diff options
author | Kurt Zenker <kz@openoffice.org> | 2009-10-14 16:21:13 +0000 |
---|---|---|
committer | Kurt Zenker <kz@openoffice.org> | 2009-10-14 16:21:13 +0000 |
commit | 618a4653360de8d1584d9ece2288b475054eac78 (patch) | |
tree | 9b64d362c97ab7b1bc4da9c5f5c418729158a23b | |
parent | 94fb4f0e7a46d03e57da9156188201882d967aa6 (diff) |
CWS-TOOLING: integrate CWS jl135_nss
2009-10-01 15:20:03 +0200 jl r276605 : #1004856# moved to xmlsec1-mingw32.patch
2009-10-01 10:51:24 +0200 jl r276580 : #1004856# build keymgr with mingw
2009-10-01 10:50:52 +0200 jl r276579 : #1004856# build keymgr with mingw
2009-10-01 10:37:28 +0200 jl r276578 : #1004856# do not build xmlsec1 app
2009-09-29 16:01:31 +0200 jl r276532 : #1004856# Using libxml2 from solver if available
2009-09-26 16:31:32 +0200 jl r276477 : #i104856# xmlsec1-mscrypto-1 is now xmlsec1-mscrypto
2009-09-25 17:05:26 +0200 jl r276470 : CWS-TOOLING: rebase CWS jl135_nss to trunk@276429 (milestone: DEV300:m60)
2009-09-24 12:57:10 +0200 jl r276419 : #i104856# libxmlsec update
2009-09-24 12:46:58 +0200 jl r276418 : #i104856# fixing mac configure problem in configure.in and regenerating configure
2009-09-23 16:49:54 +0200 jl r276405 : i#104856# configure failed on mac
2009-09-23 10:21:35 +0200 jl r276369 : #i104856# adapting patches to apply cleanly and readme change
2009-09-21 13:45:47 +0200 jl r276326 : #i104856 updating to 1.2.12, using changes patches from cmc made on xmlsec1_2_12
2009-09-21 11:27:46 +0200 jl r276319 : #i105183# forget to uncomment PATCH_FILES
2009-09-18 17:41:20 +0200 jl r276296 : #i105183# update of nss libs
-rw-r--r-- | libxmlsec/makefile.mk | 40 | ||||
-rw-r--r-- | libxmlsec/readme.txt | 50 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-1.2.6-mingwport24.patch | 23 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-1.2.6.patch | 15293 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-configure.patch | 288 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-customkeymanage.patch | 6086 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch | 62 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-mingw32.patch | 764 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-noverify.patch | 59 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-nssdisablecallbacks.patch | 36 | ||||
-rw-r--r-- | libxmlsec/xmlsec1-nssmangleciphers.patch | 1134 |
11 files changed, 8484 insertions, 15351 deletions
diff --git a/libxmlsec/makefile.mk b/libxmlsec/makefile.mk index 2841bc487f78..d0b1b218afc2 100644 --- a/libxmlsec/makefile.mk +++ b/libxmlsec/makefile.mk @@ -46,26 +46,37 @@ EXTERNAL_WARNINGS_NOT_ERRORS := TRUE # --- Files -------------------------------------------------------- -XMLSEC1VERSION=1.2.6 +XMLSEC1VERSION=1.2.12 TARFILE_NAME=$(PRJNAME)-$(XMLSEC1VERSION) -PATCH_FILES=$(TARFILE_NAME).patch xmlsec1-1.2.6-mingwport24.patch + +#xmlsec1-configure.patch: Set up the build. Straightforward +#configuration +#xmlsec1-customkeymanage.patch: Could we do this alternatively outside xmlsec +#xmlsec1-nssmangleciphers.patch: Dubious, do we still need this ? +#xmlsec1-nssdisablecallbacks.patch: Dubious, do we still need this ? +#xmlsec1-noverify.patch: As per readme.txt. +#xmlsec1-mingw32.patch: Mingw32 support. +#xmlsec1-mingw-customkeymanage-addmscrypto.patch builds the custom keymanager on mingw +PATCH_FILES=\ + xmlsec1-configure.patch \ + xmlsec1-customkeymanage.patch \ + xmlsec1-nssmangleciphers.patch \ + xmlsec1-nssdisablecallbacks.patch \ + xmlsec1-noverify.patch \ + xmlsec1-mingw32.patch \ + xmlsec1-mingw-keymgr-mscrypto.patch ADDITIONAL_FILES= \ + include$/xmlsec$/mscrypto$/akmngr.h \ + src$/mscrypto$/akmngr.c \ include$/xmlsec$/nss$/akmngr.h \ include$/xmlsec$/nss$/ciphers.h \ include$/xmlsec$/nss$/tokens.h \ - include$/xmlsec$/mscrypto$/akmngr.h \ src$/nss$/akmngr.c \ - src$/mscrypto$/akmngr.c \ - src$/nss$/keytrans.c \ src$/nss$/keywrapers.c \ - src$/nss$/tokens.c \ - xmlsec-mscrypto.pc.in \ - include$/xmlsec$/mscrypto$/Makefile.in \ - src$/mscrypto$/Makefile.in \ - libxml2-config + src$/nss$/tokens.c .IF "$(GUI)"=="WNT" CRYPTOLIB=mscrypto @@ -87,8 +98,9 @@ xmlsec_LIBS=-lmingwthrd xmlsec_LIBS+=-lstdc++_s .ENDIF CONFIGURE_DIR= -CONFIGURE_ACTION=chmod 777 libxml2-config && .$/configure -CONFIGURE_FLAGS=--with-libxslt=no --with-openssl=no --with-gnutls=no --with-mozilla_ver=1.7.5 --with-mscrypto --build=i586-pc-mingw32 --host=i586-pc-mingw32 CC="$(xmlsec_CC)" CFLAGS="-D_MT" LDFLAGS="-no-undefined -L$(ILIB:s/;/ -L/)" LIBS="$(xmlsec_LIBS)" LIBXML2LIB=$(LIBXML2LIB) OBJDUMP="$(WRAPCMD) objdump" +CONFIGURE_ACTION=.$/configure +CONFIGURE_FLAGS=--with-libxslt=no --with-openssl=no --with-gnutls=no --with-mozilla_ver=1.7.5 --enable-mscrypto --build=i586-pc-mingw32 --host=i586-pc-mingw32 CC="$(xmlsec_CC)" CFLAGS="-D_MT" LDFLAGS="-no-undefined -L$(ILIB:s/;/ -L/)" LIBS="$(xmlsec_LIBS)" LIBXML2LIB=$(LIBXML2LIB) ZLIB3RDLIB=$(ZLIB3RDLIB) OBJDUMP="$(WRAPCMD) objdump" + .IF "$(SYSTEM_MOZILLA)" != "YES" CONFIGURE_FLAGS+=--enable-pkgconfig=no .ENDIF @@ -141,7 +153,7 @@ LDFLAGS:=$(xmlsec_LDFLAGS) .ENDIF CONFIGURE_DIR= -CONFIGURE_ACTION=chmod 777 libxml2-config && .$/configure ADDCFLAGS="$(xmlsec_CFLAGS)" CPPFLAGS="$(xmlsec_CPPFLAGS)" +CONFIGURE_ACTION=.$/configure ADDCFLAGS="$(xmlsec_CFLAGS)" CPPFLAGS="$(xmlsec_CPPFLAGS)" CONFIGURE_FLAGS=--with-pic --disable-shared --with-libxslt=no --with-openssl=no --with-gnutls=no LIBXML2LIB="$(LIBXML2LIB)" # system-mozilla needs pkgconfig to get the information about nss # FIXME: This also will enable pkg-config usage for libxml2. It *seems* @@ -165,7 +177,7 @@ OUTDIR2INC=include$/xmlsec .IF "$(OS)"=="WNT" .IF "$(COM)"=="GCC" OUT2LIB+=src$/.libs$/libxmlsec1.dll.a src$/nss$/.libs$/libxmlsec1-nss.dll.a src$/mscrypto$/.libs$/libxmlsec1-mscrypto.dll.a -OUT2BIN+=src$/.libs$/libxmlsec1-1.dll src$/nss$/.libs$/libxmlsec1-nss-1.dll src$/mscrypto$/.libs$/libxmlsec1-mscrypto-1.dll +OUT2BIN+=src$/.libs$/libxmlsec1.dll src$/nss$/.libs$/libxmlsec1-nss.dll src$/mscrypto$/.libs$/libxmlsec1-mscrypto.dll .ELSE OUT2LIB+=win32$/binaries$/*.lib OUT2BIN+=win32$/binaries$/*.dll diff --git a/libxmlsec/readme.txt b/libxmlsec/readme.txt index 6217aef908a7..b518c6222687 100644 --- a/libxmlsec/readme.txt +++ b/libxmlsec/readme.txt @@ -1,24 +1,32 @@ -The XML Security library has been modified, so that there is NO verification -of the certificate during sign or verification operation. On Windows this was -done in the function xmlSecMSCryptoX509StoreVerify (file -src/mscrypto/x509vfy.c) and on UNIX in xmlSecNssX509StoreVerify -(file src/nss/x509vfy.c). +The XML Security library has been modified, so that there is NO verification of +the certificate during sign or verification operation. On Windows this was done +in the function xmlSecMSCryptoX509StoreVerify (file src/mscrypto/x509vfy.c) and +on UNIX in xmlSecNssX509StoreVerify (file src/nss/x509vfy.c). -This change requires that the XML Signature contains in -Signature/KeyInfo/X509Data only entries which represent the same -certificate. -The implementation creates certificates from all of the X509Data children -(X509IssuerSerial, X509Certificate) and used to iterate over all certificates, -verify them and return the first "good" certificate. Now the first one is -used. +The implementation creates certificates from all of the X509Data children, such +as X509IssuerSerial and X509Certificate and stores them in a certificate store +(see xmlsec/src/mscrypto/x509.c:xmlSecMSCryptoX509DataNodeRead). It must then +find the certificate containing the public key which is used for validation +within that store. This is done in xmlSecMSCryptoX509StoreVerify. This function +however only takes those certificates into account which can be validated. This +was changed by the patch xmlsec1-noverify.patch, which prevents this certificate +validation. + +xmlSecMSCryptoX509StoreVerify iterates over all certificates contained or +referenced in the X509Data elements and selects one which is no issuer of any of +the other certificates. This certificate is not necessarily the one which was +used for signing but it must contain the proper validation key, which is +sufficient to validate the signature. See +http://www.w3.org/TR/xmldsig-core/#sec-X509Data +for details. + +There is a flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS that can be set +in a xmlSecKeyInfoCtx (see function xmlSecNssKeyDataX509XmlRead, in file +src/nss/x509.c), which indicates that one can turn of the validation. However, +setting it will cause that the validation key is not found. If the flag is set, +then the key is not extracted from the certificate store which contains all the +certificates of the X509Data elements. In other words, the certificates which +are delivered within the XML signature are not used when looking for suitable +validation key. -The X509IssuerSerial information is used by XML Security Library to find the -certificate in the certificate store on the machine. The X509Certificate entry -is used to create a certificate no matter if this is already contained in the -certificate store. -Do not forget: Suggest to XML Security Library to provide a way to carry out -signature operations without verification of certificates. There is flag -XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS that can be set in a -xmlSecKeyInfoCtx (see function xmlSecNssKeyDataX509XmlRead, in file src/nss/x509.c), -which indicates such a possibility but it does not work. diff --git a/libxmlsec/xmlsec1-1.2.6-mingwport24.patch b/libxmlsec/xmlsec1-1.2.6-mingwport24.patch deleted file mode 100644 index faa1ee233fd7..000000000000 --- a/libxmlsec/xmlsec1-1.2.6-mingwport24.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- misc/xmlsec1-1.2.6/configure 2009-09-18 17:19:00.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/configure 2009-09-18 17:18:43.000000000 +0200 -@@ -21749,6 +21749,10 @@ - ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -+case $host_os in -+mingw*) -+;; -+*) - echo "$as_me:$LINENO: checking for shl_load" >&5 - echo $ECHO_N "checking for shl_load... $ECHO_C" >&6 - if test "${ac_cv_func_shl_load+set}" = set; then -@@ -22299,7 +22303,8 @@ - - - fi -- -+;; -+esac - - if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes - then diff --git a/libxmlsec/xmlsec1-1.2.6.patch b/libxmlsec/xmlsec1-1.2.6.patch deleted file mode 100644 index dc720e144c06..000000000000 --- a/libxmlsec/xmlsec1-1.2.6.patch +++ /dev/null @@ -1,15293 +0,0 @@ ---- misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/apps/Makefile.in 2008-06-29 23:44:19.000000000 +0200 -@@ -370,7 +370,7 @@ - $(CRYPTO_DEPS) \ - $(NULL) - --all: all-am -+all: - - .SUFFIXES: - .SUFFIXES: .c .lo .o .obj ---- misc/xmlsec1-1.2.6/configure 2004-08-26 08:00:34.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/configure 2008-06-29 23:44:19.000000000 +0200 -@@ -463,7 +463,7 @@ - # include <unistd.h> - #endif" - --ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' -+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION MSCRYPTO_CFLAGS MSCRYPTO_LIBS XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' - ac_subst_files='' - - # Initialize some variables set by options. -@@ -1072,6 +1072,7 @@ - --with-nss=PFX nss location - --with-nspr=PFX nspr location (needed for NSS) - --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr) -+ --with-mscrypto try to use mscrypto - --with-html-dir=PATH path to installed docs - - Some influential environment variables: -@@ -2045,8 +2046,8 @@ - - ac_ext=c - ac_cpp='$CPP $CPPFLAGS' --ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -+ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -+ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' - ac_compiler_gnu=$ac_cv_c_compiler_gnu - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -@@ -2698,15 +2699,15 @@ - CFLAGS=$ac_save_CFLAGS - elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then -- CFLAGS="-g -O2" -+ CFLAGS="$ADDCFLAGS -g -O2" - else -- CFLAGS="-g" -+ CFLAGS="$ADDCFLAGS -g" - fi - else - if test "$GCC" = yes; then -- CFLAGS="-O2" -+ CFLAGS="$ADDCFLAGS -O2" - else -- CFLAGS= -+ CFLAGS="$ADDCFLAGS" - fi - fi - echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 -@@ -6350,11 +6351,11 @@ - lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' - ;; - -- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) -+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -- mingw* | pw32* | os2*) -+ pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic='-DDLL_EXPORT' -@@ -6409,7 +6410,7 @@ - fi - ;; - -- mingw* | pw32* | os2*) -+ pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic='-DDLL_EXPORT' -@@ -6752,7 +6753,7 @@ - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' -+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -@@ -7778,7 +7779,7 @@ - ;; - - freebsd*) -- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` -+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -@@ -9046,7 +9047,7 @@ - ;; - esac - output_verbose_link_cmd='echo' -- archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring' -+ archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring' - module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's - archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' -@@ -10088,7 +10089,7 @@ - enable_shared_with_static_runtimes_CXX=yes - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' -+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -@@ -10816,10 +10817,10 @@ - # like `-m68040'. - lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' - ;; -- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) -+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; -- mingw* | os2* | pw32*) -+ os2* | pw32*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_CXX='-DDLL_EXPORT' -@@ -11497,7 +11498,7 @@ - ;; - - freebsd*) -- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` -+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -@@ -13259,11 +13260,11 @@ - lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' - ;; - -- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) -+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -- mingw* | pw32* | os2*) -+ pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_F77='-DDLL_EXPORT' -@@ -13661,7 +13662,7 @@ - export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -- archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' -+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -@@ -14667,7 +14668,7 @@ - ;; - - freebsd*) -- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` -+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -@@ -15607,11 +15608,11 @@ - lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' - ;; - -- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) -+ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -- mingw* | pw32* | os2*) -+ pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' -@@ -15666,7 +15667,7 @@ - fi - ;; - -- mingw* | pw32* | os2*) -+ pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' -@@ -16009,7 +16010,7 @@ - export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -- archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' -+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -@@ -17035,7 +17036,7 @@ - ;; - - freebsd*) -- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` -+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -@@ -25678,12 +25679,26 @@ - - XMLSEC_NO_NSS="1" - MOZILLA_MIN_VERSION="1.4" -+if test "z$MOZ_FLAVOUR" = "zfirefox" ; then -+ MOZILLA_MIN_VERSION="1.0" -+fi - NSS_MIN_VERSION="3.2" - NSPR_MIN_VERSION="4.0" - NSS_CFLAGS="" - NSS_LIBS="" --NSS_LIBS_LIST="-lnss3 -lsmime3" --NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" -+ -+case $host_os in -+cygwin* | mingw* | pw32*) -+ NSS_LIBS_LIST="-lnss3 -lsmime3" -+ NSPR_LIBS_LIST="-lnspr4" -+ ;; -+ -+*) -+ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" -+ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" -+ ;; -+esac -+ - NSS_CRYPTO_LIB="$PACKAGE-nss" - NSS_FOUND="no" - -@@ -25766,23 +25781,122 @@ - else - PKG_CONFIG_MIN_VERSION=0.9.0 - if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then -- echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5 --echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 -+ echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5 -+echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 -+ -+ if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then -+ echo "$as_me:$LINENO: result: yes" >&5 -+echo "${ECHO_T}yes" >&6 -+ succeeded=yes -+ -+ echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 -+echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 -+ NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` -+ echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 -+echo "${ECHO_T}$NSS_CFLAGS" >&6 -+ -+ echo "$as_me:$LINENO: checking NSS_LIBS" >&5 -+echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 -+ NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` -+ echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 -+echo "${ECHO_T}$NSS_LIBS" >&6 -+ else -+ NSS_CFLAGS="" -+ NSS_LIBS="" -+ ## If we have a custom action on failure, don't print errors, but -+ ## do set a variable so people can do so. -+ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` -+ -+ fi -+ -+ -+ -+ else -+ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." -+ echo "*** See http://www.freedesktop.org/software/pkgconfig" -+ fi -+ fi -+ -+ if test $succeeded = yes; then -+ NSS_FOUND=yes -+ else -+ NSS_FOUND=no -+ fi -+ -+ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 -+echo "${ECHO_T}$NSS_FOUND" >&6 -+ if test "z$NSS_FOUND" = "zno" ; then -+ -+ succeeded=no -+ -+ if test -z "$PKG_CONFIG"; then -+ # Extract the first word of "pkg-config", so it can be a program name with args. -+set dummy pkg-config; ac_word=$2 -+echo "$as_me:$LINENO: checking for $ac_word" >&5 -+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 -+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then -+ echo $ECHO_N "(cached) $ECHO_C" >&6 -+else -+ case $PKG_CONFIG in -+ [\\/]* | ?:[\\/]*) -+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. -+ ;; -+ *) -+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+for as_dir in $PATH -+do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ for ac_exec_ext in '' $ac_executable_extensions; do -+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" -+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ break 2 -+ fi -+done -+done -+ -+ test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" -+ ;; -+esac -+fi -+PKG_CONFIG=$ac_cv_path_PKG_CONFIG -+ -+if test -n "$PKG_CONFIG"; then -+ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 -+echo "${ECHO_T}$PKG_CONFIG" >&6 -+else -+ echo "$as_me:$LINENO: result: no" >&5 -+echo "${ECHO_T}no" >&6 -+fi -+ -+ fi -+ -+ if test "$PKG_CONFIG" = "no" ; then -+ echo "*** The pkg-config script could not be found. Make sure it is" -+ echo "*** in your path, or set the PKG_CONFIG environment variable" -+ echo "*** to the full path to pkg-config." -+ echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." -+ else -+ PKG_CONFIG_MIN_VERSION=0.9.0 -+ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then -+ echo "$as_me:$LINENO: checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" >&5 -+echo $ECHO_N "checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION... $ECHO_C" >&6 - -- if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then -+ if $PKG_CONFIG --exists "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" ; then - echo "$as_me:$LINENO: result: yes" >&5 - echo "${ECHO_T}yes" >&6 - succeeded=yes - - echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 - echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 -- NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` -+ NSS_CFLAGS=`$PKG_CONFIG --cflags "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` - echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 - echo "${ECHO_T}$NSS_CFLAGS" >&6 - - echo "$as_me:$LINENO: checking NSS_LIBS" >&5 - echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 -- NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` -+ NSS_LIBS=`$PKG_CONFIG --libs "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` - echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 - echo "${ECHO_T}$NSS_LIBS" >&6 - else -@@ -25790,7 +25904,7 @@ - NSS_LIBS="" - ## If we have a custom action on failure, don't print errors, but - ## do set a variable so people can do so. -- NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` -+ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` - - fi - -@@ -25808,6 +25922,9 @@ - NSS_FOUND=no - fi - -+ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 -+echo "${ECHO_T}$NSS_FOUND" >&6 -+ fi - fi - - if test "z$NSS_FOUND" = "zno" ; then -@@ -25817,8 +25934,8 @@ - ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION - fi - -- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" -- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" -+ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" -+ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" - - echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 - echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 -@@ -25853,8 +25970,11 @@ - done - - for dir in $ac_nss_lib_dir ; do -- if test -f $dir/libnspr4.so ; then -- if test "z$dir" = "z/usr/lib" ; then -+ case $host_os in -+ cygwin* | mingw* | pw32*) -+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then -+ # do not add -L/usr/lib because compiler does it anyway -+ if test "z$dir" = "z/usr/lib" ; then - NSPR_LIBS="$NSPR_LIBS_LIST" - else - if test "z$with_gnu_ld" = "zyes" ; then -@@ -25865,7 +25985,26 @@ - fi - NSPR_LIBS_FOUND="yes" - break -- fi -+ fi -+ ;; -+ -+ *) -+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then -+ # do not add -L/usr/lib because compiler does it anyway -+ if test "z$dir" = "z/usr/lib" ; then -+ NSPR_LIBS="$NSPR_LIBS_LIST" -+ else -+ if test "z$with_gnu_ld" = "zyes" ; then -+ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" -+ else -+ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" -+ fi -+ fi -+ NSPR_LIBS_FOUND="yes" -+ break -+ fi -+ ;; -+ esac - done - fi - -@@ -25939,8 +26078,11 @@ - done - - for dir in $ac_nss_lib_dir ; do -- if test -f $dir/libnss3.so ; then -- if test "z$dir" = "z/usr/lib" ; then -+ case $host_os in -+ cygwin* | mingw* | pw32*) -+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then -+ # do not add -L/usr/lib because compiler does it anyway -+ if test "z$dir" = "z/usr/lib" ; then - NSS_LIBS="$NSS_LIBS_LIST" - else - if test "z$with_gnu_ld" = "zyes" ; then -@@ -25951,7 +26093,26 @@ - fi - NSS_LIBS_FOUND="yes" - break -- fi -+ fi -+ ;; -+ -+ *) -+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then -+ # do not add -L/usr/lib because compiler does it anyway -+ if test "z$dir" = "z/usr/lib" ; then -+ NSS_LIBS="$NSS_LIBS_LIST" -+ else -+ if test "z$with_gnu_ld" = "zyes" ; then -+ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" -+ else -+ NSS_LIBS="-L$dir $NSS_LIBS_LIST" -+ fi -+ fi -+ NSS_LIBS_FOUND="yes" -+ break -+ fi -+ ;; -+ esac - done - fi - -@@ -26004,6 +26165,12 @@ - fi - fi - -+case $host_os in -+darwin*) -+ NSS_LIBS="$NSS_LIBS "`"$PERL" "$SOLARENV/bin/macosx-dylib-link-list.pl" $NSS_LIBS` -+ ;; -+esac -+ - if test "z$NSS_FOUND" = "zyes" ; then - XMLSEC_NO_NSS="0" - NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1" -@@ -26037,6 +26204,109 @@ - - - -+MSCRYPTO_CFLAGS="" -+MSCRYPTO_LIBS="" -+MSCRYPTO_FOUND="no" -+ -+ -+# Check whether --with-mscrypto or --without-mscrypto was given. -+if test "${with_mscrypto+set}" = set; then -+ withval="$with_mscrypto" -+ -+fi; -+if test "z$with_mscrypto" = "zno" ; then -+ echo "$as_me:$LINENO: checking for MSCRYPTO libraries" >&5 -+echo $ECHO_N "checking for MSCRYPTO libraries... $ECHO_C" >&6 -+ echo "$as_me:$LINENO: result: no" >&5 -+echo "${ECHO_T}no" >&6 -+ MSCRYPTO_FOUND="without" -+else -+ ac_mscrypto_lib_dir="${PSDK_HOME}/lib" -+ ac_mscrypto_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external/mingw/include ${COMPATH}/include ${COMPATH}/include/w32api" -+ echo "$as_me:$LINENO: checking for mscrypto libraries" >&5 -+echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6 -+ MSCRYPTO_INCLUDES_FOUND="no" -+ MSCRYPTO_LIBS_FOUND="no" -+ WINCRYPT_H="" -+ -+ for dir in $ac_mscrypto_inc_dir ; do -+ if test -f $dir/wincrypt.h ; then -+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -I$dir" -+ MSCRYPTO_INCLUDES_FOUND="yes" -+ WINCRYPT_H="$dir/wincrypt.h" -+ break -+ fi -+ done -+ -+ for dir in $ac_mscrypto_lib_dir ; do -+ if test -f $dir/crypt32.lib ; then -+ if test "z$with_gnu_ld" = "zyes" ; then -+ MSCRYPTO_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $dir/crypt32.lib" -+ else -+ MSCRYPTO_LIBS="-L$dir $dir/crypt32.lib" -+ fi -+ MSCRYPTO_LIBS_FOUND="yes" -+ break -+ fi -+ done -+ -+ if test "z$MSCRYPTO_INCLUDES_FOUND" = "zyes" -a "z$MSCRYPTO_LIBS_FOUND" = "zyes" ; then -+ OLD_CPPFLAGS=$CPPFLAGS -+ CPPFLAGS="$MSCRYPTO_CFLAGS" -+ cat >conftest.$ac_ext <<_ACEOF -+/* confdefs.h. */ -+_ACEOF -+cat confdefs.h >>conftest.$ac_ext -+cat >>conftest.$ac_ext <<_ACEOF -+/* end confdefs.h. */ -+ -+ #include <wincrypt.h> -+ #if defined(_WINCRYPT_H) || defined(__WINCRYPT_H__) -+ yes -+ #endif -+ -+_ACEOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ $EGREP "yes" >/dev/null 2>&1; then -+ -+ MSCRYPTO_FOUND=yes -+ -+else -+ -+ MSCRYPTO_FOUND=no -+ -+fi -+rm -f conftest* -+ -+ CPPFLAGS="$OLD_CPPFLAGS" -+ fi -+ -+ if test "z$MSCRYPTO_FOUND" = "zyes" ; then -+ echo "$as_me:$LINENO: result: yes" >&5 -+echo "${ECHO_T}yes" >&6 -+ else -+ echo "$as_me:$LINENO: result: no" >&5 -+echo "${ECHO_T}no" >&6 -+ fi -+ -+fi -+ -+if test "z$MSCRYPTO_FOUND" = "zyes" ; then -+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1" -+ -+ if test "z$XMLSEC_CRYPTO" = "z" ; then -+ XMLSEC_CRYPTO="mscrypto" -+ XMLSEC_CRYPTO_LIB="$PACKAGE-mscrypto" -+ XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS" -+ XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS" -+ fi -+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto" -+else -+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto" -+fi -+ -+ -+ - echo "$as_me:$LINENO: checking for crypto library" >&5 - echo $ECHO_N "checking for crypto library... $ECHO_C" >&6 - if test "z$XMLSEC_CRYPTO" = "z" ; then -@@ -26604,7 +26874,7 @@ - done - - -- ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in" -+ ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1-mscrypto.pc:xmlsec-mscrypto.pc.in xmlsec1.spec:xmlsec.spec.in" - cat >confcache <<\_ACEOF - # This file is a shell script that caches the results of configure - # tests run on this system so they can be shared between configure -@@ -27521,6 +27791,8 @@ - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -@@ -29231,6 +29503,8 @@ - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -@@ -30941,6 +31215,8 @@ - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -@@ -32653,6 +32929,1724 @@ - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t -+s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t -+s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t -+s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -+s,@XMLSEC_NO_RIPEMD160_TRUE@,$XMLSEC_NO_RIPEMD160_TRUE,;t t -+s,@XMLSEC_NO_RIPEMD160_FALSE@,$XMLSEC_NO_RIPEMD160_FALSE,;t t -+s,@XMLSEC_NO_RIPEMD160@,$XMLSEC_NO_RIPEMD160,;t t -+s,@XMLSEC_NO_HMAC_TRUE@,$XMLSEC_NO_HMAC_TRUE,;t t -+s,@XMLSEC_NO_HMAC_FALSE@,$XMLSEC_NO_HMAC_FALSE,;t t -+s,@XMLSEC_NO_HMAC@,$XMLSEC_NO_HMAC,;t t -+s,@XMLSEC_NO_DSA_TRUE@,$XMLSEC_NO_DSA_TRUE,;t t -+s,@XMLSEC_NO_DSA_FALSE@,$XMLSEC_NO_DSA_FALSE,;t t -+s,@XMLSEC_NO_DSA@,$XMLSEC_NO_DSA,;t t -+s,@XMLSEC_NO_RSA_TRUE@,$XMLSEC_NO_RSA_TRUE,;t t -+s,@XMLSEC_NO_RSA_FALSE@,$XMLSEC_NO_RSA_FALSE,;t t -+s,@XMLSEC_NO_RSA@,$XMLSEC_NO_RSA,;t t -+s,@XMLSEC_NO_X509_TRUE@,$XMLSEC_NO_X509_TRUE,;t t -+s,@XMLSEC_NO_X509_FALSE@,$XMLSEC_NO_X509_FALSE,;t t -+s,@XMLSEC_NO_X509@,$XMLSEC_NO_X509,;t t -+s,@XMLSEC_NO_DES_TRUE@,$XMLSEC_NO_DES_TRUE,;t t -+s,@XMLSEC_NO_DES_FALSE@,$XMLSEC_NO_DES_FALSE,;t t -+s,@XMLSEC_NO_DES@,$XMLSEC_NO_DES,;t t -+s,@XMLSEC_NO_AES_TRUE@,$XMLSEC_NO_AES_TRUE,;t t -+s,@XMLSEC_NO_AES_FALSE@,$XMLSEC_NO_AES_FALSE,;t t -+s,@XMLSEC_NO_AES@,$XMLSEC_NO_AES,;t t -+s,@XMLSEC_NO_XMLDSIG_TRUE@,$XMLSEC_NO_XMLDSIG_TRUE,;t t -+s,@XMLSEC_NO_XMLDSIG_FALSE@,$XMLSEC_NO_XMLDSIG_FALSE,;t t -+s,@XMLSEC_NO_XMLDSIG@,$XMLSEC_NO_XMLDSIG,;t t -+s,@XMLSEC_NO_XMLENC_TRUE@,$XMLSEC_NO_XMLENC_TRUE,;t t -+s,@XMLSEC_NO_XMLENC_FALSE@,$XMLSEC_NO_XMLENC_FALSE,;t t -+s,@XMLSEC_NO_XMLENC@,$XMLSEC_NO_XMLENC,;t t -+s,@XMLSEC_NO_XKMS_TRUE@,$XMLSEC_NO_XKMS_TRUE,;t t -+s,@XMLSEC_NO_XKMS_FALSE@,$XMLSEC_NO_XKMS_FALSE,;t t -+s,@XMLSEC_NO_XKMS@,$XMLSEC_NO_XKMS,;t t -+s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE,;t t -+s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE,;t t -+s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING,;t t -+s,@XMLSEC_DL_INCLUDES@,$XMLSEC_DL_INCLUDES,;t t -+s,@XMLSEC_DL_LIBS@,$XMLSEC_DL_LIBS,;t t -+s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE,;t t -+s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE,;t t -+s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,;t t -+s,@XMLSEC_DOCDIR@,$XMLSEC_DOCDIR,;t t -+s,@XMLSEC_STATIC_BINARIES@,$XMLSEC_STATIC_BINARIES,;t t -+s,@XMLSEC_CORE_CFLAGS@,$XMLSEC_CORE_CFLAGS,;t t -+s,@XMLSEC_CORE_LIBS@,$XMLSEC_CORE_LIBS,;t t -+s,@XMLSEC_LIBDIR@,$XMLSEC_LIBDIR,;t t -+s,@XMLSEC_OPENSSL_CFLAGS@,$XMLSEC_OPENSSL_CFLAGS,;t t -+s,@XMLSEC_OPENSSL_LIBS@,$XMLSEC_OPENSSL_LIBS,;t t -+s,@XMLSEC_GNUTLS_CFLAGS@,$XMLSEC_GNUTLS_CFLAGS,;t t -+s,@XMLSEC_GNUTLS_LIBS@,$XMLSEC_GNUTLS_LIBS,;t t -+s,@XMLSEC_NSS_CFLAGS@,$XMLSEC_NSS_CFLAGS,;t t -+s,@XMLSEC_NSS_LIBS@,$XMLSEC_NSS_LIBS,;t t -+s,@XMLSEC_CFLAGS@,$XMLSEC_CFLAGS,;t t -+s,@XMLSEC_LIBS@,$XMLSEC_LIBS,;t t -+s,@XMLSEC_DEFINES@,$XMLSEC_DEFINES,;t t -+s,@XMLSEC_APP_DEFINES@,$XMLSEC_APP_DEFINES,;t t -+s,@XMLSEC_CRYPTO@,$XMLSEC_CRYPTO,;t t -+s,@XMLSEC_CRYPTO_LIST@,$XMLSEC_CRYPTO_LIST,;t t -+s,@XMLSEC_CRYPTO_DISABLED_LIST@,$XMLSEC_CRYPTO_DISABLED_LIST,;t t -+s,@XMLSEC_CRYPTO_LIB@,$XMLSEC_CRYPTO_LIB,;t t -+s,@XMLSEC_CRYPTO_CFLAGS@,$XMLSEC_CRYPTO_CFLAGS,;t t -+s,@XMLSEC_CRYPTO_LIBS@,$XMLSEC_CRYPTO_LIBS,;t t -+s,@XMLSEC_CRYPTO_PC_FILES_LIST@,$XMLSEC_CRYPTO_PC_FILES_LIST,;t t -+s,@LIBOBJS@,$LIBOBJS,;t t -+s,@LTLIBOBJS@,$LTLIBOBJS,;t t -+CEOF -+ -+_ACEOF -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ # Split the substitutions into bite-sized pieces for seds with -+ # small command number limits, like on Digital OSF/1 and HP-UX. -+ ac_max_sed_lines=48 -+ ac_sed_frag=1 # Number of current file. -+ ac_beg=1 # First line for current file. -+ ac_end=$ac_max_sed_lines # Line after last line for current file. -+ ac_more_lines=: -+ ac_sed_cmds= -+ while $ac_more_lines; do -+ if test $ac_beg -gt 1; then -+ sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag -+ else -+ sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag -+ fi -+ if test ! -s $tmp/subs.frag; then -+ ac_more_lines=false -+ else -+ # The purpose of the label and of the branching condition is to -+ # speed up the sed processing (if there are no `@' at all, there -+ # is no need to browse any of the substitutions). -+ # These are the two extra sed commands mentioned above. -+ (echo ':t -+ /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed -+ if test -z "$ac_sed_cmds"; then -+ ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" -+ else -+ ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" -+ fi -+ ac_sed_frag=`expr $ac_sed_frag + 1` -+ ac_beg=$ac_end -+ ac_end=`expr $ac_end + $ac_max_sed_lines` -+ fi -+ done -+ if test -z "$ac_sed_cmds"; then -+ ac_sed_cmds=cat -+ fi -+fi # test -n "$CONFIG_FILES" -+ -+_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF -+for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue -+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". -+ case $ac_file in -+ - | *:- | *:-:* ) # input from stdin -+ cat >$tmp/stdin -+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ * ) ac_file_in=$ac_file.in ;; -+ esac -+ -+ # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. -+ ac_dir=`(dirname "$ac_file") 2>/dev/null || -+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$ac_file" : 'X\(//\)[^/]' \| \ -+ X"$ac_file" : 'X\(//\)$' \| \ -+ X"$ac_file" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$ac_file" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p "$ac_dir" -+ else -+ as_dir="$ac_dir" -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 -+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ ac_builddir=. -+ -+if test "$ac_dir" != .; then -+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` -+ # A "../" for each directory in $ac_dir_suffix. -+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` -+else -+ ac_dir_suffix= ac_top_builddir= -+fi -+ -+case $srcdir in -+ .) # No --srcdir option. We are building in place. -+ ac_srcdir=. -+ if test -z "$ac_top_builddir"; then -+ ac_top_srcdir=. -+ else -+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` -+ fi ;; -+ [\\/]* | ?:[\\/]* ) # Absolute path. -+ ac_srcdir=$srcdir$ac_dir_suffix; -+ ac_top_srcdir=$srcdir ;; -+ *) # Relative path. -+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix -+ ac_top_srcdir=$ac_top_builddir$srcdir ;; -+esac -+ -+# Do not use `cd foo && pwd` to compute absolute paths, because -+# the directories may not exist. -+case `pwd` in -+.) ac_abs_builddir="$ac_dir";; -+*) -+ case "$ac_dir" in -+ .) ac_abs_builddir=`pwd`;; -+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; -+ *) ac_abs_builddir=`pwd`/"$ac_dir";; -+ esac;; -+esac -+case $ac_abs_builddir in -+.) ac_abs_top_builddir=${ac_top_builddir}.;; -+*) -+ case ${ac_top_builddir}. in -+ .) ac_abs_top_builddir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; -+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; -+ esac;; -+esac -+case $ac_abs_builddir in -+.) ac_abs_srcdir=$ac_srcdir;; -+*) -+ case $ac_srcdir in -+ .) ac_abs_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; -+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; -+ esac;; -+esac -+case $ac_abs_builddir in -+.) ac_abs_top_srcdir=$ac_top_srcdir;; -+*) -+ case $ac_top_srcdir in -+ .) ac_abs_top_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; -+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; -+ esac;; -+esac -+ -+ -+ case $INSTALL in -+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; -+ *) ac_INSTALL=$ac_top_builddir$INSTALL ;; -+ esac -+ -+ if test x"$ac_file" != x-; then -+ { echo "$as_me:$LINENO: creating $ac_file" >&5 -+echo "$as_me: creating $ac_file" >&6;} -+ rm -f "$ac_file" -+ fi -+ # Let's still pretend it is `configure' which instantiates (i.e., don't -+ # use $as_me), people would be surprised to read: -+ # /* config.h. Generated by config.status. */ -+ if test x"$ac_file" = x-; then -+ configure_input= -+ else -+ configure_input="$ac_file. " -+ fi -+ configure_input=$configure_input"Generated from `echo $ac_file_in | -+ sed 's,.