then
-+ if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
-+ { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
-+echo "$as_me: $ac_file is unchanged" >&6;}
-+ else
-+ ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$ac_file" : 'X\(//\)[^/]' \| \
-+ X"$ac_file" : 'X\(//\)$' \| \
-+ X"$ac_file" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$ac_file" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ { if $as_mkdir_p; then
-+ mkdir -p "$ac_dir"
-+ else
-+ as_dir="$ac_dir"
-+ as_dirs=
-+ while test ! -d "$as_dir"; do
-+ as_dirs="$as_dir $as_dirs"
-+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
-+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$as_dir" : 'X\(//\)[^/]' \| \
-+ X"$as_dir" : 'X\(//\)$' \| \
-+ X"$as_dir" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$as_dir" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ done
-+ test ! -n "$as_dirs" || mkdir $as_dirs
-+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
-+ { (exit 1); exit 1; }; }; }
-+
-+ rm -f $ac_file
-+ mv $tmp/config.h $ac_file
-+ fi
-+ else
-+ cat $tmp/config.h
-+ rm -f $tmp/config.h
-+ fi
-+# Compute $ac_file's index in $config_headers.
-+_am_stamp_count=1
-+for _am_header in $config_headers :; do
-+ case $_am_header in
-+ $ac_file | $ac_file:* )
-+ break ;;
-+ * )
-+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
-+ esac
-+done
-+echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null ||
-+$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X$ac_file : 'X\(//\)[^/]' \| \
-+ X$ac_file : 'X\(//\)$' \| \
-+ X$ac_file : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X$ac_file |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`/stamp-h$_am_stamp_count
-+done
-+_ACEOF
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+
-+#
-+# CONFIG_COMMANDS section.
-+#
-+for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
-+ ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
-+ ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
-+ ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
-+$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$ac_dest" : 'X\(//\)[^/]' \| \
-+ X"$ac_dest" : 'X\(//\)$' \| \
-+ X"$ac_dest" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$ac_dest" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ { if $as_mkdir_p; then
-+ mkdir -p "$ac_dir"
-+ else
-+ as_dir="$ac_dir"
-+ as_dirs=
-+ while test ! -d "$as_dir"; do
-+ as_dirs="$as_dir $as_dirs"
-+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
-+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$as_dir" : 'X\(//\)[^/]' \| \
-+ X"$as_dir" : 'X\(//\)$' \| \
-+ X"$as_dir" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$as_dir" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ done
-+ test ! -n "$as_dirs" || mkdir $as_dirs
-+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
-+ { (exit 1); exit 1; }; }; }
-+
-+ ac_builddir=.
-+
-+if test "$ac_dir" != .; then
-+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-+ # A "../" for each directory in $ac_dir_suffix.
-+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-+else
-+ ac_dir_suffix= ac_top_builddir=
-+fi
-+
-+case $srcdir in
-+ .) # No --srcdir option. We are building in place.
-+ ac_srcdir=.
-+ if test -z "$ac_top_builddir"; then
-+ ac_top_srcdir=.
-+ else
-+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-+ fi ;;
-+ [\\/]* | ?:[\\/]* ) # Absolute path.
-+ ac_srcdir=$srcdir$ac_dir_suffix;
-+ ac_top_srcdir=$srcdir ;;
-+ *) # Relative path.
-+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
-+esac
-+
-+# Do not use `cd foo && pwd` to compute absolute paths, because
-+# the directories may not exist.
-+case `pwd` in
-+.) ac_abs_builddir="$ac_dir";;
-+*)
-+ case "$ac_dir" in
-+ .) ac_abs_builddir=`pwd`;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
-+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
-+ esac;;
-+esac
-+case $ac_abs_builddir in
-+.) ac_abs_top_builddir=${ac_top_builddir}.;;
-+*)
-+ case ${ac_top_builddir}. in
-+ .) ac_abs_top_builddir=$ac_abs_builddir;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
-+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
-+ esac;;
-+esac
-+case $ac_abs_builddir in
-+.) ac_abs_srcdir=$ac_srcdir;;
-+*)
-+ case $ac_srcdir in
-+ .) ac_abs_srcdir=$ac_abs_builddir;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
-+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
-+ esac;;
-+esac
-+case $ac_abs_builddir in
-+.) ac_abs_top_srcdir=$ac_top_srcdir;;
-+*)
-+ case $ac_top_srcdir in
-+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
-+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
-+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
-+ esac;;
-+esac
-+
-+
-+ { echo "$as_me:$LINENO: executing $ac_dest commands" >&5
-+echo "$as_me: executing $ac_dest commands" >&6;}
-+ case $ac_dest in
-+ depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
-+ # Strip MF so we end up with the name of the file.
-+ mf=`echo "$mf" | sed -e 's/:.*$//'`
-+ # Check whether this is an Automake generated Makefile or not.
-+ # We used to match only the files named `Makefile.in', but
-+ # some people rename them; so instead we look at the file content.
-+ # Grep'ing the first line is not enough: some people post-process
-+ # each Makefile.in and add a new line on top of each file to say so.
-+ # So let's grep whole file.
-+ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
-+ dirpart=`(dirname "$mf") 2>/dev/null ||
-+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$mf" : 'X\(//\)[^/]' \| \
-+ X"$mf" : 'X\(//\)$' \| \
-+ X"$mf" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$mf" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ else
-+ continue
-+ fi
-+ grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue
-+ # Extract the definition of DEP_FILES from the Makefile without
-+ # running `make'.
-+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
-+ test -z "$DEPDIR" && continue
-+ # When using ansi2knr, U may be empty or an underscore; expand it
-+ U=`sed -n 's/^U = //p' < "$mf"`
-+ test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR"
-+ # We invoke sed twice because it is the simplest approach to
-+ # changing $(DEPDIR) to its actual value in the expansion.
-+ for file in `sed -n '
-+ /^DEP_FILES = .*\\\\$/ {
-+ s/^DEP_FILES = //
-+ :loop
-+ s/\\\\$//
-+ p
-+ n
-+ /\\\\$/ b loop
-+ p
-+ }
-+ /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \
-+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
-+ # Make sure the directory exists.
-+ test -f "$dirpart/$file" && continue
-+ fdir=`(dirname "$file") 2>/dev/null ||
-+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$file" : 'X\(//\)[^/]' \| \
-+ X"$file" : 'X\(//\)$' \| \
-+ X"$file" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$file" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ { if $as_mkdir_p; then
-+ mkdir -p $dirpart/$fdir
-+ else
-+ as_dir=$dirpart/$fdir
-+ as_dirs=
-+ while test ! -d "$as_dir"; do
-+ as_dirs="$as_dir $as_dirs"
-+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
-+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$as_dir" : 'X\(//\)[^/]' \| \
-+ X"$as_dir" : 'X\(//\)$' \| \
-+ X"$as_dir" : 'X\(/\)' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X"$as_dir" |
-+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-+ /^X\(\/\/\)$/{ s//\1/; q; }
-+ /^X\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+ done
-+ test ! -n "$as_dirs" || mkdir $as_dirs
-+ fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5
-+echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;}
-+ { (exit 1); exit 1; }; }; }
-+
-+ # echo "creating $dirpart/$file"
-+ echo '# dummy' > "$dirpart/$file"
-+ done
-+done
-+ ;;
-+ esac
-+done
-+_ACEOF
-+
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+
-+{ (exit 0); exit 0; }
-+_ACEOF
-+chmod +x $CONFIG_STATUS
-+ac_clean_files=$ac_clean_files_save
-+
-+
-+# configure is writing to config.log, and then calls config.status.
-+# config.status does its own redirection, appending to config.log.
-+# Unfortunately, on DOS this fails, as config.log is still kept open
-+# by configure, so config.status won't be able to write to it; its
-+# output is simply discarded. So we exec the FD to /dev/null,
-+# effectively closing config.log, so it can be properly (re)opened and
-+# appended to by config.status. When coming back to configure, we
-+# need to make the FD available again.
-+if test "$no_create" != yes; then
-+ ac_cs_success=:
-+ ac_config_status_args=
-+ test "$silent" = yes &&
-+ ac_config_status_args="$ac_config_status_args --quiet"
-+ exec 5>/dev/null
-+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
-+ exec 5>>config.log
-+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
-+ # would make configure fail if this is the last instruction.
-+ $ac_cs_success || { (exit 1); exit 1; }
-+fi
-+
-+fi
-+
-+if test "z$MSCRYPTO_FOUND" = "zyes" ; then
-+ ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile"
-+cat >confcache <<\_ACEOF
-+# This file is a shell script that caches the results of configure
-+# tests run on this system so they can be shared between configure
-+# scripts and configure runs, see configure's option --config-cache.
-+# It is not useful on other systems. If it contains results you don't
-+# want to keep, you may remove or edit it.
-+#
-+# config.status only pays attention to the cache file if you give it
-+# the --recheck option to rerun configure.
-+#
-+# `ac_cv_env_foo' variables (set or unset) will be overridden when
-+# loading this file, other *unset* `ac_cv_foo' will be assigned the
-+# following values.
-+
-+_ACEOF
-+
-+# The following way of writing the cache mishandles newlines in values,
-+# but we know of no workaround that is simple, portable, and efficient.
-+# So, don't put newlines in cache variables' values.
-+# Ultrix sh set writes to stderr and can't be redirected directly,
-+# and sets the high bit in the cache file unless we assign to the vars.
-+{
-+ (set) 2>&1 |
-+ case `(ac_space=' '; set | grep ac_space) 2>&1` in
-+ *ac_space=\ *)
-+ # `set' does not quote correctly, so add quotes (double-quote
-+ # substitution turns \\\\ into \\, and sed turns \\ into \).
-+ sed -n \
-+ "s/'/'\\\\''/g;
-+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
-+ ;;
-+ *)
-+ # `set' quotes correctly as required by POSIX, so do not add quotes.
-+ sed -n \
-+ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
-+ ;;
-+ esac;
-+} |
-+ sed '
-+ t clear
-+ : clear
-+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
-+ t end
-+ /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
-+ : end' >>confcache
-+if diff $cache_file confcache >/dev/null 2>&1; then :; else
-+ if test -w $cache_file; then
-+ test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
-+ cat confcache >$cache_file
-+ else
-+ echo "not updating unwritable cache $cache_file"
-+ fi
-+fi
-+rm -f confcache
-+
-+test "x$prefix" = xNONE && prefix=$ac_default_prefix
-+# Let make expand exec_prefix.
-+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-+
-+# VPATH may cause trouble with some makes, so we remove $(srcdir),
-+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-+# trailing colons and then remove the whole line if VPATH becomes empty
-+# (actually we leave an empty line to preserve line numbers).
-+if test "x$srcdir" = x.; then
-+ ac_vpsub='/^[ ]*VPATH[ ]*=/{
-+s/:*\$(srcdir):*/:/;
-+s/:*\${srcdir}:*/:/;
-+s/:*@srcdir@:*/:/;
-+s/^\([^=]*=[ ]*\):*/\1/;
-+s/:*$//;
-+s/^[^=]*=[ ]*$//;
-+}'
-+fi
-+
-+DEFS=-DHAVE_CONFIG_H
-+
-+ac_libobjs=
-+ac_ltlibobjs=
-+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
-+ # 1. Remove the extension, and $U if already installed.
-+ ac_i=`echo "$ac_i" |
-+ sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
-+ # 2. Add them.
-+ ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
-+ ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
-+done
-+LIBOBJS=$ac_libobjs
-+
-+LTLIBOBJS=$ac_ltlibobjs
-+
-+
-+if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"AMDEP\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${INSTALL_LTDL_TRUE}" && test -z "${INSTALL_LTDL_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"INSTALL_LTDL\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"INSTALL_LTDL\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${CONVENIENCE_LTDL_TRUE}" && test -z "${CONVENIENCE_LTDL_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"CONVENIENCE_LTDL\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"CONVENIENCE_LTDL\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_NSS\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_NSS\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_SHA1\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_SHA1\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_HMAC\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_HMAC\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DSA\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_DSA\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RSA\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_RSA\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_X509\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_X509\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DES\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_DES\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_AES\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_AES\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLENC\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_XMLENC\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XKMS\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_XKMS\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then
-+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&5
-+echo "$as_me: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined.
-+Usually this means the macro was only invoked conditionally." >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+
-+: ${CONFIG_STATUS=./config.status}
-+ac_clean_files_save=$ac_clean_files
-+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-+{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-+echo "$as_me: creating $CONFIG_STATUS" >&6;}
-+cat >$CONFIG_STATUS <<_ACEOF
-+#! $SHELL
-+# Generated by $as_me.
-+# Run this file to recreate the current configuration.
-+# Compiler output produced by configure, useful for debugging
-+# configure, is in config.log if it exists.
-+
-+debug=false
-+ac_cs_recheck=false
-+ac_cs_silent=false
-+SHELL=\${CONFIG_SHELL-$SHELL}
-+_ACEOF
-+
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+## --------------------- ##
-+## M4sh Initialization. ##
-+## --------------------- ##
-+
-+# Be Bourne compatible
-+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-+ emulate sh
-+ NULLCMD=:
-+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
-+ # is contrary to our usage. Disable this feature.
-+ alias -g '${1+"$@"}'='"$@"'
-+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-+ set -o posix
-+fi
-+DUALCASE=1; export DUALCASE # for MKS sh
-+
-+# Support unset when possible.
-+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-+ as_unset=unset
-+else
-+ as_unset=false
-+fi
-+
-+
-+# Work around bugs in pre-3.0 UWIN ksh.
-+$as_unset ENV MAIL MAILPATH
-+PS1='$ '
-+PS2='> '
-+PS4='+ '
-+
-+# NLS nuisances.
-+for as_var in \
-+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
-+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
-+ LC_TELEPHONE LC_TIME
-+do
-+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
-+ eval $as_var=C; export $as_var
-+ else
-+ $as_unset $as_var
-+ fi
-+done
-+
-+# Required to use basename.
-+if expr a : '\(a\)' >/dev/null 2>&1; then
-+ as_expr=expr
-+else
-+ as_expr=false
-+fi
-+
-+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
-+ as_basename=basename
-+else
-+ as_basename=false
-+fi
-+
-+
-+# Name of the executable.
-+as_me=`$as_basename "$0" ||
-+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-+ X"$0" : 'X\(//\)$' \| \
-+ X"$0" : 'X\(/\)$' \| \
-+ . : '\(.\)' 2>/dev/null ||
-+echo X/"$0" |
-+ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-+ /^X\/\(\/\/\)$/{ s//\1/; q; }
-+ /^X\/\(\/\).*/{ s//\1/; q; }
-+ s/.*/./; q'`
-+
-+
-+# PATH needs CR, and LINENO needs CR and PATH.
-+# Avoid depending upon Character Ranges.
-+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-+as_cr_digits='0123456789'
-+as_cr_alnum=$as_cr_Letters$as_cr_digits
-+
-+# The user is always right.
-+if test "${PATH_SEPARATOR+set}" != set; then
-+ echo "#! /bin/sh" >conf$$.sh
-+ echo "exit 0" >>conf$$.sh
-+ chmod +x conf$$.sh
-+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-+ PATH_SEPARATOR=';'
-+ else
-+ PATH_SEPARATOR=:
-+ fi
-+ rm -f conf$$.sh
-+fi
-+
-+
-+ as_lineno_1=$LINENO
-+ as_lineno_2=$LINENO
-+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-+ test "x$as_lineno_1" != "x$as_lineno_2" &&
-+ test "x$as_lineno_3" = "x$as_lineno_2" || {
-+ # Find who we are. Look in the path if we contain no path at all
-+ # relative or not.
-+ case $0 in
-+ *[\\/]* ) as_myself=$0 ;;
-+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-+for as_dir in $PATH
-+do
-+ IFS=$as_save_IFS
-+ test -z "$as_dir" && as_dir=.
-+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-+done
-+
-+ ;;
-+ esac
-+ # We did not find ourselves, most probably we were run as `sh COMMAND'
-+ # in which case we are not to be found in the path.
-+ if test "x$as_myself" = x; then
-+ as_myself=$0
-+ fi
-+ if test ! -f "$as_myself"; then
-+ { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
-+echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
-+ { (exit 1); exit 1; }; }
-+ fi
-+ case $CONFIG_SHELL in
-+ '')
-+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-+do
-+ IFS=$as_save_IFS
-+ test -z "$as_dir" && as_dir=.
-+ for as_base in sh bash ksh sh5; do
-+ case $as_dir in
-+ /*)
-+ if ("$as_dir/$as_base" -c '
-+ as_lineno_1=$LINENO
-+ as_lineno_2=$LINENO
-+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-+ test "x$as_lineno_1" != "x$as_lineno_2" &&
-+ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
-+ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
-+ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
-+ CONFIG_SHELL=$as_dir/$as_base
-+ export CONFIG_SHELL
-+ exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-+ fi;;
-+ esac
-+ done
-+done
-+;;
-+ esac
-+
-+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
-+ # uniformly replaced by the line number. The first 'sed' inserts a
-+ # line-number line before each line; the second 'sed' does the real
-+ # work. The second script uses 'N' to pair each line-number line
-+ # with the numbered line, and appends trailing '-' during
-+ # substitution so that $LINENO is not a special case at line end.
-+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-+ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
-+ sed '=' <$as_myself |
-+ sed '
-+ N
-+ s,$,-,
-+ : loop
-+ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
-+ t loop
-+ s,-$,,
-+ s,^['$as_cr_digits']*\n,,
-+ ' >$as_me.lineno &&
-+ chmod +x $as_me.lineno ||
-+ { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
-+echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
-+ { (exit 1); exit 1; }; }
-+
-+ # Don't try to exec as it changes $[0], causing all sort of problems
-+ # (the dirname of $[0] is not the place where we might find the
-+ # original and so on. Autoconf is especially sensible to this).
-+ . ./$as_me.lineno
-+ # Exit status is that of the last command.
-+ exit
-+}
-+
-+
-+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-+ *c*,-n*) ECHO_N= ECHO_C='
-+' ECHO_T=' ' ;;
-+ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-+ *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
-+esac
-+
-+if expr a : '\(a\)' >/dev/null 2>&1; then
-+ as_expr=expr
-+else
-+ as_expr=false
-+fi
-+
-+rm -f conf$$ conf$$.exe conf$$.file
-+echo >conf$$.file
-+if ln -s conf$$.file conf$$ 2>/dev/null; then
-+ # We could just check for DJGPP; but this test a) works b) is more generic
-+ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-+ if test -f conf$$.exe; then
-+ # Don't use ln at all; we don't have any links
-+ as_ln_s='cp -p'
-+ else
-+ as_ln_s='ln -s'
-+ fi
-+elif ln conf$$.file conf$$ 2>/dev/null; then
-+ as_ln_s=ln
-+else
-+ as_ln_s='cp -p'
-+fi
-+rm -f conf$$ conf$$.exe conf$$.file
-+
-+if mkdir -p . 2>/dev/null; then
-+ as_mkdir_p=:
-+else
-+ test -d ./-p && rmdir ./-p
-+ as_mkdir_p=false
-+fi
-+
-+as_executable_p="test -f"
-+
-+# Sed expression to map a string onto a valid CPP name.
-+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-+
-+# Sed expression to map a string onto a valid variable name.
-+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-+
-+
-+# IFS
-+# We need space, tab and new line, in precisely that order.
-+as_nl='
-+'
-+IFS=" $as_nl"
-+
-+# CDPATH.
-+$as_unset CDPATH
-+
-+exec 6>&1
-+
-+# Open the log real soon, to keep \$[0] and so on meaningful, and to
-+# report actual input values of CONFIG_FILES etc. instead of their
-+# values after options handling. Logging --version etc. is OK.
-+exec 5>>config.log
-+{
-+ echo
-+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-+## Running $as_me. ##
-+_ASBOX
-+} >&5
-+cat >&5 <<_CSEOF
-+
-+This file was extended by $as_me, which was
-+generated by GNU Autoconf 2.59. Invocation command line was
-+
-+ CONFIG_FILES = $CONFIG_FILES
-+ CONFIG_HEADERS = $CONFIG_HEADERS
-+ CONFIG_LINKS = $CONFIG_LINKS
-+ CONFIG_COMMANDS = $CONFIG_COMMANDS
-+ $ $0 $@
-+
-+_CSEOF
-+echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
-+echo >&5
-+_ACEOF
-+
-+# Files that config.status was made for.
-+if test -n "$ac_config_files"; then
-+ echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
-+fi
-+
-+if test -n "$ac_config_headers"; then
-+ echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
-+fi
-+
-+if test -n "$ac_config_links"; then
-+ echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
-+fi
-+
-+if test -n "$ac_config_commands"; then
-+ echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
-+fi
-+
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+
-+ac_cs_usage="\
-+\`$as_me' instantiates files from templates according to the
-+current configuration.
-+
-+Usage: $0 [OPTIONS] [FILE]...
-+
-+ -h, --help print this help, then exit
-+ -V, --version print version number, then exit
-+ -q, --quiet do not print progress messages
-+ -d, --debug don't remove temporary files
-+ --recheck update $as_me by reconfiguring in the same conditions
-+ --file=FILE[:TEMPLATE]
-+ instantiate the configuration file FILE
-+ --header=FILE[:TEMPLATE]
-+ instantiate the configuration header FILE
-+
-+Configuration files:
-+$config_files
-+
-+Configuration headers:
-+$config_headers
-+
-+Configuration commands:
-+$config_commands
-+
-+Report bugs to <bug-autoconf@gnu.org>."
-+_ACEOF
-+
-+cat >>$CONFIG_STATUS <<_ACEOF
-+ac_cs_version="\\
-+config.status
-+configured by $0, generated by GNU Autoconf 2.59,
-+ with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
-+
-+Copyright (C) 2003 Free Software Foundation, Inc.
-+This config.status script is free software; the Free Software Foundation
-+gives unlimited permission to copy, distribute and modify it."
-+srcdir=$srcdir
-+INSTALL="$INSTALL"
-+_ACEOF
-+
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+# If no file are specified by the user, then we need to provide default
-+# value. By we need to know if files were specified by the user.
-+ac_need_defaults=:
-+while test $# != 0
-+do
-+ case $1 in
-+ --*=*)
-+ ac_option=`expr "x$1" : 'x\([^=]*\)='`
-+ ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
-+ ac_shift=:
-+ ;;
-+ -*)
-+ ac_option=$1
-+ ac_optarg=$2
-+ ac_shift=shift
-+ ;;
-+ *) # This is not an option, so the user has probably given explicit
-+ # arguments.
-+ ac_option=$1
-+ ac_need_defaults=false;;
-+ esac
-+
-+ case $ac_option in
-+ # Handling of the options.
-+_ACEOF
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-+ ac_cs_recheck=: ;;
-+ --version | --vers* | -V )
-+ echo "$ac_cs_version"; exit 0 ;;
-+ --he | --h)
-+ # Conflict between --help and --header
-+ { { echo "$as_me:$LINENO: error: ambiguous option: $1
-+Try \`$0 --help' for more information." >&5
-+echo "$as_me: error: ambiguous option: $1
-+Try \`$0 --help' for more information." >&2;}
-+ { (exit 1); exit 1; }; };;
-+ --help | --hel | -h )
-+ echo "$ac_cs_usage"; exit 0 ;;
-+ --debug | --d* | -d )
-+ debug=: ;;
-+ --file | --fil | --fi | --f )
-+ $ac_shift
-+ CONFIG_FILES="$CONFIG_FILES $ac_optarg"
-+ ac_need_defaults=false;;
-+ --header | --heade | --head | --hea )
-+ $ac_shift
-+ CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
-+ ac_need_defaults=false;;
-+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
-+ ac_cs_silent=: ;;
-+
-+ # This is an error.
-+ -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
-+Try \`$0 --help' for more information." >&5
-+echo "$as_me: error: unrecognized option: $1
-+Try \`$0 --help' for more information." >&2;}
-+ { (exit 1); exit 1; }; } ;;
-+
-+ *) ac_config_targets="$ac_config_targets $1" ;;
-+
-+ esac
-+ shift
-+done
-+
-+ac_configure_extra_args=
-+
-+if $ac_cs_silent; then
-+ exec 6>/dev/null
-+ ac_configure_extra_args="$ac_configure_extra_args --silent"
-+fi
-+
-+_ACEOF
-+cat >>$CONFIG_STATUS <<_ACEOF
-+if \$ac_cs_recheck; then
-+ echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
-+ exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
-+fi
-+
-+_ACEOF
-+
-+cat >>$CONFIG_STATUS <<_ACEOF
-+#
-+# INIT-COMMANDS section.
-+#
-+
-+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
-+
-+_ACEOF
-+
-+
-+
-+cat >>$CONFIG_STATUS <<\_ACEOF
-+for ac_config_target in $ac_config_targets
-+do
-+ case "$ac_config_target" in
-+ # Handling of arguments.
-+ "include/xmlsec/version.h" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;;
-+ "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-+ "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
-+ "include/xmlsec/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;;
-+ "include/xmlsec/private/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;;
-+ "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
-+ "apps/Makefile" ) CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;;
-+ "docs/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;;
-+ "docs/api/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;;
-+ "man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
-+ "xmlsec1Conf.sh" ) CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;;
-+ "xmlsec1-config" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;;
-+ "xmlsec1-openssl.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;;
-+ "xmlsec1-gnutls.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;;
-+ "xmlsec1-nss.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;;
-+ "xmlsec1.spec" ) CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;;
-+ "include/xmlsec/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;;
-+ "src/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;;
-+ "include/xmlsec/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;;
-+ "src/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;;
-+ "include/xmlsec/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;;
-+ "src/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;;
-+ "include/xmlsec/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;;
-+ "src/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;;
-+ "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
-+ "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
-+ *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-+echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
-+ { (exit 1); exit 1; }; };;
-+ esac
-+done
-+
-+# If the user did not use the arguments to specify the items to instantiate,
-+# then the envvar interface is used. Set only those that are not.
-+# We use the long form for the default assignment because of an extremely
-+# bizarre bug on SunOS 4.1.3.
-+if $ac_need_defaults; then
-+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
-+fi
-+
-+# Have a temporary directory for convenience. Make it in the build tree
-+# simply because there is no reason to put it here, and in addition,
-+# creating and moving files from /tmp can sometimes cause problems.
-+# Create a temporary directory, and hook for its removal unless debugging.
-+$debug ||
-+{
-+ trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
-+ trap '{ (exit 1); exit 1; }' 1 2 13 15
-+}
-+
-+# Create a (secure) tmp directory for tmp files.
-+
-+{
-+ tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
-+ test -n "$tmp" && test -d "$tmp"
-+} ||
-+{
-+ tmp=./confstat$$-$RANDOM
-+ (umask 077 && mkdir $tmp)
-+} ||
-+{
-+ echo "$me: cannot create a temporary directory in ." >&2
-+ { (exit 1); exit 1; }
-+}
-+
-+_ACEOF
-+
-+cat >>$CONFIG_STATUS <<_ACEOF
-+
-+#
-+# CONFIG_FILES section.
-+#
-+
-+# No need to generate the scripts if there are no CONFIG_FILES.
-+# This happens for instance when ./config.status config.h
-+if test -n "\$CONFIG_FILES"; then
-+ # Protect against being on the right side of a sed subst in config.status.
-+ sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
-+ s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
-+s,@SHELL@,$SHELL,;t t
-+s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
-+s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
-+s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
-+s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
-+s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
-+s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
-+s,@exec_prefix@,$exec_prefix,;t t
-+s,@prefix@,$prefix,;t t
-+s,@program_transform_name@,$program_transform_name,;t t
-+s,@bindir@,$bindir,;t t
-+s,@sbindir@,$sbindir,;t t
-+s,@libexecdir@,$libexecdir,;t t
-+s,@datadir@,$datadir,;t t
-+s,@sysconfdir@,$sysconfdir,;t t
-+s,@sharedstatedir@,$sharedstatedir,;t t
-+s,@localstatedir@,$localstatedir,;t t
-+s,@libdir@,$libdir,;t t
-+s,@includedir@,$includedir,;t t
-+s,@oldincludedir@,$oldincludedir,;t t
-+s,@infodir@,$infodir,;t t
-+s,@mandir@,$mandir,;t t
-+s,@build_alias@,$build_alias,;t t
-+s,@host_alias@,$host_alias,;t t
-+s,@target_alias@,$target_alias,;t t
-+s,@DEFS@,$DEFS,;t t
-+s,@ECHO_C@,$ECHO_C,;t t
-+s,@ECHO_N@,$ECHO_N,;t t
-+s,@ECHO_T@,$ECHO_T,;t t
-+s,@LIBS@,$LIBS,;t t
-+s,@build@,$build,;t t
-+s,@build_cpu@,$build_cpu,;t t
-+s,@build_vendor@,$build_vendor,;t t
-+s,@build_os@,$build_os,;t t
-+s,@host@,$host,;t t
-+s,@host_cpu@,$host_cpu,;t t
-+s,@host_vendor@,$host_vendor,;t t
-+s,@host_os@,$host_os,;t t
-+s,@XMLSEC_VERSION@,$XMLSEC_VERSION,;t t
-+s,@XMLSEC_PACKAGE@,$XMLSEC_PACKAGE,;t t
-+s,@XMLSEC_VERSION_SAFE@,$XMLSEC_VERSION_SAFE,;t t
-+s,@XMLSEC_VERSION_MAJOR@,$XMLSEC_VERSION_MAJOR,;t t
-+s,@XMLSEC_VERSION_MINOR@,$XMLSEC_VERSION_MINOR,;t t
-+s,@XMLSEC_VERSION_SUBMINOR@,$XMLSEC_VERSION_SUBMINOR,;t t
-+s,@XMLSEC_VERSION_INFO@,$XMLSEC_VERSION_INFO,;t t
-+s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
-+s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
-+s,@INSTALL_DATA@,$INSTALL_DATA,;t t
-+s,@CYGPATH_W@,$CYGPATH_W,;t t
-+s,@PACKAGE@,$PACKAGE,;t t
-+s,@VERSION@,$VERSION,;t t
-+s,@ACLOCAL@,$ACLOCAL,;t t
-+s,@AUTOCONF@,$AUTOCONF,;t t
-+s,@AUTOMAKE@,$AUTOMAKE,;t t
-+s,@AUTOHEADER@,$AUTOHEADER,;t t
-+s,@MAKEINFO@,$MAKEINFO,;t t
-+s,@AMTAR@,$AMTAR,;t t
-+s,@install_sh@,$install_sh,;t t
-+s,@STRIP@,$STRIP,;t t
-+s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t
-+s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
-+s,@mkdir_p@,$mkdir_p,;t t
-+s,@AWK@,$AWK,;t t
-+s,@SET_MAKE@,$SET_MAKE,;t t
-+s,@am__leading_dot@,$am__leading_dot,;t t
-+s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t
-+s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t
-+s,@MAINT@,$MAINT,;t t
-+s,@CC@,$CC,;t t
-+s,@CFLAGS@,$CFLAGS,;t t
-+s,@LDFLAGS@,$LDFLAGS,;t t
-+s,@CPPFLAGS@,$CPPFLAGS,;t t
-+s,@ac_ct_CC@,$ac_ct_CC,;t t
-+s,@EXEEXT@,$EXEEXT,;t t
-+s,@OBJEXT@,$OBJEXT,;t t
-+s,@DEPDIR@,$DEPDIR,;t t
-+s,@am__include@,$am__include,;t t
-+s,@am__quote@,$am__quote,;t t
-+s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t
-+s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t
-+s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
-+s,@CCDEPMODE@,$CCDEPMODE,;t t
-+s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t
-+s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t
-+s,@EGREP@,$EGREP,;t t
-+s,@LN_S@,$LN_S,;t t
-+s,@ECHO@,$ECHO,;t t
-+s,@AR@,$AR,;t t
-+s,@ac_ct_AR@,$ac_ct_AR,;t t
-+s,@RANLIB@,$RANLIB,;t t
-+s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
-+s,@CPP@,$CPP,;t t
-+s,@CXX@,$CXX,;t t
-+s,@CXXFLAGS@,$CXXFLAGS,;t t
-+s,@ac_ct_CXX@,$ac_ct_CXX,;t t
-+s,@CXXDEPMODE@,$CXXDEPMODE,;t t
-+s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t
-+s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t
-+s,@CXXCPP@,$CXXCPP,;t t
-+s,@F77@,$F77,;t t
-+s,@FFLAGS@,$FFLAGS,;t t
-+s,@ac_ct_F77@,$ac_ct_F77,;t t
-+s,@LIBTOOL@,$LIBTOOL,;t t
-+s,@RM@,$RM,;t t
-+s,@CP@,$CP,;t t
-+s,@MV@,$MV,;t t
-+s,@TAR@,$TAR,;t t
-+s,@HELP2MAN@,$HELP2MAN,;t t
-+s,@MAN2HTML@,$MAN2HTML,;t t
-+s,@U@,$U,;t t
-+s,@ANSI2KNR@,$ANSI2KNR,;t t
-+s,@INSTALL_LTDL_TRUE@,$INSTALL_LTDL_TRUE,;t t
-+s,@INSTALL_LTDL_FALSE@,$INSTALL_LTDL_FALSE,;t t
-+s,@CONVENIENCE_LTDL_TRUE@,$CONVENIENCE_LTDL_TRUE,;t t
-+s,@CONVENIENCE_LTDL_FALSE@,$CONVENIENCE_LTDL_FALSE,;t t
-+s,@LIBADD_DL@,$LIBADD_DL,;t t
-+s,@PKG_CONFIG_ENABLED@,$PKG_CONFIG_ENABLED,;t t
-+s,@PKG_CONFIG@,$PKG_CONFIG,;t t
-+s,@LIBXML_CFLAGS@,$LIBXML_CFLAGS,;t t
-+s,@LIBXML_LIBS@,$LIBXML_LIBS,;t t
-+s,@LIBXML262_CFLAGS@,$LIBXML262_CFLAGS,;t t
-+s,@LIBXML262_LIBS@,$LIBXML262_LIBS,;t t
-+s,@LIBXML_CONFIG@,$LIBXML_CONFIG,;t t
-+s,@LIBXML_MIN_VERSION@,$LIBXML_MIN_VERSION,;t t
-+s,@LIBXSLT_CFLAGS@,$LIBXSLT_CFLAGS,;t t
-+s,@LIBXSLT_LIBS@,$LIBXSLT_LIBS,;t t
-+s,@XMLSEC_NO_LIBXSLT@,$XMLSEC_NO_LIBXSLT,;t t
-+s,@LIBXSLT_CONFIG@,$LIBXSLT_CONFIG,;t t
-+s,@LIBXSLT_MIN_VERSION@,$LIBXSLT_MIN_VERSION,;t t
-+s,@OPENSSL_CFLAGS@,$OPENSSL_CFLAGS,;t t
-+s,@OPENSSL_LIBS@,$OPENSSL_LIBS,;t t
-+s,@OPENSSL097_CFLAGS@,$OPENSSL097_CFLAGS,;t t
-+s,@OPENSSL097_LIBS@,$OPENSSL097_LIBS,;t t
-+s,@XMLSEC_NO_OPENSSL_TRUE@,$XMLSEC_NO_OPENSSL_TRUE,;t t
-+s,@XMLSEC_NO_OPENSSL_FALSE@,$XMLSEC_NO_OPENSSL_FALSE,;t t
-+s,@XMLSEC_NO_OPENSSL@,$XMLSEC_NO_OPENSSL,;t t
-+s,@OPENSSL_CRYPTO_LIB@,$OPENSSL_CRYPTO_LIB,;t t
-+s,@OPENSSL_MIN_VERSION@,$OPENSSL_MIN_VERSION,;t t
-+s,@GNUTLS_CFLAGS@,$GNUTLS_CFLAGS,;t t
-+s,@GNUTLS_LIBS@,$GNUTLS_LIBS,;t t
-+s,@XMLSEC_NO_GNUTLS_TRUE@,$XMLSEC_NO_GNUTLS_TRUE,;t t
-+s,@XMLSEC_NO_GNUTLS_FALSE@,$XMLSEC_NO_GNUTLS_FALSE,;t t
-+s,@XMLSEC_NO_GNUTLS@,$XMLSEC_NO_GNUTLS,;t t
-+s,@GNUTLS_CRYPTO_LIB@,$GNUTLS_CRYPTO_LIB,;t t
-+s,@GNUTLS_MIN_VERSION@,$GNUTLS_MIN_VERSION,;t t
-+s,@NSS_CFLAGS@,$NSS_CFLAGS,;t t
-+s,@NSS_LIBS@,$NSS_LIBS,;t t
-+s,@XMLSEC_NO_NSS_TRUE@,$XMLSEC_NO_NSS_TRUE,;t t
-+s,@XMLSEC_NO_NSS_FALSE@,$XMLSEC_NO_NSS_FALSE,;t t
-+s,@XMLSEC_NO_NSS@,$XMLSEC_NO_NSS,;t t
-+s,@NSS_CRYPTO_LIB@,$NSS_CRYPTO_LIB,;t t
-+s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
-+s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
-+s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
-+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
-+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
- s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
- s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
- s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
-@@ -34368,6 +36362,8 @@
- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
- s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
- s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
-+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
-+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
- s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
- s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
- s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
---- misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/configure.in 2008-06-29 23:44:19.000000000 +0200
-@@ -503,12 +503,26 @@
-
- XMLSEC_NO_NSS="1"
- MOZILLA_MIN_VERSION="1.4"
-+if test "z$MOZ_FLAVOUR" = "zfirefox" ; then
-+ MOZILLA_MIN_VERSION="1.0"
-+fi
- NSS_MIN_VERSION="3.2"
- NSPR_MIN_VERSION="4.0"
- NSS_CFLAGS=""
- NSS_LIBS=""
--NSS_LIBS_LIST="-lnss3 -lsmime3"
--NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
-+
-+case $host_os in
-+cygwin* | mingw* | pw32*)
-+ NSS_LIBS_LIST="-lnss3 -lsmime3"
-+ NSPR_LIBS_LIST="-lnspr4"
-+ ;;
-+
-+*)
-+ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
-+ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
-+ ;;
-+esac
-+
- NSS_CRYPTO_LIB="$PACKAGE-nss"
- NSS_FOUND="no"
-
-@@ -521,9 +535,16 @@
- AC_MSG_RESULT(no)
- NSS_FOUND="without"
- elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then
-- PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION,
-+ PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION,
- [NSS_FOUND=yes],
- [NSS_FOUND=no])
-+ AC_MSG_RESULT($NSS_FOUND)
-+ if test "z$NSS_FOUND" = "zno" ; then
-+ PKG_CHECK_MODULES(NSS, nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION,
-+ [NSS_FOUND=yes],
-+ [NSS_FOUND=no])
-+ AC_MSG_RESULT($NSS_FOUND)
-+ fi
- fi
-
- if test "z$NSS_FOUND" = "zno" ; then
-@@ -534,8 +555,8 @@
- ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
- fi
-
-- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
-- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
-+ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
-+ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
-
- AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
- NSPR_INCLUDES_FOUND="no"
-@@ -570,7 +591,9 @@
- done
-
- for dir in $ac_nss_lib_dir ; do
-- if test -f $dir/libnspr4.so ; then
-+ case $host_os in
-+ cygwin* | mingw* | pw32*)
-+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then
- dnl do not add -L/usr/lib because compiler does it anyway
- if test "z$dir" = "z/usr/lib" ; then
- NSPR_LIBS="$NSPR_LIBS_LIST"
-@@ -583,7 +606,26 @@
- fi
- NSPR_LIBS_FOUND="yes"
- break
-- fi
-+ fi
-+ ;;
-+
-+ *)
-+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
-+ dnl do not add -L/usr/lib because compiler does it anyway
-+ if test "z$dir" = "z/usr/lib" ; then
-+ NSPR_LIBS="$NSPR_LIBS_LIST"
-+ else
-+ if test "z$with_gnu_ld" = "zyes" ; then
-+ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
-+ else
-+ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
-+ fi
-+ fi
-+ NSPR_LIBS_FOUND="yes"
-+ break
-+ fi
-+ ;;
-+ esac
- done
- fi
-
-@@ -641,7 +683,9 @@
- done
-
- for dir in $ac_nss_lib_dir ; do
-- if test -f $dir/libnss3.so ; then
-+ case $host_os in
-+ cygwin* | mingw* | pw32*)
-+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then
- dnl do not add -L/usr/lib because compiler does it anyway
- if test "z$dir" = "z/usr/lib" ; then
- NSS_LIBS="$NSS_LIBS_LIST"
-@@ -654,7 +698,26 @@
- fi
- NSS_LIBS_FOUND="yes"
- break
-- fi
-+ fi
-+ ;;
-+
-+ *)
-+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
-+ dnl do not add -L/usr/lib because compiler does it anyway
-+ if test "z$dir" = "z/usr/lib" ; then
-+ NSS_LIBS="$NSS_LIBS_LIST"
-+ else
-+ if test "z$with_gnu_ld" = "zyes" ; then
-+ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
-+ else
-+ NSS_LIBS="-L$dir $NSS_LIBS_LIST"
-+ fi
-+ fi
-+ NSS_LIBS_FOUND="yes"
-+ break
-+ fi
-+ ;;
-+ esac
- done
- fi
-
---- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,58 @@
--dummy
-+# Makefile.in generated by automake 1.8.3 from Makefile.am.
-+# @configure_input@
-+
-+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-+# 2003, 2004 Free Software Foundation, Inc.
-+# This Makefile.in is free software; the Free Software Foundation
-+# gives unlimited permission to copy and/or distribute it,
-+# with or without modifications, as long as this notice is preserved.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-+# PARTICULAR PURPOSE.
-+
-+@SET_MAKE@
-+
-+HEADERS = $(xmlsecmscryptoinc_HEADERS)
-+NULL =
-+xmlsecmscryptoinc_HEADERS = \
-+akmngr.h \
-+app.h \
-+crypto.h \
-+symbols.h \
-+certkeys.h \
-+keysstore.h \
-+x509.h \
-+$(NULL)
-+
-+all: all-am
-+
-+mostlyclean-libtool:
-+ -rm -f *.lo
-+
-+clean-libtool:
-+ -rm -rf .libs _libs
-+
-+all-am: Makefile $(HEADERS)
-+
-+mostlyclean-generic:
-+
-+clean-generic:
-+
-+clean: clean-am
-+
-+clean-am: clean-generic clean-libtool mostlyclean-am
-+
-+mostlyclean: mostlyclean-am
-+
-+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-+
-+.PHONY: all all-am clean clean-generic \
-+ clean-libtool \
-+ mostlyclean mostlyclean-generic mostlyclean-libtool
-+
-+
-+# Tell versions [3.59,3.63) of GNU make to not export all variables.
-+# Otherwise a system limit (for SysV at least) may be exceeded.
-+.NOEXPORT:
---- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:39.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,71 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
-+#define __XMLSEC_MSCRYPTO_AKMNGR_H__
-+
-+#include <windows.h>
-+#include <wincrypt.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecMSCryptoAppliedKeysMngrCreate(
-+ HCERTSTORE keyStore ,
-+ HCERTSTORE certStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY priKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE keyStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE trustedStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE untrustedStore
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
-+
-+
---- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2008-06-29 23:44:19.000000000 +0200
-@@ -77,6 +77,21 @@
- PCCERT_CONTEXT cert,
- xmlSecKeyDataType type);
-
-+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore (
-+ xmlSecKeyDataStorePtr store,
-+ HCERTSTORE keyStore
-+ ) ;
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore (
-+ xmlSecKeyDataStorePtr store,
-+ HCERTSTORE trustedStore
-+ ) ;
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore (
-+ xmlSecKeyDataStorePtr store,
-+ HCERTSTORE untrustedStore
-+ ) ;
-+
-
- #endif /* XMLSEC_NO_X509 */
-
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200
-@@ -3,6 +3,7 @@
- xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
-
- xmlsecnssinc_HEADERS = \
-+akmngr.h \
- app.h \
- crypto.h \
- symbols.h \
-@@ -10,6 +11,8 @@
- keysstore.h \
- pkikeys.h \
- x509.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- install-exec-hook:
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200
-@@ -273,6 +273,7 @@
- NULL =
- xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
- xmlsecnssinc_HEADERS = \
-+akmngr.h \
- app.h \
- crypto.h \
- symbols.h \
-@@ -280,6 +281,8 @@
- keysstore.h \
- pkikeys.h \
- x509.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- all: all-am
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:39.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,56 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_AKMNGR_H__
-+#define __XMLSEC_NSS_AKMNGR_H__
-+
-+#include <nss.h>
-+#include <nspr.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-+
-+
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2008-06-29 23:44:19.000000000 +0200
-@@ -22,6 +22,9 @@
- #include <xmlsec/keysmngr.h>
- #include <xmlsec/transforms.h>
-
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+
- /**
- * Init/shutdown
- */
-@@ -34,6 +37,8 @@
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
- xmlSecKeyPtr key);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
- const char* uri);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:39.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,35 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_CIPHERS_H__
-+#define __XMLSEC_NSS_CIPHERS_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
-+ PK11SymKey* symkey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-+
-+
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2008-06-29 23:44:19.000000000 +0200
-@@ -264,6 +264,15 @@
- xmlSecNssTransformRsaPkcs1GetKlass()
- XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void);
-
-+/**
-+ * xmlSecNssTransformRsaOaepId:
-+ *
-+ * The RSA OAEP key transport transform klass.
-+ */
-+#define xmlSecNssTransformRsaOaepId \
-+ xmlSecNssTransformRsaOaepGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
-+
- #endif /* XMLSEC_NO_RSA */
-
-
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2008-06-29 23:44:19.000000000 +0200
-@@ -16,6 +16,8 @@
- #endif /* __cplusplus */
-
- #include <xmlsec/xmlsec.h>
-+#include <xmlsec/keysmngr.h>
-+#include <xmlsec/nss/tokens.h>
-
- /****************************************************************************
- *
-@@ -31,6 +33,8 @@
- XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
- xmlSecKeyPtr key);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
- const char *uri,
- xmlSecKeysMngrPtr keysMngr);
---- misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:39.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,182 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+#ifndef __XMLSEC_NSS_TOKENS_H__
-+#define __XMLSEC_NSS_TOKENS_H__
-+
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/list.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+/**
-+ * xmlSecNssKeySlotListId
-+ *
-+ * The crypto mechanism list klass
-+ */
-+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-+
-+/*******************************************
-+ * KeySlot interfaces
-+ *******************************************/
-+/**
-+ * Internal NSS key slot data
-+ * @mechanismList: the mechanisms that the slot bound with.
-+ * @slot: the pkcs slot
-+ *
-+ * This context is located after xmlSecPtrList
-+ */
-+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
-+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
-+
-+struct _xmlSecNssKeySlot {
-+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
-+ PK11SlotInfo* slot ;
-+} ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+
-+/************************************************************************
-+ * PKCS#11 crypto token interfaces
-+ *
-+ * A PKCS#11 slot repository will be defined internally. From the
-+ * repository, a user can specify a particular slot for a certain crypto
-+ * mechanism.
-+ *
-+ * In some situation, some cryptographic operation should act in a user
-+ * designated devices. The interfaces defined here provide the way. If
-+ * the user do not initialize the repository distinctly, the interfaces
-+ * use the default functions provided by NSS itself.
-+ *
-+ ************************************************************************/
-+/**
-+ * Initialize NSS pkcs#11 slot repository
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-+
-+/**
-+ * Shutdown and destroy NSS pkcs#11 slot repository
-+ */
-+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-+
-+/**
-+ * Get PKCS#11 slot handler
-+ * @type the mechanism that the slot must support.
-+ *
-+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
-+ *
-+ * Notes: The returned handler must be destroied distinctly.
-+ */
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-+
-+/**
-+ * Adopt a pkcs#11 slot with a mechanism into the repository
-+ * @slot: the pkcs#11 slot.
-+ * @mech: the mechanism.
-+ *
-+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
-+ * this mechanism only can perform on the @slot.
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_TOKENS_H__ */
-+
---- misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/ltmain.sh 2008-06-29 23:44:19.000000000 +0200
-@@ -1661,6 +1661,11 @@
- fi
- ;;
-
-+ *.lib)
-+ deplibs="$deplibs $arg"
-+ continue
-+ ;;
-+
- *.$libext)
- # An archive.
- deplibs="$deplibs $arg"
-@@ -1974,6 +1979,10 @@
- continue
- ;;
- *.la) lib="$deplib" ;;
-+ *.lib)
-+ deplibs="$deplib $deplibs"
-+ continue
-+ ;;
- *.$libext)
- if test "$pass" = conv; then
- deplibs="$deplib $deplibs"
-@@ -2994,13 +3003,13 @@
- ;;
-
- freebsd-aout)
-- major=".$current"
-- versuffix=".$current.$revision";
-+ major=.`expr $current - $age`
-+ versuffix="$major.$age.$revision"
- ;;
-
- freebsd-elf)
-- major=".$current"
-- versuffix=".$current";
-+ major=.`expr $current - $age`
-+ versuffix="$major.$age.$revision"
- ;;
-
- irix | nonstopux)
-@@ -3564,7 +3573,8 @@
- fi
- else
- eval flag=\"$hardcode_libdir_flag_spec\"
-- dep_rpath="$dep_rpath $flag"
-+# what the ...
-+# dep_rpath="$dep_rpath $flag"
- fi
- elif test -n "$runpath_var"; then
- case "$perm_rpath " in
---- misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/bn.c 2008-06-29 23:44:19.000000000 +0200
-@@ -170,8 +170,10 @@
- */
- int
- xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
-- xmlSecSize i, len;
-+ xmlSecSize i, len, size;
- xmlSecByte ch;
-+ xmlSecByte* data;
-+ int positive;
- int nn;
- int ret;
-
-@@ -183,7 +185,7 @@
- /* trivial case */
- len = xmlStrlen(str);
- if(len == 0) {
-- return(0);
-+ return(0);
- }
-
- /* The result size could not exceed the input string length
-@@ -191,54 +193,131 @@
- * In truth, it would be likely less than 1/2 input string length
- * because each byte is represented by 2 chars. If needed,
- * buffer size would be increased by Mul/Add functions.
-+ * Finally, we can add one byte for 00 or 10 prefix.
- */
-- ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1);
-+ ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1);
- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBnRevLookupTable",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", len / 2 + 1);
-- return (-1);
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnRevLookupTable",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "size=%d", len / 2 + 1);
-+ return (-1);
-+ }
-+
-+ /* figure out if it is positive or negative number */
-+ positive = 1;
-+ i = 0;
-+ while(i < len) {
-+ ch = str[i++];
-+
-+ /* skip spaces */
-+ if(isspace(ch)) {
-+ continue;
-+ }
-+
-+ /* check if it is + or - */
-+ if(ch == '+') {
-+ positive = 1;
-+ break;
-+ } else if(ch == '-') {
-+ positive = 0;
-+ break;
-+ }
-+
-+ /* otherwise, it must be start of the number */
-+ nn = xmlSecBnLookupTable[ch];
-+ if((nn >= 0) && ((xmlSecSize)nn < base)) {
-+ xmlSecAssert2(i > 0, -1);
-+
-+ /* no sign, positive by default */
-+ positive = 1;
-+ --i; /* make sure that we will look at this character in next loop */
-+ break;
-+ } else {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ NULL,
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ "char=%c;base=%d",
-+ ch, base);
-+ return (-1);
-+ }
-+ }
-+
-+ /* now parse the number itself */
-+ while(i < len) {
-+ ch = str[i++];
-+ if(isspace(ch)) {
-+ continue;
-+ }
-+
-+ xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
-+ nn = xmlSecBnLookupTable[ch];
-+ if((nn < 0) || ((xmlSecSize)nn > base)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ NULL,
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ "char=%c;base=%d",
-+ ch, base);
-+ return (-1);
-+ }
-+
-+ ret = xmlSecBnMul(bn, base);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnMul",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "base=%d", base);
-+ return (-1);
-+ }
-+
-+ ret = xmlSecBnAdd(bn, nn);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnAdd",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "base=%d", base);
-+ return (-1);
-+}
- }
-
-- for(i = 0; i < len; i++) {
-- ch = str[i];
-- if(isspace(ch)) {
-- continue;
-- }
--
-- xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
-- nn = xmlSecBnLookupTable[ch];
-- if((nn < 0) || ((xmlSecSize)nn > base)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "char=%c;base=%d",
-- ch, base);
-- return (-1);
-- }
--
-- ret = xmlSecBnMul(bn, base);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBnMul",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "base=%d", base);
-- return (-1);
-- }
--
-- ret = xmlSecBnAdd(bn, nn);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBnAdd",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "base=%d", base);
-- return (-1);
-- }
-+ /* check if we need to add 00 prefix */
-+ data = xmlSecBufferGetData(bn);
-+ size = xmlSecBufferGetSize(bn);
-+ if((size > 0 && data[0] > 127)||(size==0)) {
-+ ch = 0;
-+ ret = xmlSecBufferPrepend(bn, &ch, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferPrepend",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "base=%d", base);
-+ return (-1);
-+ }
-+ }
-+
-+ /* do 2's compliment and add 1 to represent negative value */
-+ if(positive == 0) {
-+ data = xmlSecBufferGetData(bn);
-+ size = xmlSecBufferGetSize(bn);
-+ for(i = 0; i < size; ++i) {
-+ data[i] ^= 0xFF;
-+ }
-+
-+ ret = xmlSecBnAdd(bn, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnAdd",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "base=%d", base);
-+ return (-1);
-+ }
- }
-
- return(0);
-@@ -256,8 +335,12 @@
- */
- xmlChar*
- xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
-+ xmlSecBn bn2;
-+ int positive = 1;
- xmlChar* res;
-- xmlSecSize i, len;
-+ xmlSecSize i, len, size;
-+ xmlSecByte* data;
-+ int ret;
- int nn;
- xmlChar ch;
-
-@@ -265,35 +348,86 @@
- xmlSecAssert2(base > 1, NULL);
- xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
-
-+
-+ /* copy bn */
-+ data = xmlSecBufferGetData(bn);
-+ size = xmlSecBufferGetSize(bn);
-+ ret = xmlSecBnInitialize(&bn2, size);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "size=%d", size);
-+ return (NULL);
-+ }
-+
-+ ret = xmlSecBnSetData(&bn2, data, size);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnSetData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "size=%d", size);
-+ xmlSecBnFinalize(&bn2);
-+ return (NULL);
-+ }
-+
-+ /* check if it is a negative number or not */
-+ data = xmlSecBufferGetData(&bn2);
-+ size = xmlSecBufferGetSize(&bn2);
-+ if((size > 0) && (data[0] > 127)) {
-+ /* subtract 1 and do 2's compliment */
-+ ret = xmlSecBnAdd(&bn2, -1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnAdd",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "size=%d", size);
-+ xmlSecBnFinalize(&bn2);
-+ return (NULL);
-+ }
-+ for(i = 0; i < size; ++i) {
-+ data[i] ^= 0xFF;
-+ }
-+
-+ positive = 0;
-+ } else {
-+ positive = 1;
-+ }
-+
- /* Result string len is
- * len = log base (256) * <bn size>
- * Since the smallest base == 2 then we can get away with
- * len = 8 * <bn size>
- */
-- len = 8 * xmlSecBufferGetSize(bn) + 1;
-+ len = 8 * size + 1 + 1;
- res = (xmlChar*)xmlMalloc(len + 1);
- if(res == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_MALLOC_FAILED,
-- "len=%d", len);
-- return (NULL);
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ NULL,
-+ XMLSEC_ERRORS_R_MALLOC_FAILED,
-+ "len=%d", len);
-+ xmlSecBnFinalize(&bn2);
-+ return (NULL);
- }
- memset(res, 0, len + 1);
-
-- for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) {
-- if(xmlSecBnDiv(bn, base, &nn) < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBnDiv",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "base=%d", base);
-- xmlFree(res);
-- return (NULL);
-- }
-- xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
-- res[i] = xmlSecBnRevLookupTable[nn];
-+ for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) {
-+ if(xmlSecBnDiv(&bn2, base, &nn) < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnDiv",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "base=%d", base);
-+ xmlFree(res);
-+ xmlSecBnFinalize(&bn2);
-+ return (NULL);
-+ }
-+ xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
-+ res[i] = xmlSecBnRevLookupTable[nn];
- }
- xmlSecAssert2(i < len, NULL);
-
-@@ -301,13 +435,20 @@
- for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
- res[len] = '\0';
-
-+ /* add "-" for negative numbers */
-+ if(positive == 0) {
-+ res[len] = '-';
-+ res[++len] = '\0';
-+ }
-+
- /* swap the string because we wrote it in reverse order */
- for(i = 0; i < len / 2; i++) {
-- ch = res[i];
-- res[i] = res[len - i - 1];
-- res[len - i - 1] = ch;
-+ ch = res[i];
-+ res[i] = res[len - i - 1];
-+ res[len - i - 1] = ch;
- }
-
-+ xmlSecBnFinalize(&bn2);
- return(res);
- }
-
-@@ -392,7 +533,9 @@
- }
-
- data = xmlSecBufferGetData(bn);
-- for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) {
-+ i = xmlSecBufferGetSize(bn);
-+ over = 0;
-+ while(i > 0) {
- xmlSecAssert2(data != NULL, -1);
-
- over = over + multiplier * data[--i];
-@@ -487,43 +630,57 @@
- */
- int
- xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
-- int over;
-+ int over, tmp;
- xmlSecByte* data;
- xmlSecSize i;
- xmlSecByte ch;
- int ret;
-
- xmlSecAssert2(bn != NULL, -1);
-- xmlSecAssert2(delta >= 0, -1);
-
- if(delta == 0) {
-- return(0);
-+ return(0);
- }
-
- data = xmlSecBufferGetData(bn);
-- for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) {
-- xmlSecAssert2(data != NULL, -1);
-+ if(delta > 0) {
-+ for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) {
-+ xmlSecAssert2(data != NULL, -1);
-
-- over += data[--i];
-- data[i] = over % 256;
-- over = over / 256;
-- }
-+ tmp = data[--i];
-+ over += tmp;
-+ data[i] = over % 256;
-+ over = over / 256;
-+ }
-
-- while(over > 0) {
-- ch = over % 256;
-- over = over / 256;
-+ while(over > 0) {
-+ ch = over % 256;
-+ over = over / 256;
-
-- ret = xmlSecBufferPrepend(bn, &ch, 1);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBufferPrepend",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=1");
-- return (-1);
-- }
-+ ret = xmlSecBufferPrepend(bn, &ch, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferPrepend",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "size=1");
-+ return (-1);
-+ }
-+ }
-+ } else {
-+ for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) {
-+ xmlSecAssert2(data != NULL, -1);
-+
-+ tmp = data[--i];
-+ if(tmp < over) {
-+ data[i] = 0;
-+ over = (over - tmp) / 256;
-+ } else {
-+ data[i] = tmp - over;
-+ over = 0;
-+ }
-+ }
- }
--
- return(0);
- }
-
-@@ -787,7 +944,7 @@
- }
-
- if(addLineBreaks) {
-- xmlNodeAddContent(cur, BAD_CAST "\n");
-+ xmlNodeAddContent(cur, xmlSecStringCR);
- }
-
- switch(format) {
-@@ -833,7 +990,7 @@
- }
-
- if(addLineBreaks) {
-- xmlNodeAddContent(cur, BAD_CAST "\n");
-+ xmlNodeAddContent(cur, xmlSecStringCR);
- }
-
- return(0);
---- misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100
-+++ misc/build/xmlsec1-1.2.6/src/dl.c 2008-06-29 23:44:19.000000000 +0200
-@@ -329,6 +329,10 @@
- xmlSecCryptoDLInit(void) {
- int ret;
-
-+ /* use xmlMalloc/xmlFree */
-+ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
-+ xmlsec_lt_dlfree = xmlSecCryptoDLFree;
-+
- ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass());
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -350,9 +354,6 @@
- }
- /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */
-
-- /* use xmlMalloc/xmlFree */
-- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
-- xmlsec_lt_dlfree = xmlSecCryptoDLFree;
- return(0);
- }
-
---- misc/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,178 @@
--dummy
-+# Makefile.in generated by automake 1.8.3 from Makefile.am.
-+# @configure_input@
-+
-+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-+# 2003, 2004 Free Software Foundation, Inc.
-+# This Makefile.in is free software; the Free Software Foundation
-+# gives unlimited permission to copy and/or distribute it,
-+# with or without modifications, as long as this notice is preserved.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-+# PARTICULAR PURPOSE.
-+
-+@SET_MAKE@
-+
-+srcdir = @srcdir@
-+top_srcdir = @top_srcdir@
-+top_builddir = ../..
-+LTLIBRARIES = $(lib_LTLIBRARIES)
-+am__DEPENDENCIES_1 =
-+libxmlsec1_mscrypto_la_DEPENDENCIES = ../libxmlsec1.la \
-+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-+am__objects_1 =
-+am_libxmlsec1_mscrypto_la_OBJECTS = akmngr.lo app.lo certkeys.lo ciphers.lo crypto.lo \
-+ digests.lo keysstore.lo kt_rsa.lo signatures.lo symkeys.lo \
-+ x509.lo x509vfy.lo $(am__objects_1)
-+libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS)
-+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
-+depcomp = $(SHELL) $(top_srcdir)/depcomp
-+@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/certkeys.Plo \
-+@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
-+@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/keysstore.Plo \
-+@AMDEP_TRUE@ ./$(DEPDIR)/kt_rsa.Plo ./$(DEPDIR)/signatures.Plo \
-+@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
-+@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo
-+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-+ $(AM_CFLAGS) $(CFLAGS)
-+CCLD = $(CC)
-+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
-+CC = @CC@
-+CCDEPMODE = @CCDEPMODE@
-+CFLAGS = @CFLAGS@
-+CPPFLAGS = @CPPFLAGS@
-+CYGPATH_W = @CYGPATH_W@
-+DEFS = @DEFS@
-+DEPDIR = @DEPDIR@
-+LDFLAGS = @LDFLAGS@
-+LIBS = @LIBS@
-+LIBTOOL = @LIBTOOL@
-+LIBXML_CFLAGS = @LIBXML_CFLAGS@
-+LIBXML_LIBS = @LIBXML_LIBS@
-+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
-+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
-+OBJEXT = @OBJEXT@
-+SHELL = @SHELL@
-+XMLSEC_DEFINES = @XMLSEC_DEFINES@
-+exec_prefix = @exec_prefix@
-+libdir = @libdir@
-+prefix = @prefix@
-+NULL =
-+
-+INCLUDES = \
-+ -DPACKAGE=\"@PACKAGE@\" \
-+ -I$(top_srcdir) \
-+ -I$(top_srcdir)/include \
-+ $(XMLSEC_DEFINES) \
-+ $(MSCRYPTO_CFLAGS) \
-+ $(LIBXSLT_CFLAGS) \
-+ $(LIBXML_CFLAGS) \
-+ $(NULL)
-+
-+lib_LTLIBRARIES = \
-+ libxmlsec1-mscrypto.la \
-+ $(NULL)
-+
-+libxmlsec1_mscrypto_la_LIBADD = \
-+ ../libxmlsec1.la \
-+ $(MSCRYPTO_LIBS) \
-+ $(LIBXSLT_LIBS) \
-+ $(LIBXML_LIBS) \
-+ $(NULL)
-+
-+libxmlsec1_mscrypto_la_LDFLAGS = \
-+ -version-info @XMLSEC_VERSION_INFO@ \
-+ $(NULL)
-+
-+all: all-am
-+
-+.SUFFIXES:
-+.SUFFIXES: .c .lo .o .obj
-+
-+clean-libLTLIBRARIES:
-+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-+ test "$$dir" = "$$p" && dir=.; \
-+ echo "rm -f \"$${dir}/so_locations\""; \
-+ rm -f "$${dir}/so_locations"; \
-+ done
-+libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES)
-+ $(LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_LDFLAGS) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS)
-+
-+mostlyclean-compile:
-+ -rm -f *.$(OBJEXT)
-+
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certkeys.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509vfy.Plo@am__quote@
-+
-+.c.o:
-+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
-+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
-+
-+.c.obj:
-+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
-+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
-+
-+.c.lo:
-+@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
-+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
-+
-+mostlyclean-libtool:
-+ -rm -f *.lo
-+
-+clean-libtool:
-+ -rm -rf .libs _libs
-+
-+all-am: Makefile $(LTLIBRARIES)
-+
-+mostlyclean-generic:
-+
-+clean-generic:
-+
-+clean: clean-am
-+
-+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-+ mostlyclean-am
-+
-+mostlyclean: mostlyclean-am
-+
-+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-+ mostlyclean-libtool
-+
-+.PHONY: all all-am clean clean-generic \
-+ clean-libLTLIBRARIES clean-libtool \
-+ maintainer-clean-generic mostlyclean mostlyclean-compile \
-+ mostlyclean-generic mostlyclean-libtool
-+
-+# Tell versions [3.59,3.63) of GNU make to not export all variables.
-+# Otherwise a system limit (for SysV at least) may be exceeded.
-+.NOEXPORT:
---- misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:39.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,235 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/mscrypto/crypto.h>
-+#include <xmlsec/mscrypto/keysstore.h>
-+#include <xmlsec/mscrypto/akmngr.h>
-+#include <xmlsec/mscrypto/x509.h>
-+
-+/**
-+ * xmlSecMSCryptoAppliedKeysMngrCreate:
-+ * @hKeyStore: the pointer to key store.
-+ * @hCertStore: the pointer to certificate database.
-+ *
-+ * Create and load key store and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecMSCryptoAppliedKeysMngrCreate(
-+ HCERTSTORE hKeyStore ,
-+ HCERTSTORE hCertStore
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+
-+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * At present, MS Crypto engine do not provide a way to setup a key store.
-+ */
-+ if( keyStore != NULL ) {
-+ /*TODO: binding key store.*/
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecMSCryptoKeysMngrInit" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /*-
-+ * At present, MS Crypto engine do not provide a way to setup a cert store.
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY symKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY pubKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY priKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE keyStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( keyStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE trustedStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE untrustedStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
---- misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2008-06-29 23:44:19.000000000 +0200
-@@ -41,6 +41,7 @@
- * a public key from xml document is provided, we need HCRYPTKEY.... The focus
- * now is however directed to certificates. Wouter
- */
-+/** replaced by a wrapper style for WINNT 4.0
- struct _xmlSecMSCryptoKeyDataCtx {
- HCRYPTPROV hProv;
- BOOL fCallerFreeProv;
-@@ -51,6 +52,124 @@
- HCRYPTKEY hKey;
- xmlSecKeyDataType type;
- };
-+*/
-+/*-
-+ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is
-+ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support
-+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
-+ */
-+struct _mscrypt_key {
-+ HCRYPTKEY hKey ;
-+ int refcnt ;
-+} ;
-+
-+/*-
-+ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is
-+ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support
-+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
-+ */
-+struct _mscrypt_prov {
-+ HCRYPTPROV hProv ;
-+ BOOL freeprov ;
-+ int refcnt ;
-+} ;
-+
-+struct _xmlSecMSCryptoKeyDataCtx {
-+ struct _mscrypt_prov* p_prov ;
-+ LPCTSTR providerName;
-+ DWORD providerType;
-+ PCCERT_CONTEXT pCert;
-+ DWORD dwKeySpec;
-+ struct _mscrypt_key* p_key ;
-+ xmlSecKeyDataType type;
-+};
-+
-+struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) {
-+ struct _mscrypt_key* pkey ;
-+
-+ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ;
-+ if( pkey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ "mscrypt_create_key" ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE
-+ ) ;
-+ }
-+
-+ pkey->hKey = key ;
-+ pkey->refcnt = 1 ;
-+
-+ return pkey ;
-+}
-+
-+struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) {
-+ if( key )
-+ key->refcnt ++ ;
-+
-+ return key ;
-+}
-+
-+int mscrypt_release_key( struct _mscrypt_key* key ) {
-+ if( key ) {
-+ key->refcnt -- ;
-+ if( !key->refcnt ) {
-+ if( key->hKey ) {
-+ CryptDestroyKey( key->hKey ) ;
-+ key->hKey = 0 ;
-+ }
-+ xmlFree( key ) ;
-+ } else {
-+ return key->refcnt ;
-+ }
-+ }
-+
-+ return 0 ;
-+}
-+
-+struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) {
-+ struct _mscrypt_prov* pprov ;
-+
-+ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ;
-+ if( pprov == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ "mscrypt_create_prov" ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE
-+ ) ;
-+ }
-+
-+ pprov->hProv = prov ;
-+ pprov->freeprov = callerFree ;
-+ pprov->refcnt = 1 ;
-+
-+ return pprov ;
-+}
-+
-+struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) {
-+ if( prov )
-+ prov->refcnt ++ ;
-+
-+ return prov ;
-+}
-+
-+int mscrypt_release_prov( struct _mscrypt_prov* prov ) {
-+ if( prov ) {
-+ prov->refcnt -- ;
-+ if( !prov->refcnt ) {
-+ if( prov->hProv && prov->freeprov ) {
-+ CryptReleaseContext( prov->hProv, 0 ) ;
-+ prov->hProv = 0 ;
-+ }
-+ xmlFree( prov ) ;
-+ } else {
-+ return prov->refcnt ;
-+ }
-+ }
-+
-+ return 0 ;
-+}
-
- /******************************************************************************
- *
-@@ -88,24 +207,20 @@
- ctx = xmlSecMSCryptoKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
-- if (ctx->hKey != 0) {
-- CryptDestroyKey(ctx->hKey);
-- ctx->hKey = 0;
-- }
-+ if( ctx->p_key != 0 ) {
-+ mscrypt_release_key( ctx->p_key ) ;
-+ }
-+ ctx->p_key = mscrypt_create_key( 0 ) ;
-
- if(ctx->pCert != NULL) {
- CertFreeCertificateContext(ctx->pCert);
- ctx->pCert = NULL;
- }
-
-- if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) {
-- CryptReleaseContext(ctx->hProv, 0);
-- ctx->hProv = 0;
-- ctx->fCallerFreeProv = FALSE;
-- } else {
-- ctx->hProv = 0;
-- ctx->fCallerFreeProv = FALSE;
-- }
-+ if( ( ctx->p_prov ) ) {
-+ mscrypt_release_prov( ctx->p_prov ) ;
-+ }
-+ ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ;
-
- ctx->type = type;
-
-@@ -116,9 +231,9 @@
- if (!CryptAcquireCertificatePrivateKey(pCert,
- CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
- NULL,
-- &(ctx->hProv),
-+ &(ctx->p_prov->hProv),
- &(ctx->dwKeySpec),
-- &(ctx->fCallerFreeProv))) {
-+ &(ctx->p_prov->freeprov))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptAcquireCertificatePrivateKey",
-@@ -127,46 +242,39 @@
- return(-1);
- }
- } else if((type & xmlSecKeyDataTypePublic) != 0){
-- if (!CryptAcquireContext(&(ctx->hProv),
-+ if (!CryptAcquireContext(&(ctx->p_prov->hProv),
- NULL,
-- ctx->providerName,
-+ NULL, /*AF: replaces "ctx->providerName" with "NULL" */
- ctx->providerType,
- CRYPT_VERIFYCONTEXT)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CryptAcquireContext",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- ctx->dwKeySpec = 0;
-- ctx->fCallerFreeProv = TRUE;
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "CryptAcquireContext",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ ctx->dwKeySpec = 0;
-+ ctx->p_prov->freeprov = TRUE;
-+
-+ if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv,
-+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-+ &(pCert->pCertInfo->SubjectPublicKeyInfo),
-+ &(ctx->p_key->hKey) ) ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "CryptImportPublicKeyInfo",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
- } else {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Unsupported keytype");
-- return(-1);
-- }
--
-- /* CryptImportPublicKeyInfo is only needed when a real key handle
-- * is needed. The key handle is needed for de/encrypting and for
-- * verifying of a signature, *not* for signing. We could call
-- * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead
-- * so no unnessecary calls to CryptImportPublicKeyInfo are being
-- * made. WK
-- */
-- if(!CryptImportPublicKeyInfo(ctx->hProv,
-- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-- &(pCert->pCertInfo->SubjectPublicKeyInfo),
-- &(ctx->hKey))) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CryptImportPublicKeyInfo",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-+ return(-1);
- }
- ctx->pCert = pCert;
-
-@@ -190,29 +298,26 @@
- ctx = xmlSecMSCryptoKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
-- if(ctx->hKey != 0) {
-- CryptDestroyKey(ctx->hKey);
-- ctx->hKey = 0;
-- }
-+ if( ctx->p_key != 0 ) {
-+ mscrypt_release_key( ctx->p_key ) ;
-+ ctx->p_key = NULL ;
-+ }
-
- if(ctx->pCert != NULL) {
- CertFreeCertificateContext(ctx->pCert);
- ctx->pCert = NULL;
- }
-
-- if((ctx->hProv != 0) && ctx->fCallerFreeProv) {
-- CryptReleaseContext(ctx->hProv, 0);
-- ctx->hProv = 0;
-- ctx->fCallerFreeProv = FALSE;
-- } else {
-- ctx->hProv = 0;
-- ctx->fCallerFreeProv = FALSE;
-- }
-+ if( ( ctx->p_prov ) ) {
-+ mscrypt_release_prov( ctx->p_prov ) ;
-+ ctx->p_prov = NULL ;
-+ } else {
-+ ctx->p_prov = NULL ;
-+ }
-
-- ctx->hProv = hProv;
-- ctx->fCallerFreeProv = fCallerFreeProv;
-+ ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ;
- ctx->dwKeySpec = dwKeySpec;
-- ctx->hKey = hKey;
-+ ctx->p_key = mscrypt_create_key( hKey ) ;
- ctx->type = type;
-
- return(0);
-@@ -238,7 +343,7 @@
- ctx = xmlSecMSCryptoKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, 0);
-
-- return(ctx->hKey);
-+ return( ctx->p_key ? ctx->p_key->hKey : 0 );
- }
-
- /**
-@@ -273,7 +378,7 @@
- ctx = xmlSecMSCryptoKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, 0);
-
-- return(ctx->hProv);
-+ return( ctx->p_prov ? ctx->p_prov->hProv : 0 );
- }
-
- DWORD
-@@ -316,25 +421,36 @@
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-- }
--
-- if (ctxSrc->hKey != 0) {
-- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
-- "CryptDuplicateKey",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
- }
-- if(ctxSrc->hProv != 0) {
-- CryptContextAddRef(ctxSrc->hProv, NULL, 0);
-- ctxDst->hProv = ctxSrc->hProv;
-- ctxDst->fCallerFreeProv = TRUE;
-- } else {
-- ctxDst->hProv = 0;
-- ctxDst->fCallerFreeProv = FALSE;
-+
-+ if( ctxSrc->p_key ) {
-+ if( ctxDst->p_key )
-+ mscrypt_release_key( ctxDst->p_key ) ;
-+
-+ ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ;
-+ if( !ctxDst->p_key ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
-+ "mscrypt_acquire_key",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ }
-+
-+ if( ctxSrc->p_prov ) {
-+ if( ctxDst->p_prov )
-+ mscrypt_release_prov( ctxDst->p_prov ) ;
-+
-+ ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ;
-+ if( !ctxDst->p_prov ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
-+ "mscrypt_acquire_prov",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
- }
-
- ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
-@@ -355,16 +471,16 @@
- ctx = xmlSecMSCryptoKeyDataGetCtx(data);
- xmlSecAssert(ctx != NULL);
-
-- if (ctx->hKey != 0) {
-- CryptDestroyKey(ctx->hKey);
-+ if( ctx->p_key ) {
-+ mscrypt_release_key( ctx->p_key ) ;
- }
-
- if(ctx->pCert != NULL) {
- CertFreeCertificateContext(ctx->pCert);
- }
-
-- if ((ctx->hProv != 0) && ctx->fCallerFreeProv) {
-- CryptReleaseContext(ctx->hProv, 0);
-+ if( ctx->p_prov ) {
-+ mscrypt_release_prov( ctx->p_prov ) ;
- }
-
- memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
-@@ -384,14 +500,14 @@
- xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
- return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
-- } else if (ctx->hKey != 0) {
-+ } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) {
- DWORD length = 0;
- DWORD lenlen = sizeof(DWORD);
--
-- if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
-+
-+ if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
-- "CertDuplicateCertificateContext",
-+ "CryptGetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
-@@ -581,7 +697,11 @@
- static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output);
- static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecMSCryptoKeyDataSize,
-
-@@ -938,9 +1058,10 @@
-
- ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->hKey != 0, -1);
-+ xmlSecAssert2(ctx->p_key != 0, -1);
-+ xmlSecAssert2(ctx->p_key->hKey != 0, -1);
-
-- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
-+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
-@@ -960,7 +1081,7 @@
- }
-
- blob = xmlSecBufferGetData(&buf);
-- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
-+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
-@@ -1295,7 +1416,11 @@
- static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data,
- FILE* output);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecMSCryptoKeyDataSize,
-
-@@ -1797,9 +1922,10 @@
-
- ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->hKey != 0, -1);
-+ xmlSecAssert2(ctx->p_key != 0, -1);
-+ xmlSecAssert2(ctx->p_key->hKey != 0, -1);
-
-- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
-+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
-@@ -1819,7 +1945,7 @@
- }
-
- blob = xmlSecBufferGetData(&buf);
-- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
-+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
-@@ -2010,7 +2136,6 @@
- HCRYPTKEY hKey = 0;
- DWORD dwKeySpec;
- DWORD dwSize;
-- int res = -1;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
-@@ -2043,12 +2168,14 @@
- dwKeySpec = AT_SIGNATURE;
- dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
- if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CryptGenKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-+ if (hProv != 0)
-+ CryptReleaseContext(hProv, 0);
-+ return -1 ;
- }
-
- ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
-@@ -2059,24 +2186,17 @@
- "xmlSecMSCryptoKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
-- hProv = 0;
-- hKey = 0;
-+ if( hKey != 0 )
-+ CryptDestroyKey( hKey ) ;
-+ if( hProv != 0 )
-+ CryptReleaseContext( hProv, 0 ) ;
-
-- /* success */
-- res = 0;
--
--done:
-- if (hProv != 0) {
-- CryptReleaseContext(ctx->hProv, 0);
-+ return -1 ;
- }
-+ hProv = 0 ;
-+ hKey = 0 ;
-
-- if (hKey != 0) {
-- CryptDestroyKey(hKey);
-- }
--
-- return(res);
-+ return 0 ;
- }
-
- static xmlSecKeyDataType
---- misc/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2003-09-26 08:12:51.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2008-06-29 23:44:19.000000000 +0200
-@@ -785,7 +785,11 @@
- * AES CBC cipher transforms
- *
- ********************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-@@ -824,7 +828,11 @@
- return(&xmlSecMSCryptoAes128CbcKlass);
- }
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-@@ -863,7 +871,11 @@
- return(&xmlSecMSCryptoAes192CbcKlass);
- }
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-@@ -906,7 +918,11 @@
-
-
- #ifndef XMLSEC_NO_DES
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* size_t klassSize */
- xmlSecMSCryptoBlockCipherSize, /* size_t objSize */
---- misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2008-06-29 23:44:19.000000000 +0200
-@@ -330,13 +330,15 @@
- BYTE*
- xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
- BYTE* str = NULL;
--
-+ LPCTSTR ppszError = NULL;
-+
- xmlSecAssert2(pszX500 != NULL, NULL);
- xmlSecAssert2(len != NULL, NULL);
-
- if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
-- NULL, NULL, len, NULL)) {
-+ NULL, NULL, len, &ppszError)) {
- /* this might not be an error, string might just not exist */
-+ DWORD dw = GetLastError();
- return(NULL);
- }
-
---- misc/xmlsec1-1.2.6/src/mscrypto/digests.c 2003-09-30 04:09:51.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c 2008-06-29 23:44:19.000000000 +0200
-@@ -96,12 +96,15 @@
-
- /* TODO: Check what provider is best suited here.... */
- if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- NULL,
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-+ //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project
-+ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-+ NULL,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ }
-+ return(0);
- }
-
- return(0);
-@@ -298,7 +301,11 @@
- * SHA1
- *
- *****************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* size_t klassSize */
- xmlSecMSCryptoDigestSize, /* size_t objSize */
---- misc/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2003-09-27 05:12:22.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2008-06-29 23:44:19.000000000 +0200
-@@ -62,7 +62,11 @@
- const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
-+#else
- static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
-+#endif
- sizeof(xmlSecKeyStoreKlass),
- xmlSecMSCryptoKeysStoreSize,
-
---- misc/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2003-09-26 22:29:25.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2008-06-29 23:44:19.000000000 +0200
-@@ -66,7 +66,11 @@
- static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform,
- xmlSecTransformCtxPtr transformCtx);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */
---- misc/xmlsec1-1.2.6/src/mscrypto/signatures.c 2003-09-26 22:29:25.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/signatures.c 2008-06-29 23:44:19.000000000 +0200
-@@ -483,7 +483,11 @@
- * RSA-SHA1 signature transform
- *
- ***************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
-@@ -531,7 +535,11 @@
- *
- ***************************************************************************/
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
---- misc/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2003-09-26 02:58:13.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2008-06-29 23:44:19.000000000 +0200
-@@ -72,7 +72,11 @@
- * <xmlsec:AESKeyValue> processing
- *
- *************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
-
-@@ -153,7 +157,11 @@
- * <xmlsec:DESKeyValue> processing
- *
- *************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
-
---- misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2008-06-29 23:44:19.000000000 +0200
-@@ -240,7 +240,11 @@
-
-
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
-+#else
- static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecMSCryptoX509DataSize,
-
-@@ -1572,6 +1576,7 @@
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecMSCryptoX509DataCtxPtr ctx;
- xmlSecKeyDataStorePtr x509Store;
-+ PCCERT_CONTEXT pCert ;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
-@@ -1610,6 +1615,53 @@
- return(-1);
- }
-
-+ /*
-+ * I'll search key according to KeyReq.
-+ */
-+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
-+ if( pCert == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "CertDuplicateCertificateContext",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+
-+ return(-1);
-+ }
-+
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
-+ if(keyValue == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecMSCryptoCertAdopt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+
-+ CertFreeCertificateContext( pCert ) ;
-+ return(-1);
-+ }
-+ pCert = NULL ;
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
-+ if(keyValue == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecMSCryptoCertAdopt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+
-+ CertFreeCertificateContext( pCert ) ;
-+ return(-1);
-+ }
-+ pCert = NULL ;
-+ }
-+
-+
-+
-+ /*-
-+ * Get Public key from cert, which does not always work for sign action.
-+ *
- keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert);
- if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -1619,6 +1671,51 @@
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-+ */
-+
-+ /*-
-+ * I'll search key according to KeyReq.
-+ */
-+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
-+ if( pCert == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "CertDuplicateCertificateContext",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+
-+ return(-1);
-+ }
-+
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
-+ if(keyValue == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecMSCryptoCertAdopt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+
-+ CertFreeCertificateContext( pCert ) ;
-+ return(-1);
-+ }
-+ pCert = NULL ;
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
-+ if(keyValue == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecMSCryptoCertAdopt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+
-+ CertFreeCertificateContext( pCert ) ;
-+ return(-1);
-+ }
-+ pCert = NULL ;
-+ }
-+
-+
-
- /* verify that the key matches our expectations */
- if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
-@@ -1882,7 +1979,7 @@
- xmlSecAssert2(nm->pbData != NULL, NULL);
- xmlSecAssert2(nm->cbData > 0, NULL);
-
-- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0);
-+ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
- str = (char *)xmlMalloc(csz);
- if (NULL == str) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -1893,7 +1990,7 @@
- return (NULL);
- }
-
-- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz);
-+ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz);
- if (csz < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
-@@ -1904,17 +2001,37 @@
- return(NULL);
- }
-
-- res = xmlStrdup(BAD_CAST str);
-- if(res == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlStrdup",
-- XMLSEC_ERRORS_R_MALLOC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- xmlFree(str);
-- return(NULL);
-+ /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead.
-+ * don't ask me how is it possible not to read something you wrote yourself but also
-+ * see comment in the xmlSecMSCryptoX509FindCert function.
-+ */
-+ if(strncmp(str, "E=", 2) == 0) {
-+ res = xmlMalloc(strlen(str) + 13 + 1);
-+ if(res == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlMalloc",
-+ XMLSEC_ERRORS_R_MALLOC_FAILED,
-+ "size=%d",
-+ strlen(str) + 13 + 1);
-+ xmlFree(str);
-+ return(NULL);
-+ }
-+
-+ memcpy(res, "emailAddress=", 13);
-+ strcpy(res + 13, BAD_CAST (str + 2));
-+ } else {
-+ res = xmlStrdup(BAD_CAST str);
-+ if(res == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlStrdup",
-+ XMLSEC_ERRORS_R_MALLOC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlFree(str);
-+ return(NULL);
-+ }
- }
--
- xmlFree(str);
- return(res);
- }
-@@ -2153,7 +2270,11 @@
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- sizeof(xmlSecKeyData),
-
---- misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2008-06-29 23:44:19.000000000 +0200
-@@ -70,7 +70,11 @@
- static xmlSecByte * xmlSecMSCryptoX509NameRead (xmlSecByte *str,
- int len);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
-+#else
- static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
-+#endif
- sizeof(xmlSecKeyDataStoreKlass),
- xmlSecMSCryptoX509StoreSize,
-
-@@ -125,6 +129,7 @@
- xmlChar *issuerName, xmlChar *issuerSerial,
- xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
- xmlSecMSCryptoX509StoreCtxPtr ctx;
-+ PCCERT_CONTEXT pCert ;
-
- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
- xmlSecAssert2(keyInfoCtx != NULL, NULL);
-@@ -132,10 +137,17 @@
- ctx = xmlSecMSCryptoX509StoreGetCtx(store);
- xmlSecAssert2(ctx != NULL, NULL);
- xmlSecAssert2(ctx->untrusted != NULL, NULL);
-+ xmlSecAssert2(ctx->trusted != NULL, NULL);
-
-- return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski));
--}
-+ pCert = NULL ;
-+ if( ctx->untrusted != NULL )
-+ pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ;
-+
-+ if( ctx->trusted != NULL && pCert == NULL )
-+ pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ;
-
-+ return( pCert ) ;
-+}
-
- static void
- xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
-@@ -252,17 +264,22 @@
- }
-
- static BOOL
--xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
-- xmlSecKeyInfoCtx* keyInfoCtx) {
-+xmlSecMSCryptoX509StoreConstructCertsChain(
-+ xmlSecKeyDataStorePtr store ,
-+ PCCERT_CONTEXT cert ,
-+ HCERTSTORE certStore ,
-+ xmlSecKeyInfoCtx* keyInfoCtx
-+) {
- xmlSecMSCryptoX509StoreCtxPtr ctx;
- PCCERT_CONTEXT issuerCert = NULL;
- FILETIME fTime;
- DWORD flags;
-+ BOOL selfSigned ;
-
- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
- xmlSecAssert2(cert != NULL, FALSE);
- xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
-- xmlSecAssert2(certs != NULL, FALSE);
-+ xmlSecAssert2(certStore != NULL, FALSE);
- xmlSecAssert2(keyInfoCtx != NULL, FALSE);
-
- ctx = xmlSecMSCryptoX509StoreGetCtx(store);
-@@ -283,60 +300,85 @@
- return(FALSE);
- }
-
-- if (!xmlSecMSCryptoCheckRevocation(certs, cert)) {
-+ if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) {
- return(FALSE);
- }
-
-- /* try the untrusted certs in the chain */
-- issuerCert = CertFindCertificateInStore(certs,
-+ /*-
-+ * Firstly try to find the cert in the trusted cert store. We will trust
-+ * the certificate in the trusted store.
-+ */
-+ issuerCert = CertFindCertificateInStore(ctx->trusted,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_SUBJECT_NAME,
-- &(cert->pCertInfo->Issuer),
-+ &(cert->pCertInfo->Subject),
- NULL);
-- if(issuerCert == cert) {
-- /* self signed cert, forget it */
-- CertFreeCertificateContext(issuerCert);
-- } else if(issuerCert != NULL) {
-- flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
-- if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
-- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
-- CertFreeCertificateContext(issuerCert);
-- return(FALSE);
-- }
-- if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
-- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
-- CertFreeCertificateContext(issuerCert);
-- return(FALSE);
-- }
-- CertFreeCertificateContext(issuerCert);
-- return(TRUE);
-+ if( issuerCert != NULL ) {
-+ /* We have found the trusted cert, so return true */
-+ CertFreeCertificateContext( issuerCert ) ;
-+ return( TRUE ) ;
- }
-
-- /* try the untrusted certs in the store */
-- issuerCert = CertFindCertificateInStore(ctx->untrusted,
-+ /* Check whether the certificate is self signed certificate */
-+ selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ;
-+
-+ /* try the untrusted certs in the chain */
-+ if( !selfSigned ) {
-+ issuerCert = CertFindCertificateInStore(certStore,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_SUBJECT_NAME,
- &(cert->pCertInfo->Issuer),
- NULL);
-- if(issuerCert == cert) {
-- /* self signed cert, forget it */
-- CertFreeCertificateContext(issuerCert);
-- } else if(issuerCert != NULL) {
-- flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
-- if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
-- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
-- CertFreeCertificateContext(issuerCert);
-- return(FALSE);
-- }
-- if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
-- CertFreeCertificateContext(issuerCert);
-- return(FALSE);
-+ if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
-+ /* self signed cert, forget it */
-+ CertFreeCertificateContext(issuerCert);
-+ } else if(issuerCert != NULL) {
-+ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
-+ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
-+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
-+ CertFreeCertificateContext(issuerCert);
-+ return(FALSE);
-+ }
-+ if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
-+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
-+ CertFreeCertificateContext(issuerCert);
-+ return(FALSE);
-+ }
-+
-+ CertFreeCertificateContext(issuerCert);
-+ return(TRUE);
-+ }
-+ }
-+
-+ /* try the untrusted certs in the store */
-+ if( !selfSigned ) {
-+ issuerCert = CertFindCertificateInStore(ctx->untrusted,
-+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-+ 0,
-+ CERT_FIND_SUBJECT_NAME,
-+ &(cert->pCertInfo->Issuer),
-+ NULL);
-+ if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
-+ /* self signed cert, forget it */
-+ CertFreeCertificateContext(issuerCert);
-+ } else if(issuerCert != NULL) {
-+ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
-+ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
-+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
-+ CertFreeCertificateContext(issuerCert);
-+ return(FALSE);
-+ }
-+ if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
-+ CertFreeCertificateContext(issuerCert);
-+ return(FALSE);
-+ }
-+
-+ CertFreeCertificateContext(issuerCert);
-+ return(TRUE);
-+ }
- }
-- CertFreeCertificateContext(issuerCert);
-- return(TRUE);
-- }
-
- /* try to find issuer cert in the trusted cert in the store */
- issuerCert = CertFindCertificateInStore(ctx->trusted,
-@@ -379,26 +421,61 @@
- xmlSecAssert2(certs != NULL, NULL);
- xmlSecAssert2(keyInfoCtx != NULL, NULL);
-
-- while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){
-- PCCERT_CONTEXT nextCert = NULL;
-+ while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) {
-+ PCCERT_CONTEXT nextCert ;
-+ unsigned char selected ;
-
-- xmlSecAssert2(cert->pCertInfo != NULL, NULL);
-+ xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ;
-
-- /* if cert is the issuer of any other cert in the list, then it is
-- * to be skipped */
-- nextCert = CertFindCertificateInStore(certs,
-+ /* if cert is the issuer of any other cert in the list, then it is
-+ * to be skipped except that the cert list only have one self-signed
-+ * certificate.
-+ */
-+ for( selected = 0, nextCert = NULL ; ; ) {
-+ nextCert = CertFindCertificateInStore( certs,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_ISSUER_NAME,
- &(cert->pCertInfo->Subject),
-- NULL);
-- if(nextCert != NULL) {
-- CertFreeCertificateContext(nextCert);
-- continue;
-- }
-- if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
-- return(cert);
-- }
-+ nextCert ) ;
-+ if( nextCert != NULL ) {
-+ if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) {
-+ selected = 1 ;
-+ continue ;
-+ } else {
-+ selected = 0 ;
-+ break ;
-+ }
-+ } else {
-+ selected = 1 ;
-+ break ;
-+ }
-+ }
-+
-+ if( nextCert != NULL )
-+ CertFreeCertificateContext( nextCert ) ;
-+
-+ if( !selected ) {
-+ continue ;
-+ }
-+
-+ /* JL: OpenOffice.org implements its own certificate verification routine.
-+ The goal is to seperate validation of the signature
-+ and the certificate. For example, OOo could show that the document signature is valid,
-+ but the certificate could not be verified. If we do not prevent the verification of
-+ the certificate by libxmlsec and the verification fails, then the XML signature will not be
-+ verified. This would happen, for example, if the root certificate is not installed.
-+
-+ In the store schould only be the certificate from the X509Certificate element
-+ and the X509IssuerSerial element. The latter is only there
-+ if the certificate is installed. Both certificates must be the same!
-+ In case of writing the signature, the store contains only the certificate that
-+ was created based on the information from the X509IssuerSerial element. */
-+ return cert;
-+
-+/* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) {
-+ return( cert ) ;
-+ } */
- }
-
- return (NULL);
-@@ -458,9 +535,126 @@
- return(0);
- }
-
-+int
-+xmlSecMSCryptoX509StoreAdoptKeyStore (
-+ xmlSecKeyDataStorePtr store,
-+ HCERTSTORE keyStore
-+) {
-+ xmlSecMSCryptoX509StoreCtxPtr ctx;
-+ int ret;
-+
-+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
-+ xmlSecAssert2( keyStore != NULL, -1);
-+
-+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
-+ xmlSecAssert2(ctx != NULL, -1);
-+ xmlSecAssert2(ctx->trusted != NULL, -1);
-+
-+ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CertAddStoreToCollection",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ {
-+ PCCERT_CONTEXT ptCert ;
-+
-+ ptCert = NULL ;
-+ while( 1 ) {
-+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
-+ if( ptCert == NULL )
-+ break ;
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecMSCryptoX509StoreAdoptTrustedStore (
-+ xmlSecKeyDataStorePtr store,
-+ HCERTSTORE trustedStore
-+) {
-+ xmlSecMSCryptoX509StoreCtxPtr ctx;
-+ int ret;
-+
-+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
-+ xmlSecAssert2( trustedStore != NULL, -1);
-+
-+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
-+ xmlSecAssert2(ctx != NULL, -1);
-+ xmlSecAssert2(ctx->trusted != NULL, -1);
-+
-+ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CertAddStoreToCollection",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ {
-+ PCCERT_CONTEXT ptCert ;
-+
-+ ptCert = NULL ;
-+ while( 1 ) {
-+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
-+ if( ptCert == NULL )
-+ break ;
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecMSCryptoX509StoreAdoptUntrustedStore (
-+ xmlSecKeyDataStorePtr store,
-+ HCERTSTORE untrustedStore
-+) {
-+ xmlSecMSCryptoX509StoreCtxPtr ctx;
-+ int ret;
-+
-+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
-+ xmlSecAssert2( untrustedStore != NULL, -1);
-+
-+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
-+ xmlSecAssert2(ctx != NULL, -1);
-+ xmlSecAssert2(ctx->untrusted != NULL, -1);
-+
-+ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CertAddStoreToCollection",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ {
-+ PCCERT_CONTEXT ptCert ;
-+
-+ ptCert = NULL ;
-+ while( 1 ) {
-+ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ;
-+ if( ptCert == NULL )
-+ break ;
-+ }
-+ }
-+
-+ return(0);
-+}
-+
- static int
- xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) {
- xmlSecMSCryptoX509StoreCtxPtr ctx;
-+ HCERTSTORE hTrustedMemStore ;
-+ HCERTSTORE hUntrustedMemStore ;
-+
- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
-
- ctx = xmlSecMSCryptoX509StoreGetCtx(store);
-@@ -468,36 +662,104 @@
-
- memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
-
-+ /* create trusted certs store collection */
-+ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
-+ 0,
-+ NULL,
-+ 0,
-+ NULL);
-+ if(ctx->trusted == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CertOpenStore",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
- /* create trusted certs store */
-- ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
-+ hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_STORE_CREATE_NEW_FLAG,
- NULL);
-- if(ctx->trusted == NULL) {
-+ if(hTrustedMemStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "CertOpenStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
-+ ctx->trusted = NULL ;
- return(-1);
- }
-
-- /* create trusted certs store */
-- ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
-+ /* add the memory trusted certs store to trusted certs store collection */
-+ if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CertAddStoreToCollection",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
-+ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
-+ ctx->trusted = NULL ;
-+ return(-1);
-+ }
-+ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
-+
-+ /* create untrusted certs store collection */
-+ ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
-+ 0,
-+ NULL,
-+ 0,
-+ NULL);
-+ if(ctx->untrusted == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CertOpenStore",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
-+ ctx->trusted = NULL ;
-+ return(-1);
-+ }
-+
-+ /* create untrusted certs store */
-+ hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_STORE_CREATE_NEW_FLAG,
- NULL);
-- if(ctx->untrusted == NULL) {
-+ if(hUntrustedMemStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "CertOpenStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
-+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
-+ ctx->trusted = NULL ;
-+ ctx->untrusted = NULL ;
- return(-1);
- }
-
-+ /* add the memory trusted certs store to untrusted certs store collection */
-+ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CertAddStoreToCollection",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
-+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
-+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
-+ ctx->trusted = NULL ;
-+ ctx->untrusted = NULL ;
-+ return(-1);
-+ }
-+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
-+
- return(0);
- }
-
-@@ -567,10 +829,41 @@
-
- if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
- xmlSecBn issuerSerialBn;
-+ xmlChar * p;
- CERT_NAME_BLOB cnb;
-+ CRYPT_INTEGER_BLOB cib;
- BYTE *cName = NULL;
- DWORD cNameLen = 0;
-+
-+ /* aleksey: for some unknown to me reasons, mscrypto wants Email
-+ * instead of emailAddress. This code is not bullet proof and may
-+ * produce incorrect results if someone has "emailAddress=" string
-+ * in one of the fields, but it is best I can suggest to fix this problem.
-+ * Also see xmlSecMSCryptoX509NameWrite function.
-+ */
-+ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) {
-+ memcpy(p, " Email=", 13);
-+ }
-+
-+
-+
-+ /* get issuer name */
-+ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-+ issuerName,
-+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
-+ &cNameLen);
-+ if(cName == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecMSCryptoCertStrToName",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return (NULL);
-+ }
-+ cnb.pbData = cName;
-+ cnb.cbData = cNameLen;
-
-+ /* get serial number */
- ret = xmlSecBnInitialize(&issuerSerialBn, 0);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -578,6 +871,7 @@
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlFree(cName);
- return(NULL);
- }
-
-@@ -589,26 +883,30 @@
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBnFinalize(&issuerSerialBn);
-- return(NULL);
-+ xmlFree(cName);
-+ return(NULL);
- }
-
-- cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-- issuerName,
-- CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
-- &cNameLen);
-- if(cName == NULL) {
-+ /* I have no clue why at a sudden a swap is needed to
-+ * convert from lsb... This code is purely based upon
-+ * trial and error :( WK
-+ */
-+ ret = xmlSecBnReverse(&issuerSerialBn);
-+ if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
-- "xmlSecMSCryptoCertStrToName",
-+ "xmlSecBnReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBnFinalize(&issuerSerialBn);
-- return (NULL);
-+ xmlFree(cName);
-+ return(NULL);
- }
-
-- cnb.pbData = cName;
-- cnb.cbData = cNameLen;
-- while((pCert = CertFindCertificateInStore(store,
-+ cib.pbData = xmlSecBufferGetData(&issuerSerialBn);
-+ cib.cbData = xmlSecBufferGetSize(&issuerSerialBn);
-+
-+ while((pCert = CertFindCertificateInStore(store,
- PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
- 0,
- CERT_FIND_ISSUER_NAME,
-@@ -622,10 +920,9 @@
- if((pCert->pCertInfo != NULL) &&
- (pCert->pCertInfo->SerialNumber.pbData != NULL) &&
- (pCert->pCertInfo->SerialNumber.cbData > 0) &&
-- (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData,
-- pCert->pCertInfo->SerialNumber.cbData))) {
--
-- break;
-+ (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE)
-+ ) {
-+ break;
- }
- }
- xmlFree(cName);
---- misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200
-@@ -20,21 +20,22 @@
- $(NULL)
-
- libxmlsec1_nss_la_SOURCES =\
-+ akmngr.c \
- app.c \
- bignum.c \
- ciphers.c \
- crypto.c \
- digests.c \
- hmac.c \
-+ keysstore.c \
-+ keytrans.c \
-+ keywrapers.c \
- pkikeys.c \
- signatures.c \
- symkeys.c \
-+ tokens.c \
- x509.c \
- x509vfy.c \
-- keysstore.c \
-- kt_rsa.c \
-- kw_des.c \
-- kw_aes.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
---- misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200
-@@ -54,9 +54,9 @@
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
- am__objects_1 =
--am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \
-+am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \
- digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
-- x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \
-+ x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \
- $(am__objects_1)
- libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
- DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
-@@ -65,11 +65,11 @@
- @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
- @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
- @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
--@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \
--@AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \
-+@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \
-+@AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \
- @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
- @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
--@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo
-+@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo
- COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
- LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-@@ -321,21 +321,22 @@
- $(NULL)
-
- libxmlsec1_nss_la_SOURCES = \
-+ akmngr.c \
- app.c \
- bignum.c \
- ciphers.c \
- crypto.c \
- digests.c \
- hmac.c \
-+ keysstore.c \
-+ keytrans.c \
-+ keywrappers.c \
- pkikeys.c \
- signatures.c \
- symkeys.c \
-+ tokens.c \
- x509.c \
- x509vfy.c \
-- keysstore.c \
-- kt_rsa.c \
-- kw_des.c \
-- kw_aes.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
-@@ -418,6 +419,7 @@
- distclean-compile:
- -rm -f *.tab.c
-
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@
-@@ -425,9 +427,9 @@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
--@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@
--@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@
--@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
---- misc/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:39.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,384 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <nspr.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+#include <keyhi.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/keysstore.h>
-+
-+/**
-+ * xmlSecNssAppliedKeysMngrCreate:
-+ * @slot: array of pointers to NSS PKCS#11 slot infomation.
-+ * @cSlots: number of slots in the array
-+ * @handler: the pointer to NSS certificate database.
-+ *
-+ * Create and load NSS crypto slot and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+ int islot = 0;
-+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ for (islot = 0; islot < cSlots; islot++)
-+ {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Create a key slot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /* Set slot */
-+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotSetSlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+
-+ /* Adopt keySlot */
-+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeysStoreAdoptKeySlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /**
-+ * Because Tej's implementation of certDB use the default DB, so I ignore
-+ * the certDB handler at present. I'll modify the cert store sources to
-+ * accept particular certDB instead of default ones.
-+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
-+ if( certStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( pubKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( priKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
---- misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2008-06-29 23:44:19.000000000 +0200
-@@ -1,838 +1,967 @@
--/**
-- * XMLSec library
-- *
-- * This is free software; see Copyright file in the source
-- * distribution for preciese wording.
-- *
-- * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
-- * Copyright (c) 2003 America Online, Inc. All rights reserved.
-- */
-+/* -- C Source File -- **/
- #include "globals.h"
-
-+#include <stdlib.h>
- #include <string.h>
-
--#include <nspr.h>
- #include <nss.h>
--#include <secoid.h>
- #include <pk11func.h>
-
- #include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/base64.h>
- #include <xmlsec/keys.h>
-+#include <xmlsec/keyinfo.h>
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-
--#define XMLSEC_NSS_MAX_KEY_SIZE 32
--#define XMLSEC_NSS_MAX_IV_SIZE 32
--#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
--
--/**************************************************************************
-- *
-- * Internal Nss Block cipher CTX
-+/**
-+ * Internal Nss Block Cipher Context
- *
-- *****************************************************************************/
--typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
-- *xmlSecNssBlockCipherCtxPtr;
-+ * This context is designed for repositing a block cipher for transform
-+ */
-+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
-+typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
-+
- struct _xmlSecNssBlockCipherCtx {
-- CK_MECHANISM_TYPE cipher;
-- PK11Context* cipherCtx;
-- xmlSecKeyDataId keyId;
-- int keyInitialized;
-- int ctxInitialized;
-- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
-- xmlSecSize keySize;
-- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
-- xmlSecSize ivSize;
--};
--static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in,
-- xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx);
--static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in,
-- xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx);
--static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in,
-- xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx);
--static int
--xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in, xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx) {
-- SECItem keyItem;
-- SECItem ivItem;
-- PK11SlotInfo* slot;
-- PK11SymKey* symKey;
-- int ivLen;
-- SECStatus rv;
-- int ret;
--
-- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-- xmlSecAssert2(ctx->cipherCtx == NULL, -1);
-- xmlSecAssert2(ctx->keyInitialized != 0, -1);
-- xmlSecAssert2(ctx->ctxInitialized == 0, -1);
-- xmlSecAssert2(in != NULL, -1);
-- xmlSecAssert2(out != NULL, -1);
-- xmlSecAssert2(transformCtx != NULL, -1);
--
-- ivLen = PK11_GetIVLength(ctx->cipher);
-- xmlSecAssert2(ivLen > 0, -1);
-- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
--
-- if(encrypt) {
-- /* generate random iv */
-- rv = PK11_GenerateRandom(ctx->iv, ivLen);
-- if(rv != SECSuccess) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "PK11_GenerateRandom",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", ivLen);
-- return(-1);
-- }
--
-- /* write iv to the output */
-- ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferAppend",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", ivLen);
-- return(-1);
-- }
--
-- } else {
-- /* if we don't have enough data, exit and hope that
-- * we'll have iv next time */
-- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
-- return(0);
-- }
--
-- /* copy iv to our buffer*/
-- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
-- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
--
-- /* and remove from input */
-- ret = xmlSecBufferRemoveHead(in, ivLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferRemoveHead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", ivLen);
-- return(-1);
-+ CK_MECHANISM_TYPE cipher ;
-+ PK11SymKey* symkey ;
-+ PK11Context* cipherCtx ;
-+ xmlSecKeyDataId keyId ;
-+} ;
-+
-+#define xmlSecNssBlockCipherSize \
-+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
-+
-+#define xmlSecNssBlockCipherGetCtx( transform ) \
-+ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
-+
-+static int
-+xmlSecNssBlockCipherCheckId(
-+ xmlSecTransformPtr transform
-+) {
-+ #ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
-+ return 1 ;
- }
-- }
-+ #endif /* XMLSEC_NO_DES */
-
-- memset(&keyItem, 0, sizeof(keyItem));
-- keyItem.data = ctx->key;
-- keyItem.len = ctx->keySize;
-- memset(&ivItem, 0, sizeof(ivItem));
-- ivItem.data = ctx->iv;
-- ivItem.len = ctx->ivSize;
--
-- slot = PK11_GetBestSlot(ctx->cipher, NULL);
-- if(slot == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "PK11_GetBestSlot",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
-- CKA_SIGN, &keyItem, NULL);
-- if(symKey == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "PK11_ImportSymKey",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- PK11_FreeSlot(slot);
-- return(-1);
-- }
-+ #ifndef XMLSEC_NO_AES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
-
-- ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
-- (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
-- symKey, &ivItem);
-- if(ctx->cipherCtx == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "PK11_CreateContextBySymKey",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- PK11_FreeSymKey(symKey);
-- PK11_FreeSlot(slot);
-- return(-1);
-+ return 1 ;
- }
--
-- ctx->ctxInitialized = 1;
-- PK11_FreeSymKey(symKey);
-- PK11_FreeSlot(slot);
-- return(0);
-+ #endif /* XMLSEC_NO_AES */
-+
-+ return 0 ;
- }
-
--static int
--xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in, xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx) {
-- xmlSecSize inSize, inBlocks, outSize;
-- int blockLen;
-- int outLen = 0;
-- xmlSecByte* outBuf;
-- SECStatus rv;
-- int ret;
--
-- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
-- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
-- xmlSecAssert2(in != NULL, -1);
-- xmlSecAssert2(out != NULL, -1);
-- xmlSecAssert2(transformCtx != NULL, -1);
-+static int
-+xmlSecNssBlockCipherFetchCtx(
-+ xmlSecNssBlockCipherCtxPtr context ,
-+ xmlSecTransformId id
-+) {
-+ xmlSecAssert2( context != NULL, -1 ) ;
-+
-+ #ifndef XMLSEC_NO_DES
-+ if( id == xmlSecNssTransformDes3CbcId ) {
-+ context->cipher = CKM_DES3_CBC ;
-+ context->keyId = xmlSecNssKeyDataDesId ;
-+ } else
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( id == xmlSecNssTransformAes128CbcId ) {
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( id == xmlSecNssTransformAes192CbcId ) {
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( id == xmlSecNssTransformAes256CbcId ) {
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ #endif /* XMLSEC_NO_AES */
-+
-+ if( 1 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
-- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
-- xmlSecAssert2(blockLen > 0, -1);
-+ return 0 ;
-+}
-
-- inSize = xmlSecBufferGetSize(in);
-- outSize = xmlSecBufferGetSize(out);
--
-- if(inSize < (xmlSecSize)blockLen) {
-- return(0);
-- }
-+/**
-+ * xmlSecTransformInitializeMethod:
-+ * @transform: the pointer to transform object.
-+ *
-+ * The transform specific initialization method.
-+ *
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+static int
-+xmlSecNssBlockCipherInitialize(
-+ xmlSecTransformPtr transform
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherFetchCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
-- if(encrypt) {
-- inBlocks = inSize / ((xmlSecSize)blockLen);
-- } else {
-- /* we want to have the last block in the input buffer
-- * for padding check */
-- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
-- }
-- inSize = inBlocks * ((xmlSecSize)blockLen);
-+ context->symkey = NULL ;
-+ context->cipherCtx = NULL ;
-
-- /* we write out the input size plus may be one block */
-- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferSetMaxSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + inSize + blockLen);
-- return(-1);
-- }
-- outBuf = xmlSecBufferGetData(out) + outSize;
--
-- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
-- xmlSecBufferGetData(in), inSize);
-- if(rv != SECSuccess) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "PK11_CipherOp",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
--
-- /* set correct output buffer size */
-- ret = xmlSecBufferSetSize(out, outSize + outLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferSetSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + outLen);
-- return(-1);
-- }
--
-- /* remove the processed block from input */
-- ret = xmlSecBufferRemoveHead(in, inSize);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferRemoveHead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", inSize);
-- return(-1);
-- }
-- return(0);
-+ return 0 ;
- }
-
--static int
--xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in,
-- xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx) {
-- xmlSecSize inSize, outSize;
-- int blockLen, outLen = 0;
-- xmlSecByte* inBuf;
-- xmlSecByte* outBuf;
-- SECStatus rv;
-- int ret;
--
-- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
-- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
-- xmlSecAssert2(in != NULL, -1);
-- xmlSecAssert2(out != NULL, -1);
-- xmlSecAssert2(transformCtx != NULL, -1);
--
-- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
-- xmlSecAssert2(blockLen > 0, -1);
-+/**
-+ * xmlSecTransformFinalizeMethod:
-+ * @transform: the pointer to transform object.
-+ *
-+ * The transform specific destroy method.
-+ */
-+static void
-+xmlSecNssBlockCipherFinalize(
-+ xmlSecTransformPtr transform
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-
-- inSize = xmlSecBufferGetSize(in);
-- outSize = xmlSecBufferGetSize(out);
-+ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
-+ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
-
-- if(encrypt != 0) {
-- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
--
-- /* create padding */
-- ret = xmlSecBufferSetMaxSize(in, blockLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferSetMaxSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", blockLen);
-- return(-1);
-- }
-- inBuf = xmlSecBufferGetData(in);
--
-- /* generate random padding */
-- if((xmlSecSize)blockLen > (inSize + 1)) {
-- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
-- if(rv != SECSuccess) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "PK11_GenerateRandom",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", blockLen - inSize - 1);
-- return(-1);
-- }
-- }
-- inBuf[blockLen - 1] = blockLen - inSize;
-- inSize = blockLen;
-- } else {
-- if(inSize != (xmlSecSize)blockLen) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "data=%d;block=%d", inSize, blockLen);
-- return(-1);
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return ;
- }
-- }
--
-- /* process last block */
-- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferSetMaxSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + 2 * blockLen);
-- return(-1);
-- }
-- outBuf = xmlSecBufferGetData(out) + outSize;
-
-- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
-- xmlSecBufferGetData(in), inSize);
-- if(rv != SECSuccess) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "PK11_CipherOp",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
--
-- if(encrypt == 0) {
-- /* check padding */
-- if(outLen < outBuf[blockLen - 1]) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "padding=%d;buffer=%d",
-- outBuf[blockLen - 1], outLen);
-- return(-1);
-- }
-- outLen -= outBuf[blockLen - 1];
-- }
--
-- /* set correct output buffer size */
-- ret = xmlSecBufferSetSize(out, outSize + outLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferSetSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + outLen);
-- return(-1);
-- }
-+ if( context->cipherCtx != NULL ) {
-+ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
-+ context->cipherCtx = NULL ;
-+ }
-
-- /* remove the processed block from input */
-- ret = xmlSecBufferRemoveHead(in, inSize);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferRemoveHead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", inSize);
-- return(-1);
-- }
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-
-- return(0);
-+ context->cipher = CKM_INVALID_MECHANISM ;
-+ context->keyId = NULL ;
- }
-
--
--/******************************************************************************
-- *
-- * EVP Block Cipher transforms
-+/**
-+ * xmlSecTransformSetKeyRequirementsMethod:
-+ * @transform: the pointer to transform object.
-+ * @keyReq: the pointer to key requirements structure.
- *
-- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
-+ * Transform specific method to set transform's key requirements.
- *
-- *****************************************************************************/
--#define xmlSecNssBlockCipherSize \
-- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
--#define xmlSecNssBlockCipherGetCtx(transform) \
-- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
--
--static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
--static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
--static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
-- xmlSecKeyReqPtr keyReq);
--static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
-- xmlSecKeyPtr key);
--static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
-- int last,
-- xmlSecTransformCtxPtr transformCtx);
--static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
--
--
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+static int
-+xmlSecNssBlockCipherSetKeyReq(
-+ xmlSecTransformPtr transform ,
-+ xmlSecKeyReqPtr keyReq
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+ xmlSecSize cipherSize = 0 ;
-+
-+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
-+ xmlSecAssert2( keyReq != NULL , -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ keyReq->keyId = context->keyId ;
-+ keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
-+
-+ if( transform->operation == xmlSecTransformOperationEncrypt ) {
-+ keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
-+ } else {
-+ keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
-+ }
-+
-+ /*
-+ if( context->symkey != NULL )
-+ cipherSize = PK11_GetKeyLength( context->symkey ) ;
-
--static int
--xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
--#ifndef XMLSEC_NO_DES
-- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
-- return(1);
-- }
--#endif /* XMLSEC_NO_DES */
-+ keyReq->keyBitsSize = cipherSize * 8 ;
-+ */
-
--#ifndef XMLSEC_NO_AES
-- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
-- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
-- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
--
-- return(1);
-- }
--#endif /* XMLSEC_NO_AES */
--
-- return(0);
-+ return 0 ;
- }
-
--static int
--xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
-- xmlSecNssBlockCipherCtxPtr ctx;
--
-- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-+/**
-+ * xmlSecTransformSetKeyMethod:
-+ * @transform: the pointer to transform object.
-+ * @key: the pointer to key.
-+ *
-+ * The transform specific method to set the key for use.
-+ *
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+static int
-+xmlSecNssBlockCipherSetKey(
-+ xmlSecTransformPtr transform ,
-+ xmlSecKeyPtr key
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+ xmlSecKeyDataPtr keyData = NULL ;
-+ PK11SymKey* symkey = NULL ;
-+ CK_ATTRIBUTE_TYPE operation ;
-+ int ivLen ;
-+
-+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
-+ xmlSecAssert2( key != NULL , -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-+
-+ keyData = xmlSecKeyGetValue( key ) ;
-+ if( keyData == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
-+ "xmlSecKeyGetValue" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
-+ "xmlSecNssSymKeyDataGetKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
--
-- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
-+ context->symkey = symkey ;
-
--#ifndef XMLSEC_NO_DES
-- if(transform->id == xmlSecNssTransformDes3CbcId) {
-- ctx->cipher = CKM_DES3_CBC;
-- ctx->keyId = xmlSecNssKeyDataDesId;
-- ctx->keySize = 24;
-- } else
--#endif /* XMLSEC_NO_DES */
--
--#ifndef XMLSEC_NO_AES
-- if(transform->id == xmlSecNssTransformAes128CbcId) {
-- ctx->cipher = CKM_AES_CBC;
-- ctx->keyId = xmlSecNssKeyDataAesId;
-- ctx->keySize = 16;
-- } else if(transform->id == xmlSecNssTransformAes192CbcId) {
-- ctx->cipher = CKM_AES_CBC;
-- ctx->keyId = xmlSecNssKeyDataAesId;
-- ctx->keySize = 24;
-- } else if(transform->id == xmlSecNssTransformAes256CbcId) {
-- ctx->cipher = CKM_AES_CBC;
-- ctx->keyId = xmlSecNssKeyDataAesId;
-- ctx->keySize = 32;
-- } else
--#endif /* XMLSEC_NO_AES */
--
-- if(1) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- return(0);
-+ return 0 ;
- }
-
--static void
--xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
-- xmlSecNssBlockCipherCtxPtr ctx;
--
-- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
-- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
-+/**
-+ * Block cipher transform init
-+ */
-+static int
-+xmlSecNssBlockCipherCtxInit(
-+ xmlSecNssBlockCipherCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ const xmlChar* cipherName ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ SECItem ivItem ;
-+ SECItem* secParam = NULL ;
-+ xmlSecBufferPtr ivBuf = NULL ;
-+ int ivLen ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ ivLen = PK11_GetIVLength( ctx->cipher ) ;
-+ if( ivLen < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetIVLength" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( encrypt ) {
-+ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_GenerateRandom" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-+ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-+ } else {
-+ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetData" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ ivItem.data = xmlSecBufferGetData( ivBuf ) ;
-+ ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
-+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_ParamFromIV" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-+
-+ ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
-+ if( ctx->cipherCtx == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert(ctx != NULL);
-+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-
-- if(ctx->cipherCtx != NULL) {
-- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
-- }
--
-- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
-+ return 0 ;
- }
-
--static int
--xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
-- xmlSecNssBlockCipherCtxPtr ctx;
--
-- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-- xmlSecAssert2(keyReq != NULL, -1);
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->keyId != NULL, -1);
--
-- keyReq->keyId = ctx->keyId;
-- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
-- if(transform->operation == xmlSecTransformOperationEncrypt) {
-- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
-- } else {
-- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
-- }
-- keyReq->keyBitsSize = 8 * ctx->keySize;
-- return(0);
--}
-+/**
-+ * Block cipher transform update
-+ */
-+static int
-+xmlSecNssBlockCipherCtxUpdate(
-+ xmlSecNssBlockCipherCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ const xmlChar* cipherName ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecSize inSize ;
-+ xmlSecSize outSize ;
-+ xmlSecSize inBlocks ;
-+ int blockSize ;
-+ int outLen ;
-+ xmlSecByte* outBuf ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ inSize = xmlSecBufferGetSize( in ) ;
-+ outSize = xmlSecBufferGetSize( out ) ;
-+
-+ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
-+ inSize = inBlocks * blockSize ;
-+
-+ if( inSize < blockSize ) {
-+ return 0 ;
-+ }
-+
-+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetMaxSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ outBuf = xmlSecBufferGetData( out ) + outSize ;
-+
-+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_CipherOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
--static int
--xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
-- xmlSecNssBlockCipherCtxPtr ctx;
-- xmlSecBufferPtr buffer;
--
-- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-- xmlSecAssert2(key != NULL, -1);
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-- xmlSecAssert2(ctx->keyInitialized == 0, -1);
-- xmlSecAssert2(ctx->keyId != NULL, -1);
-- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
--
-- xmlSecAssert2(ctx->keySize > 0, -1);
-- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
--
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
-- xmlSecAssert2(buffer != NULL, -1);
--
-- if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
-- "keySize=%d;expected=%d",
-- xmlSecBufferGetSize(buffer), ctx->keySize);
-- return(-1);
-- }
--
-- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
-- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
--
-- ctx->keyInitialized = 1;
-- return(0);
-+ return 0 ;
- }
-
-+/**
-+ * Block cipher transform final
-+ */
- static int
--xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
-- xmlSecNssBlockCipherCtxPtr ctx;
-- xmlSecBufferPtr in, out;
-- int ret;
--
-- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-- xmlSecAssert2(transformCtx != NULL, -1);
--
-- in = &(transform->inBuf);
-- out = &(transform->outBuf);
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
-+xmlSecNssBlockCipherCtxFinal(
-+ xmlSecNssBlockCipherCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ const xmlChar* cipherName ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecSize inSize ;
-+ xmlSecSize outSize ;
-+ int blockSize ;
-+ int outLen ;
-+ xmlSecByte* inBuf ;
-+ xmlSecByte* outBuf ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ inSize = xmlSecBufferGetSize( in ) ;
-+ outSize = xmlSecBufferGetSize( out ) ;
-+
-+ /******************************************************************/
-+ if( encrypt != 0 ) {
-+ xmlSecAssert2( inSize < blockSize, -1 ) ;
-+
-+ /* create padding */
-+ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetMaxSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ inBuf = xmlSecBufferGetData( in ) ;
-+
-+ /* generate random */
-+ if( blockSize > ( inSize + 1 ) ) {
-+ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_GenerateRandom" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ inBuf[blockSize-1] = blockSize - inSize ;
-+ inSize = blockSize ;
-+ } else {
-+ if( inSize != blockSize ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ /* process the last block */
-+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetMaxSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ outBuf = xmlSecBufferGetData( out ) + outSize ;
-+
-+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_CipherOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( encrypt == 0 ) {
-+ /* check padding */
-+ if( outLen < outBuf[blockSize-1] ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ outLen -= outBuf[blockSize-1] ;
-+ }
-+ /******************************************************************/
-+
-+ /******************************************************************
-+ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetMaxSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ outBuf = xmlSecBufferGetData( out ) + outSize ;
-+
-+ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_DigestFinal" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ ******************************************************************/
-+
-+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+/* PK11_Finalize( ctx->cipherCtx ) ;*/
-+ PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ;
-+ ctx->cipherCtx = NULL ;
-
-- if(transform->status == xmlSecTransformStatusNone) {
-- transform->status = xmlSecTransformStatusWorking;
-- }
--
-- if(transform->status == xmlSecTransformStatusWorking) {
-- if(ctx->ctxInitialized == 0) {
-- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
-- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
-- xmlSecTransformGetName(transform), transformCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- "xmlSecNssBlockCipherCtxInit",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- }
-- if((ctx->ctxInitialized == 0) && (last != 0)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "not enough data to initialize transform");
-- return(-1);
-- }
--
-- if(ctx->ctxInitialized != 0) {
-- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
-- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
-- xmlSecTransformGetName(transform), transformCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- "xmlSecNssBlockCipherCtxUpdate",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- }
--
-- if(last) {
-- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
-- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
-- xmlSecTransformGetName(transform), transformCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- "xmlSecNssBlockCipherCtxFinal",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- transform->status = xmlSecTransformStatusFinished;
-- }
-- } else if(transform->status == xmlSecTransformStatusFinished) {
-- /* the only way we can get here is if there is no input */
-- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
-- } else if(transform->status == xmlSecTransformStatusNone) {
-- /* the only way we can get here is if there is no enough data in the input */
-- xmlSecAssert2(last == 0, -1);
-- } else {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_STATUS,
-- "status=%d", transform->status);
-- return(-1);
-- }
--
-- return(0);
-+ return 0 ;
- }
-
-
--#ifndef XMLSEC_NO_AES
--/*********************************************************************
-+
-+/**
-+ * xmlSecTransformExecuteMethod:
-+ * @transform: the pointer to transform object.
-+ * @last: the flag: if set to 1 then it's the last data chunk.
-+ * @transformCtx: the pointer to transform context object.
- *
-- * AES CBC cipher transforms
-+ * Transform specific method to process a chunk of data.
- *
-- ********************************************************************/
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+static int
-+xmlSecNssBlockCipherExecute(
-+ xmlSecTransformPtr transform ,
-+ int last ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+ xmlSecBufferPtr inBuf = NULL ;
-+ xmlSecBufferPtr outBuf = NULL ;
-+ const xmlChar* cipherName ;
-+ int operation ;
-+ int rtv ;
-+
-+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ inBuf = &( transform->inBuf ) ;
-+ outBuf = &( transform->outBuf ) ;
-+
-+ if( transform->status == xmlSecTransformStatusNone ) {
-+ transform->status = xmlSecTransformStatusWorking ;
-+ }
-+
-+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
-+ cipherName = xmlSecTransformGetName( transform ) ;
-+
-+ if( transform->status == xmlSecTransformStatusWorking ) {
-+ if( context->cipherCtx == NULL ) {
-+ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherCtxInit" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( context->cipherCtx == NULL && last != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "No enough data to intialize transform" ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->cipherCtx != NULL ) {
-+ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherCtxUpdate" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( last ) {
-+ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherCtxFinal" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ transform->status = xmlSecTransformStatusFinished ;
-+ }
-+ } else if( transform->status == xmlSecTransformStatusFinished ) {
-+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return -1 ;
-+ }
-+ } else {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return -1 ;
-+ }
-+
-+ return 0 ;
-+}
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
-+#else
- static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
-- /* klass/object sizes */
-- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
--
-- xmlSecNameAes128Cbc, /* const xmlChar* name; */
-- xmlSecHrefAes128Cbc, /* const xmlChar* href; */
-- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
--
-- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
-- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-- NULL, /* xmlSecTransformNodeReadMethod readNode; */
-- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-- NULL, /* xmlSecTransformValidateMethod validate; */
-- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-- NULL, /* xmlSecTransformPopXmlMethod popXml; */
-- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
--
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
-+#endif
-+ sizeof( xmlSecTransformKlass ) ,
-+ xmlSecNssBlockCipherSize ,
-+
-+ xmlSecNameAes128Cbc ,
-+ xmlSecHrefAes128Cbc ,
-+ xmlSecTransformUsageEncryptionMethod ,
-+
-+ xmlSecNssBlockCipherInitialize ,
-+ xmlSecNssBlockCipherFinalize ,
-+ NULL ,
-+ NULL ,
-+
-+ xmlSecNssBlockCipherSetKeyReq ,
-+ xmlSecNssBlockCipherSetKey ,
-+ NULL ,
-+ xmlSecTransformDefaultGetDataType ,
-+
-+ xmlSecTransformDefaultPushBin ,
-+ xmlSecTransformDefaultPopBin ,
-+ NULL ,
-+ NULL ,
-+ xmlSecNssBlockCipherExecute ,
-+
-+ NULL ,
-+ NULL
-+} ;
-+
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
-+#endif
-+ sizeof( xmlSecTransformKlass ) ,
-+ xmlSecNssBlockCipherSize ,
-+
-+ xmlSecNameAes192Cbc ,
-+ xmlSecHrefAes192Cbc ,
-+ xmlSecTransformUsageEncryptionMethod ,
-+
-+ xmlSecNssBlockCipherInitialize ,
-+ xmlSecNssBlockCipherFinalize ,
-+ NULL ,
-+ NULL ,
-+
-+ xmlSecNssBlockCipherSetKeyReq ,
-+ xmlSecNssBlockCipherSetKey ,
-+ NULL ,
-+ xmlSecTransformDefaultGetDataType ,
-+
-+ xmlSecTransformDefaultPushBin ,
-+ xmlSecTransformDefaultPopBin ,
-+ NULL ,
-+ NULL ,
-+ xmlSecNssBlockCipherExecute ,
-+
-+ NULL ,
-+ NULL
-+} ;
-+
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
-+#endif
-+ sizeof( xmlSecTransformKlass ) ,
-+ xmlSecNssBlockCipherSize ,
-+
-+ xmlSecNameAes256Cbc ,
-+ xmlSecHrefAes256Cbc ,
-+ xmlSecTransformUsageEncryptionMethod ,
-+
-+ xmlSecNssBlockCipherInitialize ,
-+ xmlSecNssBlockCipherFinalize ,
-+ NULL ,
-+ NULL ,
-+
-+ xmlSecNssBlockCipherSetKeyReq ,
-+ xmlSecNssBlockCipherSetKey ,
-+ NULL ,
-+ xmlSecTransformDefaultGetDataType ,
-+
-+ xmlSecTransformDefaultPushBin ,
-+ xmlSecTransformDefaultPopBin ,
-+ NULL ,
-+ NULL ,
-+ xmlSecNssBlockCipherExecute ,
-+
-+ NULL ,
-+ NULL
-+} ;
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
-+#endif
-+ sizeof( xmlSecTransformKlass ) ,
-+ xmlSecNssBlockCipherSize ,
-+
-+ xmlSecNameDes3Cbc ,
-+ xmlSecHrefDes3Cbc ,
-+ xmlSecTransformUsageEncryptionMethod ,
-+
-+ xmlSecNssBlockCipherInitialize ,
-+ xmlSecNssBlockCipherFinalize ,
-+ NULL ,
-+ NULL ,
-+
-+ xmlSecNssBlockCipherSetKeyReq ,
-+ xmlSecNssBlockCipherSetKey ,
-+ NULL ,
-+ xmlSecTransformDefaultGetDataType ,
-+
-+ xmlSecTransformDefaultPushBin ,
-+ xmlSecTransformDefaultPopBin ,
-+ NULL ,
-+ NULL ,
-+ xmlSecNssBlockCipherExecute ,
-+
-+ NULL ,
-+ NULL
-+} ;
-
- /**
-- * xmlSecNssTransformAes128CbcGetKlass:
-- *
-- * AES 128 CBC encryption transform klass.
-- *
-- * Returns pointer to AES 128 CBC encryption transform.
-- */
--xmlSecTransformId
--xmlSecNssTransformAes128CbcGetKlass(void) {
-- return(&xmlSecNssAes128CbcKlass);
-+ * xmlSecNssTransformAes128CbcGetKlass
-+ *
-+ * Get the AES128_CBC transform klass
-+ *
-+ * Return AES128_CBC transform klass
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformAes128CbcGetKlass( void ) {
-+ return ( &xmlSecNssAes128CbcKlass ) ;
- }
-
--static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
-- /* klass/object sizes */
-- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
--
-- xmlSecNameAes192Cbc, /* const xmlChar* name; */
-- xmlSecHrefAes192Cbc, /* const xmlChar* href; */
-- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
--
-- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
-- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-- NULL, /* xmlSecTransformNodeReadMethod readNode; */
-- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-- NULL, /* xmlSecTransformValidateMethod validate; */
-- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-- NULL, /* xmlSecTransformPopXmlMethod popXml; */
-- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
--
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
--
- /**
-- * xmlSecNssTransformAes192CbcGetKlass:
-- *
-- * AES 192 CBC encryption transform klass.
-- *
-- * Returns pointer to AES 192 CBC encryption transform.
-- */
--xmlSecTransformId
--xmlSecNssTransformAes192CbcGetKlass(void) {
-- return(&xmlSecNssAes192CbcKlass);
-+ * xmlSecNssTransformAes192CbcGetKlass
-+ *
-+ * Get the AES192_CBC transform klass
-+ *
-+ * Return AES192_CBC transform klass
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformAes192CbcGetKlass( void ) {
-+ return ( &xmlSecNssAes192CbcKlass ) ;
- }
-
--static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
-- /* klass/object sizes */
-- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
--
-- xmlSecNameAes256Cbc, /* const xmlChar* name; */
-- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
-- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
--
-- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
-- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-- NULL, /* xmlSecTransformNodeReadMethod readNode; */
-- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-- NULL, /* xmlSecTransformValidateMethod validate; */
-- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-- NULL, /* xmlSecTransformPopXmlMethod popXml; */
-- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
--
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
--
- /**
-- * xmlSecNssTransformAes256CbcGetKlass:
-- *
-- * AES 256 CBC encryption transform klass.
-- *
-- * Returns pointer to AES 256 CBC encryption transform.
-- */
--xmlSecTransformId
--xmlSecNssTransformAes256CbcGetKlass(void) {
-- return(&xmlSecNssAes256CbcKlass);
-+ * xmlSecNssTransformAes256CbcGetKlass
-+ *
-+ * Get the AES256_CBC transform klass
-+ *
-+ * Return AES256_CBC transform klass
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformAes256CbcGetKlass( void ) {
-+ return ( &xmlSecNssAes256CbcKlass ) ;
- }
-
--#endif /* XMLSEC_NO_AES */
--
--#ifndef XMLSEC_NO_DES
--static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
-- /* klass/object sizes */
-- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
--
-- xmlSecNameDes3Cbc, /* const xmlChar* name; */
-- xmlSecHrefDes3Cbc, /* const xmlChar* href; */
-- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
--
-- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
-- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-- NULL, /* xmlSecTransformNodeReadMethod readNode; */
-- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-- NULL, /* xmlSecTransformValidateMethod validate; */
-- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-- NULL, /* xmlSecTransformPopXmlMethod popXml; */
-- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
--
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
--
--/**
-- * xmlSecNssTransformDes3CbcGetKlass:
-+/**
-+ * xmlSecNssTransformDes3CbcGetKlass
- *
-- * Triple DES CBC encryption transform klass.
-- *
-- * Returns pointer to Triple DES encryption transform.
-+ * Get the DES3_CBC transform klass
-+ *
-+ * Return DES3_CBC transform klass
- */
--xmlSecTransformId
--xmlSecNssTransformDes3CbcGetKlass(void) {
-- return(&xmlSecNssDes3CbcKlass);
-+xmlSecTransformId
-+xmlSecNssTransformDes3CbcGetKlass( void ) {
-+ return ( &xmlSecNssDes3CbcKlass ) ;
- }
--#endif /* XMLSEC_NO_DES */
-+
-
---- misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100
-+++ misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2008-06-29 23:44:19.000000000 +0200
-@@ -130,6 +130,7 @@
- /**
- * High level routines form xmlsec command line utility
- */
-+/*
- gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
- gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
- gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
-@@ -143,10 +144,29 @@
- gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
- gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
- gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
--#endif /* XMLSEC_NO_X509 */
-+#endif
- gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
- gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
- gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
-+*/
-+
-+ gXmlSecNssFunctions->cryptoAppInit = NULL ;
-+ gXmlSecNssFunctions->cryptoAppShutdown = NULL ;
-+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ;
-+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ;
-+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ;
-+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ;
-+#ifndef XMLSEC_NO_X509
-+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ;
-+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ;
-+ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ;
-+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ;
-+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ;
-+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ;
-+#endif /* XMLSEC_NO_X509 */
-+ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ;
-+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ;
-+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ;
-
- return(gXmlSecNssFunctions);
- }
---- misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/digests.c 2008-06-29 23:44:19.000000000 +0200
-@@ -21,7 +21,6 @@
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
--#include <xmlsec/nss/app.h>
- #include <xmlsec/nss/crypto.h>
-
- #define XMLSEC_NSS_MAX_DIGEST_SIZE 32
-@@ -107,7 +106,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SECOID_FindOIDByTag",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -117,7 +116,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_CreateDigestContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -208,7 +207,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestBegin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- transform->status = xmlSecTransformStatusWorking;
-@@ -225,7 +224,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -246,7 +245,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-@@ -285,7 +284,11 @@
- * SHA1 Digest transforms
- *
- *****************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssSha1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecNssSha1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssDigestSize, /* xmlSecSize objSize */
---- misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2008-06-29 23:44:19.000000000 +0200
-@@ -23,8 +23,8 @@
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
--#include <xmlsec/nss/app.h>
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-
- #define XMLSEC_NSS_MAX_HMAC_SIZE 128
-
-@@ -241,13 +241,13 @@
- keyItem.data = xmlSecBufferGetData(buffer);
- keyItem.len = xmlSecBufferGetSize(buffer);
-
-- slot = PK11_GetBestSlot(ctx->digestType, NULL);
-+ slot = xmlSecNssSlotGet(ctx->digestType);
- if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- "PK11_GetBestSlot",
-+ "xmlSecNssSlotGet",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -258,7 +258,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_ImportSymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- PK11_FreeSlot(slot);
- return(-1);
- }
-@@ -269,7 +269,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- PK11_FreeSymKey(symKey);
- PK11_FreeSlot(slot);
- return(-1);
-@@ -368,7 +368,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestBegin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- transform->status = xmlSecTransformStatusWorking;
-@@ -385,7 +385,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -408,7 +408,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- xmlSecAssert2(dgstSize > 0, -1);
-@@ -459,7 +459,11 @@
- /**
- * HMAC SHA1
- */
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssHmacSize, /* xmlSecSize objSize */
-@@ -501,7 +505,11 @@
- /**
- * HMAC Ripemd160
- */
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
-+#else
- static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssHmacSize, /* xmlSecSize objSize */
-@@ -543,7 +551,11 @@
- /**
- * HMAC Md5
- */
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
-+#else
- static xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssHmacSize, /* xmlSecSize objSize */
---- misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2008-06-29 23:44:19.000000000 +0200
-@@ -1,119 +1,522 @@
- /**
- * XMLSec library
- *
-- * Nss keys store that uses Simple Keys Store under the hood. Uses the
-- * Nss DB as a backing store for the finding keys, but the NSS DB is
-- * not written to by the keys store.
-- * So, if store->findkey is done and the key is not found in the simple
-- * keys store, the NSS DB is looked up.
-- * If store is called to adopt a key, that key is not written to the NSS
-- * DB.
-- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
-- * source of keys for xmlsec
-- *
- * This is free software; see Copyright file in the source
- * distribution for precise wording.
- *
-- * Copyright (c) 2003 America Online, Inc. All rights reserved.
-+ * Copyright................................
- */
--#include "globals.h"
-
--#include <stdlib.h>
-+/**
-+ * NSS key store uses a key list and a slot list as the key repository. NSS slot
-+ * list is a backup repository for the finding keys. If a key is not found from
-+ * the key list, the NSS slot list is looked up.
-+ *
-+ * Any key in the key list will not save to pkcs11 slot. When a store to called
-+ * to adopt a key, the key is resident in the key list; While a store to called
-+ * to set a is resident in the key list; While a store to called to set a slot
-+ * list, which means that the keys in the listed slot can be used for xml sign-
-+ * nature or encryption.
-+ *
-+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
-+ *
-+ * The framework will decrease the user interfaces to administrate xmlSec crypto
-+ * engine. He can only focus on NSS layer functions. For examples, after the
-+ * user set up a slot list handler to the keys store, he do not need to do any
-+ * other work atop xmlSec interfaces, his action on the slot list handler, such
-+ * as add a token to, delete a token from the list, will directly effect the key
-+ * store behaviors.
-+ *
-+ * For example, a scenariio:
-+ * 0. Create a slot list;( NSS interfaces )
-+ * 1. Create a keys store;( xmlSec interfaces )
-+ * 2. Set slot list with the keys store;( xmlSec Interfaces )
-+ * 3. Add a slot to the slot list;( NSS interfaces )
-+ * 4. Perform xml signature; ( xmlSec Interfaces )
-+ * 5. Deleter a slot from the slot list;( NSS interfaces )
-+ * 6. Perform xml encryption; ( xmlSec Interfaces )
-+ * 7. Perform xml signature;( xmlSec Interfaces )
-+ * 8. Destroy the keys store;( xmlSec Interfaces )
-+ * 8. Destroy the slot list.( NSS Interfaces )
-+ */
-+
-+#include "globals.h"
- #include <string.h>
-
--#include <nss.h>
--#include <cert.h>
--#include <pk11func.h>
--#include <keyhi.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <prinit.h>
-+#include <keyhi.h>
-
--#include <libxml/tree.h>
-
- #include <xmlsec/xmlsec.h>
--#include <xmlsec/buffer.h>
--#include <xmlsec/base64.h>
--#include <xmlsec/errors.h>
--#include <xmlsec/xmltree.h>
--
-+#include <xmlsec/keys.h>
- #include <xmlsec/keysmngr.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/keysstore.h>
--#include <xmlsec/nss/x509.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/ciphers.h>
- #include <xmlsec/nss/pkikeys.h>
-
--/****************************************************************************
-+/**
-+ * Internal NSS key store context
- *
-- * Nss Keys Store. Uses Simple Keys Store under the hood
-- *
-- * Simple Keys Store ptr is located after xmlSecKeyStore
-+ * This context is located after xmlSecKeyStore
-+ */
-+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
-+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
-+
-+struct _xmlSecNssKeysStoreCtx {
-+ xmlSecPtrListPtr keyList ;
-+ xmlSecPtrListPtr slotList ;
-+} ;
-+
-+#define xmlSecNssKeysStoreSize \
-+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
-+
-+#define xmlSecNssKeysStoreGetCtx( data ) \
-+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
-+
-+int xmlSecNssKeysStoreAdoptKeySlot(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->slotList == NULL ) {
-+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ return 0 ;
-+}
-+
-+int xmlSecNssKeysStoreAdoptKey(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecKeyPtr key
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->keyList == NULL ) {
-+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ return 0 ;
-+}
-+
-+/**
-+ * xmlSecKeyStoreInitializeMethod:
-+ * @store: the store.
- *
-- ***************************************************************************/
--#define xmlSecNssKeysStoreSize \
-- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
--
--#define xmlSecNssKeysStoreGetSS(store) \
-- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
-- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
-- (xmlSecKeyStorePtr*)NULL)
--
--static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
--static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
--static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
-- const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
-+ * Keys store specific initialization method.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+static int
-+xmlSecNssKeysStoreInitialize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
--static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-- sizeof(xmlSecKeyStoreKlass),
-- xmlSecNssKeysStoreSize,
-+ context->keyList = NULL ;
-+ context->slotList = NULL ;
-
-- /* data */
-- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
--
-- /* constructors/destructor */
-- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
-- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
-- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
--
-- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
-+ return 0 ;
-+}
-
--/**
-- * xmlSecNssKeysStoreGetKlass:
-- *
-- * The Nss list based keys store klass.
-+/**
-+ * xmlSecKeyStoreFinalizeMethod:
-+ * @store: the store.
- *
-- * Returns Nss list based keys store klass.
-+ * Keys store specific finalization (destroy) method.
- */
--xmlSecKeyStoreId
--xmlSecNssKeysStoreGetKlass(void) {
-- return(&xmlSecNssKeysStoreKlass);
-+void
-+xmlSecNssKeysStoreFinalize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
-+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return ;
-+ }
-+
-+ if( context->keyList != NULL ) {
-+ xmlSecPtrListDestroy( context->keyList ) ;
-+ context->keyList = NULL ;
-+ }
-+
-+ if( context->slotList != NULL ) {
-+ xmlSecPtrListDestroy( context->slotList ) ;
-+ context->slotList = NULL ;
-+ }
- }
-
--/**
-- * xmlSecNssKeysStoreAdoptKey:
-- * @store: the pointer to Nss keys store.
-- * @key: the pointer to key.
-- *
-- * Adds @key to the @store.
-+xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKeyFromSlot(
-+ PK11SlotInfo* slot,
-+ const xmlChar* name,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecKeyDataPtr data = NULL ;
-+ int length ;
-+
-+ xmlSecAssert2( slot != NULL , NULL ) ;
-+ xmlSecAssert2( name != NULL , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
-+ PK11SymKey* symKey ;
-+ PK11SymKey* curKey ;
-+
-+ /* Find symmetric key from the slot by name */
-+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
-+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
-+ /* Check the key request */
-+ length = PK11_GetKeyLength( curKey ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ break ;
-+ }
-+
-+ /* Destroy the sym key list */
-+ for( curKey = symKey ; curKey != NULL ; ) {
-+ symKey = curKey ;
-+ curKey = PK11_GetNextSymKey( symKey ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+ SECKEYPublicKeyList* pubKeyList ;
-+ SECKEYPublicKey* pubKey ;
-+ SECKEYPublicKeyListNode* curPub ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
-+ pubKey = NULL ;
-+ curPub = PUBKEY_LIST_HEAD(pubKeyList);
-+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
-+ /* Check the key request */
-+ length = SECKEY_PublicKeyStrength( curPub->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ pubKey = curPub->key ;
-+ break ;
-+ }
-+
-+ if( pubKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the public key list */
-+ SECKEY_DestroyPublicKeyList( pubKeyList ) ;
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+ SECKEYPrivateKeyList* priKeyList = NULL ;
-+ SECKEYPrivateKey* priKey = NULL ;
-+ SECKEYPrivateKeyListNode* curPri ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
-+ priKey = NULL ;
-+ curPri = PRIVKEY_LIST_HEAD(priKeyList);
-+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
-+ /* Check the key request */
-+ length = PK11_SignatureLen( curPri->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ priKey = curPri->key ;
-+ break ;
-+ }
-+
-+ if( priKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the private key list */
-+ SECKEY_DestroyPrivateKeyList( priKeyList ) ;
-+ }
-+
-+ /* If we have gotten the key value */
-+ if( data != NULL ) {
-+ if( ( key = xmlSecKeyCreate() ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDestroy( key ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ return(key);
-+}
-+
-+/**
-+ * xmlSecKeyStoreFindKeyMethod:
-+ * @store: the store.
-+ * @name: the desired key name.
-+ * @keyInfoCtx: the pointer to key info context.
- *
-- * Returns 0 on success or a negative value if an error occurs.
-+ * Keys store specific find method. The caller is responsible for destroying
-+ * the returned key using #xmlSecKeyDestroy method.
-+ *
-+ * Returns the pointer to a key or NULL if key is not found or an error occurs.
- */
--int
--xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((key != NULL), -1);
-+static xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKey(
-+ xmlSecKeyStorePtr store ,
-+ const xmlChar* name ,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecNssKeySlotPtr keySlot = NULL ;
-+ xmlSecSize pos ;
-+ xmlSecSize size ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Look for key at keyList at first.
-+ */
-+ if( context->keyList != NULL ) {
-+ size = xmlSecPtrListGetSize( context->keyList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
-+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
-+ return xmlSecKeyDuplicate( key ) ;
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Find the key from slotList
-+ */
-+ if( context->slotList != NULL ) {
-+ PK11SlotInfo* slot = NULL ;
-+
-+ size = xmlSecPtrListGetSize( context->slotList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ if( slot == NULL ) {
-+ continue ;
-+ } else {
-+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
-+ if( key == NULL ) {
-+ continue ;
-+ } else {
-+ return( key ) ;
-+ }
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Create a session key if we can not find the key from keyList and slotList
-+ */
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
-+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ return key ;
-+ }
-+
-+ /**
-+ * We have no way to find the key any more.
-+ */
-+ return NULL ;
-+}
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-+#else
-+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-+#endif
-+ sizeof( xmlSecKeyStoreKlass ) ,
-+ xmlSecNssKeysStoreSize ,
-+ BAD_CAST "implicit_nss_keys_store" ,
-+ xmlSecNssKeysStoreInitialize ,
-+ xmlSecNssKeysStoreFinalize ,
-+ xmlSecNssKeysStoreFindKey ,
-+ NULL ,
-+ NULL
-+} ;
-
-- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
-+/**
-+ * xmlSecNssKeysStoreGetKlass:
-+ *
-+ * The simple list based keys store klass.
-+ *
-+ * Returns simple list based keys store klass.
-+ */
-+xmlSecKeyStoreId
-+xmlSecNssKeysStoreGetKlass( void ) {
-+ return &xmlSecNssKeysStoreKlass ;
- }
-
-+
-+/**************************
-+ * Application routines
-+ */
- /**
- * xmlSecNssKeysStoreLoad:
- * @store: the pointer to Nss keys store.
-@@ -125,8 +528,11 @@
- * Returns 0 on success or a negative value if an error occurs.
- */
- int
--xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
-- xmlSecKeysMngrPtr keysMngr) {
-+xmlSecNssKeysStoreLoad(
-+ xmlSecKeyStorePtr store,
-+ const char *uri,
-+ xmlSecKeysMngrPtr keysMngr
-+) {
- xmlDocPtr doc;
- xmlNodePtr root;
- xmlNodePtr cur;
-@@ -252,254 +658,147 @@
- */
- int
- xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((filename != NULL), -1);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
--
-- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
--}
--
--static int
--xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-+ xmlSecKeyInfoCtx keyInfoCtx;
-+ xmlSecNssKeysStoreCtxPtr context ;
-+ xmlSecPtrListPtr list;
-+ xmlSecKeyPtr key;
-+ xmlSecSize i, keysSize;
-+ xmlDocPtr doc;
-+ xmlNodePtr cur;
-+ xmlSecKeyDataPtr data;
-+ xmlSecPtrListPtr idsList;
-+ xmlSecKeyDataId dataId;
-+ xmlSecSize idsSize, j;
-+ int ret;
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2((*ss == NULL), -1);
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
-+ xmlSecAssert2(filename != NULL, -1);
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ xmlSecAssert2( context != NULL, -1 );
-+
-+ list = context->keyList ;
-+ xmlSecAssert2( list != NULL, -1 );
-+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
-
-- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
-- if(*ss == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-+ /* create doc */
-+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
-+ if(doc == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-- "xmlSecKeyStoreCreate",
-+ "xmlSecCreateTree",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "xmlSecSimpleKeysStoreId");
-- return(-1);
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
- }
--
-- return(0);
--}
--
--static void
--xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert((ss != NULL) && (*ss != NULL));
-
-- xmlSecKeyStoreDestroy(*ss);
--}
--
--static xmlSecKeyPtr
--xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecKeyStorePtr* ss;
-- xmlSecKeyPtr key = NULL;
-- xmlSecKeyPtr retval = NULL;
-- xmlSecKeyReqPtr keyReq = NULL;
-- CERTCertificate *cert = NULL;
-- SECKEYPublicKey *pubkey = NULL;
-- SECKEYPrivateKey *privkey = NULL;
-- xmlSecKeyDataPtr data = NULL;
-- xmlSecKeyDataPtr x509Data = NULL;
-- int ret;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
-- xmlSecAssert2(keyInfoCtx != NULL, NULL);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
--
-- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
-- if (key != NULL) {
-- return (key);
-- }
-+ idsList = xmlSecKeyDataIdsGet();
-+ xmlSecAssert2(idsList != NULL, -1);
-+
-+ keysSize = xmlSecPtrListGetSize(list);
-+ idsSize = xmlSecPtrListGetSize(idsList);
-+ for(i = 0; i < keysSize; ++i) {
-+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
-+ xmlSecAssert2(key != NULL, -1);
-+
-+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
-+ xmlFreeDoc(doc);
-+ return(-1);
-+ }
-
-- /* Try to find the key in the NSS DB, and construct an xmlSecKey.
-- * we must have a name to lookup keys in NSS DB.
-- */
-- if (name == NULL) {
-- goto done;
-- }
-+ /* special data key name */
-+ if(xmlSecKeyGetName(key) != NULL) {
-+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeKeyName));
-+ xmlFreeDoc(doc);
-+ return(-1);
-+ }
-+ }
-+
-+ /* create nodes for other keys data */
-+ for(j = 0; j < idsSize; ++j) {
-+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
-+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
-
-- /* what type of key are we looking for?
-- * TBD: For now, we'll look only for public/private keys using the
-- * name as a cert nickname. Later on, we can attempt to find
-- * symmetric keys using PK11_FindFixedKey
-- */
-- keyReq = &(keyInfoCtx->keyReq);
-- if (keyReq->keyType &
-- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
-- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
-- if (cert == NULL) {
-- goto done;
-- }
--
-- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
-- pubkey = CERT_ExtractPublicKey(cert);
-- if (pubkey == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_ExtractPublicKey",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-+ if(dataId->dataNodeName == NULL) {
-+ continue;
-+ }
-+
-+ data = xmlSecKeyGetData(key, dataId);
-+ if(data == NULL) {
-+ continue;
- }
-- }
-
-- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
-- privkey = PK11_FindKeyByAnyCert(cert, NULL);
-- if (privkey == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "PK11_FindKeyByAnyCert",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "node=%s",
-+ xmlSecErrorsSafeString(dataId->dataNodeName));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
- }
-
-- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
-- if(data == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssPKIAdoptKey",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
-- privkey = NULL;
-- pubkey = NULL;
--
-- key = xmlSecKeyCreate();
-- if (key == NULL) {
-+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
-+ if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyCreate",
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-- return (NULL);
-- }
--
-- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
-- if(x509Data == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyDataCreate",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "transform=%s",
-- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
-- goto done;
-- }
--
-- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
-- if (ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssKeyDataX509AdoptKeyCert",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
-- goto done;
-- }
-- cert = CERT_DupCertificate(cert);
-- if (cert == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_DupCertificate",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
-- goto done;
-- }
--
-- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
-- if (ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssKeyDataX509AdoptCert",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
-- goto done;
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-- cert = NULL;
-
-- ret = xmlSecKeySetValue(key, data);
-- if (ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeySetValue",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
-- goto done;
-- }
-- data = NULL;
-+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
-+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
-+ keyInfoCtx.keyReq.keyType = type;
-+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
-
-- ret = xmlSecKeyAdoptData(key, x509Data);
-- if (ret < 0) {
-+ /* finally write key in the node */
-+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
-+ if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyAdoptData",
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecKeyInfoNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
-- goto done;
-- }
-- x509Data = NULL;
--
-- retval = key;
-- key = NULL;
-- }
--
--done:
-- if (cert != NULL) {
-- CERT_DestroyCertificate(cert);
-- }
-- if (pubkey != NULL) {
-- SECKEY_DestroyPublicKey(pubkey);
-- }
-- if (privkey != NULL) {
-- SECKEY_DestroyPrivateKey(privkey);
-- }
-- if (data != NULL) {
-- xmlSecKeyDataDestroy(data);
-- }
-- if (x509Data != NULL) {
-- xmlSecKeyDataDestroy(x509Data);
-- }
-- if (key != NULL) {
-- xmlSecKeyDestroy(key);
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-+ xmlFreeDoc(doc);
-+ return(-1);
-+ }
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- }
--
-- /* now that we have a key, make sure it is valid and let the simple
-- * store adopt it */
-- if (retval) {
-- if (xmlSecKeyIsValid(retval)) {
-- ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval);
-- if (ret < 0) {
-+
-+ /* now write result */
-+ ret = xmlSaveFormatFile(filename, doc, 1);
-+ if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-- "xmlSecSimpleKeysStoreAdoptKey",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- xmlSecKeyDestroy(retval);
-- retval = NULL;
-- }
-- } else {
-- xmlSecKeyDestroy(retval);
-- retval = NULL;
-- }
-- }
--
-- return (retval);
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSaveFormatFile",
-+ XMLSEC_ERRORS_R_XML_FAILED,
-+ "filename=%s",
-+ xmlSecErrorsSafeString(filename));
-+ xmlFreeDoc(doc);
-+ return(-1);
-+ }
-+
-+ xmlFreeDoc(doc);
-+ return(0);
- }
-+
---- misc/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:39.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,752 @@
--dummy
-+/**
-+ *
-+ * XMLSec library
-+ *
-+ * AES Algorithm support
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright .................................
-+ */
-+#include "globals.h"
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <keyhi.h>
-+#include <key.h>
-+#include <hasht.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/tokens.h>
-+
-+/*********************************************************************
-+ *
-+ * key transform transforms
-+ *
-+ ********************************************************************/
-+typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ;
-+typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ;
-+
-+#define xmlSecNssKeyTransportSize \
-+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
-+
-+#define xmlSecNssKeyTransportGetCtx( transform ) \
-+ ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
-+
-+struct _xmlSecNssKeyTransportCtx {
-+ CK_MECHANISM_TYPE cipher ;
-+ SECKEYPublicKey* pubkey ;
-+ SECKEYPrivateKey* prikey ;
-+ xmlSecKeyDataId keyId ;
-+ xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
-+} ;
-+
-+static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform);
-+static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform);
-+static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform,
-+ xmlSecKeyReqPtr keyReq);
-+static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform,
-+ xmlSecKeyPtr key);
-+static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform,
-+ int last,
-+ xmlSecTransformCtxPtr transformCtx);
-+static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform);
-+
-+static int
-+xmlSecNssKeyTransportCheckId(
-+ xmlSecTransformPtr transform
-+) {
-+ #ifndef XMLSEC_NO_RSA
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) {
-+
-+ return(1);
-+ }
-+ #endif /* XMLSEC_NO_RSA */
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyTransportCtxPtr context ;
-+ int ret;
-+
-+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
-+
-+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ #ifndef XMLSEC_NO_RSA
-+ if( transform->id == xmlSecNssTransformRsaPkcs1Id ) {
-+ context->cipher = CKM_RSA_PKCS ;
-+ context->keyId = xmlSecNssKeyDataRsaId ;
-+ } else if( transform->id == xmlSecNssTransformRsaOaepId ) {
-+ context->cipher = CKM_RSA_PKCS_OAEP ;
-+ context->keyId = xmlSecNssKeyDataRsaId ;
-+ } else
-+ #endif /* XMLSEC_NO_RSA */
-+
-+ if( 1 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->pubkey = NULL ;
-+ context->prikey = NULL ;
-+ context->material = NULL ;
-+
-+ return(0);
-+}
-+
-+static void
-+xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyTransportCtxPtr context ;
-+
-+ xmlSecAssert(xmlSecNssKeyTransportCheckId(transform));
-+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize));
-+
-+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
-+ xmlSecAssert( context != NULL ) ;
-+
-+ if( context->pubkey != NULL ) {
-+ SECKEY_DestroyPublicKey( context->pubkey ) ;
-+ context->pubkey = NULL ;
-+ }
-+
-+ if( context->prikey != NULL ) {
-+ SECKEY_DestroyPrivateKey( context->prikey ) ;
-+ context->prikey = NULL ;
-+ }
-+
-+ if( context->material != NULL ) {
-+ xmlSecBufferDestroy(context->material);
-+ context->material = NULL ;
-+ }
-+}
-+
-+static int
-+xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
-+ xmlSecNssKeyTransportCtxPtr context ;
-+ xmlSecSize cipherSize = 0 ;
-+
-+
-+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(keyReq != NULL, -1);
-+
-+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ keyReq->keyId = context->keyId;
-+ if(transform->operation == xmlSecTransformOperationEncrypt) {
-+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
-+ keyReq->keyType = xmlSecKeyDataTypePublic;
-+ } else {
-+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
-+ keyReq->keyType = xmlSecKeyDataTypePrivate;
-+ }
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
-+ xmlSecNssKeyTransportCtxPtr context = NULL ;
-+ xmlSecKeyDataPtr keyData = NULL ;
-+ SECKEYPublicKey* pubkey = NULL ;
-+ SECKEYPrivateKey* prikey = NULL ;
-+
-+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+
-+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
-+ if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyTransportGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-+
-+ keyData = xmlSecKeyGetValue( key ) ;
-+ if( keyData == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
-+ "xmlSecKeyGetValue" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if(transform->operation == xmlSecTransformOperationEncrypt) {
-+ if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
-+ "xmlSecNssPKIKeyDataGetPubKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->pubkey = pubkey ;
-+ } else {
-+ if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
-+ "xmlSecNssPKIKeyDataGetPrivKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->prikey = prikey ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+/**
-+ * key wrap transform
-+ */
-+static int
-+xmlSecNssKeyTransportCtxInit(
-+ xmlSecNssKeyTransportCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecSize blockSize ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ if( ctx->material != NULL ) {
-+ xmlSecBufferDestroy( ctx->material ) ;
-+ ctx->material = NULL ;
-+ }
-+
-+ if( ctx->pubkey != NULL ) {
-+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
-+ } else if( ctx->prikey != NULL ) {
-+ blockSize = PK11_SignatureLen( ctx->prikey ) ;
-+ } else {
-+ blockSize = -1 ;
-+ }
-+
-+ if( blockSize < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ ctx->material = xmlSecBufferCreate( blockSize ) ;
-+ if( ctx->material == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* read raw key material into context */
-+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetData" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+/**
-+ * key wrap transform update
-+ */
-+static int
-+xmlSecNssKeyTransportCtxUpdate(
-+ xmlSecNssKeyTransportCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+/**
-+ * Block cipher transform final
-+ */
-+static int
-+xmlSecNssKeyTransportCtxFinal(
-+ xmlSecNssKeyTransportCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ SECKEYPublicKey* targetKey ;
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ SECItem oriskv ;
-+ xmlSecSize blockSize ;
-+ xmlSecBufferPtr result ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Now we get all of the key materail */
-+ /* from now on we will wrap or unwrap the key */
-+ if( ctx->pubkey != NULL ) {
-+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
-+ } else if( ctx->prikey != NULL ) {
-+ blockSize = PK11_SignatureLen( ctx->prikey ) ;
-+ } else {
-+ blockSize = -1 ;
-+ }
-+
-+ if( blockSize < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ result = xmlSecBufferCreate( blockSize * 2 ) ;
-+ if( result == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ oriskv.type = siBuffer ;
-+ oriskv.data = xmlSecBufferGetData( ctx->material ) ;
-+ oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
-+
-+ if( encrypt != 0 ) {
-+ CK_OBJECT_HANDLE id ;
-+ SECItem wrpskv ;
-+
-+ /* Create template symmetric key from material */
-+ if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) {
-+ slot = xmlSecNssSlotGet( ctx->cipher ) ;
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+
-+ id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
-+ if( id == CK_INVALID_HANDLE ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_ImportPublicKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ PK11_FreeSlot( slot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ /* pay attention to mechanism */
-+ symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ PK11_FreeSlot( slot ) ;
-+ return(-1);
-+ }
-+
-+ wrpskv.type = siBuffer ;
-+ wrpskv.data = xmlSecBufferGetData( result ) ;
-+ wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
-+
-+ if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_PubWrapSymKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecBufferDestroy(result);
-+ PK11_FreeSlot( slot ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecBufferDestroy(result);
-+ PK11_FreeSlot( slot ) ;
-+ return(-1);
-+ }
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+ } else {
-+ SECItem* keyItem ;
-+ CK_OBJECT_HANDLE id1 ;
-+
-+ /* pay attention to mechanism */
-+ if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_PubUnwrapSymKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+
-+ /* Extract raw data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_ExtractKeyValue" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+
-+ if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetKeyData" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_PubUnwrapSymKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-+
-+ /* Write output */
-+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(result);
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
-+ xmlSecNssKeyTransportCtxPtr context = NULL ;
-+ xmlSecBufferPtr inBuf, outBuf ;
-+ int operation ;
-+ int rtv ;
-+
-+ xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyTransportGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ inBuf = &( transform->inBuf ) ;
-+ outBuf = &( transform->outBuf ) ;
-+
-+ if( transform->status == xmlSecTransformStatusNone ) {
-+ transform->status = xmlSecTransformStatusWorking ;
-+ }
-+
-+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
-+ if( transform->status == xmlSecTransformStatusWorking ) {
-+ if( context->material == NULL ) {
-+ rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyTransportCtxInit" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( context->material == NULL && last != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "No enough data to intialize transform" ) ;
-+ return(-1);
-+ }
-+
-+ if( context->material != NULL ) {
-+ rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyTransportCtxUpdate" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( last ) {
-+ rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyTransportCtxFinal" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ transform->status = xmlSecTransformStatusFinished ;
-+ }
-+ } else if( transform->status == xmlSecTransformStatusFinished ) {
-+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+ } else {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+
-+#ifndef XMLSEC_NO_RSA
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
-+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameRsaOaep, /* const xmlChar* name; */
-+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+/**
-+ * xmlSecNssTransformRsaPkcs1GetKlass:
-+ *
-+ * The RSA-PKCS1 key transport transform klass.
-+ *
-+ * Returns RSA-PKCS1 key transport transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformRsaPkcs1GetKlass(void) {
-+ return(&xmlSecNssRsaPkcs1Klass);
-+}
-+
-+/**
-+ * xmlSecNssTransformRsaOaepGetKlass:
-+ *
-+ * The RSA-PKCS1 key transport transform klass.
-+ *
-+ * Returns RSA-PKCS1 key transport transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformRsaOaepGetKlass(void) {
-+ return(&xmlSecNssRsaOaepKlass);
-+}
-+
-+#endif /* XMLSEC_NO_RSA */
-+
---- misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:40.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,1213 @@
--dummy
-+/**
-+ *
-+ * XMLSec library
-+ *
-+ * AES Algorithm support
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright .................................
-+ */
-+#include "globals.h"
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <hasht.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+
-+#define XMLSEC_NSS_AES128_KEY_SIZE 16
-+#define XMLSEC_NSS_AES192_KEY_SIZE 24
-+#define XMLSEC_NSS_AES256_KEY_SIZE 32
-+#define XMLSEC_NSS_DES3_KEY_SIZE 24
-+#define XMLSEC_NSS_DES3_KEY_LENGTH 24
-+#define XMLSEC_NSS_DES3_IV_LENGTH 8
-+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
-+
-+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
-+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
-+};
-+
-+/*********************************************************************
-+ *
-+ * key wrap transforms
-+ *
-+ ********************************************************************/
-+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
-+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
-+
-+#define xmlSecNssKeyWrapSize \
-+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
-+
-+#define xmlSecNssKeyWrapGetCtx( transform ) \
-+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
-+
-+struct _xmlSecNssKeyWrapCtx {
-+ CK_MECHANISM_TYPE cipher ;
-+ PK11SymKey* symkey ;
-+ xmlSecKeyDataId keyId ;
-+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
-+} ;
-+
-+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
-+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
-+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
-+ xmlSecKeyReqPtr keyReq);
-+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
-+ xmlSecKeyPtr key);
-+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
-+ int last,
-+ xmlSecTransformCtxPtr transformCtx);
-+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
-+
-+static int
-+xmlSecNssKeyWrapCheckId(
-+ xmlSecTransformPtr transform
-+) {
-+ #ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
-+ return(1);
-+ }
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
-+
-+ return(1);
-+ }
-+ #endif /* XMLSEC_NO_AES */
-+
-+ return(0);
-+}
-+
-+static xmlSecSize
-+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
-+#ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
-+ return(XMLSEC_NSS_DES3_KEY_SIZE);
-+ } else
-+#endif /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
-+ return(XMLSEC_NSS_AES128_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
-+ return(XMLSEC_NSS_AES192_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
-+ return(XMLSEC_NSS_AES256_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
-+ return(XMLSEC_NSS_AES256_KEY_SIZE);
-+ } else
-+#endif /* XMLSEC_NO_AES */
-+
-+ if(1)
-+ return(0);
-+}
-+
-+
-+static int
-+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+ int ret;
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ #ifndef XMLSEC_NO_DES
-+ if( transform->id == xmlSecNssTransformKWDes3Id ) {
-+ context->cipher = CKM_DES3_CBC ;
-+ context->keyId = xmlSecNssKeyDataDesId ;
-+ } else
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( transform->id == xmlSecNssTransformKWAes128Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( transform->id == xmlSecNssTransformKWAes192Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( transform->id == xmlSecNssTransformKWAes256Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ #endif /* XMLSEC_NO_AES */
-+
-+
-+ if( 1 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->symkey = NULL ;
-+ context->material = NULL ;
-+
-+ return(0);
-+}
-+
-+static void
-+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+
-+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
-+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert( context != NULL ) ;
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+
-+ if( context->material != NULL ) {
-+ xmlSecBufferDestroy(context->material);
-+ context->material = NULL ;
-+ }
-+}
-+
-+static int
-+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+ xmlSecSize cipherSize = 0 ;
-+
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(keyReq != NULL, -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ keyReq->keyId = context->keyId;
-+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
-+ if(transform->operation == xmlSecTransformOperationEncrypt) {
-+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
-+ } else {
-+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
-+ }
-+
-+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
-+ xmlSecNssKeyWrapCtxPtr context = NULL ;
-+ xmlSecKeyDataPtr keyData = NULL ;
-+ PK11SymKey* symkey = NULL ;
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-+
-+ keyData = xmlSecKeyGetValue( key ) ;
-+ if( keyData == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
-+ "xmlSecKeyGetValue" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
-+ "xmlSecNssSymKeyDataGetKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->symkey = symkey ;
-+
-+ return(0) ;
-+}
-+
-+/**
-+ * key wrap transform
-+ */
-+static int
-+xmlSecNssKeyWrapCtxInit(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecSize blockSize ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ if( ctx->material != NULL ) {
-+ xmlSecBufferDestroy( ctx->material ) ;
-+ ctx->material = NULL ;
-+ }
-+
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ ctx->material = xmlSecBufferCreate( blockSize ) ;
-+ if( ctx->material == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* read raw key material into context */
-+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetData" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+/**
-+ * key wrap transform update
-+ */
-+static int
-+xmlSecNssKeyWrapCtxUpdate(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
-+ xmlSecSize s;
-+ xmlSecSize i;
-+ xmlSecByte c;
-+
-+ xmlSecAssert2(buf != NULL, -1);
-+
-+ s = size / 2;
-+ --size;
-+ for(i = 0; i < s; ++i) {
-+ c = buf[i];
-+ buf[i] = buf[size - i];
-+ buf[size - i] = c;
-+ }
-+ return(0);
-+}
-+
-+static xmlSecByte *
-+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
-+ xmlSecByte *out, xmlSecSize outSize)
-+{
-+ PK11Context *context = NULL;
-+ SECStatus s;
-+ xmlSecByte *digest = NULL;
-+ unsigned int len;
-+
-+ xmlSecAssert2(in != NULL, NULL);
-+ xmlSecAssert2(out != NULL, NULL);
-+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
-+
-+ /* Create a context for hashing (digesting) */
-+ context = PK11_CreateDigestContext(SEC_OID_SHA1);
-+ if (context == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CreateDigestContext",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestBegin(context);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestBegin",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestOp(context, in, inSize);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestOp",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestFinal(context, out, &len, outSize);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestFinal",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+ xmlSecAssert2(len == SHA1_LENGTH, NULL);
-+
-+ digest = out;
-+
-+done:
-+ if (context != NULL) {
-+ PK11_DestroyContext(context, PR_TRUE);
-+ }
-+ return (digest);
-+}
-+
-+static int
-+xmlSecNssKWDes3Encrypt(
-+ PK11SymKey* symKey ,
-+ CK_MECHANISM_TYPE cipherMech ,
-+ const xmlSecByte* iv ,
-+ xmlSecSize ivSize ,
-+ const xmlSecByte* in ,
-+ xmlSecSize inSize ,
-+ xmlSecByte* out ,
-+ xmlSecSize outSize ,
-+ int enc
-+) {
-+ PK11Context* EncContext = NULL;
-+ SECItem ivItem ;
-+ SECItem* secParam = NULL ;
-+ int tmp1_outlen;
-+ unsigned int tmp2_outlen;
-+ int result_len = -1;
-+ SECStatus rv;
-+
-+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+ xmlSecAssert2(iv != NULL, -1);
-+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
-+ xmlSecAssert2(in != NULL, -1);
-+ xmlSecAssert2(inSize > 0, -1);
-+ xmlSecAssert2(out != NULL, -1);
-+ xmlSecAssert2(outSize >= inSize, -1);
-+
-+ /* Prepare IV */
-+ ivItem.data = ( unsigned char* )iv ;
-+ ivItem.len = ivSize ;
-+
-+ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
-+ if (secParam == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_ParamFromIV",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ EncContext = PK11_CreateContextBySymKey(cipherMech,
-+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
-+ symKey, secParam);
-+ if (EncContext == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CreateContextBySymKey",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ tmp1_outlen = tmp2_outlen = 0;
-+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
-+ (unsigned char *)in, inSize);
-+ if (rv != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CipherOp",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
-+ &tmp2_outlen, outSize-tmp1_outlen);
-+ if (rv != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestFinal",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ result_len = tmp1_outlen + tmp2_outlen;
-+
-+done:
-+ if (secParam) {
-+ SECITEM_FreeItem(secParam, PR_TRUE);
-+ }
-+ if (EncContext) {
-+ PK11_DestroyContext(EncContext, PR_TRUE);
-+ }
-+
-+ return(result_len);
-+}
-+
-+static int
-+xmlSecNssKeyWrapDesOp(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ int encrypt ,
-+ xmlSecBufferPtr result
-+) {
-+ xmlSecByte sha1[SHA1_LENGTH];
-+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
-+ xmlSecByte* in;
-+ xmlSecSize inSize;
-+ xmlSecByte* out;
-+ xmlSecSize outSize;
-+ xmlSecSize s;
-+ int ret;
-+ SECStatus status;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( result != NULL , -1 ) ;
-+
-+ in = xmlSecBufferGetData(ctx->material);
-+ inSize = xmlSecBufferGetSize(ctx->material) ;
-+ out = xmlSecBufferGetData(result);
-+ outSize = xmlSecBufferGetMaxSize(result) ;
-+ if( encrypt ) {
-+ /* step 2: calculate sha1 and CMS */
-+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssComputeSHA1",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 3: construct WKCKS */
-+ memcpy(out, in, inSize);
-+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
-+
-+ /* step 4: generate random iv */
-+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
-+ if(status != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_GenerateRandom",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ return(-1);
-+ }
-+
-+ /* step 5: first encryption, result is TEMP1 */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, outSize, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 6: construct TEMP2=IV || TEMP1 */
-+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
-+ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
-+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
-+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
-+
-+ /* step 7: reverse octets order, result is TEMP3 */
-+ ret = xmlSecNssKWDes3BufferReverse(out, s);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3BufferReverse",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 8: second encryption with static IV */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, s,
-+ out, outSize, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret;
-+
-+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferSetSize",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ } else {
-+ /* step 2: first decryption with static IV, result is TEMP3 */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ in, inSize,
-+ out, outSize, 0);
-+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret;
-+
-+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
-+ ret = xmlSecNssKWDes3BufferReverse(out, s);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3BufferReverse",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ out, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, outSize, 0);
-+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
-+
-+ /* steps 6 and 7: calculate SHA1 and validate it */
-+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssComputeSHA1",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ NULL,
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ "SHA1 does not match");
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferSetSize",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapAesOp(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ int encrypt ,
-+ xmlSecBufferPtr result
-+) {
-+ PK11Context* cipherCtx = NULL;
-+ SECItem ivItem ;
-+ SECItem* secParam = NULL ;
-+ xmlSecSize inSize ;
-+ xmlSecSize inBlocks ;
-+ int blockSize ;
-+ int midSize ;
-+ int finSize ;
-+ xmlSecByte* out ;
-+ xmlSecSize outSize;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( result != NULL , -1 ) ;
-+
-+ /* Do not set any IV */
-+ memset(&ivItem, 0, sizeof(ivItem));
-+
-+ /* Get block size */
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ inSize = xmlSecBufferGetSize( ctx->material ) ;
-+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetMaxSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Get Param for context initialization */
-+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_ParamFromIV" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
-+ if( cipherCtx == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_CreateContextBySymKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
-+ return(-1);
-+ }
-+
-+ out = xmlSecBufferGetData(result) ;
-+ outSize = xmlSecBufferGetMaxSize(result) ;
-+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_CipherOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_DigestFinal" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return 0 ;
-+}
-+
-+/**
-+ * Block cipher transform final
-+ */
-+static int
-+xmlSecNssKeyWrapCtxFinal(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ PK11SymKey* targetKey ;
-+ xmlSecSize blockSize ;
-+ xmlSecBufferPtr result ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Now we get all of the key materail */
-+ /* from now on we will wrap or unwrap the key */
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ result = xmlSecBufferCreate( blockSize ) ;
-+ if( result == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ switch( ctx->cipher ) {
-+ case CKM_DES3_CBC :
-+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssKeyWrapDesOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ break ;
-+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
-+ case CKM_AES_CBC :
-+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssKeyWrapAesOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ break ;
-+ }
-+
-+ /* Write output */
-+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(result);
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
-+ xmlSecNssKeyWrapCtxPtr context = NULL ;
-+ xmlSecBufferPtr inBuf, outBuf ;
-+ int operation ;
-+ int rtv ;
-+
-+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ inBuf = &( transform->inBuf ) ;
-+ outBuf = &( transform->outBuf ) ;
-+
-+ if( transform->status == xmlSecTransformStatusNone ) {
-+ transform->status = xmlSecTransformStatusWorking ;
-+ }
-+
-+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
-+ if( transform->status == xmlSecTransformStatusWorking ) {
-+ if( context->material == NULL ) {
-+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxInit" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( context->material == NULL && last != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "No enough data to intialize transform" ) ;
-+ return(-1);
-+ }
-+
-+ if( context->material != NULL ) {
-+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxUpdate" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( last ) {
-+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxFinal" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ transform->status = xmlSecTransformStatusFinished ;
-+ }
-+ } else if( transform->status == xmlSecTransformStatusFinished ) {
-+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+ } else {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+#ifndef XMLSEC_NO_AES
-+
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes128, /* const xmlChar* name; */
-+ xmlSecHrefKWAes128, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes192, /* const xmlChar* name; */
-+ xmlSecHrefKWAes192, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes256, /* const xmlChar* name; */
-+ xmlSecHrefKWAes256, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+/**
-+ * xmlSecNssTransformKWAes128GetKlass:
-+ *
-+ * The AES-128 key wrapper transform klass.
-+ *
-+ * Returns AES-128 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes128GetKlass(void) {
-+ return(&xmlSecNssKWAes128Klass);
-+}
-+
-+/**
-+ * xmlSecNssTransformKWAes192GetKlass:
-+ *
-+ * The AES-192 key wrapper transform klass.
-+ *
-+ * Returns AES-192 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes192GetKlass(void) {
-+ return(&xmlSecNssKWAes192Klass);
-+}
-+
-+/**
-+ *
-+ * The AES-256 key wrapper transform klass.
-+ *
-+ * Returns AES-256 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes256GetKlass(void) {
-+ return(&xmlSecNssKWAes256Klass);
-+}
-+
-+#endif /* XMLSEC_NO_AES */
-+
-+
-+#ifndef XMLSEC_NO_DES
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWDes3, /* const xmlChar* name; */
-+ xmlSecHrefKWDes3, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+/**
-+ * xmlSecNssTransformKWDes3GetKlass:
-+ *
-+ * The Triple DES key wrapper transform klass.
-+ *
-+ * Returns Triple DES key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWDes3GetKlass(void) {
-+ return(&xmlSecNssKWDes3Klass);
-+}
-+
-+#endif /* XMLSEC_NO_DES */
-+
---- misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100
-+++ misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2008-06-29 23:44:19.000000000 +0200
-@@ -5,6 +5,7 @@
- * distribution for preciese wording.
- *
- * Copyright (c) 2003 America Online, Inc. All rights reserved.
-+ * Copyright ...........................
- */
- #include "globals.h"
-
-@@ -24,6 +25,7 @@
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/bignum.h>
- #include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/tokens.h>
-
- /**************************************************************************
- *
-@@ -98,14 +100,13 @@
- {
- xmlSecAssert(ctx != NULL);
- if (ctx->privkey != NULL) {
-- SECKEY_DestroyPrivateKey(ctx->privkey);
-- ctx->privkey = NULL;
-+ SECKEY_DestroyPrivateKey(ctx->privkey);
-+ ctx->privkey = NULL;
- }
-
-- if (ctx->pubkey)
-- {
-- SECKEY_DestroyPublicKey(ctx->pubkey);
-- ctx->pubkey = NULL;
-+ if (ctx->pubkey) {
-+ SECKEY_DestroyPublicKey(ctx->pubkey);
-+ ctx->pubkey = NULL;
- }
-
- }
-@@ -115,29 +116,32 @@
- xmlSecNssPKIKeyDataCtxPtr ctxSrc)
- {
- xmlSecNSSPKIKeyDataCtxFree(ctxDst);
-+ ctxDst->privkey = NULL ;
-+ ctxDst->pubkey = NULL ;
- if (ctxSrc->privkey != NULL) {
-- ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
-- if(ctxDst->privkey == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "SECKEY_CopyPrivateKey",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-+ ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
-+ if(ctxDst->privkey == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "SECKEY_CopyPrivateKey",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code=%d", PORT_GetError());
-+ return(-1);
-+ }
- }
-
- if (ctxSrc->pubkey != NULL) {
-- ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
-- if(ctxDst->pubkey == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "SECKEY_CopyPublicKey",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-+ ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
-+ if(ctxDst->pubkey == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "SECKEY_CopyPublicKey",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code=%d", PORT_GetError());
-+ return(-1);
-+ }
- }
-+
- return (0);
- }
-
-@@ -147,20 +151,41 @@
- SECKEYPublicKey *pubkey)
- {
- xmlSecNssPKIKeyDataCtxPtr ctx;
-+ KeyType pubType = nullKey ;
-+ KeyType priType = nullKey ;
-
- xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
- xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
-
-+ if( privkey != NULL ) {
-+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
-+ }
-+
-+ if( pubkey != NULL ) {
-+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
-+ }
-+
-+ if( priType != nullKey && pubType != nullKey ) {
-+ if( pubType != priType ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "different type of private and public key" ) ;
-+ return -1 ;
-+ }
-+ }
-+
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
- if (ctx->privkey) {
-- SECKEY_DestroyPrivateKey(ctx->privkey);
-+ SECKEY_DestroyPrivateKey(ctx->privkey);
- }
- ctx->privkey = privkey;
-
- if (ctx->pubkey) {
-- SECKEY_DestroyPublicKey(ctx->pubkey);
-+ SECKEY_DestroyPublicKey(ctx->pubkey);
- }
- ctx->pubkey = pubkey;
-
-@@ -183,61 +208,75 @@
- {
- xmlSecKeyDataPtr data = NULL;
- int ret;
-- KeyType kt;
--
-- if (pubkey != NULL) {
-- kt = SECKEY_GetPublicKeyType(pubkey);
-- } else {
-- kt = SECKEY_GetPrivateKeyType(privkey);
-- pubkey = SECKEY_ConvertToPublicKey(privkey);
-- }
-+ KeyType pubType = nullKey ;
-+ KeyType priType = nullKey ;
-
-- switch(kt) {
-+ if( privkey != NULL ) {
-+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
-+ }
-+
-+ if( pubkey != NULL ) {
-+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
-+ }
-+
-+ if( priType != nullKey && pubType != nullKey ) {
-+ if( pubType != priType ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "different type of private and public key" ) ;
-+ return( NULL ) ;
-+ }
-+ }
-+
-+ pubType = priType != nullKey ? priType : pubType ;
-+ switch(pubType) {
- #ifndef XMLSEC_NO_RSA
- case rsaKey:
-- data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
-- if(data == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyDataCreate",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "xmlSecNssKeyDataRsaId");
-- return(NULL);
-- }
-- break;
-+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
-+ if(data == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "xmlSecNssKeyDataRsaId");
-+ return(NULL);
-+ }
-+ break;
- #endif /* XMLSEC_NO_RSA */
- #ifndef XMLSEC_NO_DSA
- case dsaKey:
-- data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
-- if(data == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyDataCreate",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "xmlSecNssKeyDataDsaId");
-- return(NULL);
-- }
-- break;
-+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
-+ if(data == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "xmlSecNssKeyDataDsaId");
-+ return(NULL);
-+ }
-+ break;
- #endif /* XMLSEC_NO_DSA */
- default:
-- xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
-- "PKI key type %d not supported", kt);
-- return(NULL);
-+ "PKI key type %d not supported", pubType);
-+ return(NULL);
- }
-
- xmlSecAssert2(data != NULL, NULL);
- ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssPKIKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-- xmlSecKeyDataDestroy(data);
-- return(NULL);
-+ xmlSecKeyDataDestroy(data);
-+ return(NULL);
- }
- return(data);
- }
-@@ -263,7 +302,7 @@
- xmlSecAssert2(ctx != NULL, NULL);
- xmlSecAssert2(ctx->pubkey != NULL, NULL);
-
-- ret = SECKEY_CopyPublicKey(ctx->pubkey);
-+ ret = SECKEY_CopyPublicKey(ctx->pubkey);
- return(ret);
- }
-
-@@ -312,9 +351,9 @@
- xmlSecAssert2(ctx != NULL, nullKey);
-
- if (ctx->pubkey != NULL) {
-- kt = SECKEY_GetPublicKeyType(ctx->pubkey);
-+ kt = SECKEY_GetPublicKeyType(ctx->pubkey);
- } else {
-- kt = SECKEY_GetPrivateKeyType(ctx->privkey);
-+ kt = SECKEY_GetPrivateKeyType(ctx->privkey);
- }
- return(kt);
- }
-@@ -453,7 +492,11 @@
- static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecNssPKIKeyDataSize,
-
-@@ -553,13 +596,13 @@
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_DSA, NULL);
-+ slot = xmlSecNssSlotGet(CKM_DSA);
- if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "PK11_GetBestSlot",
-+ "xmlSecNssSlotGet",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- ret = -1;
- goto done;
- }
-@@ -570,7 +613,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "PORT_NewArena",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- ret = -1;
- goto done;
- }
-@@ -582,7 +625,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "PORT_ArenaZAlloc",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- PORT_FreeArena(arena, PR_FALSE);
- ret = -1;
- goto done;
-@@ -750,21 +793,21 @@
- goto done;
- }
- data = NULL;
--
- ret = 0;
-
- done:
- if (slot != NULL) {
-- PK11_FreeSlot(slot);
-+ PK11_FreeSlot(slot);
- }
-- if (ret != 0) {
-- if (pubkey != NULL) {
-- SECKEY_DestroyPublicKey(pubkey);
-- }
-- if (data != NULL) {
-- xmlSecKeyDataDestroy(data);
-- }
-+
-+ if (pubkey != NULL) {
-+ SECKEY_DestroyPublicKey(pubkey);
-+ }
-+
-+ if (data != NULL) {
-+ xmlSecKeyDataDestroy(data);
- }
-+
- return(ret);
- }
-
-@@ -783,7 +826,7 @@
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
-@@ -905,7 +948,8 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_PQG_ParamGen",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", sizeBits);
-+ "size=%d, error code=%d", sizeBits, PORT_GetError());
-+ ret = -1;
- goto done;
- }
-
-@@ -915,11 +959,12 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_PQG_VerifyParams",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", sizeBits);
-+ "size=%d, error code=%d", sizeBits, PORT_GetError());
-+ ret = -1;
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
-+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
- PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
-@@ -929,8 +974,9 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_GenerateKeyPair",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
-
-+ ret = -1;
- goto done;
- }
-
-@@ -943,29 +989,32 @@
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
--
-+ privkey = NULL ;
-+ pubkey = NULL ;
- ret = 0;
-
- done:
- if (slot != NULL) {
-- PK11_FreeSlot(slot);
-+ PK11_FreeSlot(slot);
- }
-+
- if (pqgParams != NULL) {
-- PK11_PQG_DestroyParams(pqgParams);
-+ PK11_PQG_DestroyParams(pqgParams);
- }
-+
- if (pqgVerify != NULL) {
-- PK11_PQG_DestroyVerify(pqgVerify);
-- }
-- if (ret == 0) {
-- return (0);
-+ PK11_PQG_DestroyVerify(pqgVerify);
- }
-+
- if (pubkey != NULL) {
-- SECKEY_DestroyPublicKey(pubkey);
-+ SECKEY_DestroyPublicKey(pubkey);
- }
-+
- if (privkey != NULL) {
-- SECKEY_DestroyPrivateKey(privkey);
-+ SECKEY_DestroyPrivateKey(privkey);
- }
-- return(-1);
-+
-+ return(ret);
- }
-
- static xmlSecKeyDataType
-@@ -975,11 +1024,11 @@
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
- if (ctx->privkey != NULL) {
-- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
-- } else {
-- return(xmlSecKeyDataTypePublic);
-+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
-+ } else if( ctx->pubkey != NULL ) {
-+ return(xmlSecKeyDataTypePublic);
- }
-
- return(xmlSecKeyDataTypeUnknown);
-@@ -992,7 +1041,7 @@
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-@@ -1084,7 +1133,11 @@
- static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecNssPKIKeyDataSize,
-
-@@ -1181,13 +1234,13 @@
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
- if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "PK11_GetBestSlot",
-+ "xmlSecNssSlotGet",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- ret = -1;
- goto done;
- }
-@@ -1198,7 +1251,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "PORT_NewArena",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- ret = -1;
- goto done;
- }
-@@ -1210,7 +1263,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "PORT_ArenaZAlloc",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- PORT_FreeArena(arena, PR_FALSE);
- ret = -1;
- goto done;
-@@ -1349,7 +1402,7 @@
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
-@@ -1420,7 +1473,7 @@
- params.keySizeInBits = sizeBits;
- params.pe = 65537;
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
- PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
-@@ -1430,7 +1483,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_GenerateKeyPair",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
-
- goto done;
- }
-@@ -1472,7 +1525,7 @@
-
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
- if (ctx->privkey != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
- } else {
-@@ -1490,7 +1543,7 @@
-
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
---- misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2008-06-29 23:44:19.000000000 +0200
-@@ -199,7 +199,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_NewContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- } else {
-@@ -222,7 +222,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_CreateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- }
-@@ -282,7 +282,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_Update, VFY_End",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
-
- if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -341,7 +341,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_Begin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- } else {
-@@ -351,7 +351,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_Begin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- }
-@@ -368,7 +368,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_Update",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- } else {
-@@ -378,7 +378,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_Update",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- }
-@@ -404,7 +404,7 @@
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_End",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -459,7 +459,11 @@
- *
- ***************************************************************************/
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssSignatureSize, /* xmlSecSize objSize */
-@@ -506,7 +510,11 @@
- * RSA-SHA1 signature transform
- *
- ***************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
-+#else
- static xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
-+#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssSignatureSize, /* xmlSecSize objSize */
---- misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2008-06-29 23:44:19.000000000 +0200
-@@ -15,178 +15,837 @@
- #include <stdio.h>
- #include <string.h>
-
-+#include <pk11func.h>
-+#include <nss.h>
-+
- #include <xmlsec/xmlsec.h>
- #include <xmlsec/xmltree.h>
-+#include <xmlsec/base64.h>
- #include <xmlsec/keys.h>
- #include <xmlsec/keyinfo.h>
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/tokens.h>
-
- /*****************************************************************************
- *
-- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
-+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
- *
- ****************************************************************************/
--static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
--static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
-- xmlSecKeyDataPtr src);
--static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
--static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
-- xmlSecKeyPtr key,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
-- xmlSecKeyPtr key,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
-- xmlSecKeyPtr key,
-- const xmlSecByte* buf,
-- xmlSecSize bufSize,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
-- xmlSecKeyPtr key,
-- xmlSecByte** buf,
-- xmlSecSize* bufSize,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
-- xmlSecSize sizeBits,
-- xmlSecKeyDataType type);
--
--static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
--static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
--static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
-- FILE* output);
--static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
-- FILE* output);
--static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
-+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
-+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
-+
-+struct _xmlSecNssSymKeyDataCtx {
-+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
-+ PK11SlotInfo* slot ; /* the key resident slot */
-+ PK11SymKey* symkey ; /* the symmetic key */
-+} ;
-+
-+#define xmlSecNssSymKeyDataSize \
-+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
-+
-+#define xmlSecNssSymKeyDataGetCtx( data ) \
-+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
-+
-+
-+static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
-+static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
-+ xmlSecKeyDataPtr src);
-+static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
-+static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
-+ xmlSecKeyPtr key,
-+ xmlNodePtr node,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx);
-+static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
-+ xmlSecKeyPtr key,
-+ xmlNodePtr node,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx);
-+static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
-+ xmlSecKeyPtr key,
-+ const xmlSecByte* buf,
-+ xmlSecSize bufSize,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx);
-+static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
-+ xmlSecKeyPtr key,
-+ xmlSecByte** buf,
-+ xmlSecSize* bufSize,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx);
-+static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
-+ xmlSecSize sizeBits,
-+ xmlSecKeyDataType type);
-+
-+static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
-+static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
-+static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
-+ FILE* output);
-+static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
-+ FILE* output);
-+static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
-
- #define xmlSecNssSymKeyDataCheckId(data) \
- (xmlSecKeyDataIsValid((data)) && \
- xmlSecNssSymKeyDataKlassCheck((data)->id))
-
-+/**
-+ * xmlSecNssSymKeyDataAdoptKey:
-+ * @data: the pointer to symmetric key data.
-+ * @symkey: the symmetric key
-+ *
-+ * Set the value of symmetric key data.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+int
-+xmlSecNssSymKeyDataAdoptKey(
-+ xmlSecKeyDataPtr data ,
-+ PK11SymKey* symkey
-+) {
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
-+ xmlSecAssert2( symkey != NULL, -1 ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ xmlSecAssert2(context != NULL, -1);
-+
-+ context->cipher = PK11_GetMechanism( symkey ) ;
-+
-+ if( context->slot != NULL ) {
-+ PK11_FreeSlot( context->slot ) ;
-+ context->slot = NULL ;
-+ }
-+ context->slot = PK11_GetSlotFromKey( symkey ) ;
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+ context->symkey = PK11_ReferenceSymKey( symkey ) ;
-+
-+ return 0 ;
-+}
-+
-+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyDataPtr data = NULL ;
-+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
-+
-+ xmlSecAssert2( symKey != NULL , NULL ) ;
-+
-+ mechanism = PK11_GetMechanism( symKey ) ;
-+ switch( mechanism ) {
-+ case CKM_DES3_KEY_GEN :
-+ case CKM_DES3_CBC :
-+ case CKM_DES3_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ case CKM_AES_KEY_GEN :
-+ case CKM_AES_CBC :
-+ case CKM_AES_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ default :
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "Unsupported mechanism" ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataAdoptKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ return data ;
-+}
-+
-+
-+PK11SymKey*
-+xmlSecNssSymKeyDataGetKey(
-+ xmlSecKeyDataPtr data
-+) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ PK11SymKey* symkey ;
-+
-+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, NULL);
-+
-+ if( ctx->symkey != NULL ) {
-+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
-+ } else {
-+ symkey = NULL ;
-+ }
-+
-+ return(symkey);
-+}
-+
- static int
- xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
--
-- return(xmlSecKeyDataBinaryValueInitialize(data));
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
-+
-+ /* Set the block cipher mechanism */
-+#ifndef XMLSEC_NO_DES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_DES3_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_AES_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_AES */
-+
-+ if(1) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ "Unsupported block cipher" ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
-+ xmlSecNssSymKeyDataCtxPtr ctxDst;
-+ xmlSecNssSymKeyDataCtxPtr ctxSrc;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(dst->id == src->id, -1);
--
-- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-+
-+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
-+ xmlSecAssert2(ctxDst != NULL, -1);
-+
-+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
-+ xmlSecAssert2(ctxSrc != NULL, -1);
-+
-+ ctxDst->cipher = ctxSrc->cipher ;
-+
-+ if( ctxSrc->slot != NULL ) {
-+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+
-+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
-+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
-+ } else {
-+ if( ctxDst->slot != NULL ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+ }
-+
-+ if( ctxSrc->symkey != NULL ) {
-+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+
-+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
-+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
-+ } else {
-+ if( ctxDst->symkey != NULL ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+ }
-+
-+ return(0);
- }
-
- static void
- xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
--
-- xmlSecKeyDataBinaryValueFinalize(data);
-+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert(ctx != NULL);
-+
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+
-+ ctx->cipher = CKM_INVALID_MECHANISM ;
- }
-
- static int
- xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
-- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecBufferPtr keyBuf;
-+ xmlSecSize len;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-+
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Create a buffer for raw symmetric key value */
-+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Read the raw key value */
-+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = xmlSecBufferGetData( keyBuf ) ;
-+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* raw key material has been copied into symKey, it isn't used any more */
-+ xmlSecBufferDestroy( keyBuf ) ;
-
-- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+ xmlSecBufferPtr keyBuf ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Create key data buffer with raw kwy material */
-+ keyBuf = xmlSecBufferCreate(keyItem->len) ;
-+ if(keyBuf == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
-+
-+ /* Write raw key material into current xml node */
-+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferBase64NodeContentWrite",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
-- const xmlSecByte* buf, xmlSecSize bufSize,
-- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ const xmlSecByte* buf, xmlSecSize bufSize,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-
-- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = buf ;
-+ keyItem.len = bufSize ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-- xmlSecByte** buf, xmlSecSize* bufSize,
-- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ xmlSecByte** buf, xmlSecSize* bufSize,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ *bufSize = keyItem->len;
-+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
-+ if( *buf == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ memcpy((*buf), keyItem->data, (*bufSize));
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
-- xmlSecBufferPtr buffer;
--
-+ PK11SymKey* symkey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ int ret;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
- xmlSecAssert2(sizeBits > 0, -1);
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
-- xmlSecAssert2(buffer != NULL, -1);
--
-- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ if( sizeBits % 8 != 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "Symmetric key size must be octuple");
-+ return(-1);
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_Authenticate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-+
-+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
-+ if( symkey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_KeyGen" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-+
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+ ctx->slot = slot ;
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+ ctx->symkey = symkey ;
-+
-+ return 0 ;
- }
-
- static xmlSecKeyDataType
- xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
-- xmlSecBufferPtr buffer;
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
-
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
-- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "xmlSecNssSymKeyDataGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return xmlSecKeyDataTypeUnknown ;
-+ }
-+
-+ if( context->symkey != NULL ) {
-+ type |= xmlSecKeyDataTypeSymmetric ;
-+ } else {
-+ type |= xmlSecKeyDataTypeUnknown ;
-+ }
-
-- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
-+ return type ;
- }
-
- static xmlSecSize
- xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr context ;
-+ unsigned int length = 0 ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
--
-- return(xmlSecKeyDataBinaryValueGetSize(data));
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "xmlSecNssSymKeyDataGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return 0 ;
-+ }
-+
-+ if( context->symkey != NULL ) {
-+ length = PK11_GetKeyLength( context->symkey ) ;
-+ length *= 8 ;
-+ }
-+
-+ return length ;
- }
-
- static void
- xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-
-- xmlSecKeyDataBinaryValueDebugDump(data, output);
-+ /* print only size, everything else is sensitive */
-+ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
-+ xmlSecKeyDataGetSize(data)) ;
- }
-
- static void
- xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-
-- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
-+ /* print only size, everything else is sensitive */
-+ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
-+ xmlSecKeyDataGetSize(data)) ;
- }
-
- static int
- xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
- #ifndef XMLSEC_NO_DES
- if(klass == xmlSecNssKeyDataDesId) {
-- return(1);
-+ return(1);
- }
- #endif /* XMLSEC_NO_DES */
-
- #ifndef XMLSEC_NO_AES
- if(klass == xmlSecNssKeyDataAesId) {
-- return(1);
-+ return(1);
- }
- #endif /* XMLSEC_NO_AES */
-
- #ifndef XMLSEC_NO_HMAC
- if(klass == xmlSecNssKeyDataHmacId) {
-- return(1);
-+ return(1);
- }
- #endif /* XMLSEC_NO_HMAC */
-
-@@ -199,42 +858,46 @@
- * <xmlsec:AESKeyValue> processing
- *
- *************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
-- xmlSecKeyDataBinarySize,
-+ xmlSecNssSymKeyDataSize,
-
- /* data */
- xmlSecNameAESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
-- /* xmlSecKeyDataUsage usage; */
-- xmlSecHrefAESKeyValue, /* const xmlChar* href; */
-- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
-- xmlSecNs, /* const xmlChar* dataNodeNs; */
-+ /* xmlSecKeyDataUsage usage; */
-+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
-+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
-+ xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
-- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
-- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
-- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
-- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
-+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
-+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
-+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
-- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
-- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
-- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
-+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
-+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
-- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
-- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
-- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
-- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
-+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
-+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
-+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
-- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
-- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
-+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
- };
-
- /**
-@@ -251,9 +914,9 @@
-
- /**
- * xmlSecNssKeyDataAesSet:
-- * @data: the pointer to AES key data.
-- * @buf: the pointer to key value.
-- * @bufSize: the key value size (in bytes).
-+ * @data: the pointer to AES key data.
-+ * @buf: the pointer to key value.
-+ * @bufSize: the key value size (in bytes).
- *
- * Sets the value of AES key data.
- *
-@@ -280,42 +943,46 @@
- * <xmlsec:DESKeyValue> processing
- *
- *************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
-- xmlSecKeyDataBinarySize,
-+ xmlSecNssSymKeyDataSize,
-
- /* data */
- xmlSecNameDESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
-- /* xmlSecKeyDataUsage usage; */
-- xmlSecHrefDESKeyValue, /* const xmlChar* href; */
-- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
-- xmlSecNs, /* const xmlChar* dataNodeNs; */
-+ /* xmlSecKeyDataUsage usage; */
-+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
-+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
-+ xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
-- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
-- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
-- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
-- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
-+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
-+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
-+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
-- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
-- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
-- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
-+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
-+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
-- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
-- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
-- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
-- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
-+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
-+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
-+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
-- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
-- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
-+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
- };
-
- /**
-@@ -332,9 +999,9 @@
-
- /**
- * xmlSecNssKeyDataDesSet:
-- * @data: the pointer to DES key data.
-- * @buf: the pointer to key value.
-- * @bufSize: the key value size (in bytes).
-+ * @data: the pointer to DES key data.
-+ * @buf: the pointer to key value.
-+ * @bufSize: the key value size (in bytes).
- *
- * Sets the value of DES key data.
- *
-@@ -362,42 +1029,46 @@
- * <xmlsec:HMACKeyValue> processing
- *
- *************************************************************************/
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
-- xmlSecKeyDataBinarySize,
-+ xmlSecNssSymKeyDataSize,
-
- /* data */
- xmlSecNameHMACKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
-- /* xmlSecKeyDataUsage usage; */
-- xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
-- xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
-- xmlSecNs, /* const xmlChar* dataNodeNs; */
-+ /* xmlSecKeyDataUsage usage; */
-+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
-+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
-+ xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
-- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
-- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
-- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
-- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
-+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
-+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
-+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
-- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
-- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
-- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
-+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
-+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
-- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
-- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
-- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
-- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
-+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
-+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
-+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
-- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
-- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
-+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
- };
-
- /**
-@@ -414,9 +1085,9 @@
-
- /**
- * xmlSecNssKeyDataHmacSet:
-- * @data: the pointer to HMAC key data.
-- * @buf: the pointer to key value.
-- * @bufSize: the key value size (in bytes).
-+ * @data: the pointer to HMAC key data.
-+ * @buf: the pointer to key value.
-+ * @bufSize: the key value size (in bytes).
- *
- * Sets the value of HMAC key data.
- *
---- misc/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:40.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:19.000000000 +0200
-@@ -1 +1,548 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright..................................
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+
-+/**
-+ * In order to ensure that particular crypto operation is performed on
-+ * particular crypto device, a subclass of xmlSecList is used to store slot and
-+ * mechanism information.
-+ *
-+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
-+ * this mechanism only can perform on the slot; otherwise, it can perform on
-+ * every eligibl slot in the list.
-+ *
-+ * When try to find a slot for a particular mechanism, the slot bound with
-+ * avaliable mechanism will be looked up firstly.
-+ */
-+#include "globals.h"
-+#include <string.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/errors.h>
-+#include <xmlsec/list.h>
-+
-+#include <xmlsec/nss/tokens.h>
-+
-+int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( keySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+ CK_MECHANISM_TYPE_PTR newList ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( mechanism != CKM_INVALID_MECHANISM ) {
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
-+ *( newList + counter ) = mechanism ;
-+ for( counter -= 1 ; counter >= 0 ; counter -- )
-+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
-+
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = newList ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == mechanism ) {
-+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
-+ }
-+
-+ break ;
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->mechanismList ;
-+ else
-+ return NULL ;
-+}
-+
-+int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( slot != NULL && keySlot->slot != slot ) {
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
-+
-+ if( slot != NULL ) {
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ if( keySlot->slot != NULL ) {
-+ PK11_FreeSlot( keySlot->slot ) ;
-+ keySlot->slot = NULL ;
-+ }
-+
-+}
-+
-+PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->slot ;
-+ else
-+ return NULL ;
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Allocates a new xmlSecNssKeySlot and fill the fields */
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
-+
-+ return( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ CK_MECHANISM_TYPE_PTR mech ;
-+ int counter ;
-+
-+ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
-+ if( newKeySlot->slot != NULL )
-+ PK11_FreeSlot( newKeySlot->slot ) ;
-+
-+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
-+ }
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( newKeySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newKeySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeySlotPtr newKeySlot ;
-+ int ret ;
-+
-+ xmlSecAssert2( keySlot != NULL , NULL ) ;
-+
-+ newKeySlot = xmlSecNssKeySlotCreate() ;
-+ if( newKeySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ return( newKeySlot );
-+}
-+
-+void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL )
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ xmlFree( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == type )
-+ return(1) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
-+ return(1);
-+ } else
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotDebugDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+ xmlSecAssert( output != NULL ) ;
-+
-+ fprintf( output, "== KEY SLOT\n" );
-+}
-+
-+void
-+xmlSecNssKeySlotDebugXmlDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+}
-+
-+/**
-+ * Key Slot List
-+ */
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-+#else
-+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-+#endif
-+ BAD_CAST "mechanism-list",
-+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
-+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
-+};
-+
-+xmlSecPtrListId
-+xmlSecNssKeySlotListGetKlass(void) {
-+ return(&xmlSecNssKeySlotPtrListKlass);
-+}
-+
-+
-+/*-
-+ * Global PKCS#11 crypto token repository -- Key slot list
-+ */
-+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
-+
-+PK11SlotInfo*
-+xmlSecNssSlotGet(
-+ CK_MECHANISM_TYPE type
-+) {
-+ PK11SlotInfo* slot = NULL ;
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ slot = PK11_GetBestSlot( type , NULL ) ;
-+ } else {
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the mechanism is bound with a special slot.
-+ * If no bound slot, we try to find the first eligible slot in the list.
-+ */
-+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 2 ;
-+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 1 ;
-+ }
-+
-+ if( flag == 2 )
-+ break ;
-+ }
-+ if( slot != NULL )
-+ slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ if( slot != NULL && PK11_NeedLogin( slot ) ) {
-+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return( NULL );
-+ }
-+ }
-+
-+ return slot ;
-+}
-+
-+int
-+xmlSecNssSlotInitialize(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+
-+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssSlotShutdown(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+}
-+
-+int
-+xmlSecNssSlotAdopt(
-+ PK11SlotInfo* slot,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
-+ xmlSecAssert2( slot != NULL, -1 ) ;
-+
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the slot is in the repository already.
-+ */
-+ flag = 0 ;
-+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ /* If find the slot in the list */
-+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ flag = 1 ;
-+ }
-+ }
-+
-+ /* If the slot do not in the list, add a new item to the list */
-+ if( flag == 0 ) {
-+ /* Create a new KeySlot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Initialize the keySlot with a slot */
-+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ /* Add keySlot into the list */
-+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ return(0);
-+}
-+
---- misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/x509.c 2008-06-29 23:44:19.000000000 +0200
-@@ -34,7 +34,6 @@
- #include <xmlsec/keys.h>
- #include <xmlsec/keyinfo.h>
- #include <xmlsec/keysmngr.h>
--#include <xmlsec/x509.h>
- #include <xmlsec/base64.h>
- #include <xmlsec/errors.h>
-
-@@ -61,37 +60,21 @@
- static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
- xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--
- static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
- xmlSecSize size);
- static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
-@@ -104,9 +87,6 @@
- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
- int base64LineWrap);
--static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
--static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
--static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
- static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
- FILE* output);
- static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
-@@ -254,7 +234,11 @@
-
-
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
-+#else
- static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- xmlSecNssX509DataSize,
-
-@@ -378,7 +362,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_NewCertList",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- }
-@@ -389,7 +373,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_AddCertToListTail",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- ctx->numCerts++;
-@@ -588,7 +572,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -627,7 +611,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "SEC_DupCrl",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-@@ -652,7 +636,7 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
- ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
-@@ -752,31 +736,22 @@
- xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataPtr data;
-+ xmlNodePtr cur;
-+ xmlChar* buf;
- CERTCertificate* cert;
- CERTSignedCrl* crl;
- xmlSecSize size, pos;
-- int content = 0;
-- int ret;
-
- xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
-- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
-- if (content < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecX509DataGetNodeContent",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "content=%d", content);
-- return(-1);
-- } else if(content == 0) {
-- /* by default we are writing certificates and crls */
-- content = XMLSEC_X509DATA_DEFAULT;
-+ /* todo: flag in ctx remove all existing content */
-+ if(0) {
-+ xmlNodeSetContent(node, NULL);
- }
-
-- /* get x509 data */
- data = xmlSecKeyGetData(key, id);
- if(data == NULL) {
- /* no x509 data in the key */
-@@ -795,80 +770,75 @@
- "pos=%d", pos);
- return(-1);
- }
--
-- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
-- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509CertificateNodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-- return(-1);
-- }
-+
-+ /* set base64 lines size from context */
-+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
-+ if(buf == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssX509CertBase64DerWrite",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
- }
--
-- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
-- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509SubjectNameNodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-- return(-1);
-- }
-+
-+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
-+ xmlFree(buf);
-+ return(-1);
- }
-+ /* todo: add \n around base64 data - from context */
-+ /* todo: add errors check */
-+ xmlNodeSetContent(cur, xmlSecStringCR);
-+ xmlNodeSetContent(cur, buf);
-+ xmlFree(buf);
-+ }
-
-- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
-- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509IssuerSerialNodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-- return(-1);
-- }
-- }
-+ /* write crls */
-+ size = xmlSecNssKeyDataX509GetCrlsSize(data);
-+ for(pos = 0; pos < size; ++pos) {
-+ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
-+ if(crl == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssKeyDataX509GetCrl",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "pos=%d", pos);
-+ return(-1);
-+ }
-
-- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
-- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509SKINodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-- return(-1);
-- }
-- }
-- }
-+ /* set base64 lines size from context */
-+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
-+ if(buf == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssX509CrlBase64DerWrite",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-
-- /* write crls if needed */
-- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
-- size = xmlSecNssKeyDataX509GetCrlsSize(data);
-- for(pos = 0; pos < size; ++pos) {
-- crl = xmlSecNssKeyDataX509GetCrl(data, pos);
-- if(crl == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssKeyDataX509GetCrl",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-- return(-1);
-- }
--
-- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509CRLNodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-- return(-1);
-- }
-- }
-+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "new_node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
-+ xmlFree(buf);
-+ return(-1);
-+ }
-+ /* todo: add \n around base64 data - from context */
-+ /* todo: add errors check */
-+ xmlNodeSetContent(cur, xmlSecStringCR);
-+ xmlNodeSetContent(cur, buf);
- }
-
- return(0);
-@@ -1015,19 +985,13 @@
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- content = xmlNodeGetContent(node);
-- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
-- if(content != NULL) {
-- xmlFree(content);
-- }
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- return(0);
-+ if(content == NULL){
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
- }
-
- cert = xmlSecNssX509CertBase64DerRead(content);
-@@ -1057,46 +1021,6 @@
- return(0);
- }
-
--static int
--xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlChar* buf;
-- xmlNodePtr cur;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
-- xmlSecAssert2(keyInfoCtx != NULL, -1);
--
-- /* set base64 lines size from context */
-- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
-- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509CertBase64DerWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecAddChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
-- xmlFree(buf);
-- return(-1);
-- }
--
-- /* todo: add \n around base64 data - from context */
-- /* todo: add errors check */
-- xmlNodeSetContent(cur, xmlSecStringCR);
-- xmlNodeSetContent(cur, buf);
-- xmlFree(buf);
-- return(0);
--}
--
- static int
- xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
-@@ -1120,19 +1044,13 @@
- }
-
- subject = xmlNodeGetContent(node);
-- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
-- if(subject != NULL) {
-- xmlFree(subject);
-- }
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- return(0);
-+ if(subject == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
- }
-
- cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
-@@ -1167,40 +1085,6 @@
- return(0);
- }
-
--static int
--xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
-- xmlChar* buf = NULL;
-- xmlNodePtr cur = NULL;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
--
-- buf = xmlSecNssX509NameWrite(&(cert->subject));
-- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameWrite(&(cert->subject))",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecAddChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
-- xmlFree(buf);
-- return(-1);
-- }
-- xmlNodeSetContent(cur, buf);
-- xmlFree(buf);
-- return(0);
--}
--
- static int
- xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
-@@ -1226,21 +1110,9 @@
- }
-
- cur = xmlSecGetNextElementNode(node->children);
-- if(cur == NULL) {
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
-- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
-- return(-1);
-- }
-- return(0);
-- }
--
-+
- /* the first is required node X509IssuerName */
-- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
-+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
-@@ -1332,78 +1204,6 @@
- return(0);
- }
-
--static int
--xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
-- xmlNodePtr cur;
-- xmlNodePtr issuerNameNode;
-- xmlNodePtr issuerNumberNode;
-- xmlChar* buf;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
--
-- /* create xml nodes */
-- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecAddChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
-- return(-1);
-- }
--
-- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
-- if(issuerNameNode == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecAddChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
-- return(-1);
-- }
--
-- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
-- if(issuerNumberNode == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecAddChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
-- return(-1);
-- }
--
-- /* write data */
-- buf = xmlSecNssX509NameWrite(&(cert->issuer));
-- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameWrite(&(cert->issuer))",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- xmlNodeSetContent(issuerNameNode, buf);
-- xmlFree(buf);
--
-- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
-- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- xmlNodeSetContent(issuerNumberNode, buf);
-- xmlFree(buf);
--
-- return(0);
--}
--
- static int
- xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
-@@ -1427,20 +1227,14 @@
- }
-
- ski = xmlNodeGetContent(node);
-- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
-- if(ski != NULL) {
-- xmlFree(ski);
-- }
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
-- return(-1);
-- }
-- return(0);
-+ if(ski == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-+ "node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
-+ return(-1);
- }
-
- cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
-@@ -1475,41 +1269,6 @@
- return(0);
- }
-
--static int
--xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
-- xmlChar *buf = NULL;
-- xmlNodePtr cur = NULL;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
--
-- buf = xmlSecNssX509SKIWrite(cert);
-- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509SKIWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecAddChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "new_node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
-- xmlFree(buf);
-- return(-1);
-- }
-- xmlNodeSetContent(cur, buf);
-- xmlFree(buf);
--
-- return(0);
--}
--
- static int
- xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar *content;
-@@ -1520,19 +1279,13 @@
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- content = xmlNodeGetContent(node);
-- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
-- if(content != NULL) {
-- xmlFree(content);
-- }
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- return(0);
-+ if(content == NULL){
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
- }
-
- crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
-@@ -1552,47 +1305,6 @@
- }
-
- static int
--xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlChar* buf = NULL;
-- xmlNodePtr cur = NULL;
--
-- xmlSecAssert2(crl != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
-- xmlSecAssert2(keyInfoCtx != NULL, -1);
--
-- /* set base64 lines size from context */
-- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
-- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509CrlBase64DerWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecAddChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "new_node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
-- xmlFree(buf);
-- return(-1);
-- }
-- /* todo: add \n around base64 data - from context */
-- /* todo: add errors check */
-- xmlNodeSetContent(cur, xmlSecStringCR);
-- xmlNodeSetContent(cur, buf);
-- xmlFree(buf);
--
-- return(0);
--}
--
--
--static int
- xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecNssX509DataCtxPtr ctx;
-@@ -1600,6 +1312,10 @@
- int ret;
- SECStatus status;
- PRTime notBefore, notAfter;
-+
-+ PK11SlotInfo* slot ;
-+ SECKEYPublicKey *pubKey = NULL;
-+ SECKEYPrivateKey *priKey = NULL;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
- xmlSecAssert2(key != NULL, -1);
-@@ -1632,10 +1348,13 @@
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(-1);
- }
-
-+ /*-
-+ * Get Public key from cert, which does not always work for sign action.
-+ *
- keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
- if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -1645,6 +1364,54 @@
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-+ */
-+
-+ /*-
-+ * I'll search key according to KeyReq.
-+ */
-+ slot = cert->slot ;
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_FindPrivateKeyFromCert" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "CERT_ExtractPublicKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ if( priKey != NULL )
-+ SECKEY_DestroyPrivateKey( priKey ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
-+ if( keyValue == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ if( priKey != NULL )
-+ SECKEY_DestroyPrivateKey( priKey ) ;
-+
-+ if( pubKey != NULL )
-+ SECKEY_DestroyPublicKey( pubKey ) ;
-+
-+ return -1 ;
-+ }
-+ /* Modify keyValue get Done */
-
- /* verify that the key matches our expectations */
- if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
-@@ -1725,14 +1492,6 @@
- return(0);
- }
-
--/**
-- * xmlSecNssX509CertGetKey:
-- * @cert: the certificate.
-- *
-- * Extracts public key from the @cert.
-- *
-- * Returns public key value or NULL if an error occurs.
-- */
- xmlSecKeyDataPtr
- xmlSecNssX509CertGetKey(CERTCertificate* cert) {
- xmlSecKeyDataPtr data;
-@@ -1746,7 +1505,7 @@
- NULL,
- "CERT_ExtractPublicKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(NULL);
- }
-
-@@ -1804,7 +1563,7 @@
- NULL,
- "__CERT_NewTempCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(NULL);
- }
-
-@@ -1827,7 +1586,7 @@
- NULL,
- "cert->derCert",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(NULL);
- }
-
-@@ -1890,7 +1649,7 @@
- NULL,
- "PK11_GetInternalKeySlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return NULL;
- }
-
-@@ -1905,7 +1664,7 @@
- NULL,
- "PK11_ImportCRL",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- PK11_FreeSlot(slot);
- return(NULL);
- }
-@@ -1929,7 +1688,7 @@
- NULL,
- "crl->derCrl",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
- return(NULL);
- }
-
-@@ -1946,86 +1705,6 @@
- return(res);
- }
-
--static xmlChar*
--xmlSecNssX509NameWrite(CERTName* nm) {
-- xmlChar *res = NULL;
-- char *str;
--
-- xmlSecAssert2(nm != NULL, NULL);
--
-- str = CERT_NameToAscii(nm);
-- if (str == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_NameToAscii",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(NULL);
-- }
--
-- res = xmlStrdup(BAD_CAST str);
-- if(res == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlStrdup",
-- XMLSEC_ERRORS_R_MALLOC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- PORT_Free(str);
-- return(NULL);
-- }
-- PORT_Free(str);
-- return(res);
--}
--
--static xmlChar*
--xmlSecNssASN1IntegerWrite(SECItem *num) {
-- xmlChar *res = NULL;
--
-- xmlSecAssert2(num != NULL, NULL);
--
-- /* TODO : to be implemented after
-- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
-- */
-- return(res);
--}
--
--static xmlChar*
--xmlSecNssX509SKIWrite(CERTCertificate* cert) {
-- xmlChar *res = NULL;
-- SECItem ski;
-- SECStatus rv;
--
-- xmlSecAssert2(cert != NULL, NULL);
--
-- memset(&ski, 0, sizeof(ski));
--
-- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
-- if (rv != SECSuccess) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_FindSubjectKeyIDExtension",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- SECITEM_FreeItem(&ski, PR_FALSE);
-- return(NULL);
-- }
--
-- res = xmlSecBase64Encode(ski.data, ski.len, 0);
-- if(res == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBase64Encode",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- SECITEM_FreeItem(&ski, PR_FALSE);
-- return(NULL);
-- }
-- SECITEM_FreeItem(&ski, PR_FALSE);
--
-- return(res);
--}
--
--
- static void
- xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
- SECItem *sn;
-@@ -2084,7 +1763,11 @@
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
-+#else
- static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
-+#endif
- sizeof(xmlSecKeyDataKlass),
- sizeof(xmlSecKeyData),
-
---- misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2008-06-29 23:44:19.000000000 +0200
-@@ -30,6 +30,7 @@
- #include <xmlsec/keyinfo.h>
- #include <xmlsec/keysmngr.h>
- #include <xmlsec/base64.h>
-+#include <xmlsec/bn.h>
- #include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
-@@ -43,8 +44,8 @@
- typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
- *xmlSecNssX509StoreCtxPtr;
- struct _xmlSecNssX509StoreCtx {
-- CERTCertList* certsList; /* just keeping a reference to destroy later */
--};
-+ CERTCertList* certsList; /* just keeping a reference to destroy later */
-+};
-
- /****************************************************************************
- *
-@@ -54,45 +55,40 @@
- *
- ***************************************************************************/
- #define xmlSecNssX509StoreGetCtx(store) \
-- ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
-- sizeof(xmlSecKeyDataStoreKlass)))
-+ ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
-+ sizeof(xmlSecKeyDataStoreKlass)))
- #define xmlSecNssX509StoreSize \
-- (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
-+ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
-
- static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
- static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
--static int xmlSecNssX509NameStringRead (xmlSecByte **str,
-- int *strLen,
-- xmlSecByte *res,
-- int resLen,
-- xmlSecByte delim,
-- int ingoreTrailingSpaces);
--static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
-- int len);
--
--static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
-
-+static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
-
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
-+#else
- static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
-- sizeof(xmlSecKeyDataStoreKlass),
-- xmlSecNssX509StoreSize,
--
-- /* data */
-- xmlSecNameX509Store, /* const xmlChar* name; */
--
-- /* constructors/destructor */
-- xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
-- xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
--
-- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
-+#endif
-+ sizeof(xmlSecKeyDataStoreKlass),
-+ xmlSecNssX509StoreSize,
-+
-+ /* data */
-+ xmlSecNameX509Store, /* const xmlChar* name; */
-+
-+ /* constructors/destructor */
-+ xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
-+ xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
-+
-+ /* reserved for the future */
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
- };
-
- static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
-- xmlChar *issuerName,
-- xmlChar *issuerSerial,
-- xmlChar *ski);
-+ xmlChar *issuerName,
-+ xmlChar *issuerSerial,
-+ xmlChar *ski);
-
-
- /**
-@@ -104,7 +100,7 @@
- */
- xmlSecKeyDataStoreId
- xmlSecNssX509StoreGetKlass(void) {
-- return(&xmlSecNssX509StoreKlass);
-+ return(&xmlSecNssX509StoreKlass);
- }
-
- /**
-@@ -125,15 +121,15 @@
- xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
- xmlChar *issuerName, xmlChar *issuerSerial,
- xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
-- xmlSecNssX509StoreCtxPtr ctx;
--
-- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
-- xmlSecAssert2(keyInfoCtx != NULL, NULL);
-+ xmlSecNssX509StoreCtxPtr ctx;
-+
-+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
-+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
-
-- ctx = xmlSecNssX509StoreGetCtx(store);
-- xmlSecAssert2(ctx != NULL, NULL);
-+ ctx = xmlSecNssX509StoreGetCtx(store);
-+ xmlSecAssert2(ctx != NULL, NULL);
-
-- return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
-+ return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
- }
-
- /**
-@@ -148,116 +144,130 @@
- */
- CERTCertificate *
- xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
-- xmlSecKeyInfoCtx* keyInfoCtx) {
-- xmlSecNssX509StoreCtxPtr ctx;
-- CERTCertListNode* head;
-- CERTCertificate* cert = NULL;
-- CERTCertListNode* head1;
-- CERTCertificate* cert1 = NULL;
-- SECStatus status = SECFailure;
-- int64 timeboundary;
-- int64 tmp1, tmp2;
--
-- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
-- xmlSecAssert2(certs != NULL, NULL);
-- xmlSecAssert2(keyInfoCtx != NULL, NULL);
--
-- ctx = xmlSecNssX509StoreGetCtx(store);
-- xmlSecAssert2(ctx != NULL, NULL);
--
-- for (head = CERT_LIST_HEAD(certs);
-- !CERT_LIST_END(head, certs);
-- head = CERT_LIST_NEXT(head)) {
-- cert = head->cert;
-+ xmlSecKeyInfoCtx* keyInfoCtx) {
-+ xmlSecNssX509StoreCtxPtr ctx;
-+ CERTCertListNode* head;
-+ CERTCertificate* cert = NULL;
-+ CERTCertListNode* head1;
-+ CERTCertificate* cert1 = NULL;
-+ SECStatus status = SECFailure;
-+ int64 timeboundary;
-+ int64 tmp1, tmp2;
-+
-+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
-+ xmlSecAssert2(certs != NULL, NULL);
-+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
-+
-+ ctx = xmlSecNssX509StoreGetCtx(store);
-+ xmlSecAssert2(ctx != NULL, NULL);
-+
-+ for (head = CERT_LIST_HEAD(certs);
-+ !CERT_LIST_END(head, certs);
-+ head = CERT_LIST_NEXT(head)) {
-+ cert = head->cert;
- if(keyInfoCtx->certsVerificationTime > 0) {
-- /* convert the time since epoch in seconds to microseconds */
-- LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
-- tmp1 = (int64)PR_USEC_PER_SEC;
-- tmp2 = timeboundary;
-- LL_MUL(timeboundary, tmp1, tmp2);
-+ /* convert the time since epoch in seconds to microseconds */
-+ LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
-+ tmp1 = (int64)PR_USEC_PER_SEC;
-+ tmp2 = timeboundary;
-+ LL_MUL(timeboundary, tmp1, tmp2);
- } else {
-- timeboundary = PR_Now();
-+ timeboundary = PR_Now();
- }
-
- /* if cert is the issuer of any other cert in the list, then it is
- * to be skipped */
- for (head1 = CERT_LIST_HEAD(certs);
-- !CERT_LIST_END(head1, certs);
-- head1 = CERT_LIST_NEXT(head1)) {
-+ !CERT_LIST_END(head1, certs);
-+ head1 = CERT_LIST_NEXT(head1)) {
-
-- cert1 = head1->cert;
-- if (cert1 == cert) {
-+ cert1 = head1->cert;
-+ if (cert1 == cert) {
- continue;
-- }
-+ }
-
-- if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
-- == SECEqual) {
-+ if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
-+ == SECEqual) {
- break;
-- }
-+ }
- }
-
- if (!CERT_LIST_END(head1, certs)) {
-- continue;
-+ continue;
- }
--
-- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
-- cert, PR_FALSE,
-- (SECCertificateUsage)0,
-- timeboundary , NULL, NULL, NULL);
-- if (status == SECSuccess) {
-- break;
-+ /* JL: OpenOffice.org implements its own certificate verification routine.
-+ The goal is to seperate validation of the signature
-+ and the certificate. For example, OOo could show that the document signature is valid,
-+ but the certificate could not be verified. If we do not prevent the verification of
-+ the certificate by libxmlsec and the verification fails, then the XML signature may not be
-+ verified. This would happen, for example, if the root certificate is not installed.
-+
-+ In the store schould only be the certificate from the X509Certificate element
-+ and the X509IssuerSerial element. The latter is only there
-+ if the certificate is installed. Both certificates must be the same!
-+ In case of writing the signature, the store contains only the certificate that
-+ was created based on the information from the X509IssuerSerial element. */
-+ status = SECSuccess;
-+ break;
-+/* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
-+ cert, PR_FALSE,
-+ (SECCertificateUsage)0,
-+ timeboundary , NULL, NULL, NULL);
-+ if (status == SECSuccess) {
-+ break;
-+ } */
- }
-- }
-
-- if (status == SECSuccess) {
-+ if (status == SECSuccess) {
- return (cert);
-- }
--
-- switch(PORT_GetError()) {
-+ }
-+
-+ switch(PORT_GetError()) {
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- case SEC_ERROR_CA_CERT_INVALID:
- case SEC_ERROR_UNKNOWN_SIGNER:
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-- NULL,
-- XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
-- "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
-- cert->subjectName);
-- break;
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ NULL,
-+ XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
-+ "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
-+ cert->subjectName);
-+ break;
- case SEC_ERROR_EXPIRED_CERTIFICATE:
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-- NULL,
-- XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
-- "cert with subject name %s has expired",
-- cert->subjectName);
-- break;
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ NULL,
-+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
-+ "cert with subject name %s has expired",
-+ cert->subjectName);
-+ break;
- case SEC_ERROR_REVOKED_CERTIFICATE:
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-- NULL,
-- XMLSEC_ERRORS_R_CERT_REVOKED,
-- "cert with subject name %s has been revoked",
-- cert->subjectName);
-- break;
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ NULL,
-+ XMLSEC_ERRORS_R_CERT_REVOKED,
-+ "cert with subject name %s has been revoked",
-+ cert->subjectName);
-+ break;
- default:
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-- NULL,
-- XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
-- "cert with subject name %s could not be verified",
-- cert->subjectName);
-- break;
-- }
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ NULL,
-+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
-+ "cert with subject name %s could not be verified, errcode %d",
-+ cert->subjectName,
-+ PORT_GetError());
-+ break;
-+ }
-
-- return (NULL);
-+ return (NULL);
- }
-
- /**
- * xmlSecNssX509StoreAdoptCert:
-- * @store: the pointer to X509 key data store klass.
-- * @cert: the pointer to NSS X509 certificate.
-- * @type: the certificate type (trusted/untrusted).
-+ * @store: the pointer to X509 key data store klass.
-+ * @cert: the pointer to NSS X509 certificate.
-+ * @type: the certificate type (trusted/untrusted).
- *
- * Adds trusted (root) or untrusted certificate to the store.
- *
-@@ -265,67 +275,67 @@
- */
- int
- xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
-- xmlSecNssX509StoreCtxPtr ctx;
-- int ret;
-+ xmlSecNssX509StoreCtxPtr ctx;
-+ int ret;
-
-- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
-- xmlSecAssert2(cert != NULL, -1);
-+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
-+ xmlSecAssert2(cert != NULL, -1);
-
-- ctx = xmlSecNssX509StoreGetCtx(store);
-- xmlSecAssert2(ctx != NULL, -1);
-+ ctx = xmlSecNssX509StoreGetCtx(store);
-+ xmlSecAssert2(ctx != NULL, -1);
-
-- if(ctx->certsList == NULL) {
-- ctx->certsList = CERT_NewCertList();
-- if(ctx->certsList == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-- "CERT_NewCertList",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- }
--
-- ret = CERT_AddCertToListTail(ctx->certsList, cert);
-- if(ret != SECSuccess) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-- "CERT_AddCertToListTail",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-+ if(ctx->certsList == NULL) {
-+ ctx->certsList = CERT_NewCertList();
-+ if(ctx->certsList == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CERT_NewCertList",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code=%d", PORT_GetError());
-+ return(-1);
-+ }
-+ }
-
-- return(0);
-+ ret = CERT_AddCertToListTail(ctx->certsList, cert);
-+ if(ret != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-+ "CERT_AddCertToListTail",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code=%d", PORT_GetError());
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
-- xmlSecNssX509StoreCtxPtr ctx;
-- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
-+ xmlSecNssX509StoreCtxPtr ctx;
-+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
-
-- ctx = xmlSecNssX509StoreGetCtx(store);
-- xmlSecAssert2(ctx != NULL, -1);
-+ ctx = xmlSecNssX509StoreGetCtx(store);
-+ xmlSecAssert2(ctx != NULL, -1);
-
-- memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
-+ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
-
-- return(0);
-+ return(0);
- }
-
- static void
- xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
-- xmlSecNssX509StoreCtxPtr ctx;
-- xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
-+ xmlSecNssX509StoreCtxPtr ctx;
-+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
-
-- ctx = xmlSecNssX509StoreGetCtx(store);
-- xmlSecAssert(ctx != NULL);
--
-- if (ctx->certsList) {
-+ ctx = xmlSecNssX509StoreGetCtx(store);
-+ xmlSecAssert(ctx != NULL);
-+
-+ if (ctx->certsList) {
- CERT_DestroyCertList(ctx->certsList);
- ctx->certsList = NULL;
-- }
-+ }
-
-- memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
-+ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
- }
-
-
-@@ -340,376 +350,213 @@
- */
- static CERTCertificate*
- xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
-- xmlChar *issuerSerial, xmlChar *ski) {
-- CERTCertificate *cert = NULL;
-- xmlChar *p = NULL;
-- CERTName *name = NULL;
-- SECItem *nameitem = NULL;
-- PRArenaPool *arena = NULL;
--
-- if (subjectName != NULL) {
-- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
-- if (p == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameRead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "subject=%s",
-- xmlSecErrorsSafeString(subjectName));
-- goto done;
-- }
--
-- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- if (arena == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "PORT_NewArena",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
--
-- name = CERT_AsciiToName((char*)p);
-- if (name == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_AsciiToName",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
--
-- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
-- SEC_ASN1_GET(CERT_NameTemplate));
-- if (nameitem == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "SEC_ASN1EncodeItem",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
--
-- cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
-- goto done;
-- }
--
-- if((issuerName != NULL) && (issuerSerial != NULL)) {
-- CERTIssuerAndSN issuerAndSN;
--
-- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
-- if (p == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameRead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "issuer=%s",
-- xmlSecErrorsSafeString(issuerName));
-- goto done;
-- }
--
-- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- if (arena == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "PORT_NewArena",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
--
-- name = CERT_AsciiToName((char*)p);
-- if (name == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_AsciiToName",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
--
-- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
-- SEC_ASN1_GET(CERT_NameTemplate));
-- if (nameitem == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "SEC_ASN1EncodeItem",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
--
-- memset(&issuerAndSN, 0, sizeof(issuerAndSN));
-+ xmlChar *issuerSerial, xmlChar *ski) {
-+ CERTCertificate *cert = NULL;
-+ CERTName *name = NULL;
-+ SECItem *nameitem = NULL;
-+ PRArenaPool *arena = NULL;
-+
-+ if (subjectName != NULL) {
-+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-+ if (arena == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PORT_NewArena",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code=%d", PORT_GetError());
-+ goto done;
-+ }
-
-- issuerAndSN.derIssuer.data = nameitem->data;
-- issuerAndSN.derIssuer.len = nameitem->len;
-+ name = CERT_AsciiToName((char*)subjectName);
-+ if (name == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "CERT_AsciiToName",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "error code=%d", PORT_GetError());
-+ goto done;
-+ }
-
-- /* TBD: serial num can be arbitrarily long */
-- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
-+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
-+ SEC_ASN1_GET(CERT_NameTemplate));
-+ if (nameitem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "SEC_ASN1EncodeItem",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "error code=%d", PORT_GetError());
-+ goto done;
-+ }
-
-- cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
-- &issuerAndSN);
-- SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
-- goto done;
-- }
--
-- if(ski != NULL) {
-- SECItem subjKeyID;
-- int len;
--
-- len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
-- if(len < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBase64Decode",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "ski=%s",
-- xmlSecErrorsSafeString(ski));
-- goto done;
-- }
--
-- memset(&subjKeyID, 0, sizeof(subjKeyID));
-- subjKeyID.data = ski;
-- subjKeyID.len = xmlStrlen(ski);
-- cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
-- &subjKeyID);
-- }
-+ cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
-+ goto done;
-+ }
-
--done:
-- if (p != NULL) {
-- PORT_Free(p);
-- }
-- if (arena != NULL) {
-- PORT_FreeArena(arena, PR_FALSE);
-- }
-- if (name != NULL) {
-- CERT_DestroyName(name);
-- }
-+ if((issuerName != NULL) && (issuerSerial != NULL)) {
-+ CERTIssuerAndSN issuerAndSN;
-
-- return(cert);
--}
-+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-+ if (arena == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PORT_NewArena",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code=%d", PORT_GetError());
-+ goto done;
-+ }
-
--/**
-- * xmlSecNssX509NameRead:
-- */
--static xmlSecByte *
--xmlSecNssX509NameRead(xmlSecByte *str, int len) {
-- xmlSecByte name[256];
-- xmlSecByte value[256];
-- xmlSecByte *retval = NULL;
-- xmlSecByte *p = NULL;
-- int nameLen, valueLen;
--
-- xmlSecAssert2(str != NULL, NULL);
--
-- /* return string should be no longer than input string */
-- retval = (xmlSecByte *)PORT_Alloc(len+1);
-- if(retval == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "PORT_Alloc",
-- XMLSEC_ERRORS_R_MALLOC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(NULL);
-- }
-- p = retval;
--
-- while(len > 0) {
-- /* skip spaces after comma or semicolon */
-- while((len > 0) && isspace(*str)) {
-- ++str; --len;
-- }
--
-- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
-- if(nameLen < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameStringRead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
-- memcpy(p, name, nameLen);
-- p+=nameLen;
-- *p++='=';
-- if(len > 0) {
-- ++str; --len;
-- if((*str) == '\"') {
-- valueLen = xmlSecNssX509NameStringRead(&str, &len,
-- value, sizeof(value), '"', 1);
-- if(valueLen < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-+ name = CERT_AsciiToName((char*)issuerName);
-+ if (name == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
-- "xmlSecNssX509NameStringRead",
-+ "CERT_AsciiToName",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
-- /* skip spaces before comma or semicolon */
-- while((len > 0) && isspace(*str)) {
-- ++str; --len;
-+ "error code=%d", PORT_GetError());
-+ goto done;
- }
-- if((len > 0) && ((*str) != ',')) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "comma is expected");
-- goto done;
-- }
-- if(len > 0) {
-- ++str; --len;
-+
-+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
-+ SEC_ASN1_GET(CERT_NameTemplate));
-+ if (nameitem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "SEC_ASN1EncodeItem",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "error code=%d", PORT_GetError());
-+ goto done;
- }
-- *p++='\"';
-- memcpy(p, value, valueLen);
-- p+=valueLen;
-- *p++='\"';
-- } else if((*str) == '#') {
-- /* TODO: read octect values */
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "reading octect values is not implemented yet");
-- goto done;
-- } else {
-- valueLen = xmlSecNssX509NameStringRead(&str, &len,
-- value, sizeof(value), ',', 1);
-- if(valueLen < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-+
-+ memset(&issuerAndSN, 0, sizeof(issuerAndSN));
-+
-+ issuerAndSN.derIssuer.data = nameitem->data;
-+ issuerAndSN.derIssuer.len = nameitem->len;
-+
-+ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
-- "xmlSecNssX509NameStringRead",
-+ "xmlSecNssIntegerToItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-- }
-- memcpy(p, value, valueLen);
-- p+=valueLen;
-- if (len > 0)
-- *p++=',';
-- }
-- } else {
-- valueLen = 0;
-+ "serial number=%s",
-+ xmlSecErrorsSafeString(issuerSerial));
-+ goto done;
-+ }
-+
-+ cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
-+ &issuerAndSN);
-+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
-+ goto done;
-+ }
-+
-+ if(ski != NULL) {
-+ SECItem subjKeyID;
-+ int len;
-+
-+ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
-+ if(len < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBase64Decode",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "ski=%s",
-+ xmlSecErrorsSafeString(ski));
-+ goto done;
-+ }
-+
-+ memset(&subjKeyID, 0, sizeof(subjKeyID));
-+ subjKeyID.data = ski;
-+ subjKeyID.len = xmlStrlen(ski);
-+ cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
-+ &subjKeyID);
- }
-- if(len > 0) {
-- ++str; --len;
-- }
-- }
--
-- *p = 0;
-- return(retval);
--
-+
- done:
-- PORT_Free(retval);
-- return (NULL);
-+ if (arena != NULL) {
-+ PORT_FreeArena(arena, PR_FALSE);
-+ }
-+ if (name != NULL) {
-+ CERT_DestroyName(name);
-+ }
-+
-+ return(cert);
- }
-
-+static int
-+xmlSecNssIntegerToItem(
-+ const xmlChar* integer ,
-+ SECItem *item
-+) {
-+ xmlSecBn bn ;
-+ xmlSecSize i, length ;
-+ const xmlSecByte* bnInteger ;
-
-+ xmlSecAssert2( integer != NULL, -1 ) ;
-+ xmlSecAssert2( item != NULL, -1 ) ;
-
--/**
-- * xmlSecNssX509NameStringRead:
-- */
--static int
--xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
-- xmlSecByte *res, int resLen,
-- xmlSecByte delim, int ingoreTrailingSpaces) {
-- xmlSecByte *p, *q, *nonSpace;
--
-- xmlSecAssert2(str != NULL, -1);
-- xmlSecAssert2(strLen != NULL, -1);
-- xmlSecAssert2(res != NULL, -1);
--
-- p = (*str);
-- nonSpace = q = res;
-- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
-- if((*p) != '\\') {
-- if(ingoreTrailingSpaces && !isspace(*p)) {
-- nonSpace = q;
-- }
-- *(q++) = *(p++);
-- } else {
-- ++p;
-- nonSpace = q;
-- if(xmlSecIsHex((*p))) {
-- if((p - (*str) + 1) >= (*strLen)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "two hex digits expected");
-- return(-1);
-- }
-- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
-- p += 2;
-- } else {
-- if(((++p) - (*str)) >= (*strLen)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "escaped symbol missed");
-- return(-1);
-- }
-- *(q++) = *(p++);
-- }
-- }
-- }
-- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_SIZE,
-- "buffer is too small");
-- return(-1);
-- }
-- (*strLen) -= (p - (*str));
-- (*str) = p;
-- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
--}
-+ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnInitialize",
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
--/* code lifted from NSS */
--static void
--xmlSecNssNumToItem(SECItem *it, unsigned long ui)
--{
-- unsigned char bb[5];
-- int len;
--
-- bb[0] = 0;
-- bb[1] = (unsigned char) (ui >> 24);
-- bb[2] = (unsigned char) (ui >> 16);
-- bb[3] = (unsigned char) (ui >> 8);
-- bb[4] = (unsigned char) (ui);
--
-- /*
-- ** Small integers are encoded in a single byte. Larger integers
-- ** require progressively more space.
-- */
-- if (ui > 0x7f) {
-- if (ui > 0x7fff) {
-- if (ui > 0x7fffffL) {
-- if (ui >= 0x80000000L) {
-- len = 5;
-- } else {
-- len = 4;
-- }
-- } else {
-- len = 3;
-- }
-- } else {
-- len = 2;
-- }
-- } else {
-- len = 1;
-- }
--
-- it->data = (unsigned char *)PORT_Alloc(len);
-- if (it->data == NULL) {
-- return;
-- }
-+ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnFromDecString",
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBnFinalize( &bn ) ;
-+ return -1 ;
-+ }
-+
-+ length = xmlSecBnGetSize( &bn ) ;
-+ if( length <= 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnGetSize",
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBnFinalize( &bn ) ;
-+ return -1 ;
-+ }
-+
-+ bnInteger = xmlSecBnGetData( &bn ) ;
-+ if( bnInteger == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBnGetData",
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-
-- it->len = len;
-- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
-+ xmlSecBnFinalize( &bn ) ;
-+ return -1 ;
-+ }
-+
-+ item->data = ( unsigned char * )PORT_Alloc( length );
-+ if( item->data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PORT_Alloc",
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBnFinalize( &bn ) ;
-+ return -1 ;
-+ }
-+
-+ item->len = length;
-+
-+ for( i = 0 ; i < length ; i ++ )
-+ item->data[i] = *( bnInteger + i ) ;
-+
-+ xmlSecBnFinalize( &bn ) ;
-+
-+ return 0 ;
- }
--#endif /* XMLSEC_NO_X509 */
-
-+#endif /* XMLSEC_NO_X509 */
-
---- misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200
-+++ misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2008-06-29 23:44:19.000000000 +0200
-@@ -223,6 +223,10 @@
- $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
-
- XMLSEC_NSS_OBJS = \
-+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\
-+ $(XMLSEC_NSS_INTDIR)\keytrans.obj\
-+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
-+ $(XMLSEC_NSS_INTDIR)\tokens.obj\
- $(XMLSEC_NSS_INTDIR)\app.obj\
- $(XMLSEC_NSS_INTDIR)\bignum.obj\
- $(XMLSEC_NSS_INTDIR)\ciphers.obj \
-@@ -235,9 +239,6 @@
- $(XMLSEC_NSS_INTDIR)\x509.obj\
- $(XMLSEC_NSS_INTDIR)\x509vfy.obj\
- $(XMLSEC_NSS_INTDIR)\keysstore.obj\
-- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\
-- $(XMLSEC_NSS_INTDIR)\kw_des.obj\
-- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\
- $(XMLSEC_NSS_INTDIR)\strings.obj
- XMLSEC_NSS_OBJS_A = \
- $(XMLSEC_NSS_INTDIR_A)\app.obj\
-@@ -258,6 +259,7 @@
- $(XMLSEC_NSS_INTDIR_A)\strings.obj
-
- XMLSEC_MSCRYPTO_OBJS = \
-+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
- $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
- $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
- $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
-@@ -376,7 +378,7 @@
- XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
- XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
-
--XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
-+XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
- XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
-
- XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
diff --git a/libxmlsec/xmlsec1-configure.patch b/libxmlsec/xmlsec1-configure.patch
new file mode 100644
index 000000000000..d804c2729076
--- /dev/null
+++ b/libxmlsec/xmlsec1-configure.patch
@@ -0,0 +1,288 @@
+--- misc/xmlsec1-1.2.12/Makefile.in 2009-06-25 22:53:34.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/Makefile.in 2009-10-01 10:32:48.708515261 +0200
+@@ -340,8 +340,9 @@
+ target_alias = @target_alias@
+ NULL =
+ SAFE_VERSION = @XMLSEC_VERSION_SAFE@
+-SUBDIRS = include src apps man docs
+-TEST_APP = apps/xmlsec1
++#Do not build xmlsec1 app. It is not needed. Also the libtool includes
++#a -L/path_to_lib_dir which may contain an incompatible lixbml2.
++SUBDIRS = include src man docs
+ DEFAULT_CRYPTO = @XMLSEC_CRYPTO@
+ bin_SCRIPTS = xmlsec1-config
+ pkgconfig_DATA = xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@
+--- misc/xmlsec1-1.2.12/configure 2009-06-25 22:53:35.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/configure 2009-10-01 10:28:50.980389049 +0200
+@@ -24769,7 +24769,11 @@
+ fi
+
+ LIBXML_MIN_VERSION="2.6.12"
+-LIBXML_CONFIG="xml2-config"
++if test -f "$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config" ; then
++ LIBXML_CONFIG="$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config"
++else
++ LIBXML_CONFIG="xml2-config"
++fi
+ LIBXML_CFLAGS=""
+ LIBXML_LIBS=""
+ LIBXML_FOUND="no"
+@@ -25678,12 +25682,26 @@
+
+ XMLSEC_NO_NSS="1"
+ MOZILLA_MIN_VERSION="1.4"
++if test "z$MOZ_FLAVOUR" = "zfirefox" ; then
++ MOZILLA_MIN_VERSION="1.0"
++fi
+ NSS_MIN_VERSION="3.2"
+ NSPR_MIN_VERSION="4.0"
+ NSS_CFLAGS=""
+ NSS_LIBS=""
+-NSS_LIBS_LIST="-lnss3 -lsmime3"
+-NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
++
++case $host_os in
++cygwin* | mingw* | pw32*)
++ NSS_LIBS_LIST="-lnss3 -lsmime3"
++ NSPR_LIBS_LIST="-lnspr4"
++ ;;
++
++*)
++ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
++ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
++ ;;
++esac
++
+ NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
+ NSS_FOUND="no"
+ NSPR_PACKAGE=mozilla-nspr
+@@ -25776,6 +25794,104 @@
+ else
+ PKG_CONFIG_MIN_VERSION=0.9.0
+ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
++ echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION" >&5
++echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6
++
++ if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION" ; then
++ echo "$as_me:$LINENO: result: yes" >&5
++echo "${ECHO_T}yes" >&6
++ succeeded=yes
++
++ echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5
++echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6
++ NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION"`
++ echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5
++echo "${ECHO_T}$NSS_CFLAGS" >&6
++
++ echo "$as_me:$LINENO: checking NSS_LIBS" >&5
++echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6
++ NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION"`
++ echo "$as_me:$LINENO: result: $NSS_LIBS" >&5
++echo "${ECHO_T}$NSS_LIBS" >&6
++ else
++ NSS_CFLAGS=""
++ NSS_LIBS=""
++ ## If we have a custom action on failure, don't print errors, but
++ ## do set a variable so people can do so.
++ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION"`
++
++ fi
++
++
++
++ else
++ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
++ echo "*** See http://www.freedesktop.org/software/pkgconfig"
++ fi
++ fi
++
++ if test $succeeded = yes; then
++ NSS_FOUND=yes NSPR_PACKAGE=$MOZ_FLAVOUR-nspr NSS_PACKAGE=$MOZ_FLAVOUR-nss
++ else
++ NSS_FOUND=no
++ fi
++
++ fi
++ if test "z$NSS_FOUND" = "zno" ; then
++
++ succeeded=no
++
++ if test -z "$PKG_CONFIG"; then
++ # Extract the first word of "pkg-config", so it can be a program name with args.
++set dummy pkg-config; ac_word=$2
++echo "$as_me:$LINENO: checking for $ac_word" >&5
++echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
++if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ case $PKG_CONFIG in
++ [\\/]* | ?:[\\/]*)
++ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
++ ;;
++ *)
++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
++for as_dir in $PATH
++do
++ IFS=$as_save_IFS
++ test -z "$as_dir" && as_dir=.
++ for ac_exec_ext in '' $ac_executable_extensions; do
++ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
++ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
++ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
++ break 2
++ fi
++done
++done
++
++ test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no"
++ ;;
++esac
++fi
++PKG_CONFIG=$ac_cv_path_PKG_CONFIG
++
++if test -n "$PKG_CONFIG"; then
++ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
++echo "${ECHO_T}$PKG_CONFIG" >&6
++else
++ echo "$as_me:$LINENO: result: no" >&5
++echo "${ECHO_T}no" >&6
++fi
++
++ fi
++
++ if test "$PKG_CONFIG" = "no" ; then
++ echo "*** The pkg-config script could not be found. Make sure it is"
++ echo "*** in your path, or set the PKG_CONFIG environment variable"
++ echo "*** to the full path to pkg-config."
++ echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config."
++ else
++ PKG_CONFIG_MIN_VERSION=0.9.0
++ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
+ echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5
+ echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6
+
+@@ -26026,8 +26142,8 @@
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
+- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
++ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
++ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
+
+ echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
+ echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
+@@ -26062,7 +26178,7 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+- if test -f $dir/libnspr4$shrext ; then
++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
+ if test "z$dir" = "z/usr/lib" ; then
+ NSPR_LIBS="$NSPR_LIBS_LIST"
+ else
+@@ -26148,7 +26264,7 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+- if test -f $dir/libnss3$shrext ; then
++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
+ if test "z$dir" = "z/usr/lib" ; then
+ NSS_LIBS="$NSS_LIBS_LIST"
+ else
+--- misc/xmlsec1-1.2.12/configure.in 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/configure.in 2009-10-01 10:28:50.990755126 +0200
+@@ -183,7 +183,11 @@
+ dnl find libxml
+ dnl ==========================================================================
+ LIBXML_MIN_VERSION="2.6.12"
+-LIBXML_CONFIG="xml2-config"
++if test -f "$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config" ; then
++ LIBXML_CONFIG="$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config"
++else
++ LIBXML_CONFIG="xml2-config"
++fi
+ LIBXML_CFLAGS=""
+ LIBXML_LIBS=""
+ LIBXML_FOUND="no"
+@@ -490,12 +494,26 @@
+
+ XMLSEC_NO_NSS="1"
+ MOZILLA_MIN_VERSION="1.4"
++if test "z$MOZ_FLAVOUR" = "zfirefox" ; then
++ MOZILLA_MIN_VERSION="1.0"
++fi
+ NSS_MIN_VERSION="3.2"
+ NSPR_MIN_VERSION="4.0"
+ NSS_CFLAGS=""
+ NSS_LIBS=""
+-NSS_LIBS_LIST="-lnss3 -lsmime3"
+-NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
++
++case $host_os in
++cygwin* | mingw* | pw32*)
++ NSS_LIBS_LIST="-lnss3 -lsmime3"
++ NSPR_LIBS_LIST="-lnspr4"
++ ;;
++
++*)
++ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
++ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
++ ;;
++esac
++
+ NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
+ NSS_FOUND="no"
+ NSPR_PACKAGE=mozilla-nspr
+@@ -521,6 +539,11 @@
+ dnl We are going to try all options
+ dnl
+ if test "z$NSS_FOUND" = "zno" ; then
++ PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION,
++ [NSS_FOUND=yes NSPR_PACKAGE=$MOZ_FLAVOUR-nspr NSS_PACKAGE=$MOZ_FLAVOUR-nss],
++ [NSS_FOUND=no])
++ fi
++ if test "z$NSS_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION,
+ [NSS_FOUND=yes NSPR_PACKAGE=mozilla-nspr NSS_PACKAGE=mozilla-nss],
+ [NSS_FOUND=no])
+@@ -547,8 +570,8 @@
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
+- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
++ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
++ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
+
+ AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
+ NSPR_INCLUDES_FOUND="no"
+@@ -583,7 +606,7 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+- if test -f $dir/libnspr4$shrext ; then
++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
+ dnl do not add -L/usr/lib because compiler does it anyway
+ if test "z$dir" = "z/usr/lib" ; then
+ NSPR_LIBS="$NSPR_LIBS_LIST"
+@@ -654,7 +677,7 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+- if test -f $dir/libnss3$shrext ; then
++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
+ dnl do not add -L/usr/lib because compiler does it anyway
+ if test "z$dir" = "z/usr/lib" ; then
+ NSS_LIBS="$NSS_LIBS_LIST"
+--- misc/xmlsec1-1.2.12/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/win32/Makefile.msvc 2009-10-01 10:28:50.997747312 +0200
+@@ -381,7 +381,7 @@
+ XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+ XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+
+-XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
++XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
+ XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
+
+ XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
diff --git a/libxmlsec/xmlsec1-customkeymanage.patch b/libxmlsec/xmlsec1-customkeymanage.patch
new file mode 100644
index 000000000000..80cb7de93a70
--- /dev/null
+++ b/libxmlsec/xmlsec1-customkeymanage.patch
@@ -0,0 +1,6086 @@
+--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200
+@@ -3,6 +3,7 @@
+ xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
+
+ xmlsecmscryptoinc_HEADERS = \
++akmngr.h \
+ app.h \
+ certkeys.h \
+ crypto.h \
+--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200
+@@ -308,6 +308,7 @@
+ NULL =
+ xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
+ xmlsecmscryptoinc_HEADERS = \
++akmngr.h \
+ app.h \
+ certkeys.h \
+ crypto.h \
+--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200
+@@ -1 +1,71 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
++#define __XMLSEC_MSCRYPTO_AKMNGR_H__
++
++#include <windows.h>
++#include <wincrypt.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
++xmlSecMSCryptoAppliedKeysMngrCreate(
++ HCERTSTORE keyStore ,
++ HCERTSTORE certStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY symKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY pubKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY priKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE keyStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE trustedStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE untrustedStore
++) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
++
++
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
+@@ -10,6 +10,9 @@
+ keysstore.h \
+ pkikeys.h \
+ x509.h \
++akmngr.h \
++tokens.h \
++ciphers.h \
+ $(NULL)
+
+ install-exec-hook:
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200
+@@ -315,6 +315,9 @@
+ keysstore.h \
+ pkikeys.h \
+ x509.h \
++akmngr.h \
++tokens.h \
++ciphers.h \
+ $(NULL)
+
+ all: all-am
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200
+@@ -1 +1,56 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_NSS_AKMNGR_H__
++#define __XMLSEC_NSS_AKMNGR_H__
++
++#include <nss.h>
++#include <nspr.h>
++#include <pk11func.h>
++#include <cert.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
++xmlSecNssAppliedKeysMngrCreate(
++ PK11SlotInfo** slots,
++ int cSlots,
++ CERTCertDBHandle* handler
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ PK11SymKey* symKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPublicKey* pubKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPrivateKey* priKey
++) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_AKMNGR_H__ */
++
++
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
+@@ -22,6 +22,9 @@
+ #include <xmlsec/keysmngr.h>
+ #include <xmlsec/transforms.h>
+
++#include <xmlsec/nss/tokens.h>
++#include <xmlsec/nss/akmngr.h>
++
+ /**
+ * Init/shutdown
+ */
+@@ -36,6 +39,8 @@
+ xmlSecKeyPtr key);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
++XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
++ xmlSecNssKeySlotPtr keySlot);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200
+@@ -1 +1,35 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_NSS_CIPHERS_H__
++#define __XMLSEC_NSS_CIPHERS_H__
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++
++XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
++ PK11SymKey* symkey ) ;
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
++
++XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
++
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_CIPHERS_H__ */
++
++
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
+@@ -16,6 +16,8 @@
+ #endif /* __cplusplus */
+
+ #include <xmlsec/xmlsec.h>
++#include <xmlsec/keysmngr.h>
++#include <xmlsec/nss/tokens.h>
+
+ /****************************************************************************
+ *
+@@ -31,6 +33,8 @@
+ XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
+ xmlSecKeyPtr key);
++XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
++ xmlSecNssKeySlotPtr keySlot);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
+ const char *uri,
+ xmlSecKeysMngrPtr keysMngr);
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200
+@@ -1 +1,182 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
++ *
++ * Contributor(s): _____________________________
++ *
++ */
++#ifndef __XMLSEC_NSS_TOKENS_H__
++#define __XMLSEC_NSS_TOKENS_H__
++
++#include <string.h>
++
++#include <nss.h>
++#include <pk11func.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/list.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++/**
++ * xmlSecNssKeySlotListId
++ *
++ * The crypto mechanism list klass
++ */
++#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
++XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
++
++/*******************************************
++ * KeySlot interfaces
++ *******************************************/
++/**
++ * Internal NSS key slot data
++ * @mechanismList: the mechanisms that the slot bound with.
++ * @slot: the pkcs slot
++ *
++ * This context is located after xmlSecPtrList
++ */
++typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
++typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
++
++struct _xmlSecNssKeySlot {
++ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
++ PK11SlotInfo* slot ;
++} ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotSetMechList(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE_PTR mechanismList
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotEnableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotDisableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) ;
++
++XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
++xmlSecNssKeySlotGetMechList(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotSetSlot(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotInitialize(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) ;
++
++XMLSEC_CRYPTO_EXPORT void
++xmlSecNssKeySlotFinalize(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
++xmlSecNssKeySlotGetSlot(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
++xmlSecNssKeySlotCreate() ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotCopy(
++ xmlSecNssKeySlotPtr newKeySlot ,
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
++xmlSecNssKeySlotDuplicate(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT void
++xmlSecNssKeySlotDestroy(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotBindMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotSupportMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) ;
++
++
++/************************************************************************
++ * PKCS#11 crypto token interfaces
++ *
++ * A PKCS#11 slot repository will be defined internally. From the
++ * repository, a user can specify a particular slot for a certain crypto
++ * mechanism.
++ *
++ * In some situation, some cryptographic operation should act in a user
++ * designated devices. The interfaces defined here provide the way. If
++ * the user do not initialize the repository distinctly, the interfaces
++ * use the default functions provided by NSS itself.
++ *
++ ************************************************************************/
++/**
++ * Initialize NSS pkcs#11 slot repository
++ *
++ * Returns 0 if success or -1 if an error occurs.
++ */
++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
++
++/**
++ * Shutdown and destroy NSS pkcs#11 slot repository
++ */
++XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
++
++/**
++ * Get PKCS#11 slot handler
++ * @type the mechanism that the slot must support.
++ *
++ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
++ *
++ * Notes: The returned handler must be destroied distinctly.
++ */
++XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
++
++/**
++ * Adopt a pkcs#11 slot with a mechanism into the repository
++ * @slot: the pkcs#11 slot.
++ * @mech: the mechanism.
++ *
++ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
++ * this mechanism only can perform on the @slot.
++ *
++ * Returns 0 if success or -1 if an error occurs.
++ */
++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_TOKENS_H__ */
++
+--- misc/xmlsec1-1.2.12/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200
+@@ -1 +1,235 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright.........................
++ */
++#include "globals.h"
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++#include <xmlsec/errors.h>
++
++#include <xmlsec/mscrypto/crypto.h>
++#include <xmlsec/mscrypto/keysstore.h>
++#include <xmlsec/mscrypto/akmngr.h>
++#include <xmlsec/mscrypto/x509.h>
++
++/**
++ * xmlSecMSCryptoAppliedKeysMngrCreate:
++ * @hKeyStore: the pointer to key store.
++ * @hCertStore: the pointer to certificate database.
++ *
++ * Create and load key store and certificate database into keys manager
++ *
++ * Returns keys manager pointer on success or NULL otherwise.
++ */
++xmlSecKeysMngrPtr
++xmlSecMSCryptoAppliedKeysMngrCreate(
++ HCERTSTORE hKeyStore ,
++ HCERTSTORE hCertStore
++) {
++ xmlSecKeyDataStorePtr certStore = NULL ;
++ xmlSecKeysMngrPtr keyMngr = NULL ;
++ xmlSecKeyStorePtr keyStore = NULL ;
++
++ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyStoreCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ /*-
++ * At present, MS Crypto engine do not provide a way to setup a key store.
++ */
++ if( keyStore != NULL ) {
++ /*TODO: binding key store.*/
++ }
++
++ keyMngr = xmlSecKeysMngrCreate() ;
++ if( keyMngr == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Add key store to manager, from now on keys manager destroys the store if
++ * needed
++ */
++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecKeysMngrAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Initialize crypto library specific data in keys manager
++ */
++ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecMSCryptoKeysMngrInit" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Set certificate databse to X509 key data store
++ */
++ /*-
++ * At present, MS Crypto engine do not provide a way to setup a cert store.
++ */
++
++ /*-
++ * Set the getKey callback
++ */
++ keyMngr->getKey = xmlSecKeysMngrGetKey ;
++
++ return keyMngr ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY symKey
++) {
++ /*TODO: import the key into keys manager.*/
++ return(0) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY pubKey
++) {
++ /*TODO: import the key into keys manager.*/
++ return(0) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY priKey
++) {
++ /*TODO: import the key into keys manager.*/
++ return(0) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE keyStore
++) {
++ xmlSecKeyDataStorePtr x509Store ;
++
++ xmlSecAssert2( mngr != NULL, -1 ) ;
++ xmlSecAssert2( keyStore != NULL, -1 ) ;
++
++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
++ if( x509Store == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
++ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ return( 0 ) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE trustedStore
++) {
++ xmlSecKeyDataStorePtr x509Store ;
++
++ xmlSecAssert2( mngr != NULL, -1 ) ;
++ xmlSecAssert2( trustedStore != NULL, -1 ) ;
++
++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
++ if( x509Store == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
++ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ return( 0 ) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE untrustedStore
++) {
++ xmlSecKeyDataStorePtr x509Store ;
++
++ xmlSecAssert2( mngr != NULL, -1 ) ;
++ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
++
++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
++ if( x509Store == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
++ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ return( 0 ) ;
++}
++
+--- misc/xmlsec1-1.2.12/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
+@@ -35,6 +35,9 @@
+ kw_des.c \
+ kw_aes.c \
+ globals.h \
++ akmngr.c \
++ keywrapers.c \
++ tokens.c \
+ $(NULL)
+
+ if SHAREDLIB_HACK
+--- misc/xmlsec1-1.2.12/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200
+@@ -61,7 +61,8 @@
+ am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
+ digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
+ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
+- ../strings.c
++ ../strings.c \
++ akmngr.c keywrapers.c tokens.c
+ am__objects_1 =
+ @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo
+ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
+@@ -72,6 +73,8 @@
+ libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
+ libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
+ libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
++ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \
++ libxmlsec1_nss_la-tokens.lo \
+ $(am__objects_1) $(am__objects_2)
+ libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
+ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+@@ -357,6 +360,7 @@
+ libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
+ digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
+ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
++ akmngr.c keywrapers.c tokens.c \
+ $(NULL) $(am__append_1)
+ libxmlsec1_nss_la_LIBADD = \
+ ../libxmlsec1.la \
+@@ -458,6 +462,9 @@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@
+
+ .c.o:
+ @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@@ -487,6 +494,27 @@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
++libxmlsec1_nss_la-akmngr.lo: akmngr.c
++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
++
++libxmlsec1_nss_la-keywrapers.lo: keywrapers.c
++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c
++
++libxmlsec1_nss_la-tokens.lo: tokens.c
++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
++
+ libxmlsec1_nss_la-bignum.lo: bignum.c
+ @am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo" -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c; \
+ @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-bignum.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo"; exit 1; fi
+--- misc/xmlsec1-1.2.12/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200
+@@ -1 +1,384 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright.........................
++ */
++#include "globals.h"
++
++#include <nspr.h>
++#include <nss.h>
++#include <pk11func.h>
++#include <cert.h>
++#include <keyhi.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++#include <xmlsec/errors.h>
++
++#include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/tokens.h>
++#include <xmlsec/nss/akmngr.h>
++#include <xmlsec/nss/pkikeys.h>
++#include <xmlsec/nss/ciphers.h>
++#include <xmlsec/nss/keysstore.h>
++
++/**
++ * xmlSecNssAppliedKeysMngrCreate:
++ * @slot: array of pointers to NSS PKCS#11 slot infomation.
++ * @cSlots: number of slots in the array
++ * @handler: the pointer to NSS certificate database.
++ *
++ * Create and load NSS crypto slot and certificate database into keys manager
++ *
++ * Returns keys manager pointer on success or NULL otherwise.
++ */
++xmlSecKeysMngrPtr
++xmlSecNssAppliedKeysMngrCreate(
++ PK11SlotInfo** slots,
++ int cSlots,
++ CERTCertDBHandle* handler
++) {
++ xmlSecKeyDataStorePtr certStore = NULL ;
++ xmlSecKeysMngrPtr keyMngr = NULL ;
++ xmlSecKeyStorePtr keyStore = NULL ;
++ int islot = 0;
++ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyStoreCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ for (islot = 0; islot < cSlots; islot++)
++ {
++ xmlSecNssKeySlotPtr keySlot ;
++
++ /* Create a key slot */
++ keySlot = xmlSecNssKeySlotCreate() ;
++ if( keySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeySlotCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ return NULL ;
++ }
++
++ /* Set slot */
++ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeySlotSetSlot" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return NULL ;
++ }
++
++ /* Adopt keySlot */
++ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeysStoreAdoptKeySlot" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return NULL ;
++ }
++ }
++
++ keyMngr = xmlSecKeysMngrCreate() ;
++ if( keyMngr == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Add key store to manager, from now on keys manager destroys the store if
++ * needed
++ */
++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecKeysMngrAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Initialize crypto library specific data in keys manager
++ */
++ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Set certificate databse to X509 key data store
++ */
++ /**
++ * Because Tej's implementation of certDB use the default DB, so I ignore
++ * the certDB handler at present. I'll modify the cert store sources to
++ * accept particular certDB instead of default ones.
++ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
++ if( certStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeyDataStoreX509SetCertDb" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++ */
++
++ /*-
++ * Set the getKey callback
++ */
++ keyMngr->getKey = xmlSecKeysMngrGetKey ;
++
++ return keyMngr ;
++}
++
++int
++xmlSecNssAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ PK11SymKey* symKey
++) {
++ xmlSecKeyPtr key ;
++ xmlSecKeyDataPtr data ;
++ xmlSecKeyStorePtr keyStore ;
++
++ xmlSecAssert2( mngr != NULL , -1 ) ;
++ xmlSecAssert2( symKey != NULL , -1 ) ;
++
++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetKeysStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
++
++ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ key = xmlSecKeyCreate() ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDestroy( key ) ;
++ return(-1) ;
++ }
++
++ return(0) ;
++}
++
++int
++xmlSecNssAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPublicKey* pubKey
++) {
++ xmlSecKeyPtr key ;
++ xmlSecKeyDataPtr data ;
++ xmlSecKeyStorePtr keyStore ;
++
++ xmlSecAssert2( mngr != NULL , -1 ) ;
++ xmlSecAssert2( pubKey != NULL , -1 ) ;
++
++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetKeysStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
++
++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssPKIAdoptKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ key = xmlSecKeyCreate() ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDestroy( key ) ;
++ return(-1) ;
++ }
++
++ return(0) ;
++}
++
++int
++xmlSecNssAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPrivateKey* priKey
++) {
++ xmlSecKeyPtr key ;
++ xmlSecKeyDataPtr data ;
++ xmlSecKeyStorePtr keyStore ;
++
++ xmlSecAssert2( mngr != NULL , -1 ) ;
++ xmlSecAssert2( priKey != NULL , -1 ) ;
++
++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetKeysStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
++
++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssPKIAdoptKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ key = xmlSecKeyCreate() ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDestroy( key ) ;
++ return(-1) ;
++ }
++
++ return(0) ;
++}
++
+--- misc/xmlsec1-1.2.12/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200
+@@ -23,8 +23,8 @@
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+-#include <xmlsec/nss/app.h>
+ #include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/tokens.h>
+
+ #define XMLSEC_NSS_MIN_HMAC_SIZE 40
+ #define XMLSEC_NSS_MAX_HMAC_SIZE 128
+@@ -284,13 +284,13 @@
+ keyItem.data = xmlSecBufferGetData(buffer);
+ keyItem.len = xmlSecBufferGetSize(buffer);
+
+- slot = PK11_GetBestSlot(ctx->digestType, NULL);
++ slot = xmlSecNssSlotGet(ctx->digestType);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+- "PK11_GetBestSlot",
++ "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+--- misc/xmlsec1-1.2.12/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200
+@@ -1,36 +1,56 @@
+ /**
+ * XMLSec library
+ *
+- * Nss keys store that uses Simple Keys Store under the hood. Uses the
+- * Nss DB as a backing store for the finding keys, but the NSS DB is
+- * not written to by the keys store.
+- * So, if store->findkey is done and the key is not found in the simple
+- * keys store, the NSS DB is looked up.
+- * If store is called to adopt a key, that key is not written to the NSS
+- * DB.
+- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
+- * source of keys for xmlsec
+- *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
++
++/**
++ * NSS key store uses a key list and a slot list as the key repository. NSS slot
++ * list is a backup repository for the finding keys. If a key is not found from
++ * the key list, the NSS slot list is looked up.
++ *
++ * Any key in the key list will not save to pkcs11 slot. When a store to called
++ * to adopt a key, the key is resident in the key list; While a store to called
++ * to set a is resident in the key list; While a store to called to set a slot
++ * list, which means that the keys in the listed slot can be used for xml sign-
++ * nature or encryption.
++ *
++ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
++ *
++ * The framework will decrease the user interfaces to administrate xmlSec crypto
++ * engine. He can only focus on NSS layer functions. For examples, after the
++ * user set up a slot list handler to the keys store, he do not need to do any
++ * other work atop xmlSec interfaces, his action on the slot list handler, such
++ * as add a token to, delete a token from the list, will directly effect the key
++ * store behaviors.
++ *
++ * For example, a scenariio:
++ * 0. Create a slot list;( NSS interfaces )
++ * 1. Create a keys store;( xmlSec interfaces )
++ * 2. Set slot list with the keys store;( xmlSec Interfaces )
++ * 3. Add a slot to the slot list;( NSS interfaces )
++ * 4. Perform xml signature; ( xmlSec Interfaces )
++ * 5. Deleter a slot from the slot list;( NSS interfaces )
++ * 6. Perform xml encryption; ( xmlSec Interfaces )
++ * 7. Perform xml signature;( xmlSec Interfaces )
++ * 8. Destroy the keys store;( xmlSec Interfaces )
++ * 8. Destroy the slot list.( NSS Interfaces )
++ */
+ #include "globals.h"
+
+ #include <stdlib.h>
+ #include <string.h>
+
+ #include <nss.h>
+-#include <cert.h>
+ #include <pk11func.h>
++#include <prinit.h>
+ #include <keyhi.h>
+
+-#include <libxml/tree.h>
+-
+ #include <xmlsec/xmlsec.h>
+-#include <xmlsec/buffer.h>
+-#include <xmlsec/base64.h>
++#include <xmlsec/keys.h>
+ #include <xmlsec/errors.h>
+ #include <xmlsec/xmltree.h>
+
+@@ -38,82 +58,464 @@
+
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/keysstore.h>
+-#include <xmlsec/nss/x509.h>
++#include <xmlsec/nss/tokens.h>
++#include <xmlsec/nss/ciphers.h>
+ #include <xmlsec/nss/pkikeys.h>
+
+ /****************************************************************************
+ *
+- * Nss Keys Store. Uses Simple Keys Store under the hood
++ * Internal NSS key store context
+ *
+- * Simple Keys Store ptr is located after xmlSecKeyStore
++ * This context is located after xmlSecKeyStore
+ *
+ ***************************************************************************/
++typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
++typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
++
++struct _xmlSecNssKeysStoreCtx {
++ xmlSecPtrListPtr keyList ;
++ xmlSecPtrListPtr slotList ;
++} ;
++
+ #define xmlSecNssKeysStoreSize \
+- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
++ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
+
+-#define xmlSecNssKeysStoreGetSS(store) \
+- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
+- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
+- (xmlSecKeyStorePtr*)NULL)
+-
+-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
+-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
+-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
+- const xmlChar* name,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
++#define xmlSecNssKeysStoreGetCtx( data ) \
++ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
+
+-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
+- sizeof(xmlSecKeyStoreKlass),
+- xmlSecNssKeysStoreSize,
++int xmlSecNssKeysStoreAdoptKeySlot(
++ xmlSecKeyStorePtr store ,
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( context->slotList == NULL ) {
++ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ }
++
++ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCheckId" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListAdd" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
+
+- /* data */
+- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
+-
+- /* constructors/destructor */
+- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+-
+- /* reserved for the future */
+- NULL, /* void* reserved0; */
+- NULL, /* void* reserved1; */
+-};
++ return 0 ;
++}
+
+-/**
+- * xmlSecNssKeysStoreGetKlass:
+- *
+- * The Nss list based keys store klass.
++int xmlSecNssKeysStoreAdoptKey(
++ xmlSecKeyStorePtr store ,
++ xmlSecKeyPtr key
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( context->keyList == NULL ) {
++ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ }
++
++ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCheckId" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListAdd" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ return 0 ;
++}
++
++/*
++ * xmlSecKeyStoreInitializeMethod:
++ * @store: the store.
++ *
++ * Keys store specific initialization method.
+ *
+- * Returns Nss list based keys store klass.
++ * Returns 0 on success or a negative value if an error occurs.
+ */
+-xmlSecKeyStoreId
+-xmlSecNssKeysStoreGetKlass(void) {
+- return(&xmlSecNssKeysStoreKlass);
++static int
++xmlSecNssKeysStoreInitialize(
++ xmlSecKeyStorePtr store
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ context->keyList = NULL ;
++ context->slotList = NULL ;
++
++ return 0 ;
+ }
+
+ /**
+- * xmlSecNssKeysStoreAdoptKey:
+- * @store: the pointer to Nss keys store.
+- * @key: the pointer to key.
+- *
+- * Adds @key to the @store.
+ *
+- * Returns 0 on success or a negative value if an error occurs.
++ * xmlSecKeyStoreFinalizeMethod:
++ * @store: the store.
++ *
++ * Keys store specific finalization (destroy) method.
+ */
+-int
+-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
+- xmlSecKeyStorePtr *ss;
+-
+- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+- xmlSecAssert2((key != NULL), -1);
++void
++xmlSecNssKeysStoreFinalize(
++ xmlSecKeyStorePtr store
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
++ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return ;
++ }
++
++ if( context->keyList != NULL ) {
++ xmlSecPtrListDestroy( context->keyList ) ;
++ context->keyList = NULL ;
++ }
++
++ if( context->slotList != NULL ) {
++ xmlSecPtrListDestroy( context->slotList ) ;
++ context->slotList = NULL ;
++ }
++}
+
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
++xmlSecKeyPtr
++xmlSecNssKeysStoreFindKeyFromSlot(
++ PK11SlotInfo* slot,
++ const xmlChar* name,
++ xmlSecKeyInfoCtxPtr keyInfoCtx
++) {
++ xmlSecKeyPtr key = NULL ;
++ xmlSecKeyDataPtr data = NULL ;
++ int length ;
++
++ xmlSecAssert2( slot != NULL , NULL ) ;
++ xmlSecAssert2( name != NULL , NULL ) ;
++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
++
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
++ PK11SymKey* symKey ;
++ PK11SymKey* curKey ;
++
++ /* Find symmetric key from the slot by name */
++ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
++ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
++ /* Check the key request */
++ length = PK11_GetKeyLength( curKey ) ;
++ length *= 8 ;
++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
++ ( length > 0 ) &&
++ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
++ continue ;
++
++ /* We find a eligible key */
++ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
++ if( data == NULL ) {
++ /* Do nothing */
++ }
++ break ;
++ }
++
++ /* Destroy the sym key list */
++ for( curKey = symKey ; curKey != NULL ; ) {
++ symKey = curKey ;
++ curKey = PK11_GetNextSymKey( symKey ) ;
++ PK11_FreeSymKey( symKey ) ;
++ }
++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
++ SECKEYPublicKeyList* pubKeyList ;
++ SECKEYPublicKey* pubKey ;
++ SECKEYPublicKeyListNode* curPub ;
++
++ /* Find asymmetric key from the slot by name */
++ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
++ pubKey = NULL ;
++ curPub = PUBKEY_LIST_HEAD(pubKeyList);
++ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
++ /* Check the key request */
++ length = SECKEY_PublicKeyStrength( curPub->key ) ;
++ length *= 8 ;
++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
++ ( length > 0 ) &&
++ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
++ continue ;
++
++ /* We find a eligible key */
++ pubKey = curPub->key ;
++ break ;
++ }
++
++ if( pubKey != NULL ) {
++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
++ if( data == NULL ) {
++ /* Do nothing */
++ }
++ }
++
++ /* Destroy the public key list */
++ SECKEY_DestroyPublicKeyList( pubKeyList ) ;
++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
++ SECKEYPrivateKeyList* priKeyList = NULL ;
++ SECKEYPrivateKey* priKey = NULL ;
++ SECKEYPrivateKeyListNode* curPri ;
++
++ /* Find asymmetric key from the slot by name */
++ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
++ priKey = NULL ;
++ curPri = PRIVKEY_LIST_HEAD(priKeyList);
++ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
++ /* Check the key request */
++ length = PK11_SignatureLen( curPri->key ) ;
++ length *= 8 ;
++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
++ ( length > 0 ) &&
++ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
++ continue ;
++
++ /* We find a eligible key */
++ priKey = curPri->key ;
++ break ;
++ }
++
++ if( priKey != NULL ) {
++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
++ if( data == NULL ) {
++ /* Do nothing */
++ }
++ }
++
++ /* Destroy the private key list */
++ SECKEY_DestroyPrivateKeyList( priKeyList ) ;
++ }
++
++ /* If we have gotten the key value */
++ if( data != NULL ) {
++ if( ( key = xmlSecKeyCreate() ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyDataDestroy( data ) ;
++ return NULL ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeySetValue" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyDestroy( key ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return NULL ;
++ }
++ }
+
+- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
++ return(key);
+ }
+
++
++/**
++ * xmlSecKeyStoreFindKeyMethod:
++ * @store: the store.
++ * @name: the desired key name.
++ * @keyInfoCtx: the pointer to key info context.
++ *
++ * Keys store specific find method. The caller is responsible for destroying
++ * the returned key using #xmlSecKeyDestroy method.
++ *
++ * Returns the pointer to a key or NULL if key is not found or an error occurs.
++ */
++static xmlSecKeyPtr
++xmlSecNssKeysStoreFindKey(
++ xmlSecKeyStorePtr store ,
++ const xmlChar* name ,
++ xmlSecKeyInfoCtxPtr keyInfoCtx
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++ xmlSecKeyPtr key = NULL ;
++ xmlSecNssKeySlotPtr keySlot = NULL ;
++ xmlSecSize pos ;
++ xmlSecSize size ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Look for key at keyList at first.
++ */
++ if( context->keyList != NULL ) {
++ size = xmlSecPtrListGetSize( context->keyList ) ;
++ for( pos = 0 ; pos < size ; pos ++ ) {
++ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
++ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
++ return xmlSecKeyDuplicate( key ) ;
++ }
++ }
++ }
++
++ /*-
++ * Find the key from slotList
++ */
++ if( context->slotList != NULL ) {
++ PK11SlotInfo* slot = NULL ;
++
++ size = xmlSecPtrListGetSize( context->slotList ) ;
++ for( pos = 0 ; pos < size ; pos ++ ) {
++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
++ if( slot == NULL ) {
++ continue ;
++ } else {
++ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
++ if( key == NULL ) {
++ continue ;
++ } else {
++ return( key ) ;
++ }
++ }
++ }
++ }
++
++ /*-
++ * Create a session key if we can not find the key from keyList and slotList
++ */
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
++ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecKeySetValue" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ return key ;
++ }
++
++ /**
++ * We have no way to find the key any more.
++ */
++ return NULL ;
++}
++
++static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
++ sizeof( xmlSecKeyStoreKlass ) ,
++ xmlSecNssKeysStoreSize ,
++ BAD_CAST "implicit_nss_keys_store" ,
++ xmlSecNssKeysStoreInitialize ,
++ xmlSecNssKeysStoreFinalize ,
++ xmlSecNssKeysStoreFindKey ,
++ NULL ,
++ NULL
++} ;
++
++/**
++ * xmlSecNssKeysStoreGetKlass:
++ *
++ * The simple list based keys store klass.
++ *
++ * Returns simple list based keys store klass.
++ */
++xmlSecKeyStoreId
++xmlSecNssKeysStoreGetKlass( void ) {
++ return &xmlSecNssKeysStoreKlass ;
++}
++
++/**************************
++ * Application routines
++ */
++
+ /**
+ * xmlSecNssKeysStoreLoad:
+ * @store: the pointer to Nss keys store.
+@@ -252,234 +654,147 @@
+ */
+ int
+ xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
+- xmlSecKeyStorePtr *ss;
++ xmlSecKeyInfoCtx keyInfoCtx;
++ xmlSecNssKeysStoreCtxPtr context ;
++ xmlSecPtrListPtr list;
++ xmlSecKeyPtr key;
++ xmlSecSize i, keysSize;
++ xmlDocPtr doc;
++ xmlNodePtr cur;
++ xmlSecKeyDataPtr data;
++ xmlSecPtrListPtr idsList;
++ xmlSecKeyDataId dataId;
++ xmlSecSize idsSize, j;
++ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+- xmlSecAssert2((filename != NULL), -1);
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
++ xmlSecAssert2(filename != NULL, -1);
+
+- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
+-}
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ xmlSecAssert2( context != NULL, -1 );
+
+-static int
+-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
+- xmlSecKeyStorePtr *ss;
++ list = context->keyList ;
++ xmlSecAssert2( list != NULL, -1 );
++ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
+
+- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2((*ss == NULL), -1);
+-
+- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+- if(*ss == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
++ /* create doc */
++ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
++ if(doc == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+- "xmlSecKeyStoreCreate",
++ "xmlSecCreateTree",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "xmlSecSimpleKeysStoreId");
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+- return(0);
+-}
++ idsList = xmlSecKeyDataIdsGet();
++ xmlSecAssert2(idsList != NULL, -1);
+
+-static void
+-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
+- xmlSecKeyStorePtr *ss;
+-
+- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert((ss != NULL) && (*ss != NULL));
+-
+- xmlSecKeyStoreDestroy(*ss);
+-}
++ keysSize = xmlSecPtrListGetSize(list);
++ idsSize = xmlSecPtrListGetSize(idsList);
++ for(i = 0; i < keysSize; ++i) {
++ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
++ xmlSecAssert2(key != NULL, -1);
+
+-static xmlSecKeyPtr
+-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlSecKeyStorePtr* ss;
+- xmlSecKeyPtr key = NULL;
+- xmlSecKeyPtr retval = NULL;
+- xmlSecKeyReqPtr keyReq = NULL;
+- CERTCertificate *cert = NULL;
+- SECKEYPublicKey *pubkey = NULL;
+- SECKEYPrivateKey *privkey = NULL;
+- xmlSecKeyDataPtr data = NULL;
+- xmlSecKeyDataPtr x509Data = NULL;
+- int ret;
+-
+- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
+- xmlSecAssert2(keyInfoCtx != NULL, NULL);
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
+-
+- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
+- if (key != NULL) {
+- return (key);
+- }
+-
+- /* Try to find the key in the NSS DB, and construct an xmlSecKey.
+- * we must have a name to lookup keys in NSS DB.
+- */
+- if (name == NULL) {
+- goto done;
+- }
+-
+- /* what type of key are we looking for?
+- * TBD: For now, we'll look only for public/private keys using the
+- * name as a cert nickname. Later on, we can attempt to find
+- * symmetric keys using PK11_FindFixedKey
+- */
+- keyReq = &(keyInfoCtx->keyReq);
+- if (keyReq->keyType &
+- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
+- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
+- if (cert == NULL) {
+- goto done;
+- }
+-
+- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
+- pubkey = CERT_ExtractPublicKey(cert);
+- if (pubkey == NULL) {
++ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
++ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_ExtractPublicKey",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+
+- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
+- privkey = PK11_FindKeyByAnyCert(cert, NULL);
+- if (privkey == NULL) {
++ /* special data key name */
++ if(xmlSecKeyGetName(key) != NULL) {
++ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "PK11_FindKeyByAnyCert",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeKeyName));
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+ }
+
+- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+- if(data == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssPKIAdoptKey",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- privkey = NULL;
+- pubkey = NULL;
+-
+- key = xmlSecKeyCreate();
+- if (key == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeyCreate",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return (NULL);
+- }
+-
+- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
+- if(x509Data == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeyDataCreate",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "transform=%s",
+- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+- goto done;
+- }
++ /* create nodes for other keys data */
++ for(j = 0; j < idsSize; ++j) {
++ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
++ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
++
++ if(dataId->dataNodeName == NULL) {
++ continue;
++ }
++
++ data = xmlSecKeyGetData(key, dataId);
++ if(data == NULL) {
++ continue;
++ }
+
+- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
+- if (ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssKeyDataX509AdoptKeyCert",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
+- }
+- cert = CERT_DupCertificate(cert);
+- if (cert == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_DupCertificate",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
++ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "node=%s",
++ xmlSecErrorsSafeString(dataId->dataNodeName));
++ xmlFreeDoc(doc);
++ return(-1);
++ }
+ }
+
+- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
++ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssKeyDataX509AdoptCert",
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+- cert = NULL;
+
+- ret = xmlSecKeySetValue(key, data);
+- if (ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeySetValue",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+- goto done;
+- }
+- data = NULL;
++ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
++ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
++ keyInfoCtx.keyReq.keyType = type;
++ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
+
+- ret = xmlSecKeyAdoptData(key, x509Data);
++ /* finally write key in the node */
++ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeyAdoptData",
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
+- }
+- x509Data = NULL;
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
++ xmlFreeDoc(doc);
++ return(-1);
++ }
+
+- retval = key;
+- key = NULL;
++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ }
+
+-done:
+- if (cert != NULL) {
+- CERT_DestroyCertificate(cert);
+- }
+- if (pubkey != NULL) {
+- SECKEY_DestroyPublicKey(pubkey);
+- }
+- if (privkey != NULL) {
+- SECKEY_DestroyPrivateKey(privkey);
+- }
+- if (data != NULL) {
+- xmlSecKeyDataDestroy(data);
+- }
+- if (x509Data != NULL) {
+- xmlSecKeyDataDestroy(x509Data);
+- }
+- if (key != NULL) {
+- xmlSecKeyDestroy(key);
++ /* now write result */
++ ret = xmlSaveFormatFile(filename, doc, 1);
++ if (ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSaveFormatFile",
++ XMLSEC_ERRORS_R_XML_FAILED,
++ "filename=%s",
++ xmlSecErrorsSafeString(filename));
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+
+- return (retval);
++ xmlFreeDoc(doc);
++ return(0);
+ }
+--- misc/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200
+@@ -1 +1,1213 @@
+-dummy
++/**
++ *
++ * XMLSec library
++ *
++ * AES Algorithm support
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright .................................
++ */
++#include "globals.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <string.h>
++
++#include <nss.h>
++#include <pk11func.h>
++#include <hasht.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/xmltree.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++#include <xmlsec/errors.h>
++
++#include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/ciphers.h>
++
++#define XMLSEC_NSS_AES128_KEY_SIZE 16
++#define XMLSEC_NSS_AES192_KEY_SIZE 24
++#define XMLSEC_NSS_AES256_KEY_SIZE 32
++#define XMLSEC_NSS_DES3_KEY_SIZE 24
++#define XMLSEC_NSS_DES3_KEY_LENGTH 24
++#define XMLSEC_NSS_DES3_IV_LENGTH 8
++#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
++
++static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
++ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
++};
++
++/*********************************************************************
++ *
++ * key wrap transforms
++ *
++ ********************************************************************/
++typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
++typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
++
++#define xmlSecNssKeyWrapSize \
++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
++
++#define xmlSecNssKeyWrapGetCtx( transform ) \
++ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
++
++struct _xmlSecNssKeyWrapCtx {
++ CK_MECHANISM_TYPE cipher ;
++ PK11SymKey* symkey ;
++ xmlSecKeyDataId keyId ;
++ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
++} ;
++
++static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
++static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
++static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
++ xmlSecKeyReqPtr keyReq);
++static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
++ xmlSecKeyPtr key);
++static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
++ int last,
++ xmlSecTransformCtxPtr transformCtx);
++static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
++
++static int
++xmlSecNssKeyWrapCheckId(
++ xmlSecTransformPtr transform
++) {
++ #ifndef XMLSEC_NO_DES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
++ return(1);
++ }
++ #endif /* XMLSEC_NO_DES */
++
++ #ifndef XMLSEC_NO_AES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
++
++ return(1);
++ }
++ #endif /* XMLSEC_NO_AES */
++
++ return(0);
++}
++
++static xmlSecSize
++xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
++#ifndef XMLSEC_NO_DES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
++ return(XMLSEC_NSS_DES3_KEY_SIZE);
++ } else
++#endif /* XMLSEC_NO_DES */
++
++#ifndef XMLSEC_NO_AES
++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
++ return(XMLSEC_NSS_AES128_KEY_SIZE);
++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
++ return(XMLSEC_NSS_AES192_KEY_SIZE);
++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
++ return(XMLSEC_NSS_AES256_KEY_SIZE);
++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
++ return(XMLSEC_NSS_AES256_KEY_SIZE);
++ } else
++#endif /* XMLSEC_NO_AES */
++
++ if(1)
++ return(0);
++}
++
++
++static int
++xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
++ xmlSecNssKeyWrapCtxPtr context ;
++ int ret;
++
++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ xmlSecAssert2( context != NULL , -1 ) ;
++
++ #ifndef XMLSEC_NO_DES
++ if( transform->id == xmlSecNssTransformKWDes3Id ) {
++ context->cipher = CKM_DES3_CBC ;
++ context->keyId = xmlSecNssKeyDataDesId ;
++ } else
++ #endif /* XMLSEC_NO_DES */
++
++ #ifndef XMLSEC_NO_AES
++ if( transform->id == xmlSecNssTransformKWAes128Id ) {
++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ if( transform->id == xmlSecNssTransformKWAes192Id ) {
++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ if( transform->id == xmlSecNssTransformKWAes256Id ) {
++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ #endif /* XMLSEC_NO_AES */
++
++
++ if( 1 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
++ NULL ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ context->symkey = NULL ;
++ context->material = NULL ;
++
++ return(0);
++}
++
++static void
++xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
++ xmlSecNssKeyWrapCtxPtr context ;
++
++ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
++ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ xmlSecAssert( context != NULL ) ;
++
++ if( context->symkey != NULL ) {
++ PK11_FreeSymKey( context->symkey ) ;
++ context->symkey = NULL ;
++ }
++
++ if( context->material != NULL ) {
++ xmlSecBufferDestroy(context->material);
++ context->material = NULL ;
++ }
++}
++
++static int
++xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
++ xmlSecNssKeyWrapCtxPtr context ;
++ xmlSecSize cipherSize = 0 ;
++
++
++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
++ xmlSecAssert2(keyReq != NULL, -1);
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ xmlSecAssert2( context != NULL , -1 ) ;
++
++ keyReq->keyId = context->keyId;
++ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
++ if(transform->operation == xmlSecTransformOperationEncrypt) {
++ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
++ } else {
++ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
++ }
++
++ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
++
++ return(0);
++}
++
++static int
++xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
++ xmlSecNssKeyWrapCtxPtr context = NULL ;
++ xmlSecKeyDataPtr keyData = NULL ;
++ PK11SymKey* symkey = NULL ;
++
++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
++ xmlSecAssert2(key != NULL, -1);
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
++
++ keyData = xmlSecKeyGetValue( key ) ;
++ if( keyData == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
++ "xmlSecKeyGetValue" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
++ "xmlSecNssSymKeyDataGetKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ context->symkey = symkey ;
++
++ return(0) ;
++}
++
++/**
++ * key wrap transform
++ */
++static int
++xmlSecNssKeyWrapCtxInit(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ xmlSecBufferPtr in ,
++ xmlSecBufferPtr out ,
++ int encrypt ,
++ xmlSecTransformCtxPtr transformCtx
++) {
++ xmlSecSize blockSize ;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( in != NULL , -1 ) ;
++ xmlSecAssert2( out != NULL , -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ if( ctx->material != NULL ) {
++ xmlSecBufferDestroy( ctx->material ) ;
++ ctx->material = NULL ;
++ }
++
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ ctx->material = xmlSecBufferCreate( blockSize ) ;
++ if( ctx->material == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* read raw key material into context */
++ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferSetData" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferRemoveHead" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ return(0);
++}
++
++/**
++ * key wrap transform update
++ */
++static int
++xmlSecNssKeyWrapCtxUpdate(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ xmlSecBufferPtr in ,
++ xmlSecBufferPtr out ,
++ int encrypt ,
++ xmlSecTransformCtxPtr transformCtx
++) {
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( in != NULL , -1 ) ;
++ xmlSecAssert2( out != NULL , -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ /* read raw key material and append into context */
++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferAppend" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferRemoveHead" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ return(0);
++}
++
++static int
++xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
++ xmlSecSize s;
++ xmlSecSize i;
++ xmlSecByte c;
++
++ xmlSecAssert2(buf != NULL, -1);
++
++ s = size / 2;
++ --size;
++ for(i = 0; i < s; ++i) {
++ c = buf[i];
++ buf[i] = buf[size - i];
++ buf[size - i] = c;
++ }
++ return(0);
++}
++
++static xmlSecByte *
++xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
++ xmlSecByte *out, xmlSecSize outSize)
++{
++ PK11Context *context = NULL;
++ SECStatus s;
++ xmlSecByte *digest = NULL;
++ unsigned int len;
++
++ xmlSecAssert2(in != NULL, NULL);
++ xmlSecAssert2(out != NULL, NULL);
++ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
++
++ /* Create a context for hashing (digesting) */
++ context = PK11_CreateDigestContext(SEC_OID_SHA1);
++ if (context == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_CreateDigestContext",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ s = PK11_DigestBegin(context);
++ if (s != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestBegin",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ s = PK11_DigestOp(context, in, inSize);
++ if (s != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestOp",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ s = PK11_DigestFinal(context, out, &len, outSize);
++ if (s != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestFinal",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++ xmlSecAssert2(len == SHA1_LENGTH, NULL);
++
++ digest = out;
++
++done:
++ if (context != NULL) {
++ PK11_DestroyContext(context, PR_TRUE);
++ }
++ return (digest);
++}
++
++static int
++xmlSecNssKWDes3Encrypt(
++ PK11SymKey* symKey ,
++ CK_MECHANISM_TYPE cipherMech ,
++ const xmlSecByte* iv ,
++ xmlSecSize ivSize ,
++ const xmlSecByte* in ,
++ xmlSecSize inSize ,
++ xmlSecByte* out ,
++ xmlSecSize outSize ,
++ int enc
++) {
++ PK11Context* EncContext = NULL;
++ SECItem ivItem ;
++ SECItem* secParam = NULL ;
++ int tmp1_outlen;
++ unsigned int tmp2_outlen;
++ int result_len = -1;
++ SECStatus rv;
++
++ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( symKey != NULL , -1 ) ;
++ xmlSecAssert2(iv != NULL, -1);
++ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
++ xmlSecAssert2(in != NULL, -1);
++ xmlSecAssert2(inSize > 0, -1);
++ xmlSecAssert2(out != NULL, -1);
++ xmlSecAssert2(outSize >= inSize, -1);
++
++ /* Prepare IV */
++ ivItem.data = ( unsigned char* )iv ;
++ ivItem.len = ivSize ;
++
++ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
++ if (secParam == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_ParamFromIV",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ EncContext = PK11_CreateContextBySymKey(cipherMech,
++ enc ? CKA_ENCRYPT : CKA_DECRYPT,
++ symKey, secParam);
++ if (EncContext == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_CreateContextBySymKey",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ tmp1_outlen = tmp2_outlen = 0;
++ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
++ (unsigned char *)in, inSize);
++ if (rv != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_CipherOp",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
++ &tmp2_outlen, outSize-tmp1_outlen);
++ if (rv != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestFinal",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ result_len = tmp1_outlen + tmp2_outlen;
++
++done:
++ if (secParam) {
++ SECITEM_FreeItem(secParam, PR_TRUE);
++ }
++ if (EncContext) {
++ PK11_DestroyContext(EncContext, PR_TRUE);
++ }
++
++ return(result_len);
++}
++
++static int
++xmlSecNssKeyWrapDesOp(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ int encrypt ,
++ xmlSecBufferPtr result
++) {
++ xmlSecByte sha1[SHA1_LENGTH];
++ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
++ xmlSecByte* in;
++ xmlSecSize inSize;
++ xmlSecByte* out;
++ xmlSecSize outSize;
++ xmlSecSize s;
++ int ret;
++ SECStatus status;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( result != NULL , -1 ) ;
++
++ in = xmlSecBufferGetData(ctx->material);
++ inSize = xmlSecBufferGetSize(ctx->material) ;
++ out = xmlSecBufferGetData(result);
++ outSize = xmlSecBufferGetMaxSize(result) ;
++ if( encrypt ) {
++ /* step 2: calculate sha1 and CMS */
++ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssComputeSHA1",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* step 3: construct WKCKS */
++ memcpy(out, in, inSize);
++ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
++
++ /* step 4: generate random iv */
++ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
++ if(status != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_GenerateRandom",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ return(-1);
++ }
++
++ /* step 5: first encryption, result is TEMP1 */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ iv, XMLSEC_NSS_DES3_IV_LENGTH,
++ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
++ out, outSize, 1);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* step 6: construct TEMP2=IV || TEMP1 */
++ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
++ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
++ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
++ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
++
++ /* step 7: reverse octets order, result is TEMP3 */
++ ret = xmlSecNssKWDes3BufferReverse(out, s);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3BufferReverse",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* step 8: second encryption with static IV */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
++ out, s,
++ out, outSize, 1);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ s = ret;
++
++ if( xmlSecBufferSetSize( result , s ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecBufferSetSize",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ } else {
++ /* step 2: first decryption with static IV, result is TEMP3 */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
++ in, inSize,
++ out, outSize, 0);
++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ s = ret;
++
++ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
++ ret = xmlSecNssKWDes3BufferReverse(out, s);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3BufferReverse",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ out, XMLSEC_NSS_DES3_IV_LENGTH,
++ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
++ out, outSize, 0);
++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
++
++ /* steps 6 and 7: calculate SHA1 and validate it */
++ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssComputeSHA1",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ NULL,
++ XMLSEC_ERRORS_R_INVALID_DATA,
++ "SHA1 does not match");
++ return(-1);
++ }
++
++ if( xmlSecBufferSetSize( result , s ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecBufferSetSize",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ }
++
++ return(0);
++}
++
++static int
++xmlSecNssKeyWrapAesOp(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ int encrypt ,
++ xmlSecBufferPtr result
++) {
++ PK11Context* cipherCtx = NULL;
++ SECItem ivItem ;
++ SECItem* secParam = NULL ;
++ xmlSecSize inSize ;
++ xmlSecSize inBlocks ;
++ int blockSize ;
++ int midSize ;
++ int finSize ;
++ xmlSecByte* out ;
++ xmlSecSize outSize;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( result != NULL , -1 ) ;
++
++ /* Do not set any IV */
++ memset(&ivItem, 0, sizeof(ivItem));
++
++ /* Get block size */
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ inSize = xmlSecBufferGetSize( ctx->material ) ;
++ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferSetMaxSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* Get Param for context initialization */
++ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_ParamFromIV" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
++ if( cipherCtx == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_CreateContextBySymKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ SECITEM_FreeItem( secParam , PR_TRUE ) ;
++ return(-1);
++ }
++
++ out = xmlSecBufferGetData(result) ;
++ outSize = xmlSecBufferGetMaxSize(result) ;
++ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_CipherOp" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_DigestFinal" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferSetSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ return 0 ;
++}
++
++/**
++ * Block cipher transform final
++ */
++static int
++xmlSecNssKeyWrapCtxFinal(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ xmlSecBufferPtr in ,
++ xmlSecBufferPtr out ,
++ int encrypt ,
++ xmlSecTransformCtxPtr transformCtx
++) {
++ PK11SymKey* targetKey ;
++ xmlSecSize blockSize ;
++ xmlSecBufferPtr result ;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( in != NULL , -1 ) ;
++ xmlSecAssert2( out != NULL , -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ /* read raw key material and append into context */
++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferAppend" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferRemoveHead" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* Now we get all of the key materail */
++ /* from now on we will wrap or unwrap the key */
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ result = xmlSecBufferCreate( blockSize ) ;
++ if( result == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ switch( ctx->cipher ) {
++ case CKM_DES3_CBC :
++ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssKeyWrapDesOp" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBufferDestroy(result);
++ return(-1);
++ }
++ break ;
++ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
++ case CKM_AES_CBC :
++ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssKeyWrapAesOp" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBufferDestroy(result);
++ return(-1);
++ }
++ break ;
++ }
++
++ /* Write output */
++ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferAppend" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBufferDestroy(result);
++ return(-1);
++ }
++ xmlSecBufferDestroy(result);
++
++ return(0);
++}
++
++static int
++xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
++ xmlSecNssKeyWrapCtxPtr context = NULL ;
++ xmlSecBufferPtr inBuf, outBuf ;
++ int operation ;
++ int rtv ;
++
++ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ inBuf = &( transform->inBuf ) ;
++ outBuf = &( transform->outBuf ) ;
++
++ if( transform->status == xmlSecTransformStatusNone ) {
++ transform->status = xmlSecTransformStatusWorking ;
++ }
++
++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
++ if( transform->status == xmlSecTransformStatusWorking ) {
++ if( context->material == NULL ) {
++ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
++ if( rtv < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapCtxInit" ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ }
++
++ if( context->material == NULL && last != 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ NULL ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ "No enough data to intialize transform" ) ;
++ return(-1);
++ }
++
++ if( context->material != NULL ) {
++ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
++ if( rtv < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapCtxUpdate" ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ }
++
++ if( last ) {
++ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
++ if( rtv < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapCtxFinal" ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ transform->status = xmlSecTransformStatusFinished ;
++ }
++ } else if( transform->status == xmlSecTransformStatusFinished ) {
++ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ NULL ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ "status=%d", transform->status ) ;
++ return(-1);
++ }
++ } else {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ NULL ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ "status=%d", transform->status ) ;
++ return(-1);
++ }
++
++ return(0);
++}
++
++#ifndef XMLSEC_NO_AES
++
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWAes128, /* const xmlChar* name; */
++ xmlSecHrefKWAes128, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWAes192, /* const xmlChar* name; */
++ xmlSecHrefKWAes192, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWAes256, /* const xmlChar* name; */
++ xmlSecHrefKWAes256, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++/**
++ * xmlSecNssTransformKWAes128GetKlass:
++ *
++ * The AES-128 key wrapper transform klass.
++ *
++ * Returns AES-128 key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWAes128GetKlass(void) {
++ return(&xmlSecNssKWAes128Klass);
++}
++
++/**
++ * xmlSecNssTransformKWAes192GetKlass:
++ *
++ * The AES-192 key wrapper transform klass.
++ *
++ * Returns AES-192 key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWAes192GetKlass(void) {
++ return(&xmlSecNssKWAes192Klass);
++}
++
++/**
++ *
++ * The AES-256 key wrapper transform klass.
++ *
++ * Returns AES-256 key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWAes256GetKlass(void) {
++ return(&xmlSecNssKWAes256Klass);
++}
++
++#endif /* XMLSEC_NO_AES */
++
++
++#ifndef XMLSEC_NO_DES
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWDes3, /* const xmlChar* name; */
++ xmlSecHrefKWDes3, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++/**
++ * xmlSecNssTransformKWDes3GetKlass:
++ *
++ * The Triple DES key wrapper transform klass.
++ *
++ * Returns Triple DES key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWDes3GetKlass(void) {
++ return(&xmlSecNssKWDes3Klass);
++}
++
++#endif /* XMLSEC_NO_DES */
++
+--- misc/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200
+@@ -24,6 +24,7 @@
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/bignum.h>
+ #include <xmlsec/nss/pkikeys.h>
++#include <xmlsec/nss/tokens.h>
+
+ /**************************************************************************
+ *
+@@ -115,6 +116,8 @@
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc)
+ {
+ xmlSecNSSPKIKeyDataCtxFree(ctxDst);
++ ctxDst->privkey = NULL ;
++ ctxDst->pubkey = NULL ;
+ if (ctxSrc->privkey != NULL) {
+ ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
+ if(ctxDst->privkey == NULL) {
+@@ -588,13 +591,13 @@
+ goto done;
+ }
+
+- slot = PK11_GetBestSlot(CKM_DSA, NULL);
++ slot = xmlSecNssSlotGet(CKM_DSA);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "PK11_GetBestSlot",
++ "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+@@ -792,14 +795,14 @@
+ if (slot != NULL) {
+ PK11_FreeSlot(slot);
+ }
+- if (ret != 0) {
++
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+- }
++
+ return(ret);
+ }
+
+@@ -818,7 +821,7 @@
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+@@ -940,7 +943,8 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_ParamGen",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "size=%d", sizeBits);
++ "size=%d, error code=%d", sizeBits, PORT_GetError());
++ ret = -1;
+ goto done;
+ }
+
+@@ -950,11 +954,12 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_VerifyParams",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "size=%d", sizeBits);
++ "size=%d, error code=%d", sizeBits, PORT_GetError());
++ ret = -1;
+ goto done;
+ }
+
+- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
++ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+@@ -964,8 +969,9 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+
++ ret = -1;
+ goto done;
+ }
+
+@@ -979,6 +985,8 @@
+ goto done;
+ }
+
++ privkey = NULL ;
++ pubkey = NULL ;
+ ret = 0;
+
+ done:
+@@ -991,16 +999,13 @@
+ if (pqgVerify != NULL) {
+ PK11_PQG_DestroyVerify(pqgVerify);
+ }
+- if (ret == 0) {
+- return (0);
+- }
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (privkey != NULL) {
+ SECKEY_DestroyPrivateKey(privkey);
+ }
+- return(-1);
++ return(ret);
+ }
+
+ static xmlSecKeyDataType
+@@ -1010,10 +1015,10 @@
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
+ if (ctx->privkey != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+- } else {
++ } else if( ctx->pubkey != NULL ) {
+ return(xmlSecKeyDataTypePublic);
+ }
+
+@@ -1027,7 +1032,7 @@
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+@@ -1216,13 +1221,13 @@
+ goto done;
+ }
+
+- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "PK11_GetBestSlot",
++ "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+@@ -1384,7 +1389,7 @@
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
+
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+@@ -1455,7 +1460,7 @@
+ params.keySizeInBits = sizeBits;
+ params.pe = 65537;
+
+- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+@@ -1525,7 +1530,7 @@
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+--- misc/xmlsec1-1.2.12/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200
+@@ -15,20 +15,41 @@
+ #include <stdio.h>
+ #include <string.h>
+
++#include <pk11func.h>
++#include <nss.h>
++
+ #include <xmlsec/xmlsec.h>
+ #include <xmlsec/xmltree.h>
++#include <xmlsec/base64.h>
+ #include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/ciphers.h>
++#include <xmlsec/nss/tokens.h>
+
+ /*****************************************************************************
+ *
+- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
++ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
+ *
+ ****************************************************************************/
++typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
++typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
++
++struct _xmlSecNssSymKeyDataCtx {
++ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
++ PK11SlotInfo* slot ; /* the key resident slot */
++ PK11SymKey* symkey ; /* the symmetic key */
++} ;
++
++#define xmlSecNssSymKeyDataSize \
++ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
++
++#define xmlSecNssSymKeyDataGetCtx( data ) \
++ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
++
+ static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
+ static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+@@ -67,107 +88,743 @@
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecNssSymKeyDataKlassCheck((data)->id))
+
++/**
++ * xmlSecNssSymKeyDataAdoptKey:
++ * @data: the pointer to symmetric key data.
++ * @symkey: the symmetric key
++ *
++ * Set the value of symmetric key data.
++ *
++ * Returns 0 on success or a negative value if an error occurs.
++ */
++int
++xmlSecNssSymKeyDataAdoptKey(
++ xmlSecKeyDataPtr data ,
++ PK11SymKey* symkey
++) {
++ xmlSecNssSymKeyDataCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
++ xmlSecAssert2( symkey != NULL, -1 ) ;
++
++ context = xmlSecNssSymKeyDataGetCtx( data ) ;
++ xmlSecAssert2(context != NULL, -1);
++
++ context->cipher = PK11_GetMechanism( symkey ) ;
++
++ if( context->slot != NULL ) {
++ PK11_FreeSlot( context->slot ) ;
++ context->slot = NULL ;
++ }
++ context->slot = PK11_GetSlotFromKey( symkey ) ;
++
++ if( context->symkey != NULL ) {
++ PK11_FreeSymKey( context->symkey ) ;
++ context->symkey = NULL ;
++ }
++ context->symkey = PK11_ReferenceSymKey( symkey ) ;
++
++ return 0 ;
++}
++
++xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
++ PK11SymKey* symKey
++) {
++ xmlSecKeyDataPtr data = NULL ;
++ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
++
++ xmlSecAssert2( symKey != NULL , NULL ) ;
++
++ mechanism = PK11_GetMechanism( symKey ) ;
++ switch( mechanism ) {
++ case CKM_DES3_KEY_GEN :
++ case CKM_DES3_CBC :
++ case CKM_DES3_MAC :
++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyDataCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "xmlSecNssKeyDataDesId" ) ;
++ return NULL ;
++ }
++ break ;
++ case CKM_AES_KEY_GEN :
++ case CKM_AES_CBC :
++ case CKM_AES_MAC :
++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyDataCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "xmlSecNssKeyDataDesId" ) ;
++ return NULL ;
++ }
++ break ;
++ default :
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "Unsupported mechanism" ) ;
++ return NULL ;
++ }
++
++ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataAdoptKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyDataDestroy( data ) ;
++ return NULL ;
++ }
++
++ return data ;
++}
++
++
++PK11SymKey*
++xmlSecNssSymKeyDataGetKey(
++ xmlSecKeyDataPtr data
++) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ PK11SymKey* symkey ;
++
++ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, NULL);
++
++ if( ctx->symkey != NULL ) {
++ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
++ } else {
++ symkey = NULL ;
++ }
++
++ return(symkey);
++}
++
+ static int
+ xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+-
+- return(xmlSecKeyDataBinaryValueInitialize(data));
++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
++
++ /* Set the block cipher mechanism */
++#ifndef XMLSEC_NO_DES
++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
++ ctx->cipher = CKM_DES3_KEY_GEN;
++ } else
++#endif /* XMLSEC_NO_DES */
++
++#ifndef XMLSEC_NO_AES
++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
++ ctx->cipher = CKM_AES_KEY_GEN;
++ } else
++#endif /* XMLSEC_NO_AES */
++
++ if(1) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ "Unsupported block cipher" ) ;
++ return(-1) ;
++ }
++
++ return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
++ xmlSecNssSymKeyDataCtxPtr ctxDst;
++ xmlSecNssSymKeyDataCtxPtr ctxSrc;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+-
+- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
++
++ ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
++ xmlSecAssert2(ctxDst != NULL, -1);
++
++ ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
++ xmlSecAssert2(ctxSrc != NULL, -1);
++
++ ctxDst->cipher = ctxSrc->cipher ;
++
++ if( ctxSrc->slot != NULL ) {
++ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
++ PK11_FreeSlot( ctxDst->slot ) ;
++ ctxDst->slot = NULL ;
++ }
++
++ if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
++ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
++ } else {
++ if( ctxDst->slot != NULL ) {
++ PK11_FreeSlot( ctxDst->slot ) ;
++ ctxDst->slot = NULL ;
++ }
++ }
++
++ if( ctxSrc->symkey != NULL ) {
++ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
++ PK11_FreeSymKey( ctxDst->symkey ) ;
++ ctxDst->symkey = NULL ;
++ }
++
++ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
++ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
++ } else {
++ if( ctxDst->symkey != NULL ) {
++ PK11_FreeSymKey( ctxDst->symkey ) ;
++ ctxDst->symkey = NULL ;
++ }
++ }
++
++ return(0);
+ }
+
+ static void
+ xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+-
+- xmlSecKeyDataBinaryValueFinalize(data);
++ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert(ctx != NULL);
++
++ if( ctx->slot != NULL ) {
++ PK11_FreeSlot( ctx->slot ) ;
++ ctx->slot = NULL ;
++ }
++
++ if( ctx->symkey != NULL ) {
++ PK11_FreeSymKey( ctx->symkey ) ;
++ ctx->symkey = NULL ;
++ }
++
++ ctx->cipher = CKM_INVALID_MECHANISM ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ PK11SymKey* symKey ;
++ PK11SlotInfo* slot ;
++ xmlSecBufferPtr keyBuf;
++ xmlSecSize len;
++ xmlSecKeyDataPtr data;
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ SECItem keyItem ;
++ int ret;
++
++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(node != NULL, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Create a new KeyData from a id */
++ data = xmlSecKeyDataCreate(id);
++ if(data == NULL ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ /* Create a buffer for raw symmetric key value */
++ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Read the raw key value */
++ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecBufferDestroy( keyBuf ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Get slot */
++ slot = xmlSecNssSlotGet(ctx->cipher);
++ if( slot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssSlotGet" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecBufferDestroy( keyBuf ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Wrap the raw key value SECItem */
++ keyItem.type = siBuffer ;
++ keyItem.data = xmlSecBufferGetData( keyBuf ) ;
++ keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
++
++ /* Import the raw key into slot temporalily and get the key handler*/
++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
++ if( symKey == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ImportSymKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ PK11_FreeSlot( slot ) ;
++ xmlSecBufferDestroy( keyBuf ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++ PK11_FreeSlot( slot ) ;
++
++ /* raw key material has been copied into symKey, it isn't used any more */
++ xmlSecBufferDestroy( keyBuf ) ;
++
++ /* Adopt the symmetric key into key data */
++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataBinaryValueSetBuffer",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++ /* symKey has been duplicated into data, it isn't used any more */
++ PK11_FreeSymKey( symKey ) ;
++
++ /* Check value */
++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyReqMatchKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(0);
++ }
+
+- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
++ ret = xmlSecKeySetValue(key, data);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeySetValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++
++ return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
++ PK11SymKey* symKey ;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+-
+- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(node != NULL, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Get symmetric key from "key" */
++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
++ if( symKey != NULL ) {
++ SECItem* keyItem ;
++ xmlSecBufferPtr keyBuf ;
++
++ /* Extract raw key data from symmetric key */
++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ExtractKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Get raw key data from "symKey" */
++ keyItem = PK11_GetKeyData( symKey ) ;
++ if(keyItem == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_GetKeyData",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Create key data buffer with raw kwy material */
++ keyBuf = xmlSecBufferCreate(keyItem->len) ;
++ if(keyBuf == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
++
++ /* Write raw key material into current xml node */
++ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferBase64NodeContentWrite",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecBufferDestroy(keyBuf);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++ xmlSecBufferDestroy(keyBuf);
++ PK11_FreeSymKey( symKey ) ;
++ }
++
++ return 0 ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ PK11SymKey* symKey ;
++ PK11SlotInfo* slot ;
++ xmlSecKeyDataPtr data;
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ SECItem keyItem ;
++ int ret;
++
++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(buf != NULL, -1);
++ xmlSecAssert2(bufSize != 0, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Create a new KeyData from a id */
++ data = xmlSecKeyDataCreate(id);
++ if(data == NULL ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ /* Get slot */
++ slot = xmlSecNssSlotGet(ctx->cipher);
++ if( slot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssSlotGet" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Wrap the raw key value SECItem */
++ keyItem.type = siBuffer ;
++ keyItem.data = buf ;
++ keyItem.len = bufSize ;
++
++ /* Import the raw key into slot temporalily and get the key handler*/
++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
++ if( symKey == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ImportSymKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Adopt the symmetric key into key data */
++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataBinaryValueSetBuffer",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSymKey( symKey ) ;
++ PK11_FreeSlot( slot ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++ /* symKey has been duplicated into data, it isn't used any more */
++ PK11_FreeSymKey( symKey ) ;
++ PK11_FreeSlot( slot ) ;
++
++ /* Check value */
++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyReqMatchKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(0);
++ }
+
+- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
++ ret = xmlSecKeySetValue(key, data);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeySetValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++
++ return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
++ PK11SymKey* symKey ;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(buf != NULL, -1);
++ xmlSecAssert2(bufSize != 0, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Get symmetric key from "key" */
++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
++ if( symKey != NULL ) {
++ SECItem* keyItem ;
++
++ /* Extract raw key data from symmetric key */
++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ExtractKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Get raw key data from "symKey" */
++ keyItem = PK11_GetKeyData( symKey ) ;
++ if(keyItem == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_GetKeyData",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ *bufSize = keyItem->len;
++ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
++ if( *buf == NULL ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ NULL,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ memcpy((*buf), keyItem->data, (*bufSize));
++ PK11_FreeSymKey( symKey ) ;
++ }
+
+- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
++ return 0 ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+- xmlSecBufferPtr buffer;
++ PK11SymKey* symkey ;
++ PK11SlotInfo* slot ;
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ int ret;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+- xmlSecAssert2(buffer != NULL, -1);
+-
+- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ if( sizeBits % 8 != 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ NULL,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "Symmetric key size must be octuple");
++ return(-1);
++ }
++
++ /* Get slot */
++ slot = xmlSecNssSlotGet(ctx->cipher);
++ if( slot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ "xmlSecNssSlotGet" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "PK11_Authenticate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ return -1 ;
++ }
++
++ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
++ if( symkey == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "PK11_KeyGen" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ return -1 ;
++ }
++
++ if( ctx->slot != NULL ) {
++ PK11_FreeSlot( ctx->slot ) ;
++ ctx->slot = NULL ;
++ }
++ ctx->slot = slot ;
++
++ if( ctx->symkey != NULL ) {
++ PK11_FreeSymKey( ctx->symkey ) ;
++ ctx->symkey = NULL ;
++ }
++ ctx->symkey = symkey ;
++
++ return 0;
+ }
+
+ static xmlSecKeyDataType
+ xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
+- xmlSecBufferPtr buffer;
++ xmlSecNssSymKeyDataCtxPtr context = NULL ;
++ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
+
+- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
++ context = xmlSecNssSymKeyDataGetCtx( data ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "xmlSecNssSymKeyDataGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return xmlSecKeyDataTypeUnknown ;
++ }
+
+- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
++ if( context->symkey != NULL ) {
++ type |= xmlSecKeyDataTypeSymmetric ;
++ } else {
++ type |= xmlSecKeyDataTypeUnknown ;
++ }
++
++ return type ;
+ }
+
+ static xmlSecSize
+ xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr context ;
++ unsigned int length = 0 ;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
++ context = xmlSecNssSymKeyDataGetCtx( data ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "xmlSecNssSymKeyDataGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return 0 ;
++ }
++
++ if( context->symkey != NULL ) {
++ length = PK11_GetKeyLength( context->symkey ) ;
++ length *= 8 ;
++ }
+
+- return(xmlSecKeyDataBinaryValueGetSize(data));
++ return length ;
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+- xmlSecKeyDataBinaryValueDebugDump(data, output);
++ /* print only size, everything else is sensitive */
++ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
++ xmlSecKeyDataGetSize(data)) ;
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+-
+- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
++
++ /* print only size, everything else is sensitive */
++ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
++ xmlSecKeyDataGetSize(data)) ;
+ }
+
+ static int
+@@ -201,7 +858,7 @@
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+- xmlSecKeyDataBinarySize,
++ xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+@@ -282,7 +939,7 @@
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+- xmlSecKeyDataBinarySize,
++ xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+@@ -364,7 +1021,7 @@
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+- xmlSecKeyDataBinarySize,
++ xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+--- misc/xmlsec1-1.2.12/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200
+@@ -1 +1,548 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright..................................
++ *
++ * Contributor(s): _____________________________
++ *
++ */
++
++/**
++ * In order to ensure that particular crypto operation is performed on
++ * particular crypto device, a subclass of xmlSecList is used to store slot and
++ * mechanism information.
++ *
++ * In the list, a slot is bound with a mechanism. If the mechanism is available,
++ * this mechanism only can perform on the slot; otherwise, it can perform on
++ * every eligibl slot in the list.
++ *
++ * When try to find a slot for a particular mechanism, the slot bound with
++ * avaliable mechanism will be looked up firstly.
++ */
++#include "globals.h"
++#include <string.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/errors.h>
++#include <xmlsec/list.h>
++
++#include <xmlsec/nss/tokens.h>
++
++int
++xmlSecNssKeySlotSetMechList(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE_PTR mechanismList
++) {
++ int counter ;
++
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( keySlot->mechanismList != CK_NULL_PTR ) {
++ xmlFree( keySlot->mechanismList ) ;
++
++ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
++ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
++ if( keySlot->mechanismList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++ for( ; counter >= 0 ; counter -- )
++ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
++ }
++
++ return( 0 );
++}
++
++int
++xmlSecNssKeySlotEnableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) {
++ int counter ;
++ CK_MECHANISM_TYPE_PTR newList ;
++
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( mechanism != CKM_INVALID_MECHANISM ) {
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
++ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
++ if( newList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
++ *( newList + counter ) = mechanism ;
++ for( counter -= 1 ; counter >= 0 ; counter -- )
++ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
++
++ xmlFree( keySlot->mechanismList ) ;
++ keySlot->mechanismList = newList ;
++ }
++
++ return(0);
++}
++
++int
++xmlSecNssKeySlotDisableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) {
++ int counter ;
++
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
++ if( *( keySlot->mechanismList + counter ) == mechanism ) {
++ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
++ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
++ }
++
++ break ;
++ }
++ }
++
++ return(0);
++}
++
++CK_MECHANISM_TYPE_PTR
++xmlSecNssKeySlotGetMechList(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ if( keySlot != NULL )
++ return keySlot->mechanismList ;
++ else
++ return NULL ;
++}
++
++int
++xmlSecNssKeySlotSetSlot(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) {
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( slot != NULL && keySlot->slot != slot ) {
++ if( keySlot->slot != NULL )
++ PK11_FreeSlot( keySlot->slot ) ;
++
++ if( keySlot->mechanismList != NULL ) {
++ xmlFree( keySlot->mechanismList ) ;
++ keySlot->mechanismList = NULL ;
++ }
++
++ keySlot->slot = PK11_ReferenceSlot( slot ) ;
++ }
++
++ return(0);
++}
++
++int
++xmlSecNssKeySlotInitialize(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) {
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
++ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
++
++ if( slot != NULL ) {
++ keySlot->slot = PK11_ReferenceSlot( slot ) ;
++ }
++
++ return(0);
++}
++
++void
++xmlSecNssKeySlotFinalize(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecAssert( keySlot != NULL ) ;
++
++ if( keySlot->mechanismList != NULL ) {
++ xmlFree( keySlot->mechanismList ) ;
++ keySlot->mechanismList = NULL ;
++ }
++
++ if( keySlot->slot != NULL ) {
++ PK11_FreeSlot( keySlot->slot ) ;
++ keySlot->slot = NULL ;
++ }
++
++}
++
++PK11SlotInfo*
++xmlSecNssKeySlotGetSlot(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ if( keySlot != NULL )
++ return keySlot->slot ;
++ else
++ return NULL ;
++}
++
++xmlSecNssKeySlotPtr
++xmlSecNssKeySlotCreate() {
++ xmlSecNssKeySlotPtr keySlot ;
++
++ /* Allocates a new xmlSecNssKeySlot and fill the fields */
++ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
++ if( keySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( NULL );
++ }
++ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
++
++ return( keySlot ) ;
++}
++
++int
++xmlSecNssKeySlotCopy(
++ xmlSecNssKeySlotPtr newKeySlot ,
++ xmlSecNssKeySlotPtr keySlot
++) {
++ CK_MECHANISM_TYPE_PTR mech ;
++ int counter ;
++
++ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
++ if( newKeySlot->slot != NULL )
++ PK11_FreeSlot( newKeySlot->slot ) ;
++
++ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
++ }
++
++ if( keySlot->mechanismList != CK_NULL_PTR ) {
++ xmlFree( newKeySlot->mechanismList ) ;
++
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
++ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
++ if( newKeySlot->mechanismList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++ for( ; counter >= 0 ; counter -- )
++ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
++ }
++
++ return( 0 );
++}
++
++xmlSecNssKeySlotPtr
++xmlSecNssKeySlotDuplicate(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecNssKeySlotPtr newKeySlot ;
++ int ret ;
++
++ xmlSecAssert2( keySlot != NULL , NULL ) ;
++
++ newKeySlot = xmlSecNssKeySlotCreate() ;
++ if( newKeySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( NULL );
++ }
++
++ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( NULL );
++ }
++
++ return( newKeySlot );
++}
++
++void
++xmlSecNssKeySlotDestroy(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecAssert( keySlot != NULL ) ;
++
++ if( keySlot->mechanismList != NULL )
++ xmlFree( keySlot->mechanismList ) ;
++
++ if( keySlot->slot != NULL )
++ PK11_FreeSlot( keySlot->slot ) ;
++
++ xmlFree( keySlot ) ;
++}
++
++int
++xmlSecNssKeySlotBindMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) {
++ int counter ;
++
++ xmlSecAssert2( keySlot != NULL , 0 ) ;
++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
++
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
++ if( *( keySlot->mechanismList + counter ) == type )
++ return(1) ;
++ }
++
++ return( 0 ) ;
++}
++
++int
++xmlSecNssKeySlotSupportMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) {
++ xmlSecAssert2( keySlot != NULL , 0 ) ;
++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
++
++ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
++ return(1);
++ } else
++ return(0);
++}
++
++void
++xmlSecNssKeySlotDebugDump(
++ xmlSecNssKeySlotPtr keySlot ,
++ FILE* output
++) {
++ xmlSecAssert( keySlot != NULL ) ;
++ xmlSecAssert( output != NULL ) ;
++
++ fprintf( output, "== KEY SLOT\n" );
++}
++
++void
++xmlSecNssKeySlotDebugXmlDump(
++ xmlSecNssKeySlotPtr keySlot ,
++ FILE* output
++) {
++}
++
++/**
++ * Key Slot List
++ */
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
++#else
++static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
++#endif
++ BAD_CAST "mechanism-list",
++ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
++ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
++};
++
++xmlSecPtrListId
++xmlSecNssKeySlotListGetKlass(void) {
++ return(&xmlSecNssKeySlotPtrListKlass);
++}
++
++
++/*-
++ * Global PKCS#11 crypto token repository -- Key slot list
++ */
++static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
++
++PK11SlotInfo*
++xmlSecNssSlotGet(
++ CK_MECHANISM_TYPE type
++) {
++ PK11SlotInfo* slot = NULL ;
++ xmlSecNssKeySlotPtr keySlot ;
++ xmlSecSize ksSize ;
++ xmlSecSize ksPos ;
++ char flag ;
++
++ if( _xmlSecNssKeySlotList == NULL ) {
++ slot = PK11_GetBestSlot( type , NULL ) ;
++ } else {
++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
++
++ /*-
++ * Firstly, checking whether the mechanism is bound with a special slot.
++ * If no bound slot, we try to find the first eligible slot in the list.
++ */
++ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
++ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
++ flag = 2 ;
++ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
++ flag = 1 ;
++ }
++
++ if( flag == 2 )
++ break ;
++ }
++ if( slot != NULL )
++ slot = PK11_ReferenceSlot( slot ) ;
++ }
++
++ if( slot != NULL && PK11_NeedLogin( slot ) ) {
++ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ return( NULL );
++ }
++ }
++
++ return slot ;
++}
++
++int
++xmlSecNssSlotInitialize(
++ void
++) {
++ if( _xmlSecNssKeySlotList != NULL ) {
++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
++ _xmlSecNssKeySlotList = NULL ;
++ }
++
++ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
++ if( _xmlSecNssKeySlotList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++
++ return(0);
++}
++
++void
++xmlSecNssSlotShutdown(
++ void
++) {
++ if( _xmlSecNssKeySlotList != NULL ) {
++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
++ _xmlSecNssKeySlotList = NULL ;
++ }
++}
++
++int
++xmlSecNssSlotAdopt(
++ PK11SlotInfo* slot,
++ CK_MECHANISM_TYPE type
++) {
++ xmlSecNssKeySlotPtr keySlot ;
++ xmlSecSize ksSize ;
++ xmlSecSize ksPos ;
++ char flag ;
++
++ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
++ xmlSecAssert2( slot != NULL, -1 ) ;
++
++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
++
++ /*-
++ * Firstly, checking whether the slot is in the repository already.
++ */
++ flag = 0 ;
++ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
++ /* If find the slot in the list */
++ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
++ /* If mechnism type is valid, bind the slot with the mechanism */
++ if( type != CKM_INVALID_MECHANISM ) {
++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ }
++
++ flag = 1 ;
++ }
++ }
++
++ /* If the slot do not in the list, add a new item to the list */
++ if( flag == 0 ) {
++ /* Create a new KeySlot */
++ keySlot = xmlSecNssKeySlotCreate() ;
++ if( keySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* Initialize the keySlot with a slot */
++ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return(-1);
++ }
++
++ /* If mechnism type is valid, bind the slot with the mechanism */
++ if( type != CKM_INVALID_MECHANISM ) {
++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return(-1);
++ }
++ }
++
++ /* Add keySlot into the list */
++ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return(-1);
++ }
++ }
++
++ return(0);
++}
++
+--- misc/xmlsec1-1.2.12/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200
+@@ -34,7 +34,6 @@
+ #include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/keysmngr.h>
+-#include <xmlsec/x509.h>
+ #include <xmlsec/base64.h>
+ #include <xmlsec/errors.h>
+
+@@ -61,33 +60,18 @@
+ static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+@@ -104,9 +88,6 @@
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
+ int base64LineWrap);
+-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
+-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
+-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
+ static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
+ FILE* output);
+ static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
+@@ -752,31 +733,22 @@
+ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
++ xmlNodePtr cur;
++ xmlChar* buf;
+ CERTCertificate* cert;
+ CERTSignedCrl* crl;
+ xmlSecSize size, pos;
+- int content = 0;
+- int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+- if (content < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecX509DataGetNodeContent",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "content=%d", content);
+- return(-1);
+- } else if(content == 0) {
+- /* by default we are writing certificates and crls */
+- content = XMLSEC_X509DATA_DEFAULT;
++ /* todo: flag in ctx remove all existing content */
++ if(0) {
++ xmlNodeSetContent(node, NULL);
+ }
+
+- /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+@@ -796,79 +768,74 @@
+ return(-1);
+ }
+
+- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
++ /* set base64 lines size from context */
++ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
++ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509CertificateNodeWrite",
++ "xmlSecNssX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+- }
+ }
+
+- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
++ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
++ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509SubjectNameNodeWrite",
++ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
++ "node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
++ xmlFree(buf);
+ return(-1);
+- }
+ }
++ /* todo: add \n around base64 data - from context */
++ /* todo: add errors check */
++ xmlNodeSetContent(cur, xmlSecStringCR);
++ xmlNodeSetContent(cur, buf);
++ xmlFree(buf);
++ }
+
+- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509IssuerSerialNodeWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
++ /* write crls */
++ size = xmlSecNssKeyDataX509GetCrlsSize(data);
++ for(pos = 0; pos < size; ++pos) {
++ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
++ if(crl == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssKeyDataX509GetCrl",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "pos=%d", pos);
++ return(-1);
+ }
+
+- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509SKINodeWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
++ /* set base64 lines size from context */
++ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
++ if(buf == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssX509CrlBase64DerWrite",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
+ }
+- }
+
+- /* write crls if needed */
+- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+- size = xmlSecNssKeyDataX509GetCrlsSize(data);
+- for(pos = 0; pos < size; ++pos) {
+- crl = xmlSecNssKeyDataX509GetCrl(data, pos);
+- if(crl == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssKeyDataX509GetCrl",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
+-
+- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509CRLNodeWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
+- }
++ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
++ if(cur == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "new_node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
++ xmlFree(buf);
++ return(-1);
++ }
++ /* todo: add \n around base64 data - from context */
++ /* todo: add errors check */
++ xmlNodeSetContent(cur, xmlSecStringCR);
++ xmlNodeSetContent(cur, buf);
+ }
+
+ return(0);
+@@ -1057,46 +1024,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlChar* buf;
+- xmlNodePtr cur;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+- xmlSecAssert2(keyInfoCtx != NULL, -1);
+-
+- /* set base64 lines size from context */
+- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509CertBase64DerWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+- xmlFree(buf);
+- return(-1);
+- }
+-
+- /* todo: add \n around base64 data - from context */
+- /* todo: add errors check */
+- xmlNodeSetContent(cur, xmlSecStringCR);
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+@@ -1120,19 +1047,13 @@
+ }
+
+ subject = xmlNodeGetContent(node);
+- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+- if(subject != NULL) {
+- xmlFree(subject);
+- }
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
++ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+- }
+- return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+@@ -1169,40 +1090,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlChar* buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- buf = xmlSecNssX509NameWrite(&(cert->subject));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameWrite(&(cert->subject))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+- xmlFree(buf);
+- return(-1);
+- }
+- xmlSecNodeEncodeAndSetContent(cur, buf);
+- xmlFree(buf);
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+@@ -1228,21 +1115,9 @@
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+- if(cur == NULL) {
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+- return(-1);
+- }
+- return(0);
+- }
+
+ /* the first is required node X509IssuerName */
+- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
++ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+@@ -1336,78 +1211,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlNodePtr cur;
+- xmlNodePtr issuerNameNode;
+- xmlNodePtr issuerNumberNode;
+- xmlChar* buf;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- /* create xml nodes */
+- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+- return(-1);
+- }
+-
+- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+- if(issuerNameNode == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+- return(-1);
+- }
+-
+- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+- if(issuerNumberNode == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+- return(-1);
+- }
+-
+- /* write data */
+- buf = xmlSecNssX509NameWrite(&(cert->issuer));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameWrite(&(cert->issuer))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+- xmlFree(buf);
+-
+- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+- xmlNodeSetContent(issuerNumberNode, buf);
+- xmlFree(buf);
+-
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+@@ -1431,11 +1234,7 @@
+ }
+
+ ski = xmlNodeGetContent(node);
+- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+- if(ski != NULL) {
+- xmlFree(ski);
+- }
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
++ if(ski == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+@@ -1443,8 +1242,6 @@
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+- }
+- return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+@@ -1479,41 +1276,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlChar *buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- buf = xmlSecNssX509SKIWrite(cert);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509SKIWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "new_node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+- xmlFree(buf);
+- return(-1);
+- }
+- xmlSecNodeEncodeAndSetContent(cur, buf);
+- xmlFree(buf);
+-
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+@@ -1524,19 +1286,13 @@
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+- if(content != NULL) {
+- xmlFree(content);
+- }
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
++ if(content == NULL){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+- }
+- return(0);
+ }
+
+ crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
+@@ -1556,47 +1312,6 @@
+ }
+
+ static int
+-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlChar* buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(crl != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+- xmlSecAssert2(keyInfoCtx != NULL, -1);
+-
+- /* set base64 lines size from context */
+- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509CrlBase64DerWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "new_node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+- xmlFree(buf);
+- return(-1);
+- }
+- /* todo: add \n around base64 data - from context */
+- /* todo: add errors check */
+- xmlNodeSetContent(cur, xmlSecStringCR);
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+-
+- return(0);
+-}
+-
+-
+-static int
+ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecNssX509DataCtxPtr ctx;
+@@ -1604,6 +1319,10 @@
+ int ret;
+ SECStatus status;
+ PRTime notBefore, notAfter;
++
++ PK11SlotInfo* slot ;
++ SECKEYPublicKey *pubKey = NULL;
++ SECKEYPrivateKey *priKey = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+@@ -1636,10 +1355,14 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+-
++
++ /*-
++ * Get Public key from cert, which does not always work for sign
++ * action.
++ *
+ keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+@@ -1649,6 +1372,54 @@
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
++ */
++ /*-
++ * I'll search key according to KeyReq.
++ */
++ slot = cert->slot ;
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
++ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "PK11_FindPrivateKeyFromCert" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ }
++
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
++ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "CERT_ExtractPublicKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++
++ if( priKey != NULL )
++ SECKEY_DestroyPrivateKey( priKey ) ;
++ return -1 ;
++ }
++ }
++
++ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
++ if( keyValue == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "xmlSecNssPKIAdoptKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ if( priKey != NULL )
++ SECKEY_DestroyPrivateKey( priKey ) ;
++
++ if( pubKey != NULL )
++ SECKEY_DestroyPublicKey( pubKey ) ;
++
++ return -1 ;
++ }
++ /* Modify keyValue get Done */
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+@@ -1950,86 +1721,6 @@
+ return(res);
+ }
+
+-static xmlChar*
+-xmlSecNssX509NameWrite(CERTName* nm) {
+- xmlChar *res = NULL;
+- char *str;
+-
+- xmlSecAssert2(nm != NULL, NULL);
+-
+- str = CERT_NameToAscii(nm);
+- if (str == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_NameToAscii",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(NULL);
+- }
+-
+- res = xmlStrdup(BAD_CAST str);
+- if(res == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlStrdup",
+- XMLSEC_ERRORS_R_MALLOC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- PORT_Free(str);
+- return(NULL);
+- }
+- PORT_Free(str);
+- return(res);
+-}
+-
+-static xmlChar*
+-xmlSecNssASN1IntegerWrite(SECItem *num) {
+- xmlChar *res = NULL;
+-
+- xmlSecAssert2(num != NULL, NULL);
+-
+- /* TODO : to be implemented after
+- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
+- */
+- return(res);
+-}
+-
+-static xmlChar*
+-xmlSecNssX509SKIWrite(CERTCertificate* cert) {
+- xmlChar *res = NULL;
+- SECItem ski;
+- SECStatus rv;
+-
+- xmlSecAssert2(cert != NULL, NULL);
+-
+- memset(&ski, 0, sizeof(ski));
+-
+- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
+- if (rv != SECSuccess) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_FindSubjectKeyIDExtension",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- SECITEM_FreeItem(&ski, PR_FALSE);
+- return(NULL);
+- }
+-
+- res = xmlSecBase64Encode(ski.data, ski.len, 0);
+- if(res == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecBase64Encode",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- SECITEM_FreeItem(&ski, PR_FALSE);
+- return(NULL);
+- }
+- SECITEM_FreeItem(&ski, PR_FALSE);
+-
+- return(res);
+-}
+-
+-
+ static void
+ xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
+ SECItem *sn;
+--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200
+@@ -30,6 +30,7 @@
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/keysmngr.h>
+ #include <xmlsec/base64.h>
++#include <xmlsec/bn.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
+@@ -61,17 +62,7 @@
+
+ static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
+ static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+-static int xmlSecNssX509NameStringRead (xmlSecByte **str,
+- int *strLen,
+- xmlSecByte *res,
+- int resLen,
+- xmlSecByte delim,
+- int ingoreTrailingSpaces);
+-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
+- int len);
+-
+-static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
+-
++static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
+
+ static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
+ sizeof(xmlSecKeyDataStoreKlass),
+@@ -343,40 +334,28 @@
+ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
+ xmlChar *issuerSerial, xmlChar *ski) {
+ CERTCertificate *cert = NULL;
+- xmlChar *p = NULL;
+ CERTName *name = NULL;
+ SECItem *nameitem = NULL;
+ PRArenaPool *arena = NULL;
+
+ if (subjectName != NULL) {
+- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
+- if (p == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "subject=%s",
+- xmlSecErrorsSafeString(subjectName));
+- goto done;
+- }
+-
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+- name = CERT_AsciiToName((char*)p);
++ name = CERT_AsciiToName((char*)subjectName);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_AsciiToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+@@ -398,34 +377,23 @@
+ if((issuerName != NULL) && (issuerSerial != NULL)) {
+ CERTIssuerAndSN issuerAndSN;
+
+- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
+- if (p == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "issuer=%s",
+- xmlSecErrorsSafeString(issuerName));
+- goto done;
+- }
+-
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+- name = CERT_AsciiToName((char*)p);
++ name = CERT_AsciiToName((char*)issuerName);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_AsciiToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+@@ -445,8 +413,15 @@
+ issuerAndSN.derIssuer.data = nameitem->data;
+ issuerAndSN.derIssuer.len = nameitem->len;
+
+- /* TBD: serial num can be arbitrarily long */
+- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
++ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssIntegerToItem",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "serial number=%s",
++ xmlSecErrorsSafeString(issuerSerial));
++ goto done;
++ }
+
+ cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
+ &issuerAndSN);
+@@ -477,9 +452,6 @@
+ }
+
+ done:
+- if (p != NULL) {
+- PORT_Free(p);
+- }
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+@@ -490,226 +462,76 @@
+ return(cert);
+ }
+
+-/**
+- * xmlSecNssX509NameRead:
+- */
+-static xmlSecByte *
+-xmlSecNssX509NameRead(xmlSecByte *str, int len) {
+- xmlSecByte name[256];
+- xmlSecByte value[256];
+- xmlSecByte *retval = NULL;
+- xmlSecByte *p = NULL;
+- int nameLen, valueLen;
++static int
++xmlSecNssIntegerToItem(
++ const xmlChar* integer ,
++ SECItem *item
++) {
++ xmlSecBn bn ;
++ xmlSecSize i, length ;
++ const xmlSecByte* bnInteger ;
+
+- xmlSecAssert2(str != NULL, NULL);
+-
+- /* return string should be no longer than input string */
+- retval = (xmlSecByte *)PORT_Alloc(len+1);
+- if(retval == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "PORT_Alloc",
+- XMLSEC_ERRORS_R_MALLOC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(NULL);
+- }
+- p = retval;
+-
+- while(len > 0) {
+- /* skip spaces after comma or semicolon */
+- while((len > 0) && isspace(*str)) {
+- ++str; --len;
+- }
++ xmlSecAssert2( integer != NULL, -1 ) ;
++ xmlSecAssert2( item != NULL, -1 ) ;
+
+- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
+- if(nameLen < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
++ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- "xmlSecNssX509NameStringRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "xmlSecBnInitialize",
++ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- memcpy(p, name, nameLen);
+- p+=nameLen;
+- *p++='=';
+- if(len > 0) {
+- ++str; --len;
+- if((*str) == '\"') {
+- valueLen = xmlSecNssX509NameStringRead(&str, &len,
+- value, sizeof(value), '"', 1);
+- if(valueLen < 0) {
++ return -1 ;
++ }
++
++ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- "xmlSecNssX509NameStringRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "xmlSecBnFromDecString",
++ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- /* skip spaces before comma or semicolon */
+- while((len > 0) && isspace(*str)) {
+- ++str; --len;
+- }
+- if((len > 0) && ((*str) != ',')) {
++ xmlSecBnFinalize( &bn ) ;
++ return -1 ;
++ }
++
++ length = xmlSecBnGetSize( &bn ) ;
++ if( length <= 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- NULL,
++ "xmlSecBnGetSize",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+- "comma is expected");
+- goto done;
+- }
+- if(len > 0) {
+- ++str; --len;
+- }
+- *p++='\"';
+- memcpy(p, value, valueLen);
+- p+=valueLen;
+- *p++='\"';
+- } else if((*str) == '#') {
+- /* TODO: read octect values */
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- NULL,
+- XMLSEC_ERRORS_R_INVALID_DATA,
+- "reading octect values is not implemented yet");
+- goto done;
+- } else {
+- valueLen = xmlSecNssX509NameStringRead(&str, &len,
+- value, sizeof(value), ',', 1);
+- if(valueLen < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameStringRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- memcpy(p, value, valueLen);
+- p+=valueLen;
+- if (len > 0)
+- *p++=',';
+- }
+- } else {
+- valueLen = 0;
+- }
+- if(len > 0) {
+- ++str; --len;
+- }
+ }
+
+- *p = 0;
+- return(retval);
+-
+-done:
+- PORT_Free(retval);
+- return (NULL);
+-}
+-
+-
+-
+-/**
+- * xmlSecNssX509NameStringRead:
+- */
+-static int
+-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
+- xmlSecByte *res, int resLen,
+- xmlSecByte delim, int ingoreTrailingSpaces) {
+- xmlSecByte *p, *q, *nonSpace;
+-
+- xmlSecAssert2(str != NULL, -1);
+- xmlSecAssert2(strLen != NULL, -1);
+- xmlSecAssert2(res != NULL, -1);
+-
+- p = (*str);
+- nonSpace = q = res;
+- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
+- if((*p) != '\\') {
+- if(ingoreTrailingSpaces && !isspace(*p)) {
+- nonSpace = q;
+- }
+- *(q++) = *(p++);
+- } else {
+- ++p;
+- nonSpace = q;
+- if(xmlSecIsHex((*p))) {
+- if((p - (*str) + 1) >= (*strLen)) {
++ bnInteger = xmlSecBnGetData( &bn ) ;
++ if( bnInteger == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- NULL,
++ "xmlSecBnGetData",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+- "two hex digits expected");
+- return(-1);
+- }
+- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
+- p += 2;
+- } else {
+- if(((++p) - (*str)) >= (*strLen)) {
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBnFinalize( &bn ) ;
++ return -1 ;
++ }
++
++ item->data = ( unsigned char * )PORT_Alloc( length );
++ if( item->data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- NULL,
++ "PORT_Alloc",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+- "escaped symbol missed");
+- return(-1);
+- }
+- *(q++) = *(p++);
+- }
+- }
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBnFinalize( &bn ) ;
++ return -1 ;
+ }
+- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- NULL,
+- XMLSEC_ERRORS_R_INVALID_SIZE,
+- "buffer is too small");
+- return(-1);
+- }
+- (*strLen) -= (p - (*str));
+- (*str) = p;
+- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
+-}
+
+-/* code lifted from NSS */
+-static void
+-xmlSecNssNumToItem(SECItem *it, unsigned long ui)
+-{
+- unsigned char bb[5];
+- int len;
+-
+- bb[0] = 0;
+- bb[1] = (unsigned char) (ui >> 24);
+- bb[2] = (unsigned char) (ui >> 16);
+- bb[3] = (unsigned char) (ui >> 8);
+- bb[4] = (unsigned char) (ui);
+-
+- /*
+- ** Small integers are encoded in a single byte. Larger integers
+- ** require progressively more space.
+- */
+- if (ui > 0x7f) {
+- if (ui > 0x7fff) {
+- if (ui > 0x7fffffL) {
+- if (ui >= 0x80000000L) {
+- len = 5;
+- } else {
+- len = 4;
+- }
+- } else {
+- len = 3;
+- }
+- } else {
+- len = 2;
+- }
+- } else {
+- len = 1;
+- }
++ item->len = length;
+
+- it->data = (unsigned char *)PORT_Alloc(len);
+- if (it->data == NULL) {
+- return;
+- }
++ for( i = 0 ; i < length ; i ++ )
++ item->data[i] = *( bnInteger + i ) ;
++
++ xmlSecBnFinalize( &bn ) ;
+
+- it->len = len;
+- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
++ return 0 ;
+ }
+ #endif /* XMLSEC_NO_X509 */
+
+--- misc/xmlsec1-1.2.12/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200
+@@ -223,6 +223,9 @@
+ $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
+
+ XMLSEC_NSS_OBJS = \
++ $(XMLSEC_NSS_INTDIR)\akmngr.obj\
++ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
++ $(XMLSEC_NSS_INTDIR)\tokens.obj\
+ $(XMLSEC_NSS_INTDIR)\app.obj\
+ $(XMLSEC_NSS_INTDIR)\bignum.obj\
+ $(XMLSEC_NSS_INTDIR)\ciphers.obj \
+@@ -258,6 +261,7 @@
+ $(XMLSEC_NSS_INTDIR_A)\strings.obj
+
+ XMLSEC_MSCRYPTO_OBJS = \
++ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
diff --git a/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch b/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch
new file mode 100644
index 000000000000..87a4bb55d1a2
--- /dev/null
+++ b/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch
@@ -0,0 +1,62 @@
+--- misc/xmlsec1-1.2.12/src/mscrypto/Makefile.am 2009-06-26 05:53:18.000000000 +0900
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/Makefile.am 2009-09-30 18:53:05.373000000 +0900
+@@ -35,6 +35,7 @@
+ csp_oid.h \
+ globals.h \
+ xmlsec-mingw.h \
++ akmngr.c \
+ $(NULL)
+
+ if SHAREDLIB_HACK
+--- misc/xmlsec1-1.2.12/src/mscrypto/Makefile.in 2009-06-26 05:53:32.000000000 +0900
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/Makefile.in 2009-09-30 19:00:50.107375000 +0900
+@@ -61,7 +61,8 @@
+ am__libxmlsec1_mscrypto_la_SOURCES_DIST = app.c certkeys.c ciphers.c \
+ crypto.c digests.c keysstore.c kt_rsa.c signatures.c symkeys.c \
+ x509.c x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \
+- ../strings.c
++ ../strings.c \
++ akmngr.c
+ am__objects_1 =
+ @SHAREDLIB_HACK_TRUE@am__objects_2 = \
+ @SHAREDLIB_HACK_TRUE@ libxmlsec1_mscrypto_la-strings.lo
+@@ -75,7 +76,8 @@
+ libxmlsec1_mscrypto_la-signatures.lo \
+ libxmlsec1_mscrypto_la-symkeys.lo \
+ libxmlsec1_mscrypto_la-x509.lo \
+- libxmlsec1_mscrypto_la-x509vfy.lo $(am__objects_1) \
++ libxmlsec1_mscrypto_la-x509vfy.lo \
++ libxmlsec1_mscrypto_la-akmngr.lo $(am__objects_1) \
+ $(am__objects_2)
+ libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS)
+ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+@@ -362,6 +364,7 @@
+ libxmlsec1_mscrypto_la_SOURCES = app.c certkeys.c ciphers.c crypto.c \
+ digests.c keysstore.c kt_rsa.c signatures.c symkeys.c x509.c \
+ x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \
++ akmngr.c \
+ $(NULL) $(am__append_1)
+ libxmlsec1_mscrypto_la_LIBADD = \
+ ../libxmlsec1.la \
+@@ -460,6 +463,7 @@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Plo@am__quote@
+
+ .c.o:
+ @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@@ -489,6 +493,13 @@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
++libxmlsec1_mscrypto_la-akmngr.lo: akmngr.c
++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo" -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_mscrypto_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
++
+ libxmlsec1_mscrypto_la-certkeys.lo: certkeys.c
+ @am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-certkeys.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo" -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c; \
+ @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo" "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo"; exit 1; fi
diff --git a/libxmlsec/xmlsec1-mingw32.patch b/libxmlsec/xmlsec1-mingw32.patch
new file mode 100644
index 000000000000..d2ff676facb1
--- /dev/null
+++ b/libxmlsec/xmlsec1-mingw32.patch
@@ -0,0 +1,764 @@
+--- misc/xmlsec1-1.2.12/aclocal.m4 2009-06-25 22:53:24.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/aclocal.m4 2009-09-29 15:49:39.550158665 +0200
+@@ -6219,6 +6219,10 @@
+ AC_SUBST(LIBADD_DL)
+ AC_LANG_PUSH([C])
+
++case $host_os in
++mingw*)
++;;
++*)
+ AC_CHECK_FUNC([shl_load],
+ [AC_DEFINE([HAVE_SHL_LOAD], [1],
+ [Define if you have the shl_load function.])],
+@@ -6254,6 +6258,8 @@
+ ])
+ ])
+ ])
++;;
++esac
+
+ if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes
+ then
+--- misc/xmlsec1-1.2.12/configure 2009-09-29 15:55:33.269924586 +0200
++++ misc/build/xmlsec1-1.2.12/configure 2009-09-29 15:55:08.838176411 +0200
+@@ -21883,6 +21883,10 @@
+ ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
++case $host_os in
++mingw*)
++;;
++*)
+ echo "$as_me:$LINENO: checking for shl_load" >&5
+ echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
+ if test "${ac_cv_func_shl_load+set}" = set; then
+@@ -22434,6 +22438,8 @@
+
+ fi
+
++;;
++esac
+
+ if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes
+ then
+@@ -22614,7 +22620,7 @@
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+-#line 22617 "configure"
++#line 22623 "configure"
+ #include "confdefs.h"
+
+ #if HAVE_DLFCN_H
+@@ -26178,7 +26184,9 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+- if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
++ case $host_os in
++ cygwin* | mingw* | pw32*)
++ if test -f $dir/libnspr4.$libext ; then
+ if test "z$dir" = "z/usr/lib" ; then
+ NSPR_LIBS="$NSPR_LIBS_LIST"
+ else
+@@ -26191,6 +26199,25 @@
+ NSPR_LIBS_FOUND="yes"
+ break
+ fi
++ ;;
++
++ *)
++
++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
++ if test "z$dir" = "z/usr/lib" ; then
++ NSPR_LIBS="$NSPR_LIBS_LIST"
++ else
++ if test "z$with_gnu_ld" = "zyes" ; then
++ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
++ else
++ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
++ fi
++ fi
++ NSPR_LIBS_FOUND="yes"
++ break
++ fi
++ ;;
++ esac
+ done
+ fi
+
+@@ -26264,6 +26291,24 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
++ case $host_os in
++ cygwin* | mingw* | pw32*)
++ if test -f $dir/libnss3.$libext ; then
++ if test "z$dir" = "z/usr/lib" ; then
++ NSS_LIBS="$NSS_LIBS_LIST"
++ else
++ if test "z$with_gnu_ld" = "zyes" ; then
++ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
++ else
++ NSS_LIBS="-L$dir $NSS_LIBS_LIST"
++ fi
++ fi
++ NSS_LIBS_FOUND="yes"
++ break
++ fi
++ ;;
++
++ *)
+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
+ if test "z$dir" = "z/usr/lib" ; then
+ NSS_LIBS="$NSS_LIBS_LIST"
+@@ -26277,6 +26322,8 @@
+ NSS_LIBS_FOUND="yes"
+ break
+ fi
++ ;;
++ esac
+ done
+ fi
+
+@@ -26769,7 +26816,7 @@
+ echo "${ECHO_T}$MSCRYPTO_ENABLE" >&6
+ else
+ LIBS_SAVE="$LIBS"
+- LIBS="$LIBS -lcrypt32"
++ LIBS="$LIBS ${PSDK_HOME}/lib/crypt32.lib"
+ echo "$as_me:$LINENO: checking for mscrypto libraries" >&5
+ echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6
+ cat >conftest.$ac_ext <<_ACEOF
+@@ -26819,13 +26866,7 @@
+ XMLSEC_NO_MSCRYPTO="0"
+
+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1"
+- case $host in
+- *-*-mingw*)
+- MSCRYPTO_LIBS='-Wl,$(srcdir)/mingw-crypt32.def';;
+- *)
+- MSCRYPTO_LIBS="-lcrypt32";;
+- esac
+-
++ MSCRYPTO_LIBS="${PSDK_HOME}/lib/crypt32.lib"
+ if test "z$XMLSEC_CRYPTO" = "z" ; then
+ XMLSEC_CRYPTO="mscrypto"
+ XMLSEC_CRYPTO_LIB="$MSCRYPTO_CRYPTO_LIB"
+--- misc/xmlsec1-1.2.12/configure.in 2009-09-29 15:55:33.282288142 +0200
++++ misc/build/xmlsec1-1.2.12/configure.in 2009-09-29 15:49:39.614223428 +0200
+@@ -606,7 +606,9 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+- if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
++ case $host_os in
++ cygwin* | mingw* | pw32*)
++ if test -f $dir/libnspr4.$libext ; then
+ dnl do not add -L/usr/lib because compiler does it anyway
+ if test "z$dir" = "z/usr/lib" ; then
+ NSPR_LIBS="$NSPR_LIBS_LIST"
+@@ -620,6 +622,26 @@
+ NSPR_LIBS_FOUND="yes"
+ break
+ fi
++ ;;
++
++ *)
++
++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
++ dnl do not add -L/usr/lib because compiler does it anyway
++ if test "z$dir" = "z/usr/lib" ; then
++ NSPR_LIBS="$NSPR_LIBS_LIST"
++ else
++ if test "z$with_gnu_ld" = "zyes" ; then
++ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
++ else
++ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
++ fi
++ fi
++ NSPR_LIBS_FOUND="yes"
++ break
++ fi
++ ;;
++ esac
+ done
+ fi
+
+@@ -677,6 +699,25 @@
+ done
+
+ for dir in $ac_nss_lib_dir ; do
++ case $host_os in
++ cygwin* | mingw* | pw32*)
++ if test -f $dir/libnss3.$libext ; then
++ dnl do not add -L/usr/lib because compiler does it anyway
++ if test "z$dir" = "z/usr/lib" ; then
++ NSS_LIBS="$NSS_LIBS_LIST"
++ else
++ if test "z$with_gnu_ld" = "zyes" ; then
++ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
++ else
++ NSS_LIBS="-L$dir $NSS_LIBS_LIST"
++ fi
++ fi
++ NSS_LIBS_FOUND="yes"
++ break
++ fi
++ ;;
++
++ *)
+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
+ dnl do not add -L/usr/lib because compiler does it anyway
+ if test "z$dir" = "z/usr/lib" ; then
+@@ -691,6 +732,8 @@
+ NSS_LIBS_FOUND="yes"
+ break
+ fi
++ ;;
++ esac
+ done
+ fi
+
+@@ -861,7 +904,7 @@
+ dnl cannot detect __stdcall functions
+ dnl AC_CHECK_LIB(crypt32, CertOpenStore, ....
+ LIBS_SAVE="$LIBS"
+- LIBS="$LIBS -lcrypt32"
++ LIBS="$LIBS ${PSDK_HOME}/lib/crypt32.lib"
+ AC_MSG_CHECKING(for mscrypto libraries)
+ AC_LINK_IFELSE([
+ #include <windows.h>
+@@ -878,15 +921,7 @@
+ XMLSEC_NO_MSCRYPTO="0"
+
+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1"
+- case $host in
+- *-*-mingw*)
+- dnl since mingw crypt32 library is limited
+- dnl we use own def-file
+- MSCRYPTO_LIBS='-Wl,$(srcdir)/mingw-crypt32.def';;
+- *)
+- MSCRYPTO_LIBS="-lcrypt32";;
+- esac
+-
++ MSCRYPTO_LIBS="${PSDK_HOME}/lib/crypt32.lib"
+ dnl first crypto library is default one
+ if test "z$XMLSEC_CRYPTO" = "z" ; then
+ XMLSEC_CRYPTO="mscrypto"
+--- misc/xmlsec1-1.2.12/ltmain.sh 2009-06-25 22:53:19.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/ltmain.sh 2009-09-29 15:49:39.628349554 +0200
+@@ -1661,6 +1661,11 @@
+ fi
+ ;;
+
++ *.lib)
++ deplibs="$deplibs $arg"
++ continue
++ ;;
++
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+@@ -1974,6 +1979,10 @@
+ continue
+ ;;
+ *.la) lib="$deplib" ;;
++ *.lib)
++ deplibs="$deplib $deplibs"
++ continue
++ ;;
+ *.$libext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+--- misc/xmlsec1-1.2.12/src/mscrypto/certkeys.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/certkeys.c 2009-09-29 15:49:39.643186151 +0200
+@@ -938,7 +938,11 @@
+ static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output);
+ static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecMSCryptoKeyDataSize,
+
+@@ -1649,7 +1653,11 @@
+ static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecMSCryptoKeyDataSize,
+
+--- misc/xmlsec1-1.2.12/src/mscrypto/ciphers.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/ciphers.c 2009-09-29 15:49:39.652528324 +0200
+@@ -802,7 +802,11 @@
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+@@ -841,7 +845,11 @@
+ return(&xmlSecMSCryptoAes128CbcKlass);
+ }
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+@@ -880,7 +888,11 @@
+ return(&xmlSecMSCryptoAes192CbcKlass);
+ }
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+@@ -923,7 +935,11 @@
+
+
+ #ifndef XMLSEC_NO_DES
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* size_t objSize */
+--- misc/xmlsec1-1.2.12/src/mscrypto/digests.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/digests.c 2009-09-29 15:49:39.660554904 +0200
+@@ -329,7 +329,11 @@
+ * SHA1
+ *
+ *****************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+--- misc/xmlsec1-1.2.12/src/mscrypto/keysstore.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/keysstore.c 2009-09-29 15:49:39.667289994 +0200
+@@ -66,7 +66,11 @@
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
++#else
+ static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
++#endif
+ sizeof(xmlSecKeyStoreKlass),
+ xmlSecMSCryptoKeysStoreSize,
+
+--- misc/xmlsec1-1.2.12/src/mscrypto/kt_rsa.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/kt_rsa.c 2009-09-29 15:49:39.674284044 +0200
+@@ -66,7 +66,11 @@
+ static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */
+--- misc/xmlsec1-1.2.12/src/mscrypto/signatures.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/signatures.c 2009-09-29 15:49:39.682580497 +0200
+@@ -524,7 +524,11 @@
+ * RSA-SHA1 signature transform
+ *
+ ***************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+@@ -572,7 +576,11 @@
+ *
+ ***************************************************************************/
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+--- misc/xmlsec1-1.2.12/src/mscrypto/symkeys.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/symkeys.c 2009-09-29 15:49:39.691081347 +0200
+@@ -72,7 +72,11 @@
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+@@ -153,7 +157,11 @@
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+--- misc/xmlsec1-1.2.12/src/mscrypto/x509.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509.c 2009-09-29 15:49:39.699931741 +0200
+@@ -243,7 +243,11 @@
+
+
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
++#else
+ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecMSCryptoX509DataSize,
+
+@@ -2148,7 +2152,11 @@
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+--- misc/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-29 15:55:33.502779834 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-29 15:49:39.708831697 +0200
+@@ -67,7 +67,11 @@
+ static int xmlSecMSCryptoX509StoreInitialize (xmlSecKeyDataStorePtr store);
+ static void xmlSecMSCryptoX509StoreFinalize (xmlSecKeyDataStorePtr store);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
++#else
+ static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
++#endif
+ sizeof(xmlSecKeyDataStoreKlass),
+ xmlSecMSCryptoX509StoreSize,
+
+--- misc/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-29 15:55:33.488430535 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-29 15:49:39.717511164 +0200
+@@ -777,7 +777,11 @@
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+@@ -816,7 +820,11 @@
+ return(&xmlSecNssAes128CbcKlass);
+ }
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+@@ -855,7 +863,11 @@
+ return(&xmlSecNssAes192CbcKlass);
+ }
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+@@ -897,7 +909,11 @@
+ #endif /* XMLSEC_NO_AES */
+
+ #ifndef XMLSEC_NO_DES
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
++#else
+ static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+--- misc/xmlsec1-1.2.12/src/nss/digests.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/digests.c 2009-09-29 15:49:39.725650968 +0200
+@@ -285,7 +285,11 @@
+ * SHA1 Digest transforms
+ *
+ *****************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssSha1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecNssSha1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+--- misc/xmlsec1-1.2.12/src/nss/hmac.c 2009-09-29 15:55:33.409285968 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/hmac.c 2009-09-29 15:49:39.733673690 +0200
+@@ -502,7 +502,11 @@
+ /**
+ * HMAC SHA1
+ */
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+@@ -544,7 +548,11 @@
+ /**
+ * HMAC Ripemd160
+ */
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
++#else
+ static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+@@ -586,7 +594,11 @@
+ /**
+ * HMAC Md5
+ */
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
++#else
+ static xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+--- misc/xmlsec1-1.2.12/src/nss/keysstore.c 2009-09-29 15:55:33.422265895 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/keysstore.c 2009-09-29 15:49:39.741628057 +0200
+@@ -489,7 +489,11 @@
+ return NULL ;
+ }
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
++#else
+ static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
++#endif
+ sizeof( xmlSecKeyStoreKlass ) ,
+ xmlSecNssKeysStoreSize ,
+ BAD_CAST "implicit_nss_keys_store" ,
+--- misc/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-29 15:55:33.430875248 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-29 15:49:39.749963247 +0200
+@@ -1126,6 +1126,7 @@
+ NULL, /* void* reserved1; */
+ };
+
++#ifndef __MINGW32__
+ /**
+ * xmlSecNssTransformKWAes128GetKlass:
+ *
+@@ -1160,6 +1161,7 @@
+ xmlSecNssTransformKWAes256GetKlass(void) {
+ return(&xmlSecNssKWAes256Klass);
+ }
++#endif /* __MINGW32__ */
+
+ #endif /* XMLSEC_NO_AES */
+
+@@ -1197,6 +1199,7 @@
+ NULL, /* void* reserved1; */
+ };
+
++#ifndef __MINGW32__
+ /**
+ * xmlSecNssTransformKWDes3GetKlass:
+ *
+@@ -1208,6 +1211,7 @@
+ xmlSecNssTransformKWDes3GetKlass(void) {
+ return(&xmlSecNssKWDes3Klass);
+ }
++#endif /* __MINGW32__ */
+
+ #endif /* XMLSEC_NO_DES */
+
+--- misc/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-09-29 15:55:33.440002568 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-09-29 15:49:39.757984523 +0200
+@@ -491,7 +491,11 @@
+ static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssPKIKeyDataSize,
+
+@@ -1124,7 +1128,11 @@
+ static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssPKIKeyDataSize,
+
+--- misc/xmlsec1-1.2.12/src/nss/signatures.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/signatures.c 2009-09-29 15:49:39.765851110 +0200
+@@ -459,7 +459,11 @@
+ *
+ ***************************************************************************/
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+@@ -506,7 +510,11 @@
+ * RSA-SHA1 signature transform
+ *
+ ***************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
++#else
+ static xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
++#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+--- misc/xmlsec1-1.2.12/src/nss/symkeys.c 2009-09-29 15:55:33.448817761 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/symkeys.c 2009-09-29 15:49:39.773211741 +0200
+@@ -856,7 +856,11 @@
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssSymKeyDataSize,
+
+@@ -937,7 +941,11 @@
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssSymKeyDataSize,
+
+@@ -1019,7 +1027,11 @@
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssSymKeyDataSize,
+
+--- misc/xmlsec1-1.2.12/src/nss/x509.c 2009-09-29 15:55:33.465839785 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509.c 2009-09-29 15:49:39.784408301 +0200
+@@ -235,7 +235,11 @@
+
+
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
++#else
+ static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssX509DataSize,
+
+@@ -1779,7 +1783,11 @@
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
++#else
+ static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
++#endif
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-29 15:55:33.510337681 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-29 15:49:39.791239957 +0200
+@@ -64,7 +64,11 @@
+ static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+ static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
+
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
++#else
+ static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
++#endif
+ sizeof(xmlSecKeyDataStoreKlass),
+ xmlSecNssX509StoreSize,
+
diff --git a/libxmlsec/xmlsec1-noverify.patch b/libxmlsec/xmlsec1-noverify.patch
new file mode 100644
index 000000000000..0015c8e62e7a
--- /dev/null
+++ b/libxmlsec/xmlsec1-noverify.patch
@@ -0,0 +1,59 @@
+--- misc/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200
+@@ -559,9 +559,16 @@
+ CertFreeCertificateContext(nextCert);
+ }
+
+- if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
+- return(cert);
+- }
++ /* JL: OpenOffice.org implements its own certificate verification routine.
++ The goal is to seperate validation of the signature
++ and the certificate. For example, OOo could show that the document signature is valid,
++ but the certificate could not be verified. If we do not prevent the verification of
++ the certificate by libxmlsec and the verification fails, then the XML signature will not be
++ verified. This would happen, for example, if the root certificate is not installed.
++ */
++/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */
++ if (selected == 1)
++ return cert;
+ }
+
+ return (NULL);
+--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200
+@@ -191,13 +191,27 @@
+ continue;
+ }
+
+- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+- cert, PR_FALSE,
+- (SECCertificateUsage)0,
+- timeboundary , NULL, NULL, NULL);
+- if (status == SECSuccess) {
+- break;
+- }
++
++ /*
++ JL: OpenOffice.org implements its own certificate verification routine.
++ The goal is to seperate validation of the signature
++ and the certificate. For example, OOo could show that the document signature is valid,
++ but the certificate could not be verified. If we do not prevent the verification of
++ the certificate by libxmlsec and the verification fails, then the XML signature may not be
++ verified. This would happen, for example, if the root certificate is not installed.
++
++ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
++ cert, PR_FALSE,
++ (SECCertificateUsage)0,
++ timeboundary , NULL, NULL, NULL);
++ if (status == SECSuccess) {
++ break;
++ }
++
++ */
++ status = SECSuccess;
++ break;
++
+ }
+
+ if (status == SECSuccess) {
diff --git a/libxmlsec/xmlsec1-nssdisablecallbacks.patch b/libxmlsec/xmlsec1-nssdisablecallbacks.patch
new file mode 100644
index 000000000000..48b0b552441b
--- /dev/null
+++ b/libxmlsec/xmlsec1-nssdisablecallbacks.patch
@@ -0,0 +1,36 @@
+--- misc/xmlsec1-1.2.12.orig/src/nss/crypto.c 2009-09-10 07:06:17.000000000 -0400
++++ misc/build/xmlsec1-1.2.12/src/nss/crypto.c 2009-09-10 07:08:24.000000000 -0400
+@@ -136,6 +136,7 @@
+ /**
+ * High level routines form xmlsec command line utility
+ */
++#if 0
+ gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
+ gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
+@@ -153,6 +154,25 @@
+ gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback();
++#else
++ gXmlSecNssFunctions->cryptoAppInit = NULL ;
++ gXmlSecNssFunctions->cryptoAppShutdown = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ;
++#ifndef XMLSEC_NO_X509
++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ;
++ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ;
++ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ;
++#endif /* XMLSEC_NO_X509 */
++ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ;
++#endif
+
+ return(gXmlSecNssFunctions);
+ }
diff --git a/libxmlsec/xmlsec1-nssmangleciphers.patch b/libxmlsec/xmlsec1-nssmangleciphers.patch
new file mode 100644
index 000000000000..6d64914859a7
--- /dev/null
+++ b/libxmlsec/xmlsec1-nssmangleciphers.patch
@@ -0,0 +1,1134 @@
+--- misc/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-10 05:16:27.000000000 -0400
++++ misc/build/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-10 06:59:39.000000000 -0400
+@@ -11,180 +11,421 @@
+
+ #include <string.h>
+
+-#include <nspr.h>
+ #include <nss.h>
+-#include <secoid.h>
+ #include <pk11func.h>
+
+ #include <xmlsec/xmlsec.h>
++#include <xmlsec/xmltree.h>
++#include <xmlsec/base64.h>
+ #include <xmlsec/keys.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
+-
+-#define XMLSEC_NSS_MAX_KEY_SIZE 32
+-#define XMLSEC_NSS_MAX_IV_SIZE 32
+-#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
++#include <xmlsec/nss/ciphers.h>
+
+ /**************************************************************************
+ *
+- * Internal Nss Block cipher CTX
++ * Internal Nss Block Cipher Context
++ * This context is designed for repositing a block cipher for transform
+ *
+ *****************************************************************************/
+-typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
+- *xmlSecNssBlockCipherCtxPtr;
++typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
++typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
++
+ struct _xmlSecNssBlockCipherCtx {
+ CK_MECHANISM_TYPE cipher;
++ PK11SymKey* symkey ;
+ PK11Context* cipherCtx;
+ xmlSecKeyDataId keyId;
+- int keyInitialized;
+- int ctxInitialized;
+- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
+- xmlSecSize keySize;
+- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
+- xmlSecSize ivSize;
+ };
+-static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
+- xmlSecBufferPtr in,
+- xmlSecBufferPtr out,
+- int encrypt,
+- const xmlChar* cipherName,
+- xmlSecTransformCtxPtr transformCtx);
+-static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
+- xmlSecBufferPtr in,
+- xmlSecBufferPtr out,
+- int encrypt,
+- const xmlChar* cipherName,
+- xmlSecTransformCtxPtr transformCtx);
+-static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
+- xmlSecBufferPtr in,
+- xmlSecBufferPtr out,
+- int encrypt,
+- const xmlChar* cipherName,
+- xmlSecTransformCtxPtr transformCtx);
++
++#define xmlSecNssBlockCipherSize \
++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
++
++#define xmlSecNssBlockCipherGetCtx( transform ) \
++ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
++
++static int
++xmlSecNssBlockCipherCheckId(
++ xmlSecTransformPtr transform
++) {
++ #ifndef XMLSEC_NO_DES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
++ return 1 ;
++ }
++ #endif /* XMLSEC_NO_DES */
++
++ #ifndef XMLSEC_NO_AES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
++ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
++ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
++
++ return 1 ;
++ }
++ #endif /* XMLSEC_NO_AES */
++
++ return 0 ;
++}
++
++static int
++xmlSecNssBlockCipherFetchCtx(
++ xmlSecNssBlockCipherCtxPtr context ,
++ xmlSecTransformId id
++) {
++ xmlSecAssert2( context != NULL, -1 ) ;
++
++ #ifndef XMLSEC_NO_DES
++ if( id == xmlSecNssTransformDes3CbcId ) {
++ context->cipher = CKM_DES3_CBC ;
++ context->keyId = xmlSecNssKeyDataDesId ;
++ } else
++ #endif /* XMLSEC_NO_DES */
++
++ #ifndef XMLSEC_NO_AES
++ if( id == xmlSecNssTransformAes128CbcId ) {
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ if( id == xmlSecNssTransformAes192CbcId ) {
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ if( id == xmlSecNssTransformAes256CbcId ) {
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ #endif /* XMLSEC_NO_AES */
++
++ if( 1 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ return 0 ;
++}
++
++/**
++ * xmlSecTransformInitializeMethod:
++ * @transform: the pointer to transform object.
++ *
++ * The transform specific initialization method.
++ *
++ * Returns 0 on success or a negative value otherwise.
++ */
++static int
++xmlSecNssBlockCipherInitialize(
++ xmlSecTransformPtr transform
++) {
++ xmlSecNssBlockCipherCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
++
++ context = xmlSecNssBlockCipherGetCtx( transform ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssBlockCipherGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssBlockCipherFetchCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ context->symkey = NULL ;
++ context->cipherCtx = NULL ;
++
++ return 0 ;
++}
++
++/**
++ * xmlSecTransformFinalizeMethod:
++ * @transform: the pointer to transform object.
++ *
++ * The transform specific destroy method.
++ */
++static void
++xmlSecNssBlockCipherFinalize(
++ xmlSecTransformPtr transform
++) {
++ xmlSecNssBlockCipherCtxPtr context = NULL ;
++
++ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
++ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
++
++ context = xmlSecNssBlockCipherGetCtx( transform ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssBlockCipherGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return ;
++ }
++
++ if( context->cipherCtx != NULL ) {
++ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
++ context->cipherCtx = NULL ;
++ }
++
++ if( context->symkey != NULL ) {
++ PK11_FreeSymKey( context->symkey ) ;
++ context->symkey = NULL ;
++ }
++
++ context->cipher = CKM_INVALID_MECHANISM ;
++ context->keyId = NULL ;
++}
++
++/**
++ * xmlSecTransformSetKeyRequirementsMethod:
++ * @transform: the pointer to transform object.
++ * @keyReq: the pointer to key requirements structure.
++ *
++ * Transform specific method to set transform's key requirements.
++ *
++ * Returns 0 on success or a negative value otherwise.
++ */
++static int
++xmlSecNssBlockCipherSetKeyReq(
++ xmlSecTransformPtr transform ,
++ xmlSecKeyReqPtr keyReq
++) {
++ xmlSecNssBlockCipherCtxPtr context = NULL ;
++ xmlSecSize cipherSize = 0 ;
++
++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
++ xmlSecAssert2( keyReq != NULL , -1 ) ;
++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
++
++ context = xmlSecNssBlockCipherGetCtx( transform ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssBlockCipherGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ keyReq->keyId = context->keyId ;
++ keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
++
++ if( transform->operation == xmlSecTransformOperationEncrypt ) {
++ keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
++ } else {
++ keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
++ }
++
++ /*
++ if( context->symkey != NULL )
++ cipherSize = PK11_GetKeyLength( context->symkey ) ;
++
++ keyReq->keyBitsSize = cipherSize * 8 ;
++ */
++
++ return 0 ;
++}
++
++/**
++ * xmlSecTransformSetKeyMethod:
++ * @transform: the pointer to transform object.
++ * @key: the pointer to key.
++ *
++ * The transform specific method to set the key for use.
++ *
++ * Returns 0 on success or a negative value otherwise.
++ */
++static int
++xmlSecNssBlockCipherSetKey(
++ xmlSecTransformPtr transform ,
++ xmlSecKeyPtr key
++) {
++ xmlSecNssBlockCipherCtxPtr context = NULL ;
++ xmlSecKeyDataPtr keyData = NULL ;
++ PK11SymKey* symkey = NULL ;
++ CK_ATTRIBUTE_TYPE operation ;
++ int ivLen ;
++
++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
++ xmlSecAssert2( key != NULL , -1 ) ;
++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
++
++ context = xmlSecNssBlockCipherGetCtx( transform ) ;
++ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssBlockCipherGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
++
++ keyData = xmlSecKeyGetValue( key ) ;
++ if( keyData == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
++ "xmlSecKeyGetValue" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
++ "xmlSecNssSymKeyDataGetKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ context->symkey = symkey ;
++
++ return 0 ;
++}
++
+ static int
+ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+- SECItem keyItem;
+ SECItem ivItem;
+- PK11SlotInfo* slot;
+- PK11SymKey* symKey;
++ SECItem* secParam = NULL ;
++ xmlSecBufferPtr ivBuf = NULL ;
+ int ivLen;
+- SECStatus rv;
+- int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(ctx->cipher != 0, -1);
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2(ctx->cipherCtx == NULL, -1);
+- xmlSecAssert2(ctx->keyInitialized != 0, -1);
+- xmlSecAssert2(ctx->ctxInitialized == 0, -1);
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ivLen = PK11_GetIVLength(ctx->cipher);
+- xmlSecAssert2(ivLen > 0, -1);
+- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
++ if( ivLen < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_GetIVLength" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
+
+ if(encrypt) {
+- /* generate random iv */
+- rv = PK11_GenerateRandom(ctx->iv, ivLen);
+- if(rv != SECSuccess) {
++ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "size=%d", ivLen);
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecBufferDestroy( ivBuf ) ;
+ return(-1);
+ }
++ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferSetSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBufferDestroy( ivBuf ) ;
++ return -1 ;
++ }
+
+- /* write iv to the output */
+- ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
+- if(ret < 0) {
++ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferAppend",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", ivLen);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecBufferDestroy( ivBuf ) ;
+ return(-1);
+ }
+
+ } else {
+- /* if we don't have enough data, exit and hope that
+- * we'll have iv next time */
+- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
+- return(0);
+- }
+-
+- /* copy iv to our buffer*/
+- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
+-
+- /* and remove from input */
+- ret = xmlSecBufferRemoveHead(in, ivLen);
+- if(ret < 0) {
++ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+- "xmlSecBufferRemoveHead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", ivLen);
++ "xmlSecBufferSetData",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecBufferDestroy( ivBuf ) ;
+ return(-1);
+ }
+ }
+
+- memset(&keyItem, 0, sizeof(keyItem));
+- keyItem.data = ctx->key;
+- keyItem.len = ctx->keySize;
+- memset(&ivItem, 0, sizeof(ivItem));
+- ivItem.data = ctx->iv;
+- ivItem.len = ctx->ivSize;
+-
+- slot = PK11_GetBestSlot(ctx->cipher, NULL);
+- if(slot == NULL) {
++ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+- "PK11_GetBestSlot",
++ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecBufferDestroy( ivBuf ) ;
+ return(-1);
+ }
+
+- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
+- CKA_SIGN, &keyItem, NULL);
+- if(symKey == NULL) {
++ ivItem.data = xmlSecBufferGetData( ivBuf ) ;
++ ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
++ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+- "PK11_ImportSymKey",
++ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- PK11_FreeSlot(slot);
++ xmlSecBufferDestroy( ivBuf ) ;
+ return(-1);
+ }
+
+ ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
+ (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
+- symKey, &ivItem);
++ ctx->symkey, secParam);
+ if(ctx->cipherCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+- "PK11_CreateContextBySymKey",
++ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- PK11_FreeSymKey(symKey);
+- PK11_FreeSlot(slot);
++ SECITEM_FreeItem( secParam , PR_TRUE ) ;
++ xmlSecBufferDestroy( ivBuf ) ;
+ return(-1);
+ }
+
+- ctx->ctxInitialized = 1;
+- PK11_FreeSymKey(symKey);
+- PK11_FreeSlot(slot);
++ SECITEM_FreeItem( secParam , PR_TRUE ) ;
++ xmlSecBufferDestroy( ivBuf ) ;
+ return(0);
+ }
+
++/**
++ * Block cipher transform update
++ */
+ static int
+ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+@@ -192,54 +433,49 @@
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, inBlocks, outSize;
+- int blockLen;
++ int blockSize;
+ int outLen = 0;
+ xmlSecByte* outBuf;
+- SECStatus rv;
+- int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(ctx->cipher != 0, -1);
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
+- xmlSecAssert2(blockLen > 0, -1);
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( cipherName ) ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+-
+- if(inSize < (xmlSecSize)blockLen) {
+- return(0);
++
++ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
++ inSize = inBlocks * blockSize ;
++
++ if( inSize < blockSize ) {
++ return 0 ;
+ }
+
+- if(encrypt) {
+- inBlocks = inSize / ((xmlSecSize)blockLen);
+- } else {
+- /* we want to have the last block in the input buffer
+- * for padding check */
+- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+- }
+- inSize = inBlocks * ((xmlSecSize)blockLen);
+-
+- /* we write out the input size plus may be one block */
+- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+- if(ret < 0) {
++ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", outSize + inSize + blockLen);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
+- xmlSecBufferGetData(in), inSize);
+- if(rv != SECSuccess) {
++ if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CipherOp",
+@@ -247,27 +483,22 @@
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
+
+- /* set correct output buffer size */
+- ret = xmlSecBufferSetSize(out, outSize + outLen);
+- if(ret < 0) {
++ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", outSize + outLen);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+- /* remove the processed block from input */
+- ret = xmlSecBufferRemoveHead(in, inSize);
+- if(ret < 0) {
++ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", inSize);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+@@ -281,81 +512,82 @@
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, outSize;
+- int blockLen, outLen = 0;
++ int blockSize, outLen = 0;
+ xmlSecByte* inBuf;
+ xmlSecByte* outBuf;
+- SECStatus rv;
+- int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(ctx->cipher != 0, -1);
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
+- xmlSecAssert2(blockLen > 0, -1);
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( cipherName ) ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
++ /******************************************************************/
+ if(encrypt != 0) {
+- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
++ xmlSecAssert2( inSize < blockSize, -1 ) ;
+
+ /* create padding */
+- ret = xmlSecBufferSetMaxSize(in, blockLen);
+- if(ret < 0) {
++ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", blockLen);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+- /* generate random padding */
+- if((xmlSecSize)blockLen > (inSize + 1)) {
+- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
+- if(rv != SECSuccess) {
++ /* generate random */
++ if( blockSize > ( inSize + 1 ) ) {
++ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "size=%d", blockLen - inSize - 1);
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+- inBuf[blockLen - 1] = blockLen - inSize;
+- inSize = blockLen;
++ inBuf[blockSize-1] = blockSize - inSize ;
++ inSize = blockSize ;
+ } else {
+- if(inSize != (xmlSecSize)blockLen) {
++ if( inSize != blockSize ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+- XMLSEC_ERRORS_R_INVALID_DATA,
+- "data=%d;block=%d", inSize, blockLen);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+- /* process last block */
+- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+- if(ret < 0) {
++ /* process the last block */
++ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", outSize + 2 * blockLen);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
+- xmlSecBufferGetData(in), inSize);
+- if(rv != SECSuccess) {
++ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CipherOp",
+@@ -363,300 +595,169 @@
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
+
+ if(encrypt == 0) {
+ /* check padding */
+- if(outLen < outBuf[blockLen - 1]) {
++ if( outLen < outBuf[blockSize-1] ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+- XMLSEC_ERRORS_R_INVALID_DATA,
+- "padding=%d;buffer=%d",
+- outBuf[blockLen - 1], outLen);
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+- outLen -= outBuf[blockLen - 1];
++ outLen -= outBuf[blockSize-1] ;
+ }
+
+- /* set correct output buffer size */
+- ret = xmlSecBufferSetSize(out, outSize + outLen);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(cipherName),
+- "xmlSecBufferSetSize",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", outSize + outLen);
+- return(-1);
+- }
++ /******************************************************************/
+
+- /* remove the processed block from input */
+- ret = xmlSecBufferRemoveHead(in, inSize);
+- if(ret < 0) {
++ /******************************************************************
++ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+- "xmlSecBufferRemoveHead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", inSize);
+- return(-1);
+- }
+-
+- return(0);
+-}
+-
+-
+-/******************************************************************************
+- *
+- * EVP Block Cipher transforms
+- *
+- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
+- *
+- *****************************************************************************/
+-#define xmlSecNssBlockCipherSize \
+- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
+-#define xmlSecNssBlockCipherGetCtx(transform) \
+- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+-
+-static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
+-static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
+-static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+- xmlSecKeyReqPtr keyReq);
+-static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
+- xmlSecKeyPtr key);
+-static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
+- int last,
+- xmlSecTransformCtxPtr transformCtx);
+-static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
+-
+-
+-
+-static int
+-xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
+-#ifndef XMLSEC_NO_DES
+- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
+- return(1);
+- }
+-#endif /* XMLSEC_NO_DES */
+-
+-#ifndef XMLSEC_NO_AES
+- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
+- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
+- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
+-
+- return(1);
+- }
+-#endif /* XMLSEC_NO_AES */
+-
+- return(0);
+-}
+-
+-static int
+-xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
+- xmlSecNssBlockCipherCtxPtr ctx;
+-
+- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+-
+- ctx = xmlSecNssBlockCipherGetCtx(transform);
+- xmlSecAssert2(ctx != NULL, -1);
+-
+- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
+-
+-#ifndef XMLSEC_NO_DES
+- if(transform->id == xmlSecNssTransformDes3CbcId) {
+- ctx->cipher = CKM_DES3_CBC;
+- ctx->keyId = xmlSecNssKeyDataDesId;
+- ctx->keySize = 24;
+- } else
+-#endif /* XMLSEC_NO_DES */
+-
+-#ifndef XMLSEC_NO_AES
+- if(transform->id == xmlSecNssTransformAes128CbcId) {
+- ctx->cipher = CKM_AES_CBC;
+- ctx->keyId = xmlSecNssKeyDataAesId;
+- ctx->keySize = 16;
+- } else if(transform->id == xmlSecNssTransformAes192CbcId) {
+- ctx->cipher = CKM_AES_CBC;
+- ctx->keyId = xmlSecNssKeyDataAesId;
+- ctx->keySize = 24;
+- } else if(transform->id == xmlSecNssTransformAes256CbcId) {
+- ctx->cipher = CKM_AES_CBC;
+- ctx->keyId = xmlSecNssKeyDataAesId;
+- ctx->keySize = 32;
+- } else
+-#endif /* XMLSEC_NO_AES */
+-
+- if(1) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+- NULL,
+- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
++ "xmlSecBufferSetMaxSize",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+- }
+-
+- return(0);
+-}
+-
+-static void
+-xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
+- xmlSecNssBlockCipherCtxPtr ctx;
+-
+- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
+- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
+-
+- ctx = xmlSecNssBlockCipherGetCtx(transform);
+- xmlSecAssert(ctx != NULL);
+-
+- if(ctx->cipherCtx != NULL) {
+- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
+ }
+-
+- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
+-}
+
+-static int
+-xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+- xmlSecNssBlockCipherCtxPtr ctx;
+-
+- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+- xmlSecAssert2(keyReq != NULL, -1);
+-
+- ctx = xmlSecNssBlockCipherGetCtx(transform);
+- xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(ctx->keyId != NULL, -1);
++ outBuf = xmlSecBufferGetData( out ) + outSize ;
++ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( cipherName ) ,
++ "PK11_DigestFinal" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ ******************************************************************/
++
++ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( cipherName ) ,
++ "xmlSecBufferSetSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( cipherName ) ,
++ "xmlSecBufferRemoveHead" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++/* PK11_Finalize( ctx->cipherCtx ) ;*/
++ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
++ ctx->cipherCtx = NULL ;
+
+- keyReq->keyId = ctx->keyId;
+- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+- if(transform->operation == xmlSecTransformOperationEncrypt) {
+- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+- } else {
+- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+- }
+- keyReq->keyBitsSize = 8 * ctx->keySize;
+ return(0);
+ }
+
+-static int
+-xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+- xmlSecNssBlockCipherCtxPtr ctx;
+- xmlSecBufferPtr buffer;
++/**
++ * xmlSecTransformExecuteMethod:
++ * @transform: the pointer to transform object.
++ * @last: the flag: if set to 1 then it's the last data chunk.
++ * @transformCtx: the pointer to transform context object.
++ *
++ * Transform specific method to process a chunk of data.
++ *
++ * Returns 0 on success or a negative value otherwise.
++ */
++xmlSecNssBlockCipherExecute(
++ xmlSecTransformPtr transform ,
++ int last ,
++ xmlSecTransformCtxPtr transformCtx
++) {
++ xmlSecNssBlockCipherCtxPtr context = NULL ;
++ xmlSecBufferPtr inBuf = NULL ;
++ xmlSecBufferPtr outBuf = NULL ;
++ const xmlChar* cipherName ;
++ int operation ;
++ int rtv ;
+
+ xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+- xmlSecAssert2(key != NULL, -1);
+-
+- ctx = xmlSecNssBlockCipherGetCtx(transform);
+- xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(ctx->cipher != 0, -1);
+- xmlSecAssert2(ctx->keyInitialized == 0, -1);
+- xmlSecAssert2(ctx->keyId != NULL, -1);
+- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+-
+- xmlSecAssert2(ctx->keySize > 0, -1);
+- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
+
+- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+- xmlSecAssert2(buffer != NULL, -1);
++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+- if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
++ context = xmlSecNssBlockCipherGetCtx( transform ) ;
++ if( context == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+- NULL,
+- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+- "keySize=%d;expected=%d",
+- xmlSecBufferGetSize(buffer), ctx->keySize);
+- return(-1);
++ "xmlSecNssBlockCipherGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ }
+-
+- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
+-
+- ctx->keyInitialized = 1;
+- return(0);
+-}
+-
+-static int
+-xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+- xmlSecNssBlockCipherCtxPtr ctx;
+- xmlSecBufferPtr in, out;
+- int ret;
+-
+- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+- xmlSecAssert2(transformCtx != NULL, -1);
+
+- in = &(transform->inBuf);
+- out = &(transform->outBuf);
+-
+- ctx = xmlSecNssBlockCipherGetCtx(transform);
+- xmlSecAssert2(ctx != NULL, -1);
++ inBuf = &( transform->inBuf ) ;
++ outBuf = &( transform->outBuf ) ;
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
++ cipherName = xmlSecTransformGetName( transform ) ;
++
+ if(transform->status == xmlSecTransformStatusWorking) {
+- if(ctx->ctxInitialized == 0) {
+- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
+- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+- xmlSecTransformGetName(transform), transformCtx);
+- if(ret < 0) {
++ if( context->cipherCtx == NULL ) {
++ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
++ if( rtv < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxInit",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_R_INVALID_STATUS,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+- if((ctx->ctxInitialized == 0) && (last != 0)) {
++ if( context->cipherCtx == NULL && last != 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+- XMLSEC_ERRORS_R_INVALID_DATA,
++ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+
+- if(ctx->ctxInitialized != 0) {
+- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
+- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+- xmlSecTransformGetName(transform), transformCtx);
+- if(ret < 0) {
++ if( context->cipherCtx != NULL ) {
++ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
++ if( rtv < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxUpdate",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_R_INVALID_STATUS,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
+- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+- xmlSecTransformGetName(transform), transformCtx);
+- if(ret < 0) {
++ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
++ if( rtv < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxFinal",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_R_INVALID_STATUS,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+- /* the only way we can get here is if there is no input */
+- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+- } else if(transform->status == xmlSecTransformStatusNone) {
+- /* the only way we can get here is if there is no enough data in the input */
+- xmlSecAssert2(last == 0, -1);
++ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ NULL ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ "status=%d", transform->status ) ;
++ return -1 ;
++ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),