*/,,'` by configure." -+ -+ # First look for the input files in the build tree, otherwise in the -+ # src tree. -+ ac_file_inputs=`IFS=: -+ for f in $ac_file_in; do -+ case $f in -+ -) echo $tmp/stdin ;; -+ [\\/$]*) -+ # Absolute (can't be DOS-style, as IFS=:) -+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ echo "$f";; -+ *) # Relative -+ if test -f "$f"; then -+ # Build tree -+ echo "$f" -+ elif test -f "$srcdir/$f"; then -+ # Source tree -+ echo "$srcdir/$f" -+ else -+ # /dev/null tree -+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ fi;; -+ esac -+ done` || { (exit 1); exit 1; } -+_ACEOF -+cat >>$CONFIG_STATUS <<_ACEOF -+ sed "$ac_vpsub -+$extrasub -+_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF -+:t -+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -+s,@configure_input@,$configure_input,;t t -+s,@srcdir@,$ac_srcdir,;t t -+s,@abs_srcdir@,$ac_abs_srcdir,;t t -+s,@top_srcdir@,$ac_top_srcdir,;t t -+s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t -+s,@builddir@,$ac_builddir,;t t -+s,@abs_builddir@,$ac_abs_builddir,;t t -+s,@top_builddir@,$ac_top_builddir,;t t -+s,@abs_top_builddir@,$ac_abs_top_builddir,;t t -+s,@INSTALL@,$ac_INSTALL,;t t -+" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out -+ rm -f $tmp/stdin -+ if test x"$ac_file" != x-; then -+ mv $tmp/out $ac_file -+ else -+ cat $tmp/out -+ rm -f $tmp/out -+ fi -+ -+done -+_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF -+ -+# -+# CONFIG_HEADER section. -+# -+ -+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where -+# NAME is the cpp macro being defined and VALUE is the value it is being given. -+# -+# ac_d sets the value in "#define NAME VALUE" lines. -+ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' -+ac_dB='[ ].*$,\1#\2' -+ac_dC=' ' -+ac_dD=',;t' -+# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". -+ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' -+ac_uB='$,\1#\2define\3' -+ac_uC=' ' -+ac_uD=',;t' -+ -+for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue -+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". -+ case $ac_file in -+ - | *:- | *:-:* ) # input from stdin -+ cat >$tmp/stdin -+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ * ) ac_file_in=$ac_file.in ;; -+ esac -+ -+ test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 -+echo "$as_me: creating $ac_file" >&6;} -+ -+ # First look for the input files in the build tree, otherwise in the -+ # src tree. -+ ac_file_inputs=`IFS=: -+ for f in $ac_file_in; do -+ case $f in -+ -) echo $tmp/stdin ;; -+ [\\/$]*) -+ # Absolute (can't be DOS-style, as IFS=:) -+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ # Do quote $f, to prevent DOS paths from being IFS'd. -+ echo "$f";; -+ *) # Relative -+ if test -f "$f"; then -+ # Build tree -+ echo "$f" -+ elif test -f "$srcdir/$f"; then -+ # Source tree -+ echo "$srcdir/$f" -+ else -+ # /dev/null tree -+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ fi;; -+ esac -+ done` || { (exit 1); exit 1; } -+ # Remove the trailing spaces. -+ sed 's/[ ]*$//' $ac_file_inputs >$tmp/in -+ -+_ACEOF -+ -+# Transform confdefs.h into two sed scripts, `conftest.defines' and -+# `conftest.undefs', that substitutes the proper values into -+# config.h.in to produce config.h. The first handles `#define' -+# templates, and the second `#undef' templates. -+# And first: Protect against being on the right side of a sed subst in -+# config.status. Protect against being in an unquoted here document -+# in config.status. -+rm -f conftest.defines conftest.undefs -+# Using a here document instead of a string reduces the quoting nightmare. -+# Putting comments in sed scripts is not portable. -+# -+# `end' is used to avoid that the second main sed command (meant for -+# 0-ary CPP macros) applies to n-ary macro definitions. -+# See the Autoconf documentation for `clear'. -+cat >confdef2sed.sed <<\_ACEOF -+s/[\\&,]/\\&/g -+s,[\\$`],\\&,g -+t clear -+: clear -+s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp -+t end -+s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp -+: end -+_ACEOF -+# If some macros were called several times there might be several times -+# the same #defines, which is useless. Nevertheless, we may not want to -+# sort them, since we want the *last* AC-DEFINE to be honored. -+uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines -+sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs -+rm -f confdef2sed.sed -+ -+# This sed command replaces #undef with comments. This is necessary, for -+# example, in the case of _POSIX_SOURCE, which is predefined and required -+# on some systems where configure will not decide to define it. -+cat >>conftest.undefs <<\_ACEOF -+s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, -+_ACEOF -+ -+# Break up conftest.defines because some shells have a limit on the size -+# of here documents, and old seds have small limits too (100 cmds). -+echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS -+echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS -+echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS -+echo ' :' >>$CONFIG_STATUS -+rm -f conftest.tail -+while grep . conftest.defines >/dev/null -+do -+ # Write a limited-size here document to $tmp/defines.sed. -+ echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS -+ # Speed up: don't consider the non `#define' lines. -+ echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS -+ # Work around the forget-to-reset-the-flag bug. -+ echo 't clr' >>$CONFIG_STATUS -+ echo ': clr' >>$CONFIG_STATUS -+ sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS -+ echo 'CEOF -+ sed -f $tmp/defines.sed $tmp/in >$tmp/out -+ rm -f $tmp/in -+ mv $tmp/out $tmp/in -+' >>$CONFIG_STATUS -+ sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail -+ rm -f conftest.defines -+ mv conftest.tail conftest.defines -+done -+rm -f conftest.defines -+echo ' fi # grep' >>$CONFIG_STATUS -+echo >>$CONFIG_STATUS -+ -+# Break up conftest.undefs because some shells have a limit on the size -+# of here documents, and old seds have small limits too (100 cmds). -+echo ' # Handle all the #undef templates' >>$CONFIG_STATUS -+rm -f conftest.tail -+while grep . conftest.undefs >/dev/null -+do -+ # Write a limited-size here document to $tmp/undefs.sed. -+ echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS -+ # Speed up: don't consider the non `#undef' -+ echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS -+ # Work around the forget-to-reset-the-flag bug. -+ echo 't clr' >>$CONFIG_STATUS -+ echo ': clr' >>$CONFIG_STATUS -+ sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS -+ echo 'CEOF -+ sed -f $tmp/undefs.sed $tmp/in >$tmp/out -+ rm -f $tmp/in -+ mv $tmp/out $tmp/in -+' >>$CONFIG_STATUS -+ sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail -+ rm -f conftest.undefs -+ mv conftest.tail conftest.undefs -+done -+rm -f conftest.undefs -+ -+cat >>$CONFIG_STATUS <<\_ACEOF -+ # Let's still pretend it is `configure' which instantiates (i.e., don't -+ # use $as_me), people would be surprised to read: -+ # /* config.h. Generated by config.status. */ -+ if test x"$ac_file" = x-; then -+ echo "/* Generated by configure. */" >$tmp/config.h -+ else -+ echo "/* $ac_file. Generated by configure. */" >$tmp/config.h -+ fi -+ cat $tmp/in >>$tmp/config.h -+ rm -f $tmp/in -+ if test x"$ac_file" != x-; then -+ if diff $ac_file $tmp/config.h >/dev/null 2>&1; then -+ { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 -+echo "$as_me: $ac_file is unchanged" >&6;} -+ else -+ ac_dir=`(dirname "$ac_file") 2>/dev/null || -+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$ac_file" : 'X\(//\)[^/]' \| \ -+ X"$ac_file" : 'X\(//\)$' \| \ -+ X"$ac_file" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$ac_file" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p "$ac_dir" -+ else -+ as_dir="$ac_dir" -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 -+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ rm -f $ac_file -+ mv $tmp/config.h $ac_file -+ fi -+ else -+ cat $tmp/config.h -+ rm -f $tmp/config.h -+ fi -+# Compute $ac_file's index in $config_headers. -+_am_stamp_count=1 -+for _am_header in $config_headers :; do -+ case $_am_header in -+ $ac_file | $ac_file:* ) -+ break ;; -+ * ) -+ _am_stamp_count=`expr $_am_stamp_count + 1` ;; -+ esac -+done -+echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null || -+$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X$ac_file : 'X\(//\)[^/]' \| \ -+ X$ac_file : 'X\(//\)$' \| \ -+ X$ac_file : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X$ac_file | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'`/stamp-h$_am_stamp_count -+done -+_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF -+ -+# -+# CONFIG_COMMANDS section. -+# -+for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue -+ ac_dest=`echo "$ac_file" | sed 's,:.*,,'` -+ ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_dir=`(dirname "$ac_dest") 2>/dev/null || -+$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$ac_dest" : 'X\(//\)[^/]' \| \ -+ X"$ac_dest" : 'X\(//\)$' \| \ -+ X"$ac_dest" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$ac_dest" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p "$ac_dir" -+ else -+ as_dir="$ac_dir" -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 -+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ ac_builddir=. -+ -+if test "$ac_dir" != .; then -+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` -+ # A "../" for each directory in $ac_dir_suffix. -+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` -+else -+ ac_dir_suffix= ac_top_builddir= -+fi -+ -+case $srcdir in -+ .) # No --srcdir option. We are building in place. -+ ac_srcdir=. -+ if test -z "$ac_top_builddir"; then -+ ac_top_srcdir=. -+ else -+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` -+ fi ;; -+ [\\/]* | ?:[\\/]* ) # Absolute path. -+ ac_srcdir=$srcdir$ac_dir_suffix; -+ ac_top_srcdir=$srcdir ;; -+ *) # Relative path. -+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix -+ ac_top_srcdir=$ac_top_builddir$srcdir ;; -+esac -+ -+# Do not use `cd foo && pwd` to compute absolute paths, because -+# the directories may not exist. -+case `pwd` in -+.) ac_abs_builddir="$ac_dir";; -+*) -+ case "$ac_dir" in -+ .) ac_abs_builddir=`pwd`;; -+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; -+ *) ac_abs_builddir=`pwd`/"$ac_dir";; -+ esac;; -+esac -+case $ac_abs_builddir in -+.) ac_abs_top_builddir=${ac_top_builddir}.;; -+*) -+ case ${ac_top_builddir}. in -+ .) ac_abs_top_builddir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; -+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; -+ esac;; -+esac -+case $ac_abs_builddir in -+.) ac_abs_srcdir=$ac_srcdir;; -+*) -+ case $ac_srcdir in -+ .) ac_abs_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; -+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; -+ esac;; -+esac -+case $ac_abs_builddir in -+.) ac_abs_top_srcdir=$ac_top_srcdir;; -+*) -+ case $ac_top_srcdir in -+ .) ac_abs_top_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; -+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; -+ esac;; -+esac -+ -+ -+ { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 -+echo "$as_me: executing $ac_dest commands" >&6;} -+ case $ac_dest in -+ depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do -+ # Strip MF so we end up with the name of the file. -+ mf=`echo "$mf" | sed -e 's/:.*$//'` -+ # Check whether this is an Automake generated Makefile or not. -+ # We used to match only the files named `Makefile.in', but -+ # some people rename them; so instead we look at the file content. -+ # Grep'ing the first line is not enough: some people post-process -+ # each Makefile.in and add a new line on top of each file to say so. -+ # So let's grep whole file. -+ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then -+ dirpart=`(dirname "$mf") 2>/dev/null || -+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$mf" : 'X\(//\)[^/]' \| \ -+ X"$mf" : 'X\(//\)$' \| \ -+ X"$mf" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$mf" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ else -+ continue -+ fi -+ grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue -+ # Extract the definition of DEP_FILES from the Makefile without -+ # running `make'. -+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` -+ test -z "$DEPDIR" && continue -+ # When using ansi2knr, U may be empty or an underscore; expand it -+ U=`sed -n 's/^U = //p' < "$mf"` -+ test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR" -+ # We invoke sed twice because it is the simplest approach to -+ # changing $(DEPDIR) to its actual value in the expansion. -+ for file in `sed -n ' -+ /^DEP_FILES = .*\\\\$/ { -+ s/^DEP_FILES = // -+ :loop -+ s/\\\\$// -+ p -+ n -+ /\\\\$/ b loop -+ p -+ } -+ /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \ -+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do -+ # Make sure the directory exists. -+ test -f "$dirpart/$file" && continue -+ fdir=`(dirname "$file") 2>/dev/null || -+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$file" : 'X\(//\)[^/]' \| \ -+ X"$file" : 'X\(//\)$' \| \ -+ X"$file" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$file" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p $dirpart/$fdir -+ else -+ as_dir=$dirpart/$fdir -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5 -+echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ # echo "creating $dirpart/$file" -+ echo '# dummy' > "$dirpart/$file" -+ done -+done -+ ;; -+ esac -+done -+_ACEOF -+ -+cat >>$CONFIG_STATUS <<\_ACEOF -+ -+{ (exit 0); exit 0; } -+_ACEOF -+chmod +x $CONFIG_STATUS -+ac_clean_files=$ac_clean_files_save -+ -+ -+# configure is writing to config.log, and then calls config.status. -+# config.status does its own redirection, appending to config.log. -+# Unfortunately, on DOS this fails, as config.log is still kept open -+# by configure, so config.status won't be able to write to it; its -+# output is simply discarded. So we exec the FD to /dev/null, -+# effectively closing config.log, so it can be properly (re)opened and -+# appended to by config.status. When coming back to configure, we -+# need to make the FD available again. -+if test "$no_create" != yes; then -+ ac_cs_success=: -+ ac_config_status_args= -+ test "$silent" = yes && -+ ac_config_status_args="$ac_config_status_args --quiet" -+ exec 5>/dev/null -+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false -+ exec 5>>config.log -+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which -+ # would make configure fail if this is the last instruction. -+ $ac_cs_success || { (exit 1); exit 1; } -+fi -+ -+fi -+ -+if test "z$MSCRYPTO_FOUND" = "zyes" ; then -+ ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile" -+cat >confcache <<\_ACEOF -+# This file is a shell script that caches the results of configure -+# tests run on this system so they can be shared between configure -+# scripts and configure runs, see configure's option --config-cache. -+# It is not useful on other systems. If it contains results you don't -+# want to keep, you may remove or edit it. -+# -+# config.status only pays attention to the cache file if you give it -+# the --recheck option to rerun configure. -+# -+# `ac_cv_env_foo' variables (set or unset) will be overridden when -+# loading this file, other *unset* `ac_cv_foo' will be assigned the -+# following values. -+ -+_ACEOF -+ -+# The following way of writing the cache mishandles newlines in values, -+# but we know of no workaround that is simple, portable, and efficient. -+# So, don't put newlines in cache variables' values. -+# Ultrix sh set writes to stderr and can't be redirected directly, -+# and sets the high bit in the cache file unless we assign to the vars. -+{ -+ (set) 2>&1 | -+ case `(ac_space=' '; set | grep ac_space) 2>&1` in -+ *ac_space=\ *) -+ # `set' does not quote correctly, so add quotes (double-quote -+ # substitution turns \\\\ into \\, and sed turns \\ into \). -+ sed -n \ -+ "s/'/'\\\\''/g; -+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" -+ ;; -+ *) -+ # `set' quotes correctly as required by POSIX, so do not add quotes. -+ sed -n \ -+ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" -+ ;; -+ esac; -+} | -+ sed ' -+ t clear -+ : clear -+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ -+ t end -+ /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ -+ : end' >>confcache -+if diff $cache_file confcache >/dev/null 2>&1; then :; else -+ if test -w $cache_file; then -+ test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" -+ cat confcache >$cache_file -+ else -+ echo "not updating unwritable cache $cache_file" -+ fi -+fi -+rm -f confcache -+ -+test "x$prefix" = xNONE && prefix=$ac_default_prefix -+# Let make expand exec_prefix. -+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -+ -+# VPATH may cause trouble with some makes, so we remove $(srcdir), -+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and -+# trailing colons and then remove the whole line if VPATH becomes empty -+# (actually we leave an empty line to preserve line numbers). -+if test "x$srcdir" = x.; then -+ ac_vpsub='/^[ ]*VPATH[ ]*=/{ -+s/:*\$(srcdir):*/:/; -+s/:*\${srcdir}:*/:/; -+s/:*@srcdir@:*/:/; -+s/^\([^=]*=[ ]*\):*/\1/; -+s/:*$//; -+s/^[^=]*=[ ]*$//; -+}' -+fi -+ -+DEFS=-DHAVE_CONFIG_H -+ -+ac_libobjs= -+ac_ltlibobjs= -+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue -+ # 1. Remove the extension, and $U if already installed. -+ ac_i=`echo "$ac_i" | -+ sed 's/\$U\././;s/\.o$//;s/\.obj$//'` -+ # 2. Add them. -+ ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" -+ ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' -+done -+LIBOBJS=$ac_libobjs -+ -+LTLIBOBJS=$ac_ltlibobjs -+ -+ -+if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"AMDEP\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${INSTALL_LTDL_TRUE}" && test -z "${INSTALL_LTDL_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"INSTALL_LTDL\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"INSTALL_LTDL\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${CONVENIENCE_LTDL_TRUE}" && test -z "${CONVENIENCE_LTDL_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"CONVENIENCE_LTDL\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"CONVENIENCE_LTDL\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_NSS\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_NSS\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_SHA1\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_SHA1\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_HMAC\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_HMAC\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DSA\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_DSA\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RSA\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_RSA\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_X509\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_X509\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DES\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_DES\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_AES\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_AES\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XKMS\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_XKMS\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. -+Usually this means the macro was only invoked conditionally." >&5 -+echo "$as_me: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. -+Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+fi -+ -+: ${CONFIG_STATUS=./config.status} -+ac_clean_files_save=$ac_clean_files -+ac_clean_files="$ac_clean_files $CONFIG_STATUS" -+{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 -+echo "$as_me: creating $CONFIG_STATUS" >&6;} -+cat >$CONFIG_STATUS <<_ACEOF -+#! $SHELL -+# Generated by $as_me. -+# Run this file to recreate the current configuration. -+# Compiler output produced by configure, useful for debugging -+# configure, is in config.log if it exists. -+ -+debug=false -+ac_cs_recheck=false -+ac_cs_silent=false -+SHELL=\${CONFIG_SHELL-$SHELL} -+_ACEOF -+ -+cat >>$CONFIG_STATUS <<\_ACEOF -+## --------------------- ## -+## M4sh Initialization. ## -+## --------------------- ## -+ -+# Be Bourne compatible -+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then -+ emulate sh -+ NULLCMD=: -+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which -+ # is contrary to our usage. Disable this feature. -+ alias -g '${1+"$@"}'='"$@"' -+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then -+ set -o posix -+fi -+DUALCASE=1; export DUALCASE # for MKS sh -+ -+# Support unset when possible. -+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then -+ as_unset=unset -+else -+ as_unset=false -+fi -+ -+ -+# Work around bugs in pre-3.0 UWIN ksh. -+$as_unset ENV MAIL MAILPATH -+PS1='$ ' -+PS2='> ' -+PS4='+ ' -+ -+# NLS nuisances. -+for as_var in \ -+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ -+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ -+ LC_TELEPHONE LC_TIME -+do -+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then -+ eval $as_var=C; export $as_var -+ else -+ $as_unset $as_var -+ fi -+done -+ -+# Required to use basename. -+if expr a : '\(a\)' >/dev/null 2>&1; then -+ as_expr=expr -+else -+ as_expr=false -+fi -+ -+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then -+ as_basename=basename -+else -+ as_basename=false -+fi -+ -+ -+# Name of the executable. -+as_me=`$as_basename "$0" || -+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ -+ X"$0" : 'X\(//\)$' \| \ -+ X"$0" : 'X\(/\)$' \| \ -+ . : '\(.\)' 2>/dev/null || -+echo X/"$0" | -+ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } -+ /^X\/\(\/\/\)$/{ s//\1/; q; } -+ /^X\/\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ -+ -+# PATH needs CR, and LINENO needs CR and PATH. -+# Avoid depending upon Character Ranges. -+as_cr_letters='abcdefghijklmnopqrstuvwxyz' -+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -+as_cr_Letters=$as_cr_letters$as_cr_LETTERS -+as_cr_digits='0123456789' -+as_cr_alnum=$as_cr_Letters$as_cr_digits -+ -+# The user is always right. -+if test "${PATH_SEPARATOR+set}" != set; then -+ echo "#! /bin/sh" >conf$$.sh -+ echo "exit 0" >>conf$$.sh -+ chmod +x conf$$.sh -+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then -+ PATH_SEPARATOR=';' -+ else -+ PATH_SEPARATOR=: -+ fi -+ rm -f conf$$.sh -+fi -+ -+ -+ as_lineno_1=$LINENO -+ as_lineno_2=$LINENO -+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` -+ test "x$as_lineno_1" != "x$as_lineno_2" && -+ test "x$as_lineno_3" = "x$as_lineno_2" || { -+ # Find who we are. Look in the path if we contain no path at all -+ # relative or not. -+ case $0 in -+ *[\\/]* ) as_myself=$0 ;; -+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+for as_dir in $PATH -+do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -+done -+ -+ ;; -+ esac -+ # We did not find ourselves, most probably we were run as `sh COMMAND' -+ # in which case we are not to be found in the path. -+ if test "x$as_myself" = x; then -+ as_myself=$0 -+ fi -+ if test ! -f "$as_myself"; then -+ { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 -+echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ case $CONFIG_SHELL in -+ '') -+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -+do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ for as_base in sh bash ksh sh5; do -+ case $as_dir in -+ /*) -+ if ("$as_dir/$as_base" -c ' -+ as_lineno_1=$LINENO -+ as_lineno_2=$LINENO -+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` -+ test "x$as_lineno_1" != "x$as_lineno_2" && -+ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then -+ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } -+ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } -+ CONFIG_SHELL=$as_dir/$as_base -+ export CONFIG_SHELL -+ exec "$CONFIG_SHELL" "$0" ${1+"$@"} -+ fi;; -+ esac -+ done -+done -+;; -+ esac -+ -+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO -+ # uniformly replaced by the line number. The first 'sed' inserts a -+ # line-number line before each line; the second 'sed' does the real -+ # work. The second script uses 'N' to pair each line-number line -+ # with the numbered line, and appends trailing '-' during -+ # substitution so that $LINENO is not a special case at line end. -+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the -+ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) -+ sed '=' <$as_myself | -+ sed ' -+ N -+ s,$,-, -+ : loop -+ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, -+ t loop -+ s,-$,, -+ s,^['$as_cr_digits']*\n,, -+ ' >$as_me.lineno && -+ chmod +x $as_me.lineno || -+ { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 -+echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} -+ { (exit 1); exit 1; }; } -+ -+ # Don't try to exec as it changes $[0], causing all sort of problems -+ # (the dirname of $[0] is not the place where we might find the -+ # original and so on. Autoconf is especially sensible to this). -+ . ./$as_me.lineno -+ # Exit status is that of the last command. -+ exit -+} -+ -+ -+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in -+ *c*,-n*) ECHO_N= ECHO_C=' -+' ECHO_T=' ' ;; -+ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; -+ *) ECHO_N= ECHO_C='\c' ECHO_T= ;; -+esac -+ -+if expr a : '\(a\)' >/dev/null 2>&1; then -+ as_expr=expr -+else -+ as_expr=false -+fi -+ -+rm -f conf$$ conf$$.exe conf$$.file -+echo >conf$$.file -+if ln -s conf$$.file conf$$ 2>/dev/null; then -+ # We could just check for DJGPP; but this test a) works b) is more generic -+ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). -+ if test -f conf$$.exe; then -+ # Don't use ln at all; we don't have any links -+ as_ln_s='cp -p' -+ else -+ as_ln_s='ln -s' -+ fi -+elif ln conf$$.file conf$$ 2>/dev/null; then -+ as_ln_s=ln -+else -+ as_ln_s='cp -p' -+fi -+rm -f conf$$ conf$$.exe conf$$.file -+ -+if mkdir -p . 2>/dev/null; then -+ as_mkdir_p=: -+else -+ test -d ./-p && rmdir ./-p -+ as_mkdir_p=false -+fi -+ -+as_executable_p="test -f" -+ -+# Sed expression to map a string onto a valid CPP name. -+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" -+ -+# Sed expression to map a string onto a valid variable name. -+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" -+ -+ -+# IFS -+# We need space, tab and new line, in precisely that order. -+as_nl=' -+' -+IFS=" $as_nl" -+ -+# CDPATH. -+$as_unset CDPATH -+ -+exec 6>&1 -+ -+# Open the log real soon, to keep \$[0] and so on meaningful, and to -+# report actual input values of CONFIG_FILES etc. instead of their -+# values after options handling. Logging --version etc. is OK. -+exec 5>>config.log -+{ -+ echo -+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX -+## Running $as_me. ## -+_ASBOX -+} >&5 -+cat >&5 <<_CSEOF -+ -+This file was extended by $as_me, which was -+generated by GNU Autoconf 2.59. Invocation command line was -+ -+ CONFIG_FILES = $CONFIG_FILES -+ CONFIG_HEADERS = $CONFIG_HEADERS -+ CONFIG_LINKS = $CONFIG_LINKS -+ CONFIG_COMMANDS = $CONFIG_COMMANDS -+ $ $0 $@ -+ -+_CSEOF -+echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 -+echo >&5 -+_ACEOF -+ -+# Files that config.status was made for. -+if test -n "$ac_config_files"; then -+ echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS -+fi -+ -+if test -n "$ac_config_headers"; then -+ echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS -+fi -+ -+if test -n "$ac_config_links"; then -+ echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS -+fi -+ -+if test -n "$ac_config_commands"; then -+ echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS -+fi -+ -+cat >>$CONFIG_STATUS <<\_ACEOF -+ -+ac_cs_usage="\ -+\`$as_me' instantiates files from templates according to the -+current configuration. -+ -+Usage: $0 [OPTIONS] [FILE]... -+ -+ -h, --help print this help, then exit -+ -V, --version print version number, then exit -+ -q, --quiet do not print progress messages -+ -d, --debug don't remove temporary files -+ --recheck update $as_me by reconfiguring in the same conditions -+ --file=FILE[:TEMPLATE] -+ instantiate the configuration file FILE -+ --header=FILE[:TEMPLATE] -+ instantiate the configuration header FILE -+ -+Configuration files: -+$config_files -+ -+Configuration headers: -+$config_headers -+ -+Configuration commands: -+$config_commands -+ -+Report bugs to <bug-autoconf@gnu.org>." -+_ACEOF -+ -+cat >>$CONFIG_STATUS <<_ACEOF -+ac_cs_version="\\ -+config.status -+configured by $0, generated by GNU Autoconf 2.59, -+ with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" -+ -+Copyright (C) 2003 Free Software Foundation, Inc. -+This config.status script is free software; the Free Software Foundation -+gives unlimited permission to copy, distribute and modify it." -+srcdir=$srcdir -+INSTALL="$INSTALL" -+_ACEOF -+ -+cat >>$CONFIG_STATUS <<\_ACEOF -+# If no file are specified by the user, then we need to provide default -+# value. By we need to know if files were specified by the user. -+ac_need_defaults=: -+while test $# != 0 -+do -+ case $1 in -+ --*=*) -+ ac_option=`expr "x$1" : 'x\([^=]*\)='` -+ ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` -+ ac_shift=: -+ ;; -+ -*) -+ ac_option=$1 -+ ac_optarg=$2 -+ ac_shift=shift -+ ;; -+ *) # This is not an option, so the user has probably given explicit -+ # arguments. -+ ac_option=$1 -+ ac_need_defaults=false;; -+ esac -+ -+ case $ac_option in -+ # Handling of the options. -+_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF -+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) -+ ac_cs_recheck=: ;; -+ --version | --vers* | -V ) -+ echo "$ac_cs_version"; exit 0 ;; -+ --he | --h) -+ # Conflict between --help and --header -+ { { echo "$as_me:$LINENO: error: ambiguous option: $1 -+Try \`$0 --help' for more information." >&5 -+echo "$as_me: error: ambiguous option: $1 -+Try \`$0 --help' for more information." >&2;} -+ { (exit 1); exit 1; }; };; -+ --help | --hel | -h ) -+ echo "$ac_cs_usage"; exit 0 ;; -+ --debug | --d* | -d ) -+ debug=: ;; -+ --file | --fil | --fi | --f ) -+ $ac_shift -+ CONFIG_FILES="$CONFIG_FILES $ac_optarg" -+ ac_need_defaults=false;; -+ --header | --heade | --head | --hea ) -+ $ac_shift -+ CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" -+ ac_need_defaults=false;; -+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \ -+ | -silent | --silent | --silen | --sile | --sil | --si | --s) -+ ac_cs_silent=: ;; -+ -+ # This is an error. -+ -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 -+Try \`$0 --help' for more information." >&5 -+echo "$as_me: error: unrecognized option: $1 -+Try \`$0 --help' for more information." >&2;} -+ { (exit 1); exit 1; }; } ;; -+ -+ *) ac_config_targets="$ac_config_targets $1" ;; -+ -+ esac -+ shift -+done -+ -+ac_configure_extra_args= -+ -+if $ac_cs_silent; then -+ exec 6>/dev/null -+ ac_configure_extra_args="$ac_configure_extra_args --silent" -+fi -+ -+_ACEOF -+cat >>$CONFIG_STATUS <<_ACEOF -+if \$ac_cs_recheck; then -+ echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 -+ exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion -+fi -+ -+_ACEOF -+ -+cat >>$CONFIG_STATUS <<_ACEOF -+# -+# INIT-COMMANDS section. -+# -+ -+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" -+ -+_ACEOF -+ -+ -+ -+cat >>$CONFIG_STATUS <<\_ACEOF -+for ac_config_target in $ac_config_targets -+do -+ case "$ac_config_target" in -+ # Handling of arguments. -+ "include/xmlsec/version.h" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;; -+ "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; -+ "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; -+ "include/xmlsec/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;; -+ "include/xmlsec/private/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;; -+ "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; -+ "apps/Makefile" ) CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;; -+ "docs/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; -+ "docs/api/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;; -+ "man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; -+ "xmlsec1Conf.sh" ) CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;; -+ "xmlsec1-config" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;; -+ "xmlsec1-openssl.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;; -+ "xmlsec1-gnutls.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;; -+ "xmlsec1-nss.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;; -+ "xmlsec1.spec" ) CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;; -+ "include/xmlsec/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;; -+ "src/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;; -+ "include/xmlsec/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;; -+ "src/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;; -+ "include/xmlsec/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;; -+ "src/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;; -+ "include/xmlsec/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;; -+ "src/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;; -+ "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; -+ "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; -+ *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 -+echo "$as_me: error: invalid argument: $ac_config_target" >&2;} -+ { (exit 1); exit 1; }; };; -+ esac -+done -+ -+# If the user did not use the arguments to specify the items to instantiate, -+# then the envvar interface is used. Set only those that are not. -+# We use the long form for the default assignment because of an extremely -+# bizarre bug on SunOS 4.1.3. -+if $ac_need_defaults; then -+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files -+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers -+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands -+fi -+ -+# Have a temporary directory for convenience. Make it in the build tree -+# simply because there is no reason to put it here, and in addition, -+# creating and moving files from /tmp can sometimes cause problems. -+# Create a temporary directory, and hook for its removal unless debugging. -+$debug || -+{ -+ trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 -+ trap '{ (exit 1); exit 1; }' 1 2 13 15 -+} -+ -+# Create a (secure) tmp directory for tmp files. -+ -+{ -+ tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && -+ test -n "$tmp" && test -d "$tmp" -+} || -+{ -+ tmp=./confstat$$-$RANDOM -+ (umask 077 && mkdir $tmp) -+} || -+{ -+ echo "$me: cannot create a temporary directory in ." >&2 -+ { (exit 1); exit 1; } -+} -+ -+_ACEOF -+ -+cat >>$CONFIG_STATUS <<_ACEOF -+ -+# -+# CONFIG_FILES section. -+# -+ -+# No need to generate the scripts if there are no CONFIG_FILES. -+# This happens for instance when ./config.status config.h -+if test -n "\$CONFIG_FILES"; then -+ # Protect against being on the right side of a sed subst in config.status. -+ sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; -+ s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF -+s,@SHELL@,$SHELL,;t t -+s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t -+s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t -+s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t -+s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t -+s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t -+s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t -+s,@exec_prefix@,$exec_prefix,;t t -+s,@prefix@,$prefix,;t t -+s,@program_transform_name@,$program_transform_name,;t t -+s,@bindir@,$bindir,;t t -+s,@sbindir@,$sbindir,;t t -+s,@libexecdir@,$libexecdir,;t t -+s,@datadir@,$datadir,;t t -+s,@sysconfdir@,$sysconfdir,;t t -+s,@sharedstatedir@,$sharedstatedir,;t t -+s,@localstatedir@,$localstatedir,;t t -+s,@libdir@,$libdir,;t t -+s,@includedir@,$includedir,;t t -+s,@oldincludedir@,$oldincludedir,;t t -+s,@infodir@,$infodir,;t t -+s,@mandir@,$mandir,;t t -+s,@build_alias@,$build_alias,;t t -+s,@host_alias@,$host_alias,;t t -+s,@target_alias@,$target_alias,;t t -+s,@DEFS@,$DEFS,;t t -+s,@ECHO_C@,$ECHO_C,;t t -+s,@ECHO_N@,$ECHO_N,;t t -+s,@ECHO_T@,$ECHO_T,;t t -+s,@LIBS@,$LIBS,;t t -+s,@build@,$build,;t t -+s,@build_cpu@,$build_cpu,;t t -+s,@build_vendor@,$build_vendor,;t t -+s,@build_os@,$build_os,;t t -+s,@host@,$host,;t t -+s,@host_cpu@,$host_cpu,;t t -+s,@host_vendor@,$host_vendor,;t t -+s,@host_os@,$host_os,;t t -+s,@XMLSEC_VERSION@,$XMLSEC_VERSION,;t t -+s,@XMLSEC_PACKAGE@,$XMLSEC_PACKAGE,;t t -+s,@XMLSEC_VERSION_SAFE@,$XMLSEC_VERSION_SAFE,;t t -+s,@XMLSEC_VERSION_MAJOR@,$XMLSEC_VERSION_MAJOR,;t t -+s,@XMLSEC_VERSION_MINOR@,$XMLSEC_VERSION_MINOR,;t t -+s,@XMLSEC_VERSION_SUBMINOR@,$XMLSEC_VERSION_SUBMINOR,;t t -+s,@XMLSEC_VERSION_INFO@,$XMLSEC_VERSION_INFO,;t t -+s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t -+s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t -+s,@INSTALL_DATA@,$INSTALL_DATA,;t t -+s,@CYGPATH_W@,$CYGPATH_W,;t t -+s,@PACKAGE@,$PACKAGE,;t t -+s,@VERSION@,$VERSION,;t t -+s,@ACLOCAL@,$ACLOCAL,;t t -+s,@AUTOCONF@,$AUTOCONF,;t t -+s,@AUTOMAKE@,$AUTOMAKE,;t t -+s,@AUTOHEADER@,$AUTOHEADER,;t t -+s,@MAKEINFO@,$MAKEINFO,;t t -+s,@AMTAR@,$AMTAR,;t t -+s,@install_sh@,$install_sh,;t t -+s,@STRIP@,$STRIP,;t t -+s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t -+s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t -+s,@mkdir_p@,$mkdir_p,;t t -+s,@AWK@,$AWK,;t t -+s,@SET_MAKE@,$SET_MAKE,;t t -+s,@am__leading_dot@,$am__leading_dot,;t t -+s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t -+s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t -+s,@MAINT@,$MAINT,;t t -+s,@CC@,$CC,;t t -+s,@CFLAGS@,$CFLAGS,;t t -+s,@LDFLAGS@,$LDFLAGS,;t t -+s,@CPPFLAGS@,$CPPFLAGS,;t t -+s,@ac_ct_CC@,$ac_ct_CC,;t t -+s,@EXEEXT@,$EXEEXT,;t t -+s,@OBJEXT@,$OBJEXT,;t t -+s,@DEPDIR@,$DEPDIR,;t t -+s,@am__include@,$am__include,;t t -+s,@am__quote@,$am__quote,;t t -+s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t -+s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t -+s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t -+s,@CCDEPMODE@,$CCDEPMODE,;t t -+s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t -+s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t -+s,@EGREP@,$EGREP,;t t -+s,@LN_S@,$LN_S,;t t -+s,@ECHO@,$ECHO,;t t -+s,@AR@,$AR,;t t -+s,@ac_ct_AR@,$ac_ct_AR,;t t -+s,@RANLIB@,$RANLIB,;t t -+s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t -+s,@CPP@,$CPP,;t t -+s,@CXX@,$CXX,;t t -+s,@CXXFLAGS@,$CXXFLAGS,;t t -+s,@ac_ct_CXX@,$ac_ct_CXX,;t t -+s,@CXXDEPMODE@,$CXXDEPMODE,;t t -+s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t -+s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t -+s,@CXXCPP@,$CXXCPP,;t t -+s,@F77@,$F77,;t t -+s,@FFLAGS@,$FFLAGS,;t t -+s,@ac_ct_F77@,$ac_ct_F77,;t t -+s,@LIBTOOL@,$LIBTOOL,;t t -+s,@RM@,$RM,;t t -+s,@CP@,$CP,;t t -+s,@MV@,$MV,;t t -+s,@TAR@,$TAR,;t t -+s,@HELP2MAN@,$HELP2MAN,;t t -+s,@MAN2HTML@,$MAN2HTML,;t t -+s,@U@,$U,;t t -+s,@ANSI2KNR@,$ANSI2KNR,;t t -+s,@INSTALL_LTDL_TRUE@,$INSTALL_LTDL_TRUE,;t t -+s,@INSTALL_LTDL_FALSE@,$INSTALL_LTDL_FALSE,;t t -+s,@CONVENIENCE_LTDL_TRUE@,$CONVENIENCE_LTDL_TRUE,;t t -+s,@CONVENIENCE_LTDL_FALSE@,$CONVENIENCE_LTDL_FALSE,;t t -+s,@LIBADD_DL@,$LIBADD_DL,;t t -+s,@PKG_CONFIG_ENABLED@,$PKG_CONFIG_ENABLED,;t t -+s,@PKG_CONFIG@,$PKG_CONFIG,;t t -+s,@LIBXML_CFLAGS@,$LIBXML_CFLAGS,;t t -+s,@LIBXML_LIBS@,$LIBXML_LIBS,;t t -+s,@LIBXML262_CFLAGS@,$LIBXML262_CFLAGS,;t t -+s,@LIBXML262_LIBS@,$LIBXML262_LIBS,;t t -+s,@LIBXML_CONFIG@,$LIBXML_CONFIG,;t t -+s,@LIBXML_MIN_VERSION@,$LIBXML_MIN_VERSION,;t t -+s,@LIBXSLT_CFLAGS@,$LIBXSLT_CFLAGS,;t t -+s,@LIBXSLT_LIBS@,$LIBXSLT_LIBS,;t t -+s,@XMLSEC_NO_LIBXSLT@,$XMLSEC_NO_LIBXSLT,;t t -+s,@LIBXSLT_CONFIG@,$LIBXSLT_CONFIG,;t t -+s,@LIBXSLT_MIN_VERSION@,$LIBXSLT_MIN_VERSION,;t t -+s,@OPENSSL_CFLAGS@,$OPENSSL_CFLAGS,;t t -+s,@OPENSSL_LIBS@,$OPENSSL_LIBS,;t t -+s,@OPENSSL097_CFLAGS@,$OPENSSL097_CFLAGS,;t t -+s,@OPENSSL097_LIBS@,$OPENSSL097_LIBS,;t t -+s,@XMLSEC_NO_OPENSSL_TRUE@,$XMLSEC_NO_OPENSSL_TRUE,;t t -+s,@XMLSEC_NO_OPENSSL_FALSE@,$XMLSEC_NO_OPENSSL_FALSE,;t t -+s,@XMLSEC_NO_OPENSSL@,$XMLSEC_NO_OPENSSL,;t t -+s,@OPENSSL_CRYPTO_LIB@,$OPENSSL_CRYPTO_LIB,;t t -+s,@OPENSSL_MIN_VERSION@,$OPENSSL_MIN_VERSION,;t t -+s,@GNUTLS_CFLAGS@,$GNUTLS_CFLAGS,;t t -+s,@GNUTLS_LIBS@,$GNUTLS_LIBS,;t t -+s,@XMLSEC_NO_GNUTLS_TRUE@,$XMLSEC_NO_GNUTLS_TRUE,;t t -+s,@XMLSEC_NO_GNUTLS_FALSE@,$XMLSEC_NO_GNUTLS_FALSE,;t t -+s,@XMLSEC_NO_GNUTLS@,$XMLSEC_NO_GNUTLS,;t t -+s,@GNUTLS_CRYPTO_LIB@,$GNUTLS_CRYPTO_LIB,;t t -+s,@GNUTLS_MIN_VERSION@,$GNUTLS_MIN_VERSION,;t t -+s,@NSS_CFLAGS@,$NSS_CFLAGS,;t t -+s,@NSS_LIBS@,$NSS_LIBS,;t t -+s,@XMLSEC_NO_NSS_TRUE@,$XMLSEC_NO_NSS_TRUE,;t t -+s,@XMLSEC_NO_NSS_FALSE@,$XMLSEC_NO_NSS_FALSE,;t t -+s,@XMLSEC_NO_NSS@,$XMLSEC_NO_NSS,;t t -+s,@NSS_CRYPTO_LIB@,$NSS_CRYPTO_LIB,;t t -+s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t -+s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t -+s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -@@ -34368,6 +36362,8 @@ - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t ---- misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/configure.in 2008-06-29 23:44:19.000000000 +0200 -@@ -503,12 +503,26 @@ - - XMLSEC_NO_NSS="1" - MOZILLA_MIN_VERSION="1.4" -+if test "z$MOZ_FLAVOUR" = "zfirefox" ; then -+ MOZILLA_MIN_VERSION="1.0" -+fi - NSS_MIN_VERSION="3.2" - NSPR_MIN_VERSION="4.0" - NSS_CFLAGS="" - NSS_LIBS="" --NSS_LIBS_LIST="-lnss3 -lsmime3" --NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" -+ -+case $host_os in -+cygwin* | mingw* | pw32*) -+ NSS_LIBS_LIST="-lnss3 -lsmime3" -+ NSPR_LIBS_LIST="-lnspr4" -+ ;; -+ -+*) -+ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" -+ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" -+ ;; -+esac -+ - NSS_CRYPTO_LIB="$PACKAGE-nss" - NSS_FOUND="no" - -@@ -521,9 +535,16 @@ - AC_MSG_RESULT(no) - NSS_FOUND="without" - elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then -- PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, -+ PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION, - [NSS_FOUND=yes], - [NSS_FOUND=no]) -+ AC_MSG_RESULT($NSS_FOUND) -+ if test "z$NSS_FOUND" = "zno" ; then -+ PKG_CHECK_MODULES(NSS, nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION, -+ [NSS_FOUND=yes], -+ [NSS_FOUND=no]) -+ AC_MSG_RESULT($NSS_FOUND) -+ fi - fi - - if test "z$NSS_FOUND" = "zno" ; then -@@ -534,8 +555,8 @@ - ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION - fi - -- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" -- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" -+ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" -+ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" - - AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) - NSPR_INCLUDES_FOUND="no" -@@ -570,7 +591,9 @@ - done - - for dir in $ac_nss_lib_dir ; do -- if test -f $dir/libnspr4.so ; then -+ case $host_os in -+ cygwin* | mingw* | pw32*) -+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then - dnl do not add -L/usr/lib because compiler does it anyway - if test "z$dir" = "z/usr/lib" ; then - NSPR_LIBS="$NSPR_LIBS_LIST" -@@ -583,7 +606,26 @@ - fi - NSPR_LIBS_FOUND="yes" - break -- fi -+ fi -+ ;; -+ -+ *) -+ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then -+ dnl do not add -L/usr/lib because compiler does it anyway -+ if test "z$dir" = "z/usr/lib" ; then -+ NSPR_LIBS="$NSPR_LIBS_LIST" -+ else -+ if test "z$with_gnu_ld" = "zyes" ; then -+ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" -+ else -+ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" -+ fi -+ fi -+ NSPR_LIBS_FOUND="yes" -+ break -+ fi -+ ;; -+ esac - done - fi - -@@ -641,7 +683,9 @@ - done - - for dir in $ac_nss_lib_dir ; do -- if test -f $dir/libnss3.so ; then -+ case $host_os in -+ cygwin* | mingw* | pw32*) -+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then - dnl do not add -L/usr/lib because compiler does it anyway - if test "z$dir" = "z/usr/lib" ; then - NSS_LIBS="$NSS_LIBS_LIST" -@@ -654,7 +698,26 @@ - fi - NSS_LIBS_FOUND="yes" - break -- fi -+ fi -+ ;; -+ -+ *) -+ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then -+ dnl do not add -L/usr/lib because compiler does it anyway -+ if test "z$dir" = "z/usr/lib" ; then -+ NSS_LIBS="$NSS_LIBS_LIST" -+ else -+ if test "z$with_gnu_ld" = "zyes" ; then -+ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" -+ else -+ NSS_LIBS="-L$dir $NSS_LIBS_LIST" -+ fi -+ fi -+ NSS_LIBS_FOUND="yes" -+ break -+ fi -+ ;; -+ esac - done - fi - ---- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,58 @@ --dummy -+# Makefile.in generated by automake 1.8.3 from Makefile.am. -+# @configure_input@ -+ -+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -+# 2003, 2004 Free Software Foundation, Inc. -+# This Makefile.in is free software; the Free Software Foundation -+# gives unlimited permission to copy and/or distribute it, -+# with or without modifications, as long as this notice is preserved. -+ -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -+# PARTICULAR PURPOSE. -+ -+@SET_MAKE@ -+ -+HEADERS = $(xmlsecmscryptoinc_HEADERS) -+NULL = -+xmlsecmscryptoinc_HEADERS = \ -+akmngr.h \ -+app.h \ -+crypto.h \ -+symbols.h \ -+certkeys.h \ -+keysstore.h \ -+x509.h \ -+$(NULL) -+ -+all: all-am -+ -+mostlyclean-libtool: -+ -rm -f *.lo -+ -+clean-libtool: -+ -rm -rf .libs _libs -+ -+all-am: Makefile $(HEADERS) -+ -+mostlyclean-generic: -+ -+clean-generic: -+ -+clean: clean-am -+ -+clean-am: clean-generic clean-libtool mostlyclean-am -+ -+mostlyclean: mostlyclean-am -+ -+mostlyclean-am: mostlyclean-generic mostlyclean-libtool -+ -+.PHONY: all all-am clean clean-generic \ -+ clean-libtool \ -+ mostlyclean mostlyclean-generic mostlyclean-libtool -+ -+ -+# Tell versions [3.59,3.63) of GNU make to not export all variables. -+# Otherwise a system limit (for SysV at least) may be exceeded. -+.NOEXPORT: ---- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:39.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,71 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ -+#define __XMLSEC_MSCRYPTO_AKMNGR_H__ -+ -+#include <windows.h> -+#include <wincrypt.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -+xmlSecMSCryptoAppliedKeysMngrCreate( -+ HCERTSTORE keyStore , -+ HCERTSTORE certStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY symKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY pubKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY priKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE keyStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE trustedStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE untrustedStore -+) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ -+ -+ ---- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2008-06-29 23:44:19.000000000 +0200 -@@ -77,6 +77,21 @@ - PCCERT_CONTEXT cert, - xmlSecKeyDataType type); - -+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE keyStore -+ ) ; -+ -+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE trustedStore -+ ) ; -+ -+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE untrustedStore -+ ) ; -+ - - #endif /* XMLSEC_NO_X509 */ - ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200 -@@ -3,6 +3,7 @@ - xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss - - xmlsecnssinc_HEADERS = \ -+akmngr.h \ - app.h \ - crypto.h \ - symbols.h \ -@@ -10,6 +11,8 @@ - keysstore.h \ - pkikeys.h \ - x509.h \ -+tokens.h \ -+ciphers.h \ - $(NULL) - - install-exec-hook: ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200 -@@ -273,6 +273,7 @@ - NULL = - xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss - xmlsecnssinc_HEADERS = \ -+akmngr.h \ - app.h \ - crypto.h \ - symbols.h \ -@@ -280,6 +281,8 @@ - keysstore.h \ - pkikeys.h \ - x509.h \ -+tokens.h \ -+ciphers.h \ - $(NULL) - - all: all-am ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:39.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,56 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_NSS_AKMNGR_H__ -+#define __XMLSEC_NSS_AKMNGR_H__ -+ -+#include <nss.h> -+#include <nspr.h> -+#include <pk11func.h> -+#include <cert.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -+xmlSecNssAppliedKeysMngrCreate( -+ PK11SlotInfo** slots, -+ int cSlots, -+ CERTCertDBHandle* handler -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ PK11SymKey* symKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPublicKey* pubKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPrivateKey* priKey -+) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_AKMNGR_H__ */ -+ -+ ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2008-06-29 23:44:19.000000000 +0200 -@@ -22,6 +22,9 @@ - #include <xmlsec/keysmngr.h> - #include <xmlsec/transforms.h> - -+#include <xmlsec/nss/tokens.h> -+#include <xmlsec/nss/akmngr.h> -+ - /** - * Init/shutdown - */ -@@ -34,6 +37,8 @@ - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, - xmlSecKeyPtr key); -+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, - const char* uri); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:39.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,35 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_NSS_CIPHERS_H__ -+#define __XMLSEC_NSS_CIPHERS_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, -+ PK11SymKey* symkey ) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; -+ -+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); -+ -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_CIPHERS_H__ */ -+ -+ ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2008-06-29 23:44:19.000000000 +0200 -@@ -264,6 +264,15 @@ - xmlSecNssTransformRsaPkcs1GetKlass() - XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); - -+/** -+ * xmlSecNssTransformRsaOaepId: -+ * -+ * The RSA OAEP key transport transform klass. -+ */ -+#define xmlSecNssTransformRsaOaepId \ -+ xmlSecNssTransformRsaOaepGetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); -+ - #endif /* XMLSEC_NO_RSA */ - - ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2008-06-29 23:44:19.000000000 +0200 -@@ -16,6 +16,8 @@ - #endif /* __cplusplus */ - - #include <xmlsec/xmlsec.h> -+#include <xmlsec/keysmngr.h> -+#include <xmlsec/nss/tokens.h> - - /**************************************************************************** - * -@@ -31,6 +33,8 @@ - XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, - xmlSecKeyPtr key); -+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, - const char *uri, - xmlSecKeysMngrPtr keysMngr); ---- misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:39.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,182 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. -+ * -+ * Contributor(s): _____________________________ -+ * -+ */ -+#ifndef __XMLSEC_NSS_TOKENS_H__ -+#define __XMLSEC_NSS_TOKENS_H__ -+ -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/list.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+/** -+ * xmlSecNssKeySlotListId -+ * -+ * The crypto mechanism list klass -+ */ -+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; -+ -+/******************************************* -+ * KeySlot interfaces -+ *******************************************/ -+/** -+ * Internal NSS key slot data -+ * @mechanismList: the mechanisms that the slot bound with. -+ * @slot: the pkcs slot -+ * -+ * This context is located after xmlSecPtrList -+ */ -+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; -+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; -+ -+struct _xmlSecNssKeySlot { -+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ -+ PK11SlotInfo* slot ; -+} ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSetMechList( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE_PTR mechanismList -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotEnableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotDisableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) ; -+ -+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR -+xmlSecNssKeySlotGetMechList( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSetSlot( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotInitialize( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT void -+xmlSecNssKeySlotFinalize( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* -+xmlSecNssKeySlotGetSlot( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -+xmlSecNssKeySlotCreate() ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotCopy( -+ xmlSecNssKeySlotPtr newKeySlot , -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -+xmlSecNssKeySlotDuplicate( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT void -+xmlSecNssKeySlotDestroy( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotBindMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSupportMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) ; -+ -+ -+/************************************************************************ -+ * PKCS#11 crypto token interfaces -+ * -+ * A PKCS#11 slot repository will be defined internally. From the -+ * repository, a user can specify a particular slot for a certain crypto -+ * mechanism. -+ * -+ * In some situation, some cryptographic operation should act in a user -+ * designated devices. The interfaces defined here provide the way. If -+ * the user do not initialize the repository distinctly, the interfaces -+ * use the default functions provided by NSS itself. -+ * -+ ************************************************************************/ -+/** -+ * Initialize NSS pkcs#11 slot repository -+ * -+ * Returns 0 if success or -1 if an error occurs. -+ */ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; -+ -+/** -+ * Shutdown and destroy NSS pkcs#11 slot repository -+ */ -+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; -+ -+/** -+ * Get PKCS#11 slot handler -+ * @type the mechanism that the slot must support. -+ * -+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs. -+ * -+ * Notes: The returned handler must be destroied distinctly. -+ */ -+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; -+ -+/** -+ * Adopt a pkcs#11 slot with a mechanism into the repository -+ * @slot: the pkcs#11 slot. -+ * @mech: the mechanism. -+ * -+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with -+ * this mechanism only can perform on the @slot. -+ * -+ * Returns 0 if success or -1 if an error occurs. -+ */ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_TOKENS_H__ */ -+ ---- misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/ltmain.sh 2008-06-29 23:44:19.000000000 +0200 -@@ -1661,6 +1661,11 @@ - fi - ;; - -+ *.lib) -+ deplibs="$deplibs $arg" -+ continue -+ ;; -+ - *.$libext) - # An archive. - deplibs="$deplibs $arg" -@@ -1974,6 +1979,10 @@ - continue - ;; - *.la) lib="$deplib" ;; -+ *.lib) -+ deplibs="$deplib $deplibs" -+ continue -+ ;; - *.$libext) - if test "$pass" = conv; then - deplibs="$deplib $deplibs" -@@ -2994,13 +3003,13 @@ - ;; - - freebsd-aout) -- major=".$current" -- versuffix=".$current.$revision"; -+ major=.`expr $current - $age` -+ versuffix="$major.$age.$revision" - ;; - - freebsd-elf) -- major=".$current" -- versuffix=".$current"; -+ major=.`expr $current - $age` -+ versuffix="$major.$age.$revision" - ;; - - irix | nonstopux) -@@ -3564,7 +3573,8 @@ - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" -- dep_rpath="$dep_rpath $flag" -+# what the ... -+# dep_rpath="$dep_rpath $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in ---- misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/bn.c 2008-06-29 23:44:19.000000000 +0200 -@@ -170,8 +170,10 @@ - */ - int - xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { -- xmlSecSize i, len; -+ xmlSecSize i, len, size; - xmlSecByte ch; -+ xmlSecByte* data; -+ int positive; - int nn; - int ret; - -@@ -183,7 +185,7 @@ - /* trivial case */ - len = xmlStrlen(str); - if(len == 0) { -- return(0); -+ return(0); - } - - /* The result size could not exceed the input string length -@@ -191,54 +193,131 @@ - * In truth, it would be likely less than 1/2 input string length - * because each byte is represented by 2 chars. If needed, - * buffer size would be increased by Mul/Add functions. -+ * Finally, we can add one byte for 00 or 10 prefix. - */ -- ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1); -+ ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); - if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBnRevLookupTable", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", len / 2 + 1); -- return (-1); -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnRevLookupTable", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", len / 2 + 1); -+ return (-1); -+ } -+ -+ /* figure out if it is positive or negative number */ -+ positive = 1; -+ i = 0; -+ while(i < len) { -+ ch = str[i++]; -+ -+ /* skip spaces */ -+ if(isspace(ch)) { -+ continue; -+ } -+ -+ /* check if it is + or - */ -+ if(ch == '+') { -+ positive = 1; -+ break; -+ } else if(ch == '-') { -+ positive = 0; -+ break; -+ } -+ -+ /* otherwise, it must be start of the number */ -+ nn = xmlSecBnLookupTable[ch]; -+ if((nn >= 0) && ((xmlSecSize)nn < base)) { -+ xmlSecAssert2(i > 0, -1); -+ -+ /* no sign, positive by default */ -+ positive = 1; -+ --i; /* make sure that we will look at this character in next loop */ -+ break; -+ } else { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ NULL, -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ "char=%c;base=%d", -+ ch, base); -+ return (-1); -+ } -+ } -+ -+ /* now parse the number itself */ -+ while(i < len) { -+ ch = str[i++]; -+ if(isspace(ch)) { -+ continue; -+ } -+ -+ xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); -+ nn = xmlSecBnLookupTable[ch]; -+ if((nn < 0) || ((xmlSecSize)nn > base)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ NULL, -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ "char=%c;base=%d", -+ ch, base); -+ return (-1); -+ } -+ -+ ret = xmlSecBnMul(bn, base); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnMul", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "base=%d", base); -+ return (-1); -+ } -+ -+ ret = xmlSecBnAdd(bn, nn); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnAdd", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "base=%d", base); -+ return (-1); -+} - } - -- for(i = 0; i < len; i++) { -- ch = str[i]; -- if(isspace(ch)) { -- continue; -- } -- -- xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); -- nn = xmlSecBnLookupTable[ch]; -- if((nn < 0) || ((xmlSecSize)nn > base)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "char=%c;base=%d", -- ch, base); -- return (-1); -- } -- -- ret = xmlSecBnMul(bn, base); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBnMul", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "base=%d", base); -- return (-1); -- } -- -- ret = xmlSecBnAdd(bn, nn); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBnAdd", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "base=%d", base); -- return (-1); -- } -+ /* check if we need to add 00 prefix */ -+ data = xmlSecBufferGetData(bn); -+ size = xmlSecBufferGetSize(bn); -+ if((size > 0 && data[0] > 127)||(size==0)) { -+ ch = 0; -+ ret = xmlSecBufferPrepend(bn, &ch, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferPrepend", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "base=%d", base); -+ return (-1); -+ } -+ } -+ -+ /* do 2's compliment and add 1 to represent negative value */ -+ if(positive == 0) { -+ data = xmlSecBufferGetData(bn); -+ size = xmlSecBufferGetSize(bn); -+ for(i = 0; i < size; ++i) { -+ data[i] ^= 0xFF; -+ } -+ -+ ret = xmlSecBnAdd(bn, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnAdd", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "base=%d", base); -+ return (-1); -+ } - } - - return(0); -@@ -256,8 +335,12 @@ - */ - xmlChar* - xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { -+ xmlSecBn bn2; -+ int positive = 1; - xmlChar* res; -- xmlSecSize i, len; -+ xmlSecSize i, len, size; -+ xmlSecByte* data; -+ int ret; - int nn; - xmlChar ch; - -@@ -265,35 +348,86 @@ - xmlSecAssert2(base > 1, NULL); - xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); - -+ -+ /* copy bn */ -+ data = xmlSecBufferGetData(bn); -+ size = xmlSecBufferGetSize(bn); -+ ret = xmlSecBnInitialize(&bn2, size); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", size); -+ return (NULL); -+ } -+ -+ ret = xmlSecBnSetData(&bn2, data, size); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnSetData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", size); -+ xmlSecBnFinalize(&bn2); -+ return (NULL); -+ } -+ -+ /* check if it is a negative number or not */ -+ data = xmlSecBufferGetData(&bn2); -+ size = xmlSecBufferGetSize(&bn2); -+ if((size > 0) && (data[0] > 127)) { -+ /* subtract 1 and do 2's compliment */ -+ ret = xmlSecBnAdd(&bn2, -1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnAdd", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", size); -+ xmlSecBnFinalize(&bn2); -+ return (NULL); -+ } -+ for(i = 0; i < size; ++i) { -+ data[i] ^= 0xFF; -+ } -+ -+ positive = 0; -+ } else { -+ positive = 1; -+ } -+ - /* Result string len is - * len = log base (256) * <bn size> - * Since the smallest base == 2 then we can get away with - * len = 8 * <bn size> - */ -- len = 8 * xmlSecBufferGetSize(bn) + 1; -+ len = 8 * size + 1 + 1; - res = (xmlChar*)xmlMalloc(len + 1); - if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- "len=%d", len); -- return (NULL); -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ NULL, -+ XMLSEC_ERRORS_R_MALLOC_FAILED, -+ "len=%d", len); -+ xmlSecBnFinalize(&bn2); -+ return (NULL); - } - memset(res, 0, len + 1); - -- for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) { -- if(xmlSecBnDiv(bn, base, &nn) < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBnDiv", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "base=%d", base); -- xmlFree(res); -- return (NULL); -- } -- xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); -- res[i] = xmlSecBnRevLookupTable[nn]; -+ for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { -+ if(xmlSecBnDiv(&bn2, base, &nn) < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnDiv", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "base=%d", base); -+ xmlFree(res); -+ xmlSecBnFinalize(&bn2); -+ return (NULL); -+ } -+ xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); -+ res[i] = xmlSecBnRevLookupTable[nn]; - } - xmlSecAssert2(i < len, NULL); - -@@ -301,13 +435,20 @@ - for(len = i; (len > 1) && (res[len - 1] == '0'); len--); - res[len] = '\0'; - -+ /* add "-" for negative numbers */ -+ if(positive == 0) { -+ res[len] = '-'; -+ res[++len] = '\0'; -+ } -+ - /* swap the string because we wrote it in reverse order */ - for(i = 0; i < len / 2; i++) { -- ch = res[i]; -- res[i] = res[len - i - 1]; -- res[len - i - 1] = ch; -+ ch = res[i]; -+ res[i] = res[len - i - 1]; -+ res[len - i - 1] = ch; - } - -+ xmlSecBnFinalize(&bn2); - return(res); - } - -@@ -392,7 +533,9 @@ - } - - data = xmlSecBufferGetData(bn); -- for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) { -+ i = xmlSecBufferGetSize(bn); -+ over = 0; -+ while(i > 0) { - xmlSecAssert2(data != NULL, -1); - - over = over + multiplier * data[--i]; -@@ -487,43 +630,57 @@ - */ - int - xmlSecBnAdd(xmlSecBnPtr bn, int delta) { -- int over; -+ int over, tmp; - xmlSecByte* data; - xmlSecSize i; - xmlSecByte ch; - int ret; - - xmlSecAssert2(bn != NULL, -1); -- xmlSecAssert2(delta >= 0, -1); - - if(delta == 0) { -- return(0); -+ return(0); - } - - data = xmlSecBufferGetData(bn); -- for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) { -- xmlSecAssert2(data != NULL, -1); -+ if(delta > 0) { -+ for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) { -+ xmlSecAssert2(data != NULL, -1); - -- over += data[--i]; -- data[i] = over % 256; -- over = over / 256; -- } -+ tmp = data[--i]; -+ over += tmp; -+ data[i] = over % 256; -+ over = over / 256; -+ } - -- while(over > 0) { -- ch = over % 256; -- over = over / 256; -+ while(over > 0) { -+ ch = over % 256; -+ over = over / 256; - -- ret = xmlSecBufferPrepend(bn, &ch, 1); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBufferPrepend", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=1"); -- return (-1); -- } -+ ret = xmlSecBufferPrepend(bn, &ch, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferPrepend", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=1"); -+ return (-1); -+ } -+ } -+ } else { -+ for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) { -+ xmlSecAssert2(data != NULL, -1); -+ -+ tmp = data[--i]; -+ if(tmp < over) { -+ data[i] = 0; -+ over = (over - tmp) / 256; -+ } else { -+ data[i] = tmp - over; -+ over = 0; -+ } -+ } - } -- - return(0); - } - -@@ -787,7 +944,7 @@ - } - - if(addLineBreaks) { -- xmlNodeAddContent(cur, BAD_CAST "\n"); -+ xmlNodeAddContent(cur, xmlSecStringCR); - } - - switch(format) { -@@ -833,7 +990,7 @@ - } - - if(addLineBreaks) { -- xmlNodeAddContent(cur, BAD_CAST "\n"); -+ xmlNodeAddContent(cur, xmlSecStringCR); - } - - return(0); ---- misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100 -+++ misc/build/xmlsec1-1.2.6/src/dl.c 2008-06-29 23:44:19.000000000 +0200 -@@ -329,6 +329,10 @@ - xmlSecCryptoDLInit(void) { - int ret; - -+ /* use xmlMalloc/xmlFree */ -+ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; -+ xmlsec_lt_dlfree = xmlSecCryptoDLFree; -+ - ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -350,9 +354,6 @@ - } - /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */ - -- /* use xmlMalloc/xmlFree */ -- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; -- xmlsec_lt_dlfree = xmlSecCryptoDLFree; - return(0); - } - ---- misc/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,178 @@ --dummy -+# Makefile.in generated by automake 1.8.3 from Makefile.am. -+# @configure_input@ -+ -+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -+# 2003, 2004 Free Software Foundation, Inc. -+# This Makefile.in is free software; the Free Software Foundation -+# gives unlimited permission to copy and/or distribute it, -+# with or without modifications, as long as this notice is preserved. -+ -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -+# PARTICULAR PURPOSE. -+ -+@SET_MAKE@ -+ -+srcdir = @srcdir@ -+top_srcdir = @top_srcdir@ -+top_builddir = ../.. -+LTLIBRARIES = $(lib_LTLIBRARIES) -+am__DEPENDENCIES_1 = -+libxmlsec1_mscrypto_la_DEPENDENCIES = ../libxmlsec1.la \ -+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ -+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -+am__objects_1 = -+am_libxmlsec1_mscrypto_la_OBJECTS = akmngr.lo app.lo certkeys.lo ciphers.lo crypto.lo \ -+ digests.lo keysstore.lo kt_rsa.lo signatures.lo symkeys.lo \ -+ x509.lo x509vfy.lo $(am__objects_1) -+libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) -+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) -+depcomp = $(SHELL) $(top_srcdir)/depcomp -+@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/certkeys.Plo \ -+@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ -+@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/keysstore.Plo \ -+@AMDEP_TRUE@ ./$(DEPDIR)/kt_rsa.Plo ./$(DEPDIR)/signatures.Plo \ -+@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ -+@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo -+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ -+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+CCLD = $(CC) -+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+CC = @CC@ -+CCDEPMODE = @CCDEPMODE@ -+CFLAGS = @CFLAGS@ -+CPPFLAGS = @CPPFLAGS@ -+CYGPATH_W = @CYGPATH_W@ -+DEFS = @DEFS@ -+DEPDIR = @DEPDIR@ -+LDFLAGS = @LDFLAGS@ -+LIBS = @LIBS@ -+LIBTOOL = @LIBTOOL@ -+LIBXML_CFLAGS = @LIBXML_CFLAGS@ -+LIBXML_LIBS = @LIBXML_LIBS@ -+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@ -+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@ -+OBJEXT = @OBJEXT@ -+SHELL = @SHELL@ -+XMLSEC_DEFINES = @XMLSEC_DEFINES@ -+exec_prefix = @exec_prefix@ -+libdir = @libdir@ -+prefix = @prefix@ -+NULL = -+ -+INCLUDES = \ -+ -DPACKAGE=\"@PACKAGE@\" \ -+ -I$(top_srcdir) \ -+ -I$(top_srcdir)/include \ -+ $(XMLSEC_DEFINES) \ -+ $(MSCRYPTO_CFLAGS) \ -+ $(LIBXSLT_CFLAGS) \ -+ $(LIBXML_CFLAGS) \ -+ $(NULL) -+ -+lib_LTLIBRARIES = \ -+ libxmlsec1-mscrypto.la \ -+ $(NULL) -+ -+libxmlsec1_mscrypto_la_LIBADD = \ -+ ../libxmlsec1.la \ -+ $(MSCRYPTO_LIBS) \ -+ $(LIBXSLT_LIBS) \ -+ $(LIBXML_LIBS) \ -+ $(NULL) -+ -+libxmlsec1_mscrypto_la_LDFLAGS = \ -+ -version-info @XMLSEC_VERSION_INFO@ \ -+ $(NULL) -+ -+all: all-am -+ -+.SUFFIXES: -+.SUFFIXES: .c .lo .o .obj -+ -+clean-libLTLIBRARIES: -+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) -+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ -+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -+ test "$$dir" = "$$p" && dir=.; \ -+ echo "rm -f \"$${dir}/so_locations\""; \ -+ rm -f "$${dir}/so_locations"; \ -+ done -+libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES) -+ $(LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_LDFLAGS) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS) -+ -+mostlyclean-compile: -+ -rm -f *.$(OBJEXT) -+ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certkeys.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509vfy.Plo@am__quote@ -+ -+.c.o: -+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+ -+.c.obj: -+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+ -+.c.lo: -+@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+ -+mostlyclean-libtool: -+ -rm -f *.lo -+ -+clean-libtool: -+ -rm -rf .libs _libs -+ -+all-am: Makefile $(LTLIBRARIES) -+ -+mostlyclean-generic: -+ -+clean-generic: -+ -+clean: clean-am -+ -+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ -+ mostlyclean-am -+ -+mostlyclean: mostlyclean-am -+ -+mostlyclean-am: mostlyclean-compile mostlyclean-generic \ -+ mostlyclean-libtool -+ -+.PHONY: all all-am clean clean-generic \ -+ clean-libLTLIBRARIES clean-libtool \ -+ maintainer-clean-generic mostlyclean mostlyclean-compile \ -+ mostlyclean-generic mostlyclean-libtool -+ -+# Tell versions [3.59,3.63) of GNU make to not export all variables. -+# Otherwise a system limit (for SysV at least) may be exceeded. -+.NOEXPORT: ---- misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:39.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,235 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright......................... -+ */ -+#include "globals.h" -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/mscrypto/crypto.h> -+#include <xmlsec/mscrypto/keysstore.h> -+#include <xmlsec/mscrypto/akmngr.h> -+#include <xmlsec/mscrypto/x509.h> -+ -+/** -+ * xmlSecMSCryptoAppliedKeysMngrCreate: -+ * @hKeyStore: the pointer to key store. -+ * @hCertStore: the pointer to certificate database. -+ * -+ * Create and load key store and certificate database into keys manager -+ * -+ * Returns keys manager pointer on success or NULL otherwise. -+ */ -+xmlSecKeysMngrPtr -+xmlSecMSCryptoAppliedKeysMngrCreate( -+ HCERTSTORE hKeyStore , -+ HCERTSTORE hCertStore -+) { -+ xmlSecKeyDataStorePtr certStore = NULL ; -+ xmlSecKeysMngrPtr keyMngr = NULL ; -+ xmlSecKeyStorePtr keyStore = NULL ; -+ -+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyStoreCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * At present, MS Crypto engine do not provide a way to setup a key store. -+ */ -+ if( keyStore != NULL ) { -+ /*TODO: binding key store.*/ -+ } -+ -+ keyMngr = xmlSecKeysMngrCreate() ; -+ if( keyMngr == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Add key store to manager, from now on keys manager destroys the store if -+ * needed -+ */ -+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Initialize crypto library specific data in keys manager -+ */ -+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecMSCryptoKeysMngrInit" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Set certificate databse to X509 key data store -+ */ -+ /*- -+ * At present, MS Crypto engine do not provide a way to setup a cert store. -+ */ -+ -+ /*- -+ * Set the getKey callback -+ */ -+ keyMngr->getKey = xmlSecKeysMngrGetKey ; -+ -+ return keyMngr ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY symKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY pubKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY priKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE keyStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( keyStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE trustedStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( trustedStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE untrustedStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( untrustedStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ ---- misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2008-06-29 23:44:19.000000000 +0200 -@@ -41,6 +41,7 @@ - * a public key from xml document is provided, we need HCRYPTKEY.... The focus - * now is however directed to certificates. Wouter - */ -+/** replaced by a wrapper style for WINNT 4.0 - struct _xmlSecMSCryptoKeyDataCtx { - HCRYPTPROV hProv; - BOOL fCallerFreeProv; -@@ -51,6 +52,124 @@ - HCRYPTKEY hKey; - xmlSecKeyDataType type; - }; -+*/ -+/*- -+ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is -+ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support -+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 -+ */ -+struct _mscrypt_key { -+ HCRYPTKEY hKey ; -+ int refcnt ; -+} ; -+ -+/*- -+ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is -+ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support -+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 -+ */ -+struct _mscrypt_prov { -+ HCRYPTPROV hProv ; -+ BOOL freeprov ; -+ int refcnt ; -+} ; -+ -+struct _xmlSecMSCryptoKeyDataCtx { -+ struct _mscrypt_prov* p_prov ; -+ LPCTSTR providerName; -+ DWORD providerType; -+ PCCERT_CONTEXT pCert; -+ DWORD dwKeySpec; -+ struct _mscrypt_key* p_key ; -+ xmlSecKeyDataType type; -+}; -+ -+struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) { -+ struct _mscrypt_key* pkey ; -+ -+ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ; -+ if( pkey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ "mscrypt_create_key" , -+ NULL , -+ XMLSEC_ERRORS_R_MALLOC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE -+ ) ; -+ } -+ -+ pkey->hKey = key ; -+ pkey->refcnt = 1 ; -+ -+ return pkey ; -+} -+ -+struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) { -+ if( key ) -+ key->refcnt ++ ; -+ -+ return key ; -+} -+ -+int mscrypt_release_key( struct _mscrypt_key* key ) { -+ if( key ) { -+ key->refcnt -- ; -+ if( !key->refcnt ) { -+ if( key->hKey ) { -+ CryptDestroyKey( key->hKey ) ; -+ key->hKey = 0 ; -+ } -+ xmlFree( key ) ; -+ } else { -+ return key->refcnt ; -+ } -+ } -+ -+ return 0 ; -+} -+ -+struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) { -+ struct _mscrypt_prov* pprov ; -+ -+ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ; -+ if( pprov == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ "mscrypt_create_prov" , -+ NULL , -+ XMLSEC_ERRORS_R_MALLOC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE -+ ) ; -+ } -+ -+ pprov->hProv = prov ; -+ pprov->freeprov = callerFree ; -+ pprov->refcnt = 1 ; -+ -+ return pprov ; -+} -+ -+struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) { -+ if( prov ) -+ prov->refcnt ++ ; -+ -+ return prov ; -+} -+ -+int mscrypt_release_prov( struct _mscrypt_prov* prov ) { -+ if( prov ) { -+ prov->refcnt -- ; -+ if( !prov->refcnt ) { -+ if( prov->hProv && prov->freeprov ) { -+ CryptReleaseContext( prov->hProv, 0 ) ; -+ prov->hProv = 0 ; -+ } -+ xmlFree( prov ) ; -+ } else { -+ return prov->refcnt ; -+ } -+ } -+ -+ return 0 ; -+} - - /****************************************************************************** - * -@@ -88,24 +207,20 @@ - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - -- if (ctx->hKey != 0) { -- CryptDestroyKey(ctx->hKey); -- ctx->hKey = 0; -- } -+ if( ctx->p_key != 0 ) { -+ mscrypt_release_key( ctx->p_key ) ; -+ } -+ ctx->p_key = mscrypt_create_key( 0 ) ; - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - ctx->pCert = NULL; - } - -- if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { -- CryptReleaseContext(ctx->hProv, 0); -- ctx->hProv = 0; -- ctx->fCallerFreeProv = FALSE; -- } else { -- ctx->hProv = 0; -- ctx->fCallerFreeProv = FALSE; -- } -+ if( ( ctx->p_prov ) ) { -+ mscrypt_release_prov( ctx->p_prov ) ; -+ } -+ ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ; - - ctx->type = type; - -@@ -116,9 +231,9 @@ - if (!CryptAcquireCertificatePrivateKey(pCert, - CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, - NULL, -- &(ctx->hProv), -+ &(ctx->p_prov->hProv), - &(ctx->dwKeySpec), -- &(ctx->fCallerFreeProv))) { -+ &(ctx->p_prov->freeprov))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptAcquireCertificatePrivateKey", -@@ -127,46 +242,39 @@ - return(-1); - } - } else if((type & xmlSecKeyDataTypePublic) != 0){ -- if (!CryptAcquireContext(&(ctx->hProv), -+ if (!CryptAcquireContext(&(ctx->p_prov->hProv), - NULL, -- ctx->providerName, -+ NULL, /*AF: replaces "ctx->providerName" with "NULL" */ - ctx->providerType, - CRYPT_VERIFYCONTEXT)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CryptAcquireContext", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- ctx->dwKeySpec = 0; -- ctx->fCallerFreeProv = TRUE; -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "CryptAcquireContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ ctx->dwKeySpec = 0; -+ ctx->p_prov->freeprov = TRUE; -+ -+ if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv, -+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -+ &(pCert->pCertInfo->SubjectPublicKeyInfo), -+ &(ctx->p_key->hKey) ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "CryptImportPublicKeyInfo", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } - } else { -- xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unsupported keytype"); -- return(-1); -- } -- -- /* CryptImportPublicKeyInfo is only needed when a real key handle -- * is needed. The key handle is needed for de/encrypting and for -- * verifying of a signature, *not* for signing. We could call -- * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead -- * so no unnessecary calls to CryptImportPublicKeyInfo are being -- * made. WK -- */ -- if(!CryptImportPublicKeyInfo(ctx->hProv, -- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -- &(pCert->pCertInfo->SubjectPublicKeyInfo), -- &(ctx->hKey))) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CryptImportPublicKeyInfo", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -+ return(-1); - } - ctx->pCert = pCert; - -@@ -190,29 +298,26 @@ - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - -- if(ctx->hKey != 0) { -- CryptDestroyKey(ctx->hKey); -- ctx->hKey = 0; -- } -+ if( ctx->p_key != 0 ) { -+ mscrypt_release_key( ctx->p_key ) ; -+ ctx->p_key = NULL ; -+ } - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - ctx->pCert = NULL; - } - -- if((ctx->hProv != 0) && ctx->fCallerFreeProv) { -- CryptReleaseContext(ctx->hProv, 0); -- ctx->hProv = 0; -- ctx->fCallerFreeProv = FALSE; -- } else { -- ctx->hProv = 0; -- ctx->fCallerFreeProv = FALSE; -- } -+ if( ( ctx->p_prov ) ) { -+ mscrypt_release_prov( ctx->p_prov ) ; -+ ctx->p_prov = NULL ; -+ } else { -+ ctx->p_prov = NULL ; -+ } - -- ctx->hProv = hProv; -- ctx->fCallerFreeProv = fCallerFreeProv; -+ ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ; - ctx->dwKeySpec = dwKeySpec; -- ctx->hKey = hKey; -+ ctx->p_key = mscrypt_create_key( hKey ) ; - ctx->type = type; - - return(0); -@@ -238,7 +343,7 @@ - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, 0); - -- return(ctx->hKey); -+ return( ctx->p_key ? ctx->p_key->hKey : 0 ); - } - - /** -@@ -273,7 +378,7 @@ - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, 0); - -- return(ctx->hProv); -+ return( ctx->p_prov ? ctx->p_prov->hProv : 0 ); - } - - DWORD -@@ -316,25 +421,36 @@ - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -- } -- -- if (ctxSrc->hKey != 0) { -- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), -- "CryptDuplicateKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } - } -- if(ctxSrc->hProv != 0) { -- CryptContextAddRef(ctxSrc->hProv, NULL, 0); -- ctxDst->hProv = ctxSrc->hProv; -- ctxDst->fCallerFreeProv = TRUE; -- } else { -- ctxDst->hProv = 0; -- ctxDst->fCallerFreeProv = FALSE; -+ -+ if( ctxSrc->p_key ) { -+ if( ctxDst->p_key ) -+ mscrypt_release_key( ctxDst->p_key ) ; -+ -+ ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ; -+ if( !ctxDst->p_key ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), -+ "mscrypt_acquire_key", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } -+ -+ if( ctxSrc->p_prov ) { -+ if( ctxDst->p_prov ) -+ mscrypt_release_prov( ctxDst->p_prov ) ; -+ -+ ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ; -+ if( !ctxDst->p_prov ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), -+ "mscrypt_acquire_prov", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } - } - - ctxDst->dwKeySpec = ctxSrc->dwKeySpec; -@@ -355,16 +471,16 @@ - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert(ctx != NULL); - -- if (ctx->hKey != 0) { -- CryptDestroyKey(ctx->hKey); -+ if( ctx->p_key ) { -+ mscrypt_release_key( ctx->p_key ) ; - } - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - } - -- if ((ctx->hProv != 0) && ctx->fCallerFreeProv) { -- CryptReleaseContext(ctx->hProv, 0); -+ if( ctx->p_prov ) { -+ mscrypt_release_prov( ctx->p_prov ) ; - } - - memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); -@@ -384,14 +500,14 @@ - xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); - return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); -- } else if (ctx->hKey != 0) { -+ } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) { - DWORD length = 0; - DWORD lenlen = sizeof(DWORD); -- -- if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { -+ -+ if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -- "CertDuplicateCertificateContext", -+ "CryptGetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(0); -@@ -581,7 +697,11 @@ - static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); - static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { -+#else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecMSCryptoKeyDataSize, - -@@ -938,9 +1058,10 @@ - - ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->hKey != 0, -1); -+ xmlSecAssert2(ctx->p_key != 0, -1); -+ xmlSecAssert2(ctx->p_key->hKey != 0, -1); - -- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { -+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -@@ -960,7 +1081,7 @@ - } - - blob = xmlSecBufferGetData(&buf); -- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { -+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -@@ -1295,7 +1416,11 @@ - static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, - FILE* output); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { -+#else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecMSCryptoKeyDataSize, - -@@ -1797,9 +1922,10 @@ - - ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->hKey != 0, -1); -+ xmlSecAssert2(ctx->p_key != 0, -1); -+ xmlSecAssert2(ctx->p_key->hKey != 0, -1); - -- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { -+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -@@ -1819,7 +1945,7 @@ - } - - blob = xmlSecBufferGetData(&buf); -- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { -+ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -@@ -2010,7 +2136,6 @@ - HCRYPTKEY hKey = 0; - DWORD dwKeySpec; - DWORD dwSize; -- int res = -1; - int ret; - - xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); -@@ -2043,12 +2168,14 @@ - dwKeySpec = AT_SIGNATURE; - dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); - if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -+ if (hProv != 0) -+ CryptReleaseContext(hProv, 0); -+ return -1 ; - } - - ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, -@@ -2059,24 +2186,17 @@ - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- hProv = 0; -- hKey = 0; -+ if( hKey != 0 ) -+ CryptDestroyKey( hKey ) ; -+ if( hProv != 0 ) -+ CryptReleaseContext( hProv, 0 ) ; - -- /* success */ -- res = 0; -- --done: -- if (hProv != 0) { -- CryptReleaseContext(ctx->hProv, 0); -+ return -1 ; - } -+ hProv = 0 ; -+ hKey = 0 ; - -- if (hKey != 0) { -- CryptDestroyKey(hKey); -- } -- -- return(res); -+ return 0 ; - } - - static xmlSecKeyDataType ---- misc/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2003-09-26 08:12:51.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2008-06-29 23:44:19.000000000 +0200 -@@ -785,7 +785,11 @@ - * AES CBC cipher transforms - * - ********************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ -@@ -824,7 +828,11 @@ - return(&xmlSecMSCryptoAes128CbcKlass); - } - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ -@@ -863,7 +871,11 @@ - return(&xmlSecMSCryptoAes192CbcKlass); - } - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ -@@ -906,7 +918,11 @@ - - - #ifndef XMLSEC_NO_DES -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* size_t klassSize */ - xmlSecMSCryptoBlockCipherSize, /* size_t objSize */ ---- misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2008-06-29 23:44:19.000000000 +0200 -@@ -330,13 +330,15 @@ - BYTE* - xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { - BYTE* str = NULL; -- -+ LPCTSTR ppszError = NULL; -+ - xmlSecAssert2(pszX500 != NULL, NULL); - xmlSecAssert2(len != NULL, NULL); - - if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, -- NULL, NULL, len, NULL)) { -+ NULL, NULL, len, &ppszError)) { - /* this might not be an error, string might just not exist */ -+ DWORD dw = GetLastError(); - return(NULL); - } - ---- misc/xmlsec1-1.2.6/src/mscrypto/digests.c 2003-09-30 04:09:51.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c 2008-06-29 23:44:19.000000000 +0200 -@@ -96,12 +96,15 @@ - - /* TODO: Check what provider is best suited here.... */ - if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -+ //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project -+ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ NULL, -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ } -+ return(0); - } - - return(0); -@@ -298,7 +301,11 @@ - * SHA1 - * - *****************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* size_t klassSize */ - xmlSecMSCryptoDigestSize, /* size_t objSize */ ---- misc/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2003-09-27 05:12:22.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2008-06-29 23:44:19.000000000 +0200 -@@ -62,7 +62,11 @@ - const xmlChar* name, - xmlSecKeyInfoCtxPtr keyInfoCtx); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { -+#else - static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { -+#endif - sizeof(xmlSecKeyStoreKlass), - xmlSecMSCryptoKeysStoreSize, - ---- misc/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2003-09-26 22:29:25.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2008-06-29 23:44:19.000000000 +0200 -@@ -66,7 +66,11 @@ - static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform, - xmlSecTransformCtxPtr transformCtx); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */ ---- misc/xmlsec1-1.2.6/src/mscrypto/signatures.c 2003-09-26 22:29:25.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/signatures.c 2008-06-29 23:44:19.000000000 +0200 -@@ -483,7 +483,11 @@ - * RSA-SHA1 signature transform - * - ***************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ -@@ -531,7 +535,11 @@ - * - ***************************************************************************/ - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { -+#else - static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ ---- misc/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2003-09-26 02:58:13.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2008-06-29 23:44:19.000000000 +0200 -@@ -72,7 +72,11 @@ - * <xmlsec:AESKeyValue> processing - * - *************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { -+#else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecKeyDataBinarySize, - -@@ -153,7 +157,11 @@ - * <xmlsec:DESKeyValue> processing - * - *************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { -+#else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecKeyDataBinarySize, - ---- misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2008-06-29 23:44:19.000000000 +0200 -@@ -240,7 +240,11 @@ - - - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { -+#else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecMSCryptoX509DataSize, - -@@ -1572,6 +1576,7 @@ - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecMSCryptoX509DataCtxPtr ctx; - xmlSecKeyDataStorePtr x509Store; -+ PCCERT_CONTEXT pCert ; - int ret; - - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1); -@@ -1610,6 +1615,53 @@ - return(-1); - } - -+ /* -+ * I'll search key according to KeyReq. -+ */ -+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; -+ if( pCert == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "CertDuplicateCertificateContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ return(-1); -+ } -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } -+ -+ -+ -+ /*- -+ * Get Public key from cert, which does not always work for sign action. -+ * - keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -1619,6 +1671,51 @@ - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -+ */ -+ -+ /*- -+ * I'll search key according to KeyReq. -+ */ -+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; -+ if( pCert == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "CertDuplicateCertificateContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ return(-1); -+ } -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } -+ -+ - - /* verify that the key matches our expectations */ - if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { -@@ -1882,7 +1979,7 @@ - xmlSecAssert2(nm->pbData != NULL, NULL); - xmlSecAssert2(nm->cbData > 0, NULL); - -- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0); -+ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); - str = (char *)xmlMalloc(csz); - if (NULL == str) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -1893,7 +1990,7 @@ - return (NULL); - } - -- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz); -+ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz); - if (csz < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -@@ -1904,17 +2001,37 @@ - return(NULL); - } - -- res = xmlStrdup(BAD_CAST str); -- if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlStrdup", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- xmlFree(str); -- return(NULL); -+ /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead. -+ * don't ask me how is it possible not to read something you wrote yourself but also -+ * see comment in the xmlSecMSCryptoX509FindCert function. -+ */ -+ if(strncmp(str, "E=", 2) == 0) { -+ res = xmlMalloc(strlen(str) + 13 + 1); -+ if(res == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlMalloc", -+ XMLSEC_ERRORS_R_MALLOC_FAILED, -+ "size=%d", -+ strlen(str) + 13 + 1); -+ xmlFree(str); -+ return(NULL); -+ } -+ -+ memcpy(res, "emailAddress=", 13); -+ strcpy(res + 13, BAD_CAST (str + 2)); -+ } else { -+ res = xmlStrdup(BAD_CAST str); -+ if(res == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlStrdup", -+ XMLSEC_ERRORS_R_MALLOC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlFree(str); -+ return(NULL); -+ } - } -- - xmlFree(str); - return(res); - } -@@ -2153,7 +2270,11 @@ - xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { -+#else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - sizeof(xmlSecKeyData), - ---- misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2008-06-29 23:44:19.000000000 +0200 -@@ -70,7 +70,11 @@ - static xmlSecByte * xmlSecMSCryptoX509NameRead (xmlSecByte *str, - int len); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { -+#else - static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { -+#endif - sizeof(xmlSecKeyDataStoreKlass), - xmlSecMSCryptoX509StoreSize, - -@@ -125,6 +129,7 @@ - xmlChar *issuerName, xmlChar *issuerSerial, - xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { - xmlSecMSCryptoX509StoreCtxPtr ctx; -+ PCCERT_CONTEXT pCert ; - - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); -@@ -132,10 +137,17 @@ - ctx = xmlSecMSCryptoX509StoreGetCtx(store); - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->untrusted != NULL, NULL); -+ xmlSecAssert2(ctx->trusted != NULL, NULL); - -- return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski)); --} -+ pCert = NULL ; -+ if( ctx->untrusted != NULL ) -+ pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ; -+ -+ if( ctx->trusted != NULL && pCert == NULL ) -+ pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ; - -+ return( pCert ) ; -+} - - static void - xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { -@@ -252,17 +264,22 @@ - } - - static BOOL --xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, -- xmlSecKeyInfoCtx* keyInfoCtx) { -+xmlSecMSCryptoX509StoreConstructCertsChain( -+ xmlSecKeyDataStorePtr store , -+ PCCERT_CONTEXT cert , -+ HCERTSTORE certStore , -+ xmlSecKeyInfoCtx* keyInfoCtx -+) { - xmlSecMSCryptoX509StoreCtxPtr ctx; - PCCERT_CONTEXT issuerCert = NULL; - FILETIME fTime; - DWORD flags; -+ BOOL selfSigned ; - - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); - xmlSecAssert2(cert != NULL, FALSE); - xmlSecAssert2(cert->pCertInfo != NULL, FALSE); -- xmlSecAssert2(certs != NULL, FALSE); -+ xmlSecAssert2(certStore != NULL, FALSE); - xmlSecAssert2(keyInfoCtx != NULL, FALSE); - - ctx = xmlSecMSCryptoX509StoreGetCtx(store); -@@ -283,60 +300,85 @@ - return(FALSE); - } - -- if (!xmlSecMSCryptoCheckRevocation(certs, cert)) { -+ if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) { - return(FALSE); - } - -- /* try the untrusted certs in the chain */ -- issuerCert = CertFindCertificateInStore(certs, -+ /*- -+ * Firstly try to find the cert in the trusted cert store. We will trust -+ * the certificate in the trusted store. -+ */ -+ issuerCert = CertFindCertificateInStore(ctx->trusted, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_SUBJECT_NAME, -- &(cert->pCertInfo->Issuer), -+ &(cert->pCertInfo->Subject), - NULL); -- if(issuerCert == cert) { -- /* self signed cert, forget it */ -- CertFreeCertificateContext(issuerCert); -- } else if(issuerCert != NULL) { -- flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -- if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -- CertFreeCertificateContext(issuerCert); -- return(FALSE); -- } -- if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { -- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -- CertFreeCertificateContext(issuerCert); -- return(FALSE); -- } -- CertFreeCertificateContext(issuerCert); -- return(TRUE); -+ if( issuerCert != NULL ) { -+ /* We have found the trusted cert, so return true */ -+ CertFreeCertificateContext( issuerCert ) ; -+ return( TRUE ) ; - } - -- /* try the untrusted certs in the store */ -- issuerCert = CertFindCertificateInStore(ctx->untrusted, -+ /* Check whether the certificate is self signed certificate */ -+ selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ; -+ -+ /* try the untrusted certs in the chain */ -+ if( !selfSigned ) { -+ issuerCert = CertFindCertificateInStore(certStore, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_SUBJECT_NAME, - &(cert->pCertInfo->Issuer), - NULL); -- if(issuerCert == cert) { -- /* self signed cert, forget it */ -- CertFreeCertificateContext(issuerCert); -- } else if(issuerCert != NULL) { -- flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -- if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -- CertFreeCertificateContext(issuerCert); -- return(FALSE); -- } -- if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { -- CertFreeCertificateContext(issuerCert); -- return(FALSE); -+ if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { -+ /* self signed cert, forget it */ -+ CertFreeCertificateContext(issuerCert); -+ } else if(issuerCert != NULL) { -+ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -+ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -+ CertFreeCertificateContext(issuerCert); -+ return(FALSE); -+ } -+ if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { -+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -+ CertFreeCertificateContext(issuerCert); -+ return(FALSE); -+ } -+ -+ CertFreeCertificateContext(issuerCert); -+ return(TRUE); -+ } -+ } -+ -+ /* try the untrusted certs in the store */ -+ if( !selfSigned ) { -+ issuerCert = CertFindCertificateInStore(ctx->untrusted, -+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -+ 0, -+ CERT_FIND_SUBJECT_NAME, -+ &(cert->pCertInfo->Issuer), -+ NULL); -+ if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { -+ /* self signed cert, forget it */ -+ CertFreeCertificateContext(issuerCert); -+ } else if(issuerCert != NULL) { -+ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -+ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -+ CertFreeCertificateContext(issuerCert); -+ return(FALSE); -+ } -+ if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { -+ CertFreeCertificateContext(issuerCert); -+ return(FALSE); -+ } -+ -+ CertFreeCertificateContext(issuerCert); -+ return(TRUE); -+ } - } -- CertFreeCertificateContext(issuerCert); -- return(TRUE); -- } - - /* try to find issuer cert in the trusted cert in the store */ - issuerCert = CertFindCertificateInStore(ctx->trusted, -@@ -379,26 +421,61 @@ - xmlSecAssert2(certs != NULL, NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); - -- while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){ -- PCCERT_CONTEXT nextCert = NULL; -+ while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) { -+ PCCERT_CONTEXT nextCert ; -+ unsigned char selected ; - -- xmlSecAssert2(cert->pCertInfo != NULL, NULL); -+ xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ; - -- /* if cert is the issuer of any other cert in the list, then it is -- * to be skipped */ -- nextCert = CertFindCertificateInStore(certs, -+ /* if cert is the issuer of any other cert in the list, then it is -+ * to be skipped except that the cert list only have one self-signed -+ * certificate. -+ */ -+ for( selected = 0, nextCert = NULL ; ; ) { -+ nextCert = CertFindCertificateInStore( certs, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_ISSUER_NAME, - &(cert->pCertInfo->Subject), -- NULL); -- if(nextCert != NULL) { -- CertFreeCertificateContext(nextCert); -- continue; -- } -- if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { -- return(cert); -- } -+ nextCert ) ; -+ if( nextCert != NULL ) { -+ if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) { -+ selected = 1 ; -+ continue ; -+ } else { -+ selected = 0 ; -+ break ; -+ } -+ } else { -+ selected = 1 ; -+ break ; -+ } -+ } -+ -+ if( nextCert != NULL ) -+ CertFreeCertificateContext( nextCert ) ; -+ -+ if( !selected ) { -+ continue ; -+ } -+ -+ /* JL: OpenOffice.org implements its own certificate verification routine. -+ The goal is to seperate validation of the signature -+ and the certificate. For example, OOo could show that the document signature is valid, -+ but the certificate could not be verified. If we do not prevent the verification of -+ the certificate by libxmlsec and the verification fails, then the XML signature will not be -+ verified. This would happen, for example, if the root certificate is not installed. -+ -+ In the store schould only be the certificate from the X509Certificate element -+ and the X509IssuerSerial element. The latter is only there -+ if the certificate is installed. Both certificates must be the same! -+ In case of writing the signature, the store contains only the certificate that -+ was created based on the information from the X509IssuerSerial element. */ -+ return cert; -+ -+/* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) { -+ return( cert ) ; -+ } */ - } - - return (NULL); -@@ -458,9 +535,126 @@ - return(0); - } - -+int -+xmlSecMSCryptoX509StoreAdoptKeyStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE keyStore -+) { -+ xmlSecMSCryptoX509StoreCtxPtr ctx; -+ int ret; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); -+ xmlSecAssert2( keyStore != NULL, -1); -+ -+ ctx = xmlSecMSCryptoX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); -+ xmlSecAssert2(ctx->trusted != NULL, -1); -+ -+ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ { -+ PCCERT_CONTEXT ptCert ; -+ -+ ptCert = NULL ; -+ while( 1 ) { -+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; -+ if( ptCert == NULL ) -+ break ; -+ } -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecMSCryptoX509StoreAdoptTrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE trustedStore -+) { -+ xmlSecMSCryptoX509StoreCtxPtr ctx; -+ int ret; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); -+ xmlSecAssert2( trustedStore != NULL, -1); -+ -+ ctx = xmlSecMSCryptoX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); -+ xmlSecAssert2(ctx->trusted != NULL, -1); -+ -+ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ { -+ PCCERT_CONTEXT ptCert ; -+ -+ ptCert = NULL ; -+ while( 1 ) { -+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; -+ if( ptCert == NULL ) -+ break ; -+ } -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecMSCryptoX509StoreAdoptUntrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE untrustedStore -+) { -+ xmlSecMSCryptoX509StoreCtxPtr ctx; -+ int ret; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); -+ xmlSecAssert2( untrustedStore != NULL, -1); -+ -+ ctx = xmlSecMSCryptoX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); -+ xmlSecAssert2(ctx->untrusted != NULL, -1); -+ -+ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ { -+ PCCERT_CONTEXT ptCert ; -+ -+ ptCert = NULL ; -+ while( 1 ) { -+ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ; -+ if( ptCert == NULL ) -+ break ; -+ } -+ } -+ -+ return(0); -+} -+ - static int - xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { - xmlSecMSCryptoX509StoreCtxPtr ctx; -+ HCERTSTORE hTrustedMemStore ; -+ HCERTSTORE hUntrustedMemStore ; -+ - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); - - ctx = xmlSecMSCryptoX509StoreGetCtx(store); -@@ -468,36 +662,104 @@ - - memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); - -+ /* create trusted certs store collection */ -+ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, -+ 0, -+ NULL, -+ 0, -+ NULL); -+ if(ctx->trusted == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertOpenStore", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ - /* create trusted certs store */ -- ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY, -+ hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_STORE_CREATE_NEW_FLAG, - NULL); -- if(ctx->trusted == NULL) { -+ if(hTrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ ctx->trusted = NULL ; - return(-1); - } - -- /* create trusted certs store */ -- ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY, -+ /* add the memory trusted certs store to trusted certs store collection */ -+ if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -+ ctx->trusted = NULL ; -+ return(-1); -+ } -+ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -+ -+ /* create untrusted certs store collection */ -+ ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, -+ 0, -+ NULL, -+ 0, -+ NULL); -+ if(ctx->untrusted == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertOpenStore", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ ctx->trusted = NULL ; -+ return(-1); -+ } -+ -+ /* create untrusted certs store */ -+ hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_STORE_CREATE_NEW_FLAG, - NULL); -- if(ctx->untrusted == NULL) { -+ if(hUntrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ ctx->trusted = NULL ; -+ ctx->untrusted = NULL ; - return(-1); - } - -+ /* add the memory trusted certs store to untrusted certs store collection */ -+ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -+ ctx->trusted = NULL ; -+ ctx->untrusted = NULL ; -+ return(-1); -+ } -+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -+ - return(0); - } - -@@ -567,10 +829,41 @@ - - if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) { - xmlSecBn issuerSerialBn; -+ xmlChar * p; - CERT_NAME_BLOB cnb; -+ CRYPT_INTEGER_BLOB cib; - BYTE *cName = NULL; - DWORD cNameLen = 0; -+ -+ /* aleksey: for some unknown to me reasons, mscrypto wants Email -+ * instead of emailAddress. This code is not bullet proof and may -+ * produce incorrect results if someone has "emailAddress=" string -+ * in one of the fields, but it is best I can suggest to fix this problem. -+ * Also see xmlSecMSCryptoX509NameWrite function. -+ */ -+ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) { -+ memcpy(p, " Email=", 13); -+ } -+ -+ -+ -+ /* get issuer name */ -+ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -+ issuerName, -+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, -+ &cNameLen); -+ if(cName == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecMSCryptoCertStrToName", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return (NULL); -+ } -+ cnb.pbData = cName; -+ cnb.cbData = cNameLen; - -+ /* get serial number */ - ret = xmlSecBnInitialize(&issuerSerialBn, 0); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -578,6 +871,7 @@ - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -+ xmlFree(cName); - return(NULL); - } - -@@ -589,26 +883,30 @@ - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBnFinalize(&issuerSerialBn); -- return(NULL); -+ xmlFree(cName); -+ return(NULL); - } - -- cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -- issuerName, -- CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, -- &cNameLen); -- if(cName == NULL) { -+ /* I have no clue why at a sudden a swap is needed to -+ * convert from lsb... This code is purely based upon -+ * trial and error :( WK -+ */ -+ ret = xmlSecBnReverse(&issuerSerialBn); -+ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -- "xmlSecMSCryptoCertStrToName", -+ "xmlSecBnReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBnFinalize(&issuerSerialBn); -- return (NULL); -+ xmlFree(cName); -+ return(NULL); - } - -- cnb.pbData = cName; -- cnb.cbData = cNameLen; -- while((pCert = CertFindCertificateInStore(store, -+ cib.pbData = xmlSecBufferGetData(&issuerSerialBn); -+ cib.cbData = xmlSecBufferGetSize(&issuerSerialBn); -+ -+ while((pCert = CertFindCertificateInStore(store, - PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, - 0, - CERT_FIND_ISSUER_NAME, -@@ -622,10 +920,9 @@ - if((pCert->pCertInfo != NULL) && - (pCert->pCertInfo->SerialNumber.pbData != NULL) && - (pCert->pCertInfo->SerialNumber.cbData > 0) && -- (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData, -- pCert->pCertInfo->SerialNumber.cbData))) { -- -- break; -+ (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE) -+ ) { -+ break; - } - } - xmlFree(cName); ---- misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200 -@@ -20,21 +20,22 @@ - $(NULL) - - libxmlsec1_nss_la_SOURCES =\ -+ akmngr.c \ - app.c \ - bignum.c \ - ciphers.c \ - crypto.c \ - digests.c \ - hmac.c \ -+ keysstore.c \ -+ keytrans.c \ -+ keywrapers.c \ - pkikeys.c \ - signatures.c \ - symkeys.c \ -+ tokens.c \ - x509.c \ - x509vfy.c \ -- keysstore.c \ -- kt_rsa.c \ -- kw_des.c \ -- kw_aes.c \ - $(NULL) - - libxmlsec1_nss_la_LIBADD = \ ---- misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200 -@@ -54,9 +54,9 @@ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) - am__objects_1 = --am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \ -+am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \ - digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ -- x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \ -+ x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \ - $(am__objects_1) - libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) - DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) -@@ -65,11 +65,11 @@ - @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ --@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \ --@AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \ -+@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \ -+@AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ --@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo -+@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) - LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ -@@ -321,21 +321,22 @@ - $(NULL) - - libxmlsec1_nss_la_SOURCES = \ -+ akmngr.c \ - app.c \ - bignum.c \ - ciphers.c \ - crypto.c \ - digests.c \ - hmac.c \ -+ keysstore.c \ -+ keytrans.c \ -+ keywrappers.c \ - pkikeys.c \ - signatures.c \ - symkeys.c \ -+ tokens.c \ - x509.c \ - x509vfy.c \ -- keysstore.c \ -- kt_rsa.c \ -- kw_des.c \ -- kw_aes.c \ - $(NULL) - - libxmlsec1_nss_la_LIBADD = \ -@@ -418,6 +419,7 @@ - distclean-compile: - -rm -f *.tab.c - -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ -@@ -425,9 +427,9 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ --@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ --@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@ --@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ ---- misc/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:39.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,384 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright......................... -+ */ -+#include "globals.h" -+ -+#include <nspr.h> -+#include <nss.h> -+#include <pk11func.h> -+#include <cert.h> -+#include <keyhi.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/tokens.h> -+#include <xmlsec/nss/akmngr.h> -+#include <xmlsec/nss/pkikeys.h> -+#include <xmlsec/nss/ciphers.h> -+#include <xmlsec/nss/keysstore.h> -+ -+/** -+ * xmlSecNssAppliedKeysMngrCreate: -+ * @slot: array of pointers to NSS PKCS#11 slot infomation. -+ * @cSlots: number of slots in the array -+ * @handler: the pointer to NSS certificate database. -+ * -+ * Create and load NSS crypto slot and certificate database into keys manager -+ * -+ * Returns keys manager pointer on success or NULL otherwise. -+ */ -+xmlSecKeysMngrPtr -+xmlSecNssAppliedKeysMngrCreate( -+ PK11SlotInfo** slots, -+ int cSlots, -+ CERTCertDBHandle* handler -+) { -+ xmlSecKeyDataStorePtr certStore = NULL ; -+ xmlSecKeysMngrPtr keyMngr = NULL ; -+ xmlSecKeyStorePtr keyStore = NULL ; -+ int islot = 0; -+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyStoreCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ for (islot = 0; islot < cSlots; islot++) -+ { -+ xmlSecNssKeySlotPtr keySlot ; -+ -+ /* Create a key slot */ -+ keySlot = xmlSecNssKeySlotCreate() ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeySlotCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /* Set slot */ -+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeySlotSetSlot" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return NULL ; -+ } -+ -+ /* Adopt keySlot */ -+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeysStoreAdoptKeySlot" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return NULL ; -+ } -+ } -+ -+ keyMngr = xmlSecKeysMngrCreate() ; -+ if( keyMngr == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Add key store to manager, from now on keys manager destroys the store if -+ * needed -+ */ -+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Initialize crypto library specific data in keys manager -+ */ -+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Set certificate databse to X509 key data store -+ */ -+ /** -+ * Because Tej's implementation of certDB use the default DB, so I ignore -+ * the certDB handler at present. I'll modify the cert store sources to -+ * accept particular certDB instead of default ones. -+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; -+ if( certStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeyDataStoreX509SetCertDb" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ */ -+ -+ /*- -+ * Set the getKey callback -+ */ -+ keyMngr->getKey = xmlSecKeysMngrGetKey ; -+ -+ return keyMngr ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ PK11SymKey* symKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( symKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPublicKey* pubKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( pubKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPrivateKey* priKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( priKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ ---- misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2008-06-29 23:44:19.000000000 +0200 -@@ -1,838 +1,967 @@ --/** -- * XMLSec library -- * -- * This is free software; see Copyright file in the source -- * distribution for preciese wording. -- * -- * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> -- * Copyright (c) 2003 America Online, Inc. All rights reserved. -- */ -+/* -- C Source File -- **/ - #include "globals.h" - -+#include <stdlib.h> - #include <string.h> - --#include <nspr.h> - #include <nss.h> --#include <secoid.h> - #include <pk11func.h> - - #include <xmlsec/xmlsec.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/base64.h> - #include <xmlsec/keys.h> -+#include <xmlsec/keyinfo.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/ciphers.h> - --#define XMLSEC_NSS_MAX_KEY_SIZE 32 --#define XMLSEC_NSS_MAX_IV_SIZE 32 --#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 -- --/************************************************************************** -- * -- * Internal Nss Block cipher CTX -+/** -+ * Internal Nss Block Cipher Context - * -- *****************************************************************************/ --typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, -- *xmlSecNssBlockCipherCtxPtr; -+ * This context is designed for repositing a block cipher for transform -+ */ -+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; -+typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; -+ - struct _xmlSecNssBlockCipherCtx { -- CK_MECHANISM_TYPE cipher; -- PK11Context* cipherCtx; -- xmlSecKeyDataId keyId; -- int keyInitialized; -- int ctxInitialized; -- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; -- xmlSecSize keySize; -- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; -- xmlSecSize ivSize; --}; --static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); --static int --xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx) { -- SECItem keyItem; -- SECItem ivItem; -- PK11SlotInfo* slot; -- PK11SymKey* symKey; -- int ivLen; -- SECStatus rv; -- int ret; -- -- xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -- xmlSecAssert2(ctx->cipherCtx == NULL, -1); -- xmlSecAssert2(ctx->keyInitialized != 0, -1); -- xmlSecAssert2(ctx->ctxInitialized == 0, -1); -- xmlSecAssert2(in != NULL, -1); -- xmlSecAssert2(out != NULL, -1); -- xmlSecAssert2(transformCtx != NULL, -1); -- -- ivLen = PK11_GetIVLength(ctx->cipher); -- xmlSecAssert2(ivLen > 0, -1); -- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); -- -- if(encrypt) { -- /* generate random iv */ -- rv = PK11_GenerateRandom(ctx->iv, ivLen); -- if(rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "PK11_GenerateRandom", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", ivLen); -- return(-1); -- } -- -- /* write iv to the output */ -- ret = xmlSecBufferAppend(out, ctx->iv, ivLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferAppend", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", ivLen); -- return(-1); -- } -- -- } else { -- /* if we don't have enough data, exit and hope that -- * we'll have iv next time */ -- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { -- return(0); -- } -- -- /* copy iv to our buffer*/ -- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); -- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); -- -- /* and remove from input */ -- ret = xmlSecBufferRemoveHead(in, ivLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", ivLen); -- return(-1); -+ CK_MECHANISM_TYPE cipher ; -+ PK11SymKey* symkey ; -+ PK11Context* cipherCtx ; -+ xmlSecKeyDataId keyId ; -+} ; -+ -+#define xmlSecNssBlockCipherSize \ -+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) -+ -+#define xmlSecNssBlockCipherGetCtx( transform ) \ -+ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -+ -+static int -+xmlSecNssBlockCipherCheckId( -+ xmlSecTransformPtr transform -+) { -+ #ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { -+ return 1 ; - } -- } -+ #endif /* XMLSEC_NO_DES */ - -- memset(&keyItem, 0, sizeof(keyItem)); -- keyItem.data = ctx->key; -- keyItem.len = ctx->keySize; -- memset(&ivItem, 0, sizeof(ivItem)); -- ivItem.data = ctx->iv; -- ivItem.len = ctx->ivSize; -- -- slot = PK11_GetBestSlot(ctx->cipher, NULL); -- if(slot == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "PK11_GetBestSlot", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, -- CKA_SIGN, &keyItem, NULL); -- if(symKey == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "PK11_ImportSymKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- PK11_FreeSlot(slot); -- return(-1); -- } -+ #ifndef XMLSEC_NO_AES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { - -- ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, -- (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, -- symKey, &ivItem); -- if(ctx->cipherCtx == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "PK11_CreateContextBySymKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- PK11_FreeSymKey(symKey); -- PK11_FreeSlot(slot); -- return(-1); -+ return 1 ; - } -- -- ctx->ctxInitialized = 1; -- PK11_FreeSymKey(symKey); -- PK11_FreeSlot(slot); -- return(0); -+ #endif /* XMLSEC_NO_AES */ -+ -+ return 0 ; - } - --static int --xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx) { -- xmlSecSize inSize, inBlocks, outSize; -- int blockLen; -- int outLen = 0; -- xmlSecByte* outBuf; -- SECStatus rv; -- int ret; -- -- xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -- xmlSecAssert2(ctx->cipherCtx != NULL, -1); -- xmlSecAssert2(ctx->ctxInitialized != 0, -1); -- xmlSecAssert2(in != NULL, -1); -- xmlSecAssert2(out != NULL, -1); -- xmlSecAssert2(transformCtx != NULL, -1); -+static int -+xmlSecNssBlockCipherFetchCtx( -+ xmlSecNssBlockCipherCtxPtr context , -+ xmlSecTransformId id -+) { -+ xmlSecAssert2( context != NULL, -1 ) ; -+ -+ #ifndef XMLSEC_NO_DES -+ if( id == xmlSecNssTransformDes3CbcId ) { -+ context->cipher = CKM_DES3_CBC ; -+ context->keyId = xmlSecNssKeyDataDesId ; -+ } else -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( id == xmlSecNssTransformAes128CbcId ) { -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( id == xmlSecNssTransformAes192CbcId ) { -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( id == xmlSecNssTransformAes256CbcId ) { -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ #endif /* XMLSEC_NO_AES */ -+ -+ if( 1 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - -- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); -- xmlSecAssert2(blockLen > 0, -1); -+ return 0 ; -+} - -- inSize = xmlSecBufferGetSize(in); -- outSize = xmlSecBufferGetSize(out); -- -- if(inSize < (xmlSecSize)blockLen) { -- return(0); -- } -+/** -+ * xmlSecTransformInitializeMethod: -+ * @transform: the pointer to transform object. -+ * -+ * The transform specific initialization method. -+ * -+ * Returns 0 on success or a negative value otherwise. -+ */ -+static int -+xmlSecNssBlockCipherInitialize( -+ xmlSecTransformPtr transform -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherFetchCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - -- if(encrypt) { -- inBlocks = inSize / ((xmlSecSize)blockLen); -- } else { -- /* we want to have the last block in the input buffer -- * for padding check */ -- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); -- } -- inSize = inBlocks * ((xmlSecSize)blockLen); -+ context->symkey = NULL ; -+ context->cipherCtx = NULL ; - -- /* we write out the input size plus may be one block */ -- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + inSize + blockLen); -- return(-1); -- } -- outBuf = xmlSecBufferGetData(out) + outSize; -- -- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, -- xmlSecBufferGetData(in), inSize); -- if(rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "PK11_CipherOp", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); -- -- /* set correct output buffer size */ -- ret = xmlSecBufferSetSize(out, outSize + outLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + outLen); -- return(-1); -- } -- -- /* remove the processed block from input */ -- ret = xmlSecBufferRemoveHead(in, inSize); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", inSize); -- return(-1); -- } -- return(0); -+ return 0 ; - } - --static int --xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx) { -- xmlSecSize inSize, outSize; -- int blockLen, outLen = 0; -- xmlSecByte* inBuf; -- xmlSecByte* outBuf; -- SECStatus rv; -- int ret; -- -- xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -- xmlSecAssert2(ctx->cipherCtx != NULL, -1); -- xmlSecAssert2(ctx->ctxInitialized != 0, -1); -- xmlSecAssert2(in != NULL, -1); -- xmlSecAssert2(out != NULL, -1); -- xmlSecAssert2(transformCtx != NULL, -1); -- -- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); -- xmlSecAssert2(blockLen > 0, -1); -+/** -+ * xmlSecTransformFinalizeMethod: -+ * @transform: the pointer to transform object. -+ * -+ * The transform specific destroy method. -+ */ -+static void -+xmlSecNssBlockCipherFinalize( -+ xmlSecTransformPtr transform -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; - -- inSize = xmlSecBufferGetSize(in); -- outSize = xmlSecBufferGetSize(out); -+ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; -+ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; - -- if(encrypt != 0) { -- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); -- -- /* create padding */ -- ret = xmlSecBufferSetMaxSize(in, blockLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", blockLen); -- return(-1); -- } -- inBuf = xmlSecBufferGetData(in); -- -- /* generate random padding */ -- if((xmlSecSize)blockLen > (inSize + 1)) { -- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); -- if(rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "PK11_GenerateRandom", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", blockLen - inSize - 1); -- return(-1); -- } -- } -- inBuf[blockLen - 1] = blockLen - inSize; -- inSize = blockLen; -- } else { -- if(inSize != (xmlSecSize)blockLen) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "data=%d;block=%d", inSize, blockLen); -- return(-1); -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return ; - } -- } -- -- /* process last block */ -- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + 2 * blockLen); -- return(-1); -- } -- outBuf = xmlSecBufferGetData(out) + outSize; - -- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, -- xmlSecBufferGetData(in), inSize); -- if(rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "PK11_CipherOp", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); -- -- if(encrypt == 0) { -- /* check padding */ -- if(outLen < outBuf[blockLen - 1]) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "padding=%d;buffer=%d", -- outBuf[blockLen - 1], outLen); -- return(-1); -- } -- outLen -= outBuf[blockLen - 1]; -- } -- -- /* set correct output buffer size */ -- ret = xmlSecBufferSetSize(out, outSize + outLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + outLen); -- return(-1); -- } -+ if( context->cipherCtx != NULL ) { -+ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; -+ context->cipherCtx = NULL ; -+ } - -- /* remove the processed block from input */ -- ret = xmlSecBufferRemoveHead(in, inSize); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", inSize); -- return(-1); -- } -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } - -- return(0); -+ context->cipher = CKM_INVALID_MECHANISM ; -+ context->keyId = NULL ; - } - -- --/****************************************************************************** -- * -- * EVP Block Cipher transforms -+/** -+ * xmlSecTransformSetKeyRequirementsMethod: -+ * @transform: the pointer to transform object. -+ * @keyReq: the pointer to key requirements structure. - * -- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure -+ * Transform specific method to set transform's key requirements. - * -- *****************************************************************************/ --#define xmlSecNssBlockCipherSize \ -- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) --#define xmlSecNssBlockCipherGetCtx(transform) \ -- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) -- --static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); --static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); --static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, -- xmlSecKeyReqPtr keyReq); --static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, -- xmlSecKeyPtr key); --static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, -- int last, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); -- -- -+ * Returns 0 on success or a negative value otherwise. -+ */ -+static int -+xmlSecNssBlockCipherSetKeyReq( -+ xmlSecTransformPtr transform , -+ xmlSecKeyReqPtr keyReq -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ xmlSecSize cipherSize = 0 ; -+ -+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -+ xmlSecAssert2( keyReq != NULL , -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ keyReq->keyId = context->keyId ; -+ keyReq->keyType = xmlSecKeyDataTypeSymmetric ; -+ -+ if( transform->operation == xmlSecTransformOperationEncrypt ) { -+ keyReq->keyUsage = xmlSecKeyUsageEncrypt ; -+ } else { -+ keyReq->keyUsage = xmlSecKeyUsageDecrypt ; -+ } -+ -+ /* -+ if( context->symkey != NULL ) -+ cipherSize = PK11_GetKeyLength( context->symkey ) ; - --static int --xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { --#ifndef XMLSEC_NO_DES -- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { -- return(1); -- } --#endif /* XMLSEC_NO_DES */ -+ keyReq->keyBitsSize = cipherSize * 8 ; -+ */ - --#ifndef XMLSEC_NO_AES -- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || -- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || -- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { -- -- return(1); -- } --#endif /* XMLSEC_NO_AES */ -- -- return(0); -+ return 0 ; - } - --static int --xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { -- xmlSecNssBlockCipherCtxPtr ctx; -- -- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -+/** -+ * xmlSecTransformSetKeyMethod: -+ * @transform: the pointer to transform object. -+ * @key: the pointer to key. -+ * -+ * The transform specific method to set the key for use. -+ * -+ * Returns 0 on success or a negative value otherwise. -+ */ -+static int -+xmlSecNssBlockCipherSetKey( -+ xmlSecTransformPtr transform , -+ xmlSecKeyPtr key -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ xmlSecKeyDataPtr keyData = NULL ; -+ PK11SymKey* symkey = NULL ; -+ CK_ATTRIBUTE_TYPE operation ; -+ int ivLen ; -+ -+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -+ xmlSecAssert2( key != NULL , -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -+ -+ keyData = xmlSecKeyGetValue( key ) ; -+ if( keyData == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -+ "xmlSecKeyGetValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssSymKeyDataGetKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -- -- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); -+ context->symkey = symkey ; - --#ifndef XMLSEC_NO_DES -- if(transform->id == xmlSecNssTransformDes3CbcId) { -- ctx->cipher = CKM_DES3_CBC; -- ctx->keyId = xmlSecNssKeyDataDesId; -- ctx->keySize = 24; -- } else --#endif /* XMLSEC_NO_DES */ -- --#ifndef XMLSEC_NO_AES -- if(transform->id == xmlSecNssTransformAes128CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 16; -- } else if(transform->id == xmlSecNssTransformAes192CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 24; -- } else if(transform->id == xmlSecNssTransformAes256CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 32; -- } else --#endif /* XMLSEC_NO_AES */ -- -- if(1) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_TRANSFORM, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- return(0); -+ return 0 ; - } - --static void --xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { -- xmlSecNssBlockCipherCtxPtr ctx; -- -- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); -- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); -+/** -+ * Block cipher transform init -+ */ -+static int -+xmlSecNssBlockCipherCtxInit( -+ xmlSecNssBlockCipherCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ const xmlChar* cipherName , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ xmlSecBufferPtr ivBuf = NULL ; -+ int ivLen ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ ivLen = PK11_GetIVLength( ctx->cipher ) ; -+ if( ivLen < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetIVLength" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( encrypt ) { -+ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_GenerateRandom" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } -+ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } -+ } else { -+ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetData" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } -+ } -+ -+ ivItem.data = xmlSecBufferGetData( ivBuf ) ; -+ ivItem.len = xmlSecBufferGetSize( ivBuf ) ; -+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_ParamFromIV" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } -+ -+ ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; -+ if( ctx->cipherCtx == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } - -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert(ctx != NULL); -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; - -- if(ctx->cipherCtx != NULL) { -- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); -- } -- -- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); -+ return 0 ; - } - --static int --xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -- xmlSecNssBlockCipherCtxPtr ctx; -- -- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -- xmlSecAssert2(keyReq != NULL, -1); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->keyId != NULL, -1); -- -- keyReq->keyId = ctx->keyId; -- keyReq->keyType = xmlSecKeyDataTypeSymmetric; -- if(transform->operation == xmlSecTransformOperationEncrypt) { -- keyReq->keyUsage = xmlSecKeyUsageEncrypt; -- } else { -- keyReq->keyUsage = xmlSecKeyUsageDecrypt; -- } -- keyReq->keyBitsSize = 8 * ctx->keySize; -- return(0); --} -+/** -+ * Block cipher transform update -+ */ -+static int -+xmlSecNssBlockCipherCtxUpdate( -+ xmlSecNssBlockCipherCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ const xmlChar* cipherName , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecSize inSize ; -+ xmlSecSize outSize ; -+ xmlSecSize inBlocks ; -+ int blockSize ; -+ int outLen ; -+ xmlSecByte* outBuf ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ inSize = xmlSecBufferGetSize( in ) ; -+ outSize = xmlSecBufferGetSize( out ) ; -+ -+ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; -+ inSize = inBlocks * blockSize ; -+ -+ if( inSize < blockSize ) { -+ return 0 ; -+ } -+ -+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ outBuf = xmlSecBufferGetData( out ) + outSize ; -+ -+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_CipherOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - --static int --xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -- xmlSecNssBlockCipherCtxPtr ctx; -- xmlSecBufferPtr buffer; -- -- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -- xmlSecAssert2(key != NULL, -1); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -- xmlSecAssert2(ctx->keyInitialized == 0, -1); -- xmlSecAssert2(ctx->keyId != NULL, -1); -- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); -- -- xmlSecAssert2(ctx->keySize > 0, -1); -- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); -- -- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); -- xmlSecAssert2(buffer != NULL, -1); -- -- if(xmlSecBufferGetSize(buffer) < ctx->keySize) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, -- "keySize=%d;expected=%d", -- xmlSecBufferGetSize(buffer), ctx->keySize); -- return(-1); -- } -- -- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); -- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); -- -- ctx->keyInitialized = 1; -- return(0); -+ return 0 ; - } - -+/** -+ * Block cipher transform final -+ */ - static int --xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -- xmlSecNssBlockCipherCtxPtr ctx; -- xmlSecBufferPtr in, out; -- int ret; -- -- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -- xmlSecAssert2(transformCtx != NULL, -1); -- -- in = &(transform->inBuf); -- out = &(transform->outBuf); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -+xmlSecNssBlockCipherCtxFinal( -+ xmlSecNssBlockCipherCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ const xmlChar* cipherName , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecSize inSize ; -+ xmlSecSize outSize ; -+ int blockSize ; -+ int outLen ; -+ xmlSecByte* inBuf ; -+ xmlSecByte* outBuf ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ inSize = xmlSecBufferGetSize( in ) ; -+ outSize = xmlSecBufferGetSize( out ) ; -+ -+ /******************************************************************/ -+ if( encrypt != 0 ) { -+ xmlSecAssert2( inSize < blockSize, -1 ) ; -+ -+ /* create padding */ -+ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ inBuf = xmlSecBufferGetData( in ) ; -+ -+ /* generate random */ -+ if( blockSize > ( inSize + 1 ) ) { -+ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_GenerateRandom" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ inBuf[blockSize-1] = blockSize - inSize ; -+ inSize = blockSize ; -+ } else { -+ if( inSize != blockSize ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ /* process the last block */ -+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ outBuf = xmlSecBufferGetData( out ) + outSize ; -+ -+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_CipherOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( encrypt == 0 ) { -+ /* check padding */ -+ if( outLen < outBuf[blockSize-1] ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ outLen -= outBuf[blockSize-1] ; -+ } -+ /******************************************************************/ -+ -+ /****************************************************************** -+ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ outBuf = xmlSecBufferGetData( out ) + outSize ; -+ -+ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_DigestFinal" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ ******************************************************************/ -+ -+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+/* PK11_Finalize( ctx->cipherCtx ) ;*/ -+ PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ; -+ ctx->cipherCtx = NULL ; - -- if(transform->status == xmlSecTransformStatusNone) { -- transform->status = xmlSecTransformStatusWorking; -- } -- -- if(transform->status == xmlSecTransformStatusWorking) { -- if(ctx->ctxInitialized == 0) { -- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- "xmlSecNssBlockCipherCtxInit", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- } -- if((ctx->ctxInitialized == 0) && (last != 0)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "not enough data to initialize transform"); -- return(-1); -- } -- -- if(ctx->ctxInitialized != 0) { -- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- "xmlSecNssBlockCipherCtxUpdate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- } -- -- if(last) { -- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- "xmlSecNssBlockCipherCtxFinal", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- transform->status = xmlSecTransformStatusFinished; -- } -- } else if(transform->status == xmlSecTransformStatusFinished) { -- /* the only way we can get here is if there is no input */ -- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); -- } else if(transform->status == xmlSecTransformStatusNone) { -- /* the only way we can get here is if there is no enough data in the input */ -- xmlSecAssert2(last == 0, -1); -- } else { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_STATUS, -- "status=%d", transform->status); -- return(-1); -- } -- -- return(0); -+ return 0 ; - } - - --#ifndef XMLSEC_NO_AES --/********************************************************************* -+ -+/** -+ * xmlSecTransformExecuteMethod: -+ * @transform: the pointer to transform object. -+ * @last: the flag: if set to 1 then it's the last data chunk. -+ * @transformCtx: the pointer to transform context object. - * -- * AES CBC cipher transforms -+ * Transform specific method to process a chunk of data. - * -- ********************************************************************/ -+ * Returns 0 on success or a negative value otherwise. -+ */ -+static int -+xmlSecNssBlockCipherExecute( -+ xmlSecTransformPtr transform , -+ int last , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ xmlSecBufferPtr inBuf = NULL ; -+ xmlSecBufferPtr outBuf = NULL ; -+ const xmlChar* cipherName ; -+ int operation ; -+ int rtv ; -+ -+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ inBuf = &( transform->inBuf ) ; -+ outBuf = &( transform->outBuf ) ; -+ -+ if( transform->status == xmlSecTransformStatusNone ) { -+ transform->status = xmlSecTransformStatusWorking ; -+ } -+ -+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -+ cipherName = xmlSecTransformGetName( transform ) ; -+ -+ if( transform->status == xmlSecTransformStatusWorking ) { -+ if( context->cipherCtx == NULL ) { -+ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherCtxInit" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( context->cipherCtx == NULL && last != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "No enough data to intialize transform" ) ; -+ return -1 ; -+ } -+ -+ if( context->cipherCtx != NULL ) { -+ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherCtxUpdate" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( last ) { -+ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherCtxFinal" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ transform->status = xmlSecTransformStatusFinished ; -+ } -+ } else if( transform->status == xmlSecTransformStatusFinished ) { -+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return -1 ; -+ } -+ } else { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return -1 ; -+ } -+ -+ return 0 ; -+} -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = { -+#else - static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { -- /* klass/object sizes */ -- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -- -- xmlSecNameAes128Cbc, /* const xmlChar* name; */ -- xmlSecHrefAes128Cbc, /* const xmlChar* href; */ -- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -- -- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -- NULL, /* xmlSecTransformNodeReadMethod readNode; */ -- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -- NULL, /* xmlSecTransformValidateMethod validate; */ -- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -- NULL, /* xmlSecTransformPopXmlMethod popXml; */ -- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -- -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ --}; -+#endif -+ sizeof( xmlSecTransformKlass ) , -+ xmlSecNssBlockCipherSize , -+ -+ xmlSecNameAes128Cbc , -+ xmlSecHrefAes128Cbc , -+ xmlSecTransformUsageEncryptionMethod , -+ -+ xmlSecNssBlockCipherInitialize , -+ xmlSecNssBlockCipherFinalize , -+ NULL , -+ NULL , -+ -+ xmlSecNssBlockCipherSetKeyReq , -+ xmlSecNssBlockCipherSetKey , -+ NULL , -+ xmlSecTransformDefaultGetDataType , -+ -+ xmlSecTransformDefaultPushBin , -+ xmlSecTransformDefaultPopBin , -+ NULL , -+ NULL , -+ xmlSecNssBlockCipherExecute , -+ -+ NULL , -+ NULL -+} ; -+ -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = { -+#else -+static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { -+#endif -+ sizeof( xmlSecTransformKlass ) , -+ xmlSecNssBlockCipherSize , -+ -+ xmlSecNameAes192Cbc , -+ xmlSecHrefAes192Cbc , -+ xmlSecTransformUsageEncryptionMethod , -+ -+ xmlSecNssBlockCipherInitialize , -+ xmlSecNssBlockCipherFinalize , -+ NULL , -+ NULL , -+ -+ xmlSecNssBlockCipherSetKeyReq , -+ xmlSecNssBlockCipherSetKey , -+ NULL , -+ xmlSecTransformDefaultGetDataType , -+ -+ xmlSecTransformDefaultPushBin , -+ xmlSecTransformDefaultPopBin , -+ NULL , -+ NULL , -+ xmlSecNssBlockCipherExecute , -+ -+ NULL , -+ NULL -+} ; -+ -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = { -+#else -+static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { -+#endif -+ sizeof( xmlSecTransformKlass ) , -+ xmlSecNssBlockCipherSize , -+ -+ xmlSecNameAes256Cbc , -+ xmlSecHrefAes256Cbc , -+ xmlSecTransformUsageEncryptionMethod , -+ -+ xmlSecNssBlockCipherInitialize , -+ xmlSecNssBlockCipherFinalize , -+ NULL , -+ NULL , -+ -+ xmlSecNssBlockCipherSetKeyReq , -+ xmlSecNssBlockCipherSetKey , -+ NULL , -+ xmlSecTransformDefaultGetDataType , -+ -+ xmlSecTransformDefaultPushBin , -+ xmlSecTransformDefaultPopBin , -+ NULL , -+ NULL , -+ xmlSecNssBlockCipherExecute , -+ -+ NULL , -+ NULL -+} ; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = { -+#else -+static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { -+#endif -+ sizeof( xmlSecTransformKlass ) , -+ xmlSecNssBlockCipherSize , -+ -+ xmlSecNameDes3Cbc , -+ xmlSecHrefDes3Cbc , -+ xmlSecTransformUsageEncryptionMethod , -+ -+ xmlSecNssBlockCipherInitialize , -+ xmlSecNssBlockCipherFinalize , -+ NULL , -+ NULL , -+ -+ xmlSecNssBlockCipherSetKeyReq , -+ xmlSecNssBlockCipherSetKey , -+ NULL , -+ xmlSecTransformDefaultGetDataType , -+ -+ xmlSecTransformDefaultPushBin , -+ xmlSecTransformDefaultPopBin , -+ NULL , -+ NULL , -+ xmlSecNssBlockCipherExecute , -+ -+ NULL , -+ NULL -+} ; - - /** -- * xmlSecNssTransformAes128CbcGetKlass: -- * -- * AES 128 CBC encryption transform klass. -- * -- * Returns pointer to AES 128 CBC encryption transform. -- */ --xmlSecTransformId --xmlSecNssTransformAes128CbcGetKlass(void) { -- return(&xmlSecNssAes128CbcKlass); -+ * xmlSecNssTransformAes128CbcGetKlass -+ * -+ * Get the AES128_CBC transform klass -+ * -+ * Return AES128_CBC transform klass -+ */ -+xmlSecTransformId -+xmlSecNssTransformAes128CbcGetKlass( void ) { -+ return ( &xmlSecNssAes128CbcKlass ) ; - } - --static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { -- /* klass/object sizes */ -- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -- -- xmlSecNameAes192Cbc, /* const xmlChar* name; */ -- xmlSecHrefAes192Cbc, /* const xmlChar* href; */ -- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -- -- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -- NULL, /* xmlSecTransformNodeReadMethod readNode; */ -- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -- NULL, /* xmlSecTransformValidateMethod validate; */ -- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -- NULL, /* xmlSecTransformPopXmlMethod popXml; */ -- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -- -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ --}; -- - /** -- * xmlSecNssTransformAes192CbcGetKlass: -- * -- * AES 192 CBC encryption transform klass. -- * -- * Returns pointer to AES 192 CBC encryption transform. -- */ --xmlSecTransformId --xmlSecNssTransformAes192CbcGetKlass(void) { -- return(&xmlSecNssAes192CbcKlass); -+ * xmlSecNssTransformAes192CbcGetKlass -+ * -+ * Get the AES192_CBC transform klass -+ * -+ * Return AES192_CBC transform klass -+ */ -+xmlSecTransformId -+xmlSecNssTransformAes192CbcGetKlass( void ) { -+ return ( &xmlSecNssAes192CbcKlass ) ; - } - --static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { -- /* klass/object sizes */ -- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -- -- xmlSecNameAes256Cbc, /* const xmlChar* name; */ -- xmlSecHrefAes256Cbc, /* const xmlChar* href; */ -- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -- -- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -- NULL, /* xmlSecTransformNodeReadMethod readNode; */ -- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -- NULL, /* xmlSecTransformValidateMethod validate; */ -- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -- NULL, /* xmlSecTransformPopXmlMethod popXml; */ -- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -- -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ --}; -- - /** -- * xmlSecNssTransformAes256CbcGetKlass: -- * -- * AES 256 CBC encryption transform klass. -- * -- * Returns pointer to AES 256 CBC encryption transform. -- */ --xmlSecTransformId --xmlSecNssTransformAes256CbcGetKlass(void) { -- return(&xmlSecNssAes256CbcKlass); -+ * xmlSecNssTransformAes256CbcGetKlass -+ * -+ * Get the AES256_CBC transform klass -+ * -+ * Return AES256_CBC transform klass -+ */ -+xmlSecTransformId -+xmlSecNssTransformAes256CbcGetKlass( void ) { -+ return ( &xmlSecNssAes256CbcKlass ) ; - } - --#endif /* XMLSEC_NO_AES */ -- --#ifndef XMLSEC_NO_DES --static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { -- /* klass/object sizes */ -- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -- -- xmlSecNameDes3Cbc, /* const xmlChar* name; */ -- xmlSecHrefDes3Cbc, /* const xmlChar* href; */ -- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -- -- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -- NULL, /* xmlSecTransformNodeReadMethod readNode; */ -- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -- NULL, /* xmlSecTransformValidateMethod validate; */ -- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -- NULL, /* xmlSecTransformPopXmlMethod popXml; */ -- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -- -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ --}; -- --/** -- * xmlSecNssTransformDes3CbcGetKlass: -+/** -+ * xmlSecNssTransformDes3CbcGetKlass - * -- * Triple DES CBC encryption transform klass. -- * -- * Returns pointer to Triple DES encryption transform. -+ * Get the DES3_CBC transform klass -+ * -+ * Return DES3_CBC transform klass - */ --xmlSecTransformId --xmlSecNssTransformDes3CbcGetKlass(void) { -- return(&xmlSecNssDes3CbcKlass); -+xmlSecTransformId -+xmlSecNssTransformDes3CbcGetKlass( void ) { -+ return ( &xmlSecNssDes3CbcKlass ) ; - } --#endif /* XMLSEC_NO_DES */ -+ - ---- misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100 -+++ misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2008-06-29 23:44:19.000000000 +0200 -@@ -130,6 +130,7 @@ - /** - * High level routines form xmlsec command line utility - */ -+/* - gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; - gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; - gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; -@@ -143,10 +144,29 @@ - gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; - gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; - gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; --#endif /* XMLSEC_NO_X509 */ -+#endif - gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; - gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; - gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; -+*/ -+ -+ gXmlSecNssFunctions->cryptoAppInit = NULL ; -+ gXmlSecNssFunctions->cryptoAppShutdown = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; -+#ifndef XMLSEC_NO_X509 -+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; -+ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; -+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; -+#endif /* XMLSEC_NO_X509 */ -+ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; - - return(gXmlSecNssFunctions); - } ---- misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/digests.c 2008-06-29 23:44:19.000000000 +0200 -@@ -21,7 +21,6 @@ - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - --#include <xmlsec/nss/app.h> - #include <xmlsec/nss/crypto.h> - - #define XMLSEC_NSS_MAX_DIGEST_SIZE 32 -@@ -107,7 +106,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SECOID_FindOIDByTag", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -117,7 +116,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateDigestContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -208,7 +207,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - transform->status = xmlSecTransformStatusWorking; -@@ -225,7 +224,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -246,7 +245,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - xmlSecAssert2(ctx->dgstSize > 0, -1); -@@ -285,7 +284,11 @@ - * SHA1 Digest transforms - * - *****************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssSha1Klass = { -+#else - static xmlSecTransformKlass xmlSecNssSha1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssDigestSize, /* xmlSecSize objSize */ ---- misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2008-06-29 23:44:19.000000000 +0200 -@@ -23,8 +23,8 @@ - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - --#include <xmlsec/nss/app.h> - #include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/tokens.h> - - #define XMLSEC_NSS_MAX_HMAC_SIZE 128 - -@@ -241,13 +241,13 @@ - keyItem.data = xmlSecBufferGetData(buffer); - keyItem.len = xmlSecBufferGetSize(buffer); - -- slot = PK11_GetBestSlot(ctx->digestType, NULL); -+ slot = xmlSecNssSlotGet(ctx->digestType); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -258,7 +258,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - PK11_FreeSlot(slot); - return(-1); - } -@@ -269,7 +269,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - PK11_FreeSymKey(symKey); - PK11_FreeSlot(slot); - return(-1); -@@ -368,7 +368,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - transform->status = xmlSecTransformStatusWorking; -@@ -385,7 +385,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -408,7 +408,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - xmlSecAssert2(dgstSize > 0, -1); -@@ -459,7 +459,11 @@ - /** - * HMAC SHA1 - */ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = { -+#else - static xmlSecTransformKlass xmlSecNssHmacSha1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssHmacSize, /* xmlSecSize objSize */ -@@ -501,7 +505,11 @@ - /** - * HMAC Ripemd160 - */ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { -+#else - static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssHmacSize, /* xmlSecSize objSize */ -@@ -543,7 +551,11 @@ - /** - * HMAC Md5 - */ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = { -+#else - static xmlSecTransformKlass xmlSecNssHmacMd5Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssHmacSize, /* xmlSecSize objSize */ ---- misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2008-06-29 23:44:19.000000000 +0200 -@@ -1,119 +1,522 @@ - /** - * XMLSec library - * -- * Nss keys store that uses Simple Keys Store under the hood. Uses the -- * Nss DB as a backing store for the finding keys, but the NSS DB is -- * not written to by the keys store. -- * So, if store->findkey is done and the key is not found in the simple -- * keys store, the NSS DB is looked up. -- * If store is called to adopt a key, that key is not written to the NSS -- * DB. -- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate -- * source of keys for xmlsec -- * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * -- * Copyright (c) 2003 America Online, Inc. All rights reserved. -+ * Copyright................................ - */ --#include "globals.h" - --#include <stdlib.h> -+/** -+ * NSS key store uses a key list and a slot list as the key repository. NSS slot -+ * list is a backup repository for the finding keys. If a key is not found from -+ * the key list, the NSS slot list is looked up. -+ * -+ * Any key in the key list will not save to pkcs11 slot. When a store to called -+ * to adopt a key, the key is resident in the key list; While a store to called -+ * to set a is resident in the key list; While a store to called to set a slot -+ * list, which means that the keys in the listed slot can be used for xml sign- -+ * nature or encryption. -+ * -+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. -+ * -+ * The framework will decrease the user interfaces to administrate xmlSec crypto -+ * engine. He can only focus on NSS layer functions. For examples, after the -+ * user set up a slot list handler to the keys store, he do not need to do any -+ * other work atop xmlSec interfaces, his action on the slot list handler, such -+ * as add a token to, delete a token from the list, will directly effect the key -+ * store behaviors. -+ * -+ * For example, a scenariio: -+ * 0. Create a slot list;( NSS interfaces ) -+ * 1. Create a keys store;( xmlSec interfaces ) -+ * 2. Set slot list with the keys store;( xmlSec Interfaces ) -+ * 3. Add a slot to the slot list;( NSS interfaces ) -+ * 4. Perform xml signature; ( xmlSec Interfaces ) -+ * 5. Deleter a slot from the slot list;( NSS interfaces ) -+ * 6. Perform xml encryption; ( xmlSec Interfaces ) -+ * 7. Perform xml signature;( xmlSec Interfaces ) -+ * 8. Destroy the keys store;( xmlSec Interfaces ) -+ * 8. Destroy the slot list.( NSS Interfaces ) -+ */ -+ -+#include "globals.h" - #include <string.h> - --#include <nss.h> --#include <cert.h> --#include <pk11func.h> --#include <keyhi.h> -+#include <nss.h> -+#include <pk11func.h> -+#include <prinit.h> -+#include <keyhi.h> - --#include <libxml/tree.h> - - #include <xmlsec/xmlsec.h> --#include <xmlsec/buffer.h> --#include <xmlsec/base64.h> --#include <xmlsec/errors.h> --#include <xmlsec/xmltree.h> -- -+#include <xmlsec/keys.h> - #include <xmlsec/keysmngr.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> - #include <xmlsec/nss/keysstore.h> --#include <xmlsec/nss/x509.h> -+#include <xmlsec/nss/tokens.h> -+#include <xmlsec/nss/ciphers.h> - #include <xmlsec/nss/pkikeys.h> - --/**************************************************************************** -+/** -+ * Internal NSS key store context - * -- * Nss Keys Store. Uses Simple Keys Store under the hood -- * -- * Simple Keys Store ptr is located after xmlSecKeyStore -+ * This context is located after xmlSecKeyStore -+ */ -+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; -+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; -+ -+struct _xmlSecNssKeysStoreCtx { -+ xmlSecPtrListPtr keyList ; -+ xmlSecPtrListPtr slotList ; -+} ; -+ -+#define xmlSecNssKeysStoreSize \ -+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) -+ -+#define xmlSecNssKeysStoreGetCtx( data ) \ -+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) -+ -+int xmlSecNssKeysStoreAdoptKeySlot( -+ xmlSecKeyStorePtr store , -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( context->slotList == NULL ) { -+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCheckId" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListAdd" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ return 0 ; -+} -+ -+int xmlSecNssKeysStoreAdoptKey( -+ xmlSecKeyStorePtr store , -+ xmlSecKeyPtr key -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( context->keyList == NULL ) { -+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCheckId" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListAdd" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ return 0 ; -+} -+ -+/** -+ * xmlSecKeyStoreInitializeMethod: -+ * @store: the store. - * -- ***************************************************************************/ --#define xmlSecNssKeysStoreSize \ -- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) -- --#define xmlSecNssKeysStoreGetSS(store) \ -- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ -- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ -- (xmlSecKeyStorePtr*)NULL) -- --static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); --static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); --static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, -- const xmlChar* name, -- xmlSecKeyInfoCtxPtr keyInfoCtx); -+ * Keys store specific initialization method. -+ * -+ * Returns 0 on success or a negative value if an error occurs. -+ */ -+static int -+xmlSecNssKeysStoreInitialize( -+ xmlSecKeyStorePtr store -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - --static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -- sizeof(xmlSecKeyStoreKlass), -- xmlSecNssKeysStoreSize, -+ context->keyList = NULL ; -+ context->slotList = NULL ; - -- /* data */ -- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ -- -- /* constructors/destructor */ -- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ -- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ -- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ -- -- /* reserved for the future */ -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ --}; -+ return 0 ; -+} - --/** -- * xmlSecNssKeysStoreGetKlass: -- * -- * The Nss list based keys store klass. -+/** -+ * xmlSecKeyStoreFinalizeMethod: -+ * @store: the store. - * -- * Returns Nss list based keys store klass. -+ * Keys store specific finalization (destroy) method. - */ --xmlSecKeyStoreId --xmlSecNssKeysStoreGetKlass(void) { -- return(&xmlSecNssKeysStoreKlass); -+void -+xmlSecNssKeysStoreFinalize( -+ xmlSecKeyStorePtr store -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; -+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return ; -+ } -+ -+ if( context->keyList != NULL ) { -+ xmlSecPtrListDestroy( context->keyList ) ; -+ context->keyList = NULL ; -+ } -+ -+ if( context->slotList != NULL ) { -+ xmlSecPtrListDestroy( context->slotList ) ; -+ context->slotList = NULL ; -+ } - } - --/** -- * xmlSecNssKeysStoreAdoptKey: -- * @store: the pointer to Nss keys store. -- * @key: the pointer to key. -- * -- * Adds @key to the @store. -+xmlSecKeyPtr -+xmlSecNssKeysStoreFindKeyFromSlot( -+ PK11SlotInfo* slot, -+ const xmlChar* name, -+ xmlSecKeyInfoCtxPtr keyInfoCtx -+) { -+ xmlSecKeyPtr key = NULL ; -+ xmlSecKeyDataPtr data = NULL ; -+ int length ; -+ -+ xmlSecAssert2( slot != NULL , NULL ) ; -+ xmlSecAssert2( name != NULL , NULL ) ; -+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { -+ PK11SymKey* symKey ; -+ PK11SymKey* curKey ; -+ -+ /* Find symmetric key from the slot by name */ -+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; -+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { -+ /* Check the key request */ -+ length = PK11_GetKeyLength( curKey ) ; -+ length *= 8 ; -+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -+ ( length > 0 ) && -+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -+ continue ; -+ -+ /* We find a eligible key */ -+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; -+ if( data == NULL ) { -+ /* Do nothing */ -+ } -+ break ; -+ } -+ -+ /* Destroy the sym key list */ -+ for( curKey = symKey ; curKey != NULL ; ) { -+ symKey = curKey ; -+ curKey = PK11_GetNextSymKey( symKey ) ; -+ PK11_FreeSymKey( symKey ) ; -+ } -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ SECKEYPublicKeyList* pubKeyList ; -+ SECKEYPublicKey* pubKey ; -+ SECKEYPublicKeyListNode* curPub ; -+ -+ /* Find asymmetric key from the slot by name */ -+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; -+ pubKey = NULL ; -+ curPub = PUBKEY_LIST_HEAD(pubKeyList); -+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { -+ /* Check the key request */ -+ length = SECKEY_PublicKeyStrength( curPub->key ) ; -+ length *= 8 ; -+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -+ ( length > 0 ) && -+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -+ continue ; -+ -+ /* We find a eligible key */ -+ pubKey = curPub->key ; -+ break ; -+ } -+ -+ if( pubKey != NULL ) { -+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; -+ if( data == NULL ) { -+ /* Do nothing */ -+ } -+ } -+ -+ /* Destroy the public key list */ -+ SECKEY_DestroyPublicKeyList( pubKeyList ) ; -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ SECKEYPrivateKeyList* priKeyList = NULL ; -+ SECKEYPrivateKey* priKey = NULL ; -+ SECKEYPrivateKeyListNode* curPri ; -+ -+ /* Find asymmetric key from the slot by name */ -+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; -+ priKey = NULL ; -+ curPri = PRIVKEY_LIST_HEAD(priKeyList); -+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { -+ /* Check the key request */ -+ length = PK11_SignatureLen( curPri->key ) ; -+ length *= 8 ; -+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -+ ( length > 0 ) && -+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -+ continue ; -+ -+ /* We find a eligible key */ -+ priKey = curPri->key ; -+ break ; -+ } -+ -+ if( priKey != NULL ) { -+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; -+ if( data == NULL ) { -+ /* Do nothing */ -+ } -+ } -+ -+ /* Destroy the private key list */ -+ SECKEY_DestroyPrivateKeyList( priKeyList ) ; -+ } -+ -+ /* If we have gotten the key value */ -+ if( data != NULL ) { -+ if( ( key = xmlSecKeyCreate() ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyDataDestroy( data ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeySetValue" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyDestroy( key ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return NULL ; -+ } -+ } -+ -+ return(key); -+} -+ -+/** -+ * xmlSecKeyStoreFindKeyMethod: -+ * @store: the store. -+ * @name: the desired key name. -+ * @keyInfoCtx: the pointer to key info context. - * -- * Returns 0 on success or a negative value if an error occurs. -+ * Keys store specific find method. The caller is responsible for destroying -+ * the returned key using #xmlSecKeyDestroy method. -+ * -+ * Returns the pointer to a key or NULL if key is not found or an error occurs. - */ --int --xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -- xmlSecAssert2((key != NULL), -1); -+static xmlSecKeyPtr -+xmlSecNssKeysStoreFindKey( -+ xmlSecKeyStorePtr store , -+ const xmlChar* name , -+ xmlSecKeyInfoCtxPtr keyInfoCtx -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ xmlSecKeyPtr key = NULL ; -+ xmlSecNssKeySlotPtr keySlot = NULL ; -+ xmlSecSize pos ; -+ xmlSecSize size ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; -+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Look for key at keyList at first. -+ */ -+ if( context->keyList != NULL ) { -+ size = xmlSecPtrListGetSize( context->keyList ) ; -+ for( pos = 0 ; pos < size ; pos ++ ) { -+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; -+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { -+ return xmlSecKeyDuplicate( key ) ; -+ } -+ } -+ } -+ -+ /*- -+ * Find the key from slotList -+ */ -+ if( context->slotList != NULL ) { -+ PK11SlotInfo* slot = NULL ; -+ -+ size = xmlSecPtrListGetSize( context->slotList ) ; -+ for( pos = 0 ; pos < size ; pos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ if( slot == NULL ) { -+ continue ; -+ } else { -+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; -+ if( key == NULL ) { -+ continue ; -+ } else { -+ return( key ) ; -+ } -+ } -+ } -+ } -+ -+ /*- -+ * Create a session key if we can not find the key from keyList and slotList -+ */ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { -+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecKeySetValue" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ return key ; -+ } -+ -+ /** -+ * We have no way to find the key any more. -+ */ -+ return NULL ; -+} - -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -+#else -+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -+#endif -+ sizeof( xmlSecKeyStoreKlass ) , -+ xmlSecNssKeysStoreSize , -+ BAD_CAST "implicit_nss_keys_store" , -+ xmlSecNssKeysStoreInitialize , -+ xmlSecNssKeysStoreFinalize , -+ xmlSecNssKeysStoreFindKey , -+ NULL , -+ NULL -+} ; - -- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); -+/** -+ * xmlSecNssKeysStoreGetKlass: -+ * -+ * The simple list based keys store klass. -+ * -+ * Returns simple list based keys store klass. -+ */ -+xmlSecKeyStoreId -+xmlSecNssKeysStoreGetKlass( void ) { -+ return &xmlSecNssKeysStoreKlass ; - } - -+ -+/************************** -+ * Application routines -+ */ - /** - * xmlSecNssKeysStoreLoad: - * @store: the pointer to Nss keys store. -@@ -125,8 +528,11 @@ - * Returns 0 on success or a negative value if an error occurs. - */ - int --xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, -- xmlSecKeysMngrPtr keysMngr) { -+xmlSecNssKeysStoreLoad( -+ xmlSecKeyStorePtr store, -+ const char *uri, -+ xmlSecKeysMngrPtr keysMngr -+) { - xmlDocPtr doc; - xmlNodePtr root; - xmlNodePtr cur; -@@ -252,254 +658,147 @@ - */ - int - xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -- xmlSecAssert2((filename != NULL), -1); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); -- -- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); --} -- --static int --xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -+ xmlSecKeyInfoCtx keyInfoCtx; -+ xmlSecNssKeysStoreCtxPtr context ; -+ xmlSecPtrListPtr list; -+ xmlSecKeyPtr key; -+ xmlSecSize i, keysSize; -+ xmlDocPtr doc; -+ xmlNodePtr cur; -+ xmlSecKeyDataPtr data; -+ xmlSecPtrListPtr idsList; -+ xmlSecKeyDataId dataId; -+ xmlSecSize idsSize, j; -+ int ret; - -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2((*ss == NULL), -1); -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; -+ xmlSecAssert2(filename != NULL, -1); -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ xmlSecAssert2( context != NULL, -1 ); -+ -+ list = context->keyList ; -+ xmlSecAssert2( list != NULL, -1 ); -+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); - -- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); -- if(*ss == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -+ /* create doc */ -+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); -+ if(doc == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -- "xmlSecKeyStoreCreate", -+ "xmlSecCreateTree", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "xmlSecSimpleKeysStoreId"); -- return(-1); -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); - } -- -- return(0); --} -- --static void --xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert((ss != NULL) && (*ss != NULL)); - -- xmlSecKeyStoreDestroy(*ss); --} -- --static xmlSecKeyPtr --xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, -- xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlSecKeyStorePtr* ss; -- xmlSecKeyPtr key = NULL; -- xmlSecKeyPtr retval = NULL; -- xmlSecKeyReqPtr keyReq = NULL; -- CERTCertificate *cert = NULL; -- SECKEYPublicKey *pubkey = NULL; -- SECKEYPrivateKey *privkey = NULL; -- xmlSecKeyDataPtr data = NULL; -- xmlSecKeyDataPtr x509Data = NULL; -- int ret; -- -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); -- xmlSecAssert2(keyInfoCtx != NULL, NULL); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); -- -- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); -- if (key != NULL) { -- return (key); -- } -+ idsList = xmlSecKeyDataIdsGet(); -+ xmlSecAssert2(idsList != NULL, -1); -+ -+ keysSize = xmlSecPtrListGetSize(list); -+ idsSize = xmlSecPtrListGetSize(idsList); -+ for(i = 0; i < keysSize; ++i) { -+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); -+ xmlSecAssert2(key != NULL, -1); -+ -+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); -+ if(cur == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); -+ xmlFreeDoc(doc); -+ return(-1); -+ } - -- /* Try to find the key in the NSS DB, and construct an xmlSecKey. -- * we must have a name to lookup keys in NSS DB. -- */ -- if (name == NULL) { -- goto done; -- } -+ /* special data key name */ -+ if(xmlSecKeyGetName(key) != NULL) { -+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeKeyName)); -+ xmlFreeDoc(doc); -+ return(-1); -+ } -+ } -+ -+ /* create nodes for other keys data */ -+ for(j = 0; j < idsSize; ++j) { -+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); -+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); - -- /* what type of key are we looking for? -- * TBD: For now, we'll look only for public/private keys using the -- * name as a cert nickname. Later on, we can attempt to find -- * symmetric keys using PK11_FindFixedKey -- */ -- keyReq = &(keyInfoCtx->keyReq); -- if (keyReq->keyType & -- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { -- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); -- if (cert == NULL) { -- goto done; -- } -- -- if (keyReq->keyType & xmlSecKeyDataTypePublic) { -- pubkey = CERT_ExtractPublicKey(cert); -- if (pubkey == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_ExtractPublicKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -+ if(dataId->dataNodeName == NULL) { -+ continue; -+ } -+ -+ data = xmlSecKeyGetData(key, dataId); -+ if(data == NULL) { -+ continue; - } -- } - -- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { -- privkey = PK11_FindKeyByAnyCert(cert, NULL); -- if (privkey == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PK11_FindKeyByAnyCert", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "node=%s", -+ xmlSecErrorsSafeString(dataId->dataNodeName)); -+ xmlFreeDoc(doc); -+ return(-1); - } - } - -- data = xmlSecNssPKIAdoptKey(privkey, pubkey); -- if(data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssPKIAdoptKey", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- privkey = NULL; -- pubkey = NULL; -- -- key = xmlSecKeyCreate(); -- if (key == NULL) { -+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); -+ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyCreate", -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -- return (NULL); -- } -- -- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); -- if(x509Data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyDataCreate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "transform=%s", -- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); -- goto done; -- } -- -- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); -- if (ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssKeyDataX509AdoptKeyCert", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -- } -- cert = CERT_DupCertificate(cert); -- if (cert == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_DupCertificate", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -- } -- -- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); -- if (ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssKeyDataX509AdoptCert", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -+ xmlFreeDoc(doc); -+ return(-1); - } -- cert = NULL; - -- ret = xmlSecKeySetValue(key, data); -- if (ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeySetValue", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); -- goto done; -- } -- data = NULL; -+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite; -+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; -+ keyInfoCtx.keyReq.keyType = type; -+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; - -- ret = xmlSecKeyAdoptData(key, x509Data); -- if (ret < 0) { -+ /* finally write key in the node */ -+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); -+ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyAdoptData", -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -- } -- x509Data = NULL; -- -- retval = key; -- key = NULL; -- } -- --done: -- if (cert != NULL) { -- CERT_DestroyCertificate(cert); -- } -- if (pubkey != NULL) { -- SECKEY_DestroyPublicKey(pubkey); -- } -- if (privkey != NULL) { -- SECKEY_DestroyPrivateKey(privkey); -- } -- if (data != NULL) { -- xmlSecKeyDataDestroy(data); -- } -- if (x509Data != NULL) { -- xmlSecKeyDataDestroy(x509Data); -- } -- if (key != NULL) { -- xmlSecKeyDestroy(key); -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); -+ xmlFreeDoc(doc); -+ return(-1); -+ } -+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); - } -- -- /* now that we have a key, make sure it is valid and let the simple -- * store adopt it */ -- if (retval) { -- if (xmlSecKeyIsValid(retval)) { -- ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval); -- if (ret < 0) { -+ -+ /* now write result */ -+ ret = xmlSaveFormatFile(filename, doc, 1); -+ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -- "xmlSecSimpleKeysStoreAdoptKey", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- xmlSecKeyDestroy(retval); -- retval = NULL; -- } -- } else { -- xmlSecKeyDestroy(retval); -- retval = NULL; -- } -- } -- -- return (retval); -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSaveFormatFile", -+ XMLSEC_ERRORS_R_XML_FAILED, -+ "filename=%s", -+ xmlSecErrorsSafeString(filename)); -+ xmlFreeDoc(doc); -+ return(-1); -+ } -+ -+ xmlFreeDoc(doc); -+ return(0); - } -+ ---- misc/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:39.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,752 @@ --dummy -+/** -+ * -+ * XMLSec library -+ * -+ * AES Algorithm support -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright ................................. -+ */ -+#include "globals.h" -+ -+#include <stdlib.h> -+#include <stdio.h> -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+#include <keyhi.h> -+#include <key.h> -+#include <hasht.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/pkikeys.h> -+#include <xmlsec/nss/tokens.h> -+ -+/********************************************************************* -+ * -+ * key transform transforms -+ * -+ ********************************************************************/ -+typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ; -+typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ; -+ -+#define xmlSecNssKeyTransportSize \ -+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) -+ -+#define xmlSecNssKeyTransportGetCtx( transform ) \ -+ ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -+ -+struct _xmlSecNssKeyTransportCtx { -+ CK_MECHANISM_TYPE cipher ; -+ SECKEYPublicKey* pubkey ; -+ SECKEYPrivateKey* prikey ; -+ xmlSecKeyDataId keyId ; -+ xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ -+} ; -+ -+static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); -+static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); -+static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, -+ xmlSecKeyReqPtr keyReq); -+static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, -+ xmlSecKeyPtr key); -+static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, -+ int last, -+ xmlSecTransformCtxPtr transformCtx); -+static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform); -+ -+static int -+xmlSecNssKeyTransportCheckId( -+ xmlSecTransformPtr transform -+) { -+ #ifndef XMLSEC_NO_RSA -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) { -+ -+ return(1); -+ } -+ #endif /* XMLSEC_NO_RSA */ -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyTransportCtxPtr context ; -+ int ret; -+ -+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); -+ -+ context = xmlSecNssKeyTransportGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ #ifndef XMLSEC_NO_RSA -+ if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { -+ context->cipher = CKM_RSA_PKCS ; -+ context->keyId = xmlSecNssKeyDataRsaId ; -+ } else if( transform->id == xmlSecNssTransformRsaOaepId ) { -+ context->cipher = CKM_RSA_PKCS_OAEP ; -+ context->keyId = xmlSecNssKeyDataRsaId ; -+ } else -+ #endif /* XMLSEC_NO_RSA */ -+ -+ if( 1 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->pubkey = NULL ; -+ context->prikey = NULL ; -+ context->material = NULL ; -+ -+ return(0); -+} -+ -+static void -+xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyTransportCtxPtr context ; -+ -+ xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); -+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); -+ -+ context = xmlSecNssKeyTransportGetCtx( transform ) ; -+ xmlSecAssert( context != NULL ) ; -+ -+ if( context->pubkey != NULL ) { -+ SECKEY_DestroyPublicKey( context->pubkey ) ; -+ context->pubkey = NULL ; -+ } -+ -+ if( context->prikey != NULL ) { -+ SECKEY_DestroyPrivateKey( context->prikey ) ; -+ context->prikey = NULL ; -+ } -+ -+ if( context->material != NULL ) { -+ xmlSecBufferDestroy(context->material); -+ context->material = NULL ; -+ } -+} -+ -+static int -+xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -+ xmlSecNssKeyTransportCtxPtr context ; -+ xmlSecSize cipherSize = 0 ; -+ -+ -+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(keyReq != NULL, -1); -+ -+ context = xmlSecNssKeyTransportGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ keyReq->keyId = context->keyId; -+ if(transform->operation == xmlSecTransformOperationEncrypt) { -+ keyReq->keyUsage = xmlSecKeyUsageEncrypt; -+ keyReq->keyType = xmlSecKeyDataTypePublic; -+ } else { -+ keyReq->keyUsage = xmlSecKeyUsageDecrypt; -+ keyReq->keyType = xmlSecKeyDataTypePrivate; -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -+ xmlSecNssKeyTransportCtxPtr context = NULL ; -+ xmlSecKeyDataPtr keyData = NULL ; -+ SECKEYPublicKey* pubkey = NULL ; -+ SECKEYPrivateKey* prikey = NULL ; -+ -+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(key != NULL, -1); -+ -+ context = xmlSecNssKeyTransportGetCtx( transform ) ; -+ if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyTransportGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -+ -+ keyData = xmlSecKeyGetValue( key ) ; -+ if( keyData == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -+ "xmlSecKeyGetValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if(transform->operation == xmlSecTransformOperationEncrypt) { -+ if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssPKIKeyDataGetPubKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->pubkey = pubkey ; -+ } else { -+ if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssPKIKeyDataGetPrivKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->prikey = prikey ; -+ } -+ -+ return(0) ; -+} -+ -+/** -+ * key wrap transform -+ */ -+static int -+xmlSecNssKeyTransportCtxInit( -+ xmlSecNssKeyTransportCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecSize blockSize ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ if( ctx->material != NULL ) { -+ xmlSecBufferDestroy( ctx->material ) ; -+ ctx->material = NULL ; -+ } -+ -+ if( ctx->pubkey != NULL ) { -+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; -+ } else if( ctx->prikey != NULL ) { -+ blockSize = PK11_SignatureLen( ctx->prikey ) ; -+ } else { -+ blockSize = -1 ; -+ } -+ -+ if( blockSize < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ ctx->material = xmlSecBufferCreate( blockSize ) ; -+ if( ctx->material == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* read raw key material into context */ -+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetData" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+/** -+ * key wrap transform update -+ */ -+static int -+xmlSecNssKeyTransportCtxUpdate( -+ xmlSecNssKeyTransportCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+/** -+ * Block cipher transform final -+ */ -+static int -+xmlSecNssKeyTransportCtxFinal( -+ xmlSecNssKeyTransportCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ SECKEYPublicKey* targetKey ; -+ PK11SymKey* symKey ; -+ PK11SlotInfo* slot ; -+ SECItem oriskv ; -+ xmlSecSize blockSize ; -+ xmlSecBufferPtr result ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Now we get all of the key materail */ -+ /* from now on we will wrap or unwrap the key */ -+ if( ctx->pubkey != NULL ) { -+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; -+ } else if( ctx->prikey != NULL ) { -+ blockSize = PK11_SignatureLen( ctx->prikey ) ; -+ } else { -+ blockSize = -1 ; -+ } -+ -+ if( blockSize < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ result = xmlSecBufferCreate( blockSize * 2 ) ; -+ if( result == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ oriskv.type = siBuffer ; -+ oriskv.data = xmlSecBufferGetData( ctx->material ) ; -+ oriskv.len = xmlSecBufferGetSize( ctx->material ) ; -+ -+ if( encrypt != 0 ) { -+ CK_OBJECT_HANDLE id ; -+ SECItem wrpskv ; -+ -+ /* Create template symmetric key from material */ -+ if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) { -+ slot = xmlSecNssSlotGet( ctx->cipher ) ; -+ if( slot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSlotGet" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ -+ id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; -+ if( id == CK_INVALID_HANDLE ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_ImportPublicKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ PK11_FreeSlot( slot ) ; -+ return(-1); -+ } -+ } -+ -+ /* pay attention to mechanism */ -+ symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; -+ if( symKey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_ImportSymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ PK11_FreeSlot( slot ) ; -+ return(-1); -+ } -+ -+ wrpskv.type = siBuffer ; -+ wrpskv.data = xmlSecBufferGetData( result ) ; -+ wrpskv.len = xmlSecBufferGetMaxSize( result ) ; -+ -+ if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_PubWrapSymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSymKey( symKey ) ; -+ xmlSecBufferDestroy(result); -+ PK11_FreeSlot( slot ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSymKey( symKey ) ; -+ xmlSecBufferDestroy(result); -+ PK11_FreeSlot( slot ) ; -+ return(-1); -+ } -+ PK11_FreeSymKey( symKey ) ; -+ PK11_FreeSlot( slot ) ; -+ } else { -+ SECItem* keyItem ; -+ CK_OBJECT_HANDLE id1 ; -+ -+ /* pay attention to mechanism */ -+ if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_PubUnwrapSymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ -+ /* Extract raw data from symmetric key */ -+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_ExtractKeyValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSymKey( symKey ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ -+ if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetKeyData" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSymKey( symKey ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_PubUnwrapSymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSymKey( symKey ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ PK11_FreeSymKey( symKey ) ; -+ } -+ -+ /* Write output */ -+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ xmlSecBufferDestroy(result); -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -+ xmlSecNssKeyTransportCtxPtr context = NULL ; -+ xmlSecBufferPtr inBuf, outBuf ; -+ int operation ; -+ int rtv ; -+ -+ xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ context = xmlSecNssKeyTransportGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyTransportGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inBuf = &( transform->inBuf ) ; -+ outBuf = &( transform->outBuf ) ; -+ -+ if( transform->status == xmlSecTransformStatusNone ) { -+ transform->status = xmlSecTransformStatusWorking ; -+ } -+ -+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -+ if( transform->status == xmlSecTransformStatusWorking ) { -+ if( context->material == NULL ) { -+ rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyTransportCtxInit" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( context->material == NULL && last != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "No enough data to intialize transform" ) ; -+ return(-1); -+ } -+ -+ if( context->material != NULL ) { -+ rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyTransportCtxUpdate" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( last ) { -+ rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyTransportCtxFinal" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ transform->status = xmlSecTransformStatusFinished ; -+ } -+ } else if( transform->status == xmlSecTransformStatusFinished ) { -+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ } else { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+ -+#ifndef XMLSEC_NO_RSA -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */ -+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssRsaOaepKlass = { -+#else -+static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameRsaOaep, /* const xmlChar* name; */ -+ xmlSecHrefRsaOaep, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformRsaPkcs1GetKlass: -+ * -+ * The RSA-PKCS1 key transport transform klass. -+ * -+ * Returns RSA-PKCS1 key transport transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformRsaPkcs1GetKlass(void) { -+ return(&xmlSecNssRsaPkcs1Klass); -+} -+ -+/** -+ * xmlSecNssTransformRsaOaepGetKlass: -+ * -+ * The RSA-PKCS1 key transport transform klass. -+ * -+ * Returns RSA-PKCS1 key transport transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformRsaOaepGetKlass(void) { -+ return(&xmlSecNssRsaOaepKlass); -+} -+ -+#endif /* XMLSEC_NO_RSA */ -+ ---- misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:40.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,1213 @@ --dummy -+/** -+ * -+ * XMLSec library -+ * -+ * AES Algorithm support -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright ................................. -+ */ -+#include "globals.h" -+ -+#include <stdlib.h> -+#include <stdio.h> -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+#include <hasht.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/ciphers.h> -+ -+#define XMLSEC_NSS_AES128_KEY_SIZE 16 -+#define XMLSEC_NSS_AES192_KEY_SIZE 24 -+#define XMLSEC_NSS_AES256_KEY_SIZE 32 -+#define XMLSEC_NSS_DES3_KEY_SIZE 24 -+#define XMLSEC_NSS_DES3_KEY_LENGTH 24 -+#define XMLSEC_NSS_DES3_IV_LENGTH 8 -+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 -+ -+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { -+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 -+}; -+ -+/********************************************************************* -+ * -+ * key wrap transforms -+ * -+ ********************************************************************/ -+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; -+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; -+ -+#define xmlSecNssKeyWrapSize \ -+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) -+ -+#define xmlSecNssKeyWrapGetCtx( transform ) \ -+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -+ -+struct _xmlSecNssKeyWrapCtx { -+ CK_MECHANISM_TYPE cipher ; -+ PK11SymKey* symkey ; -+ xmlSecKeyDataId keyId ; -+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ -+} ; -+ -+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); -+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); -+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, -+ xmlSecKeyReqPtr keyReq); -+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, -+ xmlSecKeyPtr key); -+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, -+ int last, -+ xmlSecTransformCtxPtr transformCtx); -+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); -+ -+static int -+xmlSecNssKeyWrapCheckId( -+ xmlSecTransformPtr transform -+) { -+ #ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(1); -+ } -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { -+ -+ return(1); -+ } -+ #endif /* XMLSEC_NO_AES */ -+ -+ return(0); -+} -+ -+static xmlSecSize -+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { -+#ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(XMLSEC_NSS_DES3_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_DES */ -+ -+#ifndef XMLSEC_NO_AES -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { -+ return(XMLSEC_NSS_AES128_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { -+ return(XMLSEC_NSS_AES192_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_AES */ -+ -+ if(1) -+ return(0); -+} -+ -+ -+static int -+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ int ret; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ #ifndef XMLSEC_NO_DES -+ if( transform->id == xmlSecNssTransformKWDes3Id ) { -+ context->cipher = CKM_DES3_CBC ; -+ context->keyId = xmlSecNssKeyDataDesId ; -+ } else -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( transform->id == xmlSecNssTransformKWAes128Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes192Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes256Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ #endif /* XMLSEC_NO_AES */ -+ -+ -+ if( 1 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = NULL ; -+ context->material = NULL ; -+ -+ return(0); -+} -+ -+static void -+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ -+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); -+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert( context != NULL ) ; -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ -+ if( context->material != NULL ) { -+ xmlSecBufferDestroy(context->material); -+ context->material = NULL ; -+ } -+} -+ -+static int -+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ xmlSecSize cipherSize = 0 ; -+ -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(keyReq != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ keyReq->keyId = context->keyId; -+ keyReq->keyType = xmlSecKeyDataTypeSymmetric; -+ if(transform->operation == xmlSecTransformOperationEncrypt) { -+ keyReq->keyUsage = xmlSecKeyUsageEncrypt; -+ } else { -+ keyReq->keyUsage = xmlSecKeyUsageDecrypt; -+ } -+ -+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecKeyDataPtr keyData = NULL ; -+ PK11SymKey* symkey = NULL ; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(key != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -+ -+ keyData = xmlSecKeyGetValue( key ) ; -+ if( keyData == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -+ "xmlSecKeyGetValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssSymKeyDataGetKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = symkey ; -+ -+ return(0) ; -+} -+ -+/** -+ * key wrap transform -+ */ -+static int -+xmlSecNssKeyWrapCtxInit( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecSize blockSize ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ if( ctx->material != NULL ) { -+ xmlSecBufferDestroy( ctx->material ) ; -+ ctx->material = NULL ; -+ } -+ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ ctx->material = xmlSecBufferCreate( blockSize ) ; -+ if( ctx->material == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* read raw key material into context */ -+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetData" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+/** -+ * key wrap transform update -+ */ -+static int -+xmlSecNssKeyWrapCtxUpdate( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { -+ xmlSecSize s; -+ xmlSecSize i; -+ xmlSecByte c; -+ -+ xmlSecAssert2(buf != NULL, -1); -+ -+ s = size / 2; -+ --size; -+ for(i = 0; i < s; ++i) { -+ c = buf[i]; -+ buf[i] = buf[size - i]; -+ buf[size - i] = c; -+ } -+ return(0); -+} -+ -+static xmlSecByte * -+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, -+ xmlSecByte *out, xmlSecSize outSize) -+{ -+ PK11Context *context = NULL; -+ SECStatus s; -+ xmlSecByte *digest = NULL; -+ unsigned int len; -+ -+ xmlSecAssert2(in != NULL, NULL); -+ xmlSecAssert2(out != NULL, NULL); -+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); -+ -+ /* Create a context for hashing (digesting) */ -+ context = PK11_CreateDigestContext(SEC_OID_SHA1); -+ if (context == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateDigestContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestBegin(context); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestBegin", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestOp(context, in, inSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestFinal(context, out, &len, outSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ xmlSecAssert2(len == SHA1_LENGTH, NULL); -+ -+ digest = out; -+ -+done: -+ if (context != NULL) { -+ PK11_DestroyContext(context, PR_TRUE); -+ } -+ return (digest); -+} -+ -+static int -+xmlSecNssKWDes3Encrypt( -+ PK11SymKey* symKey , -+ CK_MECHANISM_TYPE cipherMech , -+ const xmlSecByte* iv , -+ xmlSecSize ivSize , -+ const xmlSecByte* in , -+ xmlSecSize inSize , -+ xmlSecByte* out , -+ xmlSecSize outSize , -+ int enc -+) { -+ PK11Context* EncContext = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ int tmp1_outlen; -+ unsigned int tmp2_outlen; -+ int result_len = -1; -+ SECStatus rv; -+ -+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( symKey != NULL , -1 ) ; -+ xmlSecAssert2(iv != NULL, -1); -+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); -+ xmlSecAssert2(in != NULL, -1); -+ xmlSecAssert2(inSize > 0, -1); -+ xmlSecAssert2(out != NULL, -1); -+ xmlSecAssert2(outSize >= inSize, -1); -+ -+ /* Prepare IV */ -+ ivItem.data = ( unsigned char* )iv ; -+ ivItem.len = ivSize ; -+ -+ secParam = PK11_ParamFromIV(cipherMech, &ivItem); -+ if (secParam == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_ParamFromIV", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ EncContext = PK11_CreateContextBySymKey(cipherMech, -+ enc ? CKA_ENCRYPT : CKA_DECRYPT, -+ symKey, secParam); -+ if (EncContext == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateContextBySymKey", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ tmp1_outlen = tmp2_outlen = 0; -+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, -+ (unsigned char *)in, inSize); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CipherOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, -+ &tmp2_outlen, outSize-tmp1_outlen); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ result_len = tmp1_outlen + tmp2_outlen; -+ -+done: -+ if (secParam) { -+ SECITEM_FreeItem(secParam, PR_TRUE); -+ } -+ if (EncContext) { -+ PK11_DestroyContext(EncContext, PR_TRUE); -+ } -+ -+ return(result_len); -+} -+ -+static int -+xmlSecNssKeyWrapDesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ xmlSecByte sha1[SHA1_LENGTH]; -+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; -+ xmlSecByte* in; -+ xmlSecSize inSize; -+ xmlSecByte* out; -+ xmlSecSize outSize; -+ xmlSecSize s; -+ int ret; -+ SECStatus status; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ in = xmlSecBufferGetData(ctx->material); -+ inSize = xmlSecBufferGetSize(ctx->material) ; -+ out = xmlSecBufferGetData(result); -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( encrypt ) { -+ /* step 2: calculate sha1 and CMS */ -+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 3: construct WKCKS */ -+ memcpy(out, in, inSize); -+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); -+ -+ /* step 4: generate random iv */ -+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ if(status != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_GenerateRandom", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ return(-1); -+ } -+ -+ /* step 5: first encryption, result is TEMP1 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 6: construct TEMP2=IV || TEMP1 */ -+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, -+ inSize + XMLSEC_NSS_DES3_IV_LENGTH); -+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* step 7: reverse octets order, result is TEMP3 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 8: second encryption with static IV */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, s, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } else { -+ /* step 2: first decryption with static IV, result is TEMP3 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ in, inSize, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ out, XMLSEC_NSS_DES3_IV_LENGTH, -+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* steps 6 and 7: calculate SHA1 and validate it */ -+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ NULL, -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ "SHA1 does not match"); -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapAesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ PK11Context* cipherCtx = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ xmlSecSize inSize ; -+ xmlSecSize inBlocks ; -+ int blockSize ; -+ int midSize ; -+ int finSize ; -+ xmlSecByte* out ; -+ xmlSecSize outSize; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ /* Do not set any IV */ -+ memset(&ivItem, 0, sizeof(ivItem)); -+ -+ /* Get block size */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inSize = xmlSecBufferGetSize( ctx->material ) ; -+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Get Param for context initialization */ -+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_ParamFromIV" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; -+ if( cipherCtx == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CreateContextBySymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ return(-1); -+ } -+ -+ out = xmlSecBufferGetData(result) ; -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CipherOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_DigestFinal" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return 0 ; -+} -+ -+/** -+ * Block cipher transform final -+ */ -+static int -+xmlSecNssKeyWrapCtxFinal( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ PK11SymKey* targetKey ; -+ xmlSecSize blockSize ; -+ xmlSecBufferPtr result ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Now we get all of the key materail */ -+ /* from now on we will wrap or unwrap the key */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ result = xmlSecBufferCreate( blockSize ) ; -+ if( result == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ switch( ctx->cipher ) { -+ case CKM_DES3_CBC : -+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapDesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ -+ case CKM_AES_CBC : -+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapAesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ } -+ -+ /* Write output */ -+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ xmlSecBufferDestroy(result); -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecBufferPtr inBuf, outBuf ; -+ int operation ; -+ int rtv ; -+ -+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inBuf = &( transform->inBuf ) ; -+ outBuf = &( transform->outBuf ) ; -+ -+ if( transform->status == xmlSecTransformStatusNone ) { -+ transform->status = xmlSecTransformStatusWorking ; -+ } -+ -+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -+ if( transform->status == xmlSecTransformStatusWorking ) { -+ if( context->material == NULL ) { -+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxInit" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( context->material == NULL && last != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "No enough data to intialize transform" ) ; -+ return(-1); -+ } -+ -+ if( context->material != NULL ) { -+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxUpdate" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( last ) { -+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxFinal" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ transform->status = xmlSecTransformStatusFinished ; -+ } -+ } else if( transform->status == xmlSecTransformStatusFinished ) { -+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ } else { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+#ifndef XMLSEC_NO_AES -+ -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes128, /* const xmlChar* name; */ -+ xmlSecHrefKWAes128, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes192, /* const xmlChar* name; */ -+ xmlSecHrefKWAes192, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes256, /* const xmlChar* name; */ -+ xmlSecHrefKWAes256, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWAes128GetKlass: -+ * -+ * The AES-128 key wrapper transform klass. -+ * -+ * Returns AES-128 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes128GetKlass(void) { -+ return(&xmlSecNssKWAes128Klass); -+} -+ -+/** -+ * xmlSecNssTransformKWAes192GetKlass: -+ * -+ * The AES-192 key wrapper transform klass. -+ * -+ * Returns AES-192 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes192GetKlass(void) { -+ return(&xmlSecNssKWAes192Klass); -+} -+ -+/** -+ * -+ * The AES-256 key wrapper transform klass. -+ * -+ * Returns AES-256 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes256GetKlass(void) { -+ return(&xmlSecNssKWAes256Klass); -+} -+ -+#endif /* XMLSEC_NO_AES */ -+ -+ -+#ifndef XMLSEC_NO_DES -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWDes3, /* const xmlChar* name; */ -+ xmlSecHrefKWDes3, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWDes3GetKlass: -+ * -+ * The Triple DES key wrapper transform klass. -+ * -+ * Returns Triple DES key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWDes3GetKlass(void) { -+ return(&xmlSecNssKWDes3Klass); -+} -+ -+#endif /* XMLSEC_NO_DES */ -+ ---- misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100 -+++ misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2008-06-29 23:44:19.000000000 +0200 -@@ -5,6 +5,7 @@ - * distribution for preciese wording. - * - * Copyright (c) 2003 America Online, Inc. All rights reserved. -+ * Copyright ........................... - */ - #include "globals.h" - -@@ -24,6 +25,7 @@ - #include <xmlsec/nss/crypto.h> - #include <xmlsec/nss/bignum.h> - #include <xmlsec/nss/pkikeys.h> -+#include <xmlsec/nss/tokens.h> - - /************************************************************************** - * -@@ -98,14 +100,13 @@ - { - xmlSecAssert(ctx != NULL); - if (ctx->privkey != NULL) { -- SECKEY_DestroyPrivateKey(ctx->privkey); -- ctx->privkey = NULL; -+ SECKEY_DestroyPrivateKey(ctx->privkey); -+ ctx->privkey = NULL; - } - -- if (ctx->pubkey) -- { -- SECKEY_DestroyPublicKey(ctx->pubkey); -- ctx->pubkey = NULL; -+ if (ctx->pubkey) { -+ SECKEY_DestroyPublicKey(ctx->pubkey); -+ ctx->pubkey = NULL; - } - - } -@@ -115,29 +116,32 @@ - xmlSecNssPKIKeyDataCtxPtr ctxSrc) - { - xmlSecNSSPKIKeyDataCtxFree(ctxDst); -+ ctxDst->privkey = NULL ; -+ ctxDst->pubkey = NULL ; - if (ctxSrc->privkey != NULL) { -- ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); -- if(ctxDst->privkey == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "SECKEY_CopyPrivateKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -+ ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); -+ if(ctxDst->privkey == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "SECKEY_CopyPrivateKey", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code=%d", PORT_GetError()); -+ return(-1); -+ } - } - - if (ctxSrc->pubkey != NULL) { -- ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); -- if(ctxDst->pubkey == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "SECKEY_CopyPublicKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -+ ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); -+ if(ctxDst->pubkey == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "SECKEY_CopyPublicKey", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code=%d", PORT_GetError()); -+ return(-1); -+ } - } -+ - return (0); - } - -@@ -147,20 +151,41 @@ - SECKEYPublicKey *pubkey) - { - xmlSecNssPKIKeyDataCtxPtr ctx; -+ KeyType pubType = nullKey ; -+ KeyType priType = nullKey ; - - xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); - xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); - -+ if( privkey != NULL ) { -+ priType = SECKEY_GetPrivateKeyType( privkey ) ; -+ } -+ -+ if( pubkey != NULL ) { -+ pubType = SECKEY_GetPublicKeyType( pubkey ) ; -+ } -+ -+ if( priType != nullKey && pubType != nullKey ) { -+ if( pubType != priType ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "different type of private and public key" ) ; -+ return -1 ; -+ } -+ } -+ - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - - if (ctx->privkey) { -- SECKEY_DestroyPrivateKey(ctx->privkey); -+ SECKEY_DestroyPrivateKey(ctx->privkey); - } - ctx->privkey = privkey; - - if (ctx->pubkey) { -- SECKEY_DestroyPublicKey(ctx->pubkey); -+ SECKEY_DestroyPublicKey(ctx->pubkey); - } - ctx->pubkey = pubkey; - -@@ -183,61 +208,75 @@ - { - xmlSecKeyDataPtr data = NULL; - int ret; -- KeyType kt; -- -- if (pubkey != NULL) { -- kt = SECKEY_GetPublicKeyType(pubkey); -- } else { -- kt = SECKEY_GetPrivateKeyType(privkey); -- pubkey = SECKEY_ConvertToPublicKey(privkey); -- } -+ KeyType pubType = nullKey ; -+ KeyType priType = nullKey ; - -- switch(kt) { -+ if( privkey != NULL ) { -+ priType = SECKEY_GetPrivateKeyType( privkey ) ; -+ } -+ -+ if( pubkey != NULL ) { -+ pubType = SECKEY_GetPublicKeyType( pubkey ) ; -+ } -+ -+ if( priType != nullKey && pubType != nullKey ) { -+ if( pubType != priType ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "different type of private and public key" ) ; -+ return( NULL ) ; -+ } -+ } -+ -+ pubType = priType != nullKey ? priType : pubType ; -+ switch(pubType) { - #ifndef XMLSEC_NO_RSA - case rsaKey: -- data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); -- if(data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyDataCreate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "xmlSecNssKeyDataRsaId"); -- return(NULL); -- } -- break; -+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); -+ if(data == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecKeyDataCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "xmlSecNssKeyDataRsaId"); -+ return(NULL); -+ } -+ break; - #endif /* XMLSEC_NO_RSA */ - #ifndef XMLSEC_NO_DSA - case dsaKey: -- data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); -- if(data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyDataCreate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "xmlSecNssKeyDataDsaId"); -- return(NULL); -- } -- break; -+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); -+ if(data == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecKeyDataCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "xmlSecNssKeyDataDsaId"); -+ return(NULL); -+ } -+ break; - #endif /* XMLSEC_NO_DSA */ - default: -- xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, -- "PKI key type %d not supported", kt); -- return(NULL); -+ "PKI key type %d not supported", pubType); -+ return(NULL); - } - - xmlSecAssert2(data != NULL, NULL); - ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); - if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -- xmlSecKeyDataDestroy(data); -- return(NULL); -+ xmlSecKeyDataDestroy(data); -+ return(NULL); - } - return(data); - } -@@ -263,7 +302,7 @@ - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->pubkey != NULL, NULL); - -- ret = SECKEY_CopyPublicKey(ctx->pubkey); -+ ret = SECKEY_CopyPublicKey(ctx->pubkey); - return(ret); - } - -@@ -312,9 +351,9 @@ - xmlSecAssert2(ctx != NULL, nullKey); - - if (ctx->pubkey != NULL) { -- kt = SECKEY_GetPublicKeyType(ctx->pubkey); -+ kt = SECKEY_GetPublicKeyType(ctx->pubkey); - } else { -- kt = SECKEY_GetPrivateKeyType(ctx->privkey); -+ kt = SECKEY_GetPrivateKeyType(ctx->privkey); - } - return(kt); - } -@@ -453,7 +492,11 @@ - static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data, - FILE* output); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { -+#else - static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecNssPKIKeyDataSize, - -@@ -553,13 +596,13 @@ - goto done; - } - -- slot = PK11_GetBestSlot(CKM_DSA, NULL); -+ slot = xmlSecNssSlotGet(CKM_DSA); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -@@ -570,7 +613,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -@@ -582,7 +625,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - PORT_FreeArena(arena, PR_FALSE); - ret = -1; - goto done; -@@ -750,21 +793,21 @@ - goto done; - } - data = NULL; -- - ret = 0; - - done: - if (slot != NULL) { -- PK11_FreeSlot(slot); -+ PK11_FreeSlot(slot); - } -- if (ret != 0) { -- if (pubkey != NULL) { -- SECKEY_DestroyPublicKey(pubkey); -- } -- if (data != NULL) { -- xmlSecKeyDataDestroy(data); -- } -+ -+ if (pubkey != NULL) { -+ SECKEY_DestroyPublicKey(pubkey); -+ } -+ -+ if (data != NULL) { -+ xmlSecKeyDataDestroy(data); - } -+ - return(ret); - } - -@@ -783,7 +826,7 @@ - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { - /* we can have only private key or public key */ -@@ -905,7 +948,8 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", sizeBits); -+ "size=%d, error code=%d", sizeBits, PORT_GetError()); -+ ret = -1; - goto done; - } - -@@ -915,11 +959,12 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", sizeBits); -+ "size=%d, error code=%d", sizeBits, PORT_GetError()); -+ ret = -1; - goto done; - } - -- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); -+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, - &pubkey, PR_FALSE, PR_TRUE, NULL); -@@ -929,8 +974,9 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - -+ ret = -1; - goto done; - } - -@@ -943,29 +989,32 @@ - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } -- -+ privkey = NULL ; -+ pubkey = NULL ; - ret = 0; - - done: - if (slot != NULL) { -- PK11_FreeSlot(slot); -+ PK11_FreeSlot(slot); - } -+ - if (pqgParams != NULL) { -- PK11_PQG_DestroyParams(pqgParams); -+ PK11_PQG_DestroyParams(pqgParams); - } -+ - if (pqgVerify != NULL) { -- PK11_PQG_DestroyVerify(pqgVerify); -- } -- if (ret == 0) { -- return (0); -+ PK11_PQG_DestroyVerify(pqgVerify); - } -+ - if (pubkey != NULL) { -- SECKEY_DestroyPublicKey(pubkey); -+ SECKEY_DestroyPublicKey(pubkey); - } -+ - if (privkey != NULL) { -- SECKEY_DestroyPrivateKey(privkey); -+ SECKEY_DestroyPrivateKey(privkey); - } -- return(-1); -+ -+ return(ret); - } - - static xmlSecKeyDataType -@@ -975,11 +1024,11 @@ - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - if (ctx->privkey != NULL) { -- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); -- } else { -- return(xmlSecKeyDataTypePublic); -+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); -+ } else if( ctx->pubkey != NULL ) { -+ return(xmlSecKeyDataTypePublic); - } - - return(xmlSecKeyDataTypeUnknown); -@@ -992,7 +1041,7 @@ - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } -@@ -1084,7 +1133,11 @@ - static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data, - FILE* output); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { -+#else - static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecNssPKIKeyDataSize, - -@@ -1181,13 +1234,13 @@ - goto done; - } - -- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); -+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -@@ -1198,7 +1251,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -@@ -1210,7 +1263,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - PORT_FreeArena(arena, PR_FALSE); - ret = -1; - goto done; -@@ -1349,7 +1402,7 @@ - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { -@@ -1420,7 +1473,7 @@ - params.keySizeInBits = sizeBits; - params.pe = 65537; - -- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); -+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, - &pubkey, PR_FALSE, PR_TRUE, NULL); -@@ -1430,7 +1483,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - - goto done; - } -@@ -1472,7 +1525,7 @@ - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - if (ctx->privkey != NULL) { - return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else { -@@ -1490,7 +1543,7 @@ - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } ---- misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2008-06-29 23:44:19.000000000 +0200 -@@ -199,7 +199,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_NewContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - } else { -@@ -222,7 +222,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_CreateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - } -@@ -282,7 +282,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update, VFY_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - - if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -341,7 +341,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - } else { -@@ -351,7 +351,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - } -@@ -368,7 +368,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - } else { -@@ -378,7 +378,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - } -@@ -404,7 +404,7 @@ - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -459,7 +459,11 @@ - * - ***************************************************************************/ - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = { -+#else - static xmlSecTransformKlass xmlSecNssDsaSha1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssSignatureSize, /* xmlSecSize objSize */ -@@ -506,7 +510,11 @@ - * RSA-SHA1 signature transform - * - ***************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = { -+#else - static xmlSecTransformKlass xmlSecNssRsaSha1Klass = { -+#endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssSignatureSize, /* xmlSecSize objSize */ ---- misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2008-06-29 23:44:19.000000000 +0200 -@@ -15,178 +15,837 @@ - #include <stdio.h> - #include <string.h> - -+#include <pk11func.h> -+#include <nss.h> -+ - #include <xmlsec/xmlsec.h> - #include <xmlsec/xmltree.h> -+#include <xmlsec/base64.h> - #include <xmlsec/keys.h> - #include <xmlsec/keyinfo.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/ciphers.h> -+#include <xmlsec/nss/tokens.h> - - /***************************************************************************** - * -- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary -+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey - * - ****************************************************************************/ --static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); --static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, -- xmlSecKeyDataPtr src); --static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); --static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, -- xmlSecKeyPtr key, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, -- xmlSecKeyPtr key, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, -- xmlSecKeyPtr key, -- const xmlSecByte* buf, -- xmlSecSize bufSize, -- xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, -- xmlSecKeyPtr key, -- xmlSecByte** buf, -- xmlSecSize* bufSize, -- xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, -- xmlSecSize sizeBits, -- xmlSecKeyDataType type); -- --static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); --static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); --static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, -- FILE* output); --static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, -- FILE* output); --static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); -+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; -+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; -+ -+struct _xmlSecNssSymKeyDataCtx { -+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ -+ PK11SlotInfo* slot ; /* the key resident slot */ -+ PK11SymKey* symkey ; /* the symmetic key */ -+} ; -+ -+#define xmlSecNssSymKeyDataSize \ -+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) -+ -+#define xmlSecNssSymKeyDataGetCtx( data ) \ -+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) -+ -+ -+static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); -+static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, -+ xmlSecKeyDataPtr src); -+static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); -+static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, -+ xmlSecKeyPtr key, -+ xmlNodePtr node, -+ xmlSecKeyInfoCtxPtr keyInfoCtx); -+static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, -+ xmlSecKeyPtr key, -+ xmlNodePtr node, -+ xmlSecKeyInfoCtxPtr keyInfoCtx); -+static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, -+ xmlSecKeyPtr key, -+ const xmlSecByte* buf, -+ xmlSecSize bufSize, -+ xmlSecKeyInfoCtxPtr keyInfoCtx); -+static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, -+ xmlSecKeyPtr key, -+ xmlSecByte** buf, -+ xmlSecSize* bufSize, -+ xmlSecKeyInfoCtxPtr keyInfoCtx); -+static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, -+ xmlSecSize sizeBits, -+ xmlSecKeyDataType type); -+ -+static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); -+static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); -+static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, -+ FILE* output); -+static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, -+ FILE* output); -+static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); - - #define xmlSecNssSymKeyDataCheckId(data) \ - (xmlSecKeyDataIsValid((data)) && \ - xmlSecNssSymKeyDataKlassCheck((data)->id)) - -+/** -+ * xmlSecNssSymKeyDataAdoptKey: -+ * @data: the pointer to symmetric key data. -+ * @symkey: the symmetric key -+ * -+ * Set the value of symmetric key data. -+ * -+ * Returns 0 on success or a negative value if an error occurs. -+ */ -+int -+xmlSecNssSymKeyDataAdoptKey( -+ xmlSecKeyDataPtr data , -+ PK11SymKey* symkey -+) { -+ xmlSecNssSymKeyDataCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; -+ xmlSecAssert2( symkey != NULL, -1 ) ; -+ -+ context = xmlSecNssSymKeyDataGetCtx( data ) ; -+ xmlSecAssert2(context != NULL, -1); -+ -+ context->cipher = PK11_GetMechanism( symkey ) ; -+ -+ if( context->slot != NULL ) { -+ PK11_FreeSlot( context->slot ) ; -+ context->slot = NULL ; -+ } -+ context->slot = PK11_GetSlotFromKey( symkey ) ; -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ context->symkey = PK11_ReferenceSymKey( symkey ) ; -+ -+ return 0 ; -+} -+ -+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( -+ PK11SymKey* symKey -+) { -+ xmlSecKeyDataPtr data = NULL ; -+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; -+ -+ xmlSecAssert2( symKey != NULL , NULL ) ; -+ -+ mechanism = PK11_GetMechanism( symKey ) ; -+ switch( mechanism ) { -+ case CKM_DES3_KEY_GEN : -+ case CKM_DES3_CBC : -+ case CKM_DES3_MAC : -+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyDataCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "xmlSecNssKeyDataDesId" ) ; -+ return NULL ; -+ } -+ break ; -+ case CKM_AES_KEY_GEN : -+ case CKM_AES_CBC : -+ case CKM_AES_MAC : -+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyDataCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "xmlSecNssKeyDataDesId" ) ; -+ return NULL ; -+ } -+ break ; -+ default : -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "Unsupported mechanism" ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataAdoptKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyDataDestroy( data ) ; -+ return NULL ; -+ } -+ -+ return data ; -+} -+ -+ -+PK11SymKey* -+xmlSecNssSymKeyDataGetKey( -+ xmlSecKeyDataPtr data -+) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ PK11SymKey* symkey ; -+ -+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, NULL); -+ -+ if( ctx->symkey != NULL ) { -+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; -+ } else { -+ symkey = NULL ; -+ } -+ -+ return(symkey); -+} -+ - static int - xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); -- -- return(xmlSecKeyDataBinaryValueInitialize(data)); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); -+ -+ /* Set the block cipher mechanism */ -+#ifndef XMLSEC_NO_DES -+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { -+ ctx->cipher = CKM_DES3_KEY_GEN; -+ } else -+#endif /* XMLSEC_NO_DES */ -+ -+#ifndef XMLSEC_NO_AES -+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { -+ ctx->cipher = CKM_AES_KEY_GEN; -+ } else -+#endif /* XMLSEC_NO_AES */ -+ -+ if(1) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ "Unsupported block cipher" ) ; -+ return(-1) ; -+ } -+ -+ return(0); - } - - static int - xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { -+ xmlSecNssSymKeyDataCtxPtr ctxDst; -+ xmlSecNssSymKeyDataCtxPtr ctxSrc; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); - xmlSecAssert2(dst->id == src->id, -1); -- -- return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); -+ -+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst); -+ xmlSecAssert2(ctxDst != NULL, -1); -+ -+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src); -+ xmlSecAssert2(ctxSrc != NULL, -1); -+ -+ ctxDst->cipher = ctxSrc->cipher ; -+ -+ if( ctxSrc->slot != NULL ) { -+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { -+ PK11_FreeSlot( ctxDst->slot ) ; -+ ctxDst->slot = NULL ; -+ } -+ -+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) -+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; -+ } else { -+ if( ctxDst->slot != NULL ) { -+ PK11_FreeSlot( ctxDst->slot ) ; -+ ctxDst->slot = NULL ; -+ } -+ } -+ -+ if( ctxSrc->symkey != NULL ) { -+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { -+ PK11_FreeSymKey( ctxDst->symkey ) ; -+ ctxDst->symkey = NULL ; -+ } -+ -+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) -+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; -+ } else { -+ if( ctxDst->symkey != NULL ) { -+ PK11_FreeSymKey( ctxDst->symkey ) ; -+ ctxDst->symkey = NULL ; -+ } -+ } -+ -+ return(0); - } - - static void - xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); -- -- xmlSecKeyDataBinaryValueFinalize(data); -+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert(ctx != NULL); -+ -+ if( ctx->slot != NULL ) { -+ PK11_FreeSlot( ctx->slot ) ; -+ ctx->slot = NULL ; -+ } -+ -+ if( ctx->symkey != NULL ) { -+ PK11_FreeSymKey( ctx->symkey ) ; -+ ctx->symkey = NULL ; -+ } -+ -+ ctx->cipher = CKM_INVALID_MECHANISM ; - } - - static int - xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, -- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ PK11SymKey* symKey ; -+ PK11SlotInfo* slot ; -+ xmlSecBufferPtr keyBuf; -+ xmlSecSize len; -+ xmlSecKeyDataPtr data; -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ SECItem keyItem ; -+ int ret; -+ -+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(node != NULL, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Create a new KeyData from a id */ -+ data = xmlSecKeyDataCreate(id); -+ if(data == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ /* Create a buffer for raw symmetric key value */ -+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Read the raw key value */ -+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecBufferDestroy( keyBuf ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Get slot */ -+ slot = xmlSecNssSlotGet(ctx->cipher); -+ if( slot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssSlotGet" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecBufferDestroy( keyBuf ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Wrap the raw key value SECItem */ -+ keyItem.type = siBuffer ; -+ keyItem.data = xmlSecBufferGetData( keyBuf ) ; -+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ; -+ -+ /* Import the raw key into slot temporalily and get the key handler*/ -+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; -+ if( symKey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ImportSymKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ PK11_FreeSlot( slot ) ; -+ xmlSecBufferDestroy( keyBuf ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ PK11_FreeSlot( slot ) ; -+ -+ /* raw key material has been copied into symKey, it isn't used any more */ -+ xmlSecBufferDestroy( keyBuf ) ; - -- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); -+ /* Adopt the symmetric key into key data */ -+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataBinaryValueSetBuffer", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ /* symKey has been duplicated into data, it isn't used any more */ -+ PK11_FreeSymKey( symKey ) ; -+ -+ /* Check value */ -+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyReqMatchKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(0); -+ } -+ -+ ret = xmlSecKeySetValue(key, data); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeySetValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ -+ return(0); - } - - static int - xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, -- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ PK11SymKey* symKey ; -+ - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(node != NULL, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Get symmetric key from "key" */ -+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); -+ if( symKey != NULL ) { -+ SECItem* keyItem ; -+ xmlSecBufferPtr keyBuf ; -+ -+ /* Extract raw key data from symmetric key */ -+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ExtractKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Get raw key data from "symKey" */ -+ keyItem = PK11_GetKeyData( symKey ) ; -+ if(keyItem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_GetKeyData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Create key data buffer with raw kwy material */ -+ keyBuf = xmlSecBufferCreate(keyItem->len) ; -+ if(keyBuf == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; -+ -+ /* Write raw key material into current xml node */ -+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferBase64NodeContentWrite", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferDestroy(keyBuf); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ xmlSecBufferDestroy(keyBuf); -+ PK11_FreeSymKey( symKey ) ; -+ } - -- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); -+ return 0 ; - } - - static int - xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, -- const xmlSecByte* buf, xmlSecSize bufSize, -- xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ const xmlSecByte* buf, xmlSecSize bufSize, -+ xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ PK11SymKey* symKey ; -+ PK11SlotInfo* slot ; -+ xmlSecKeyDataPtr data; -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ SECItem keyItem ; -+ int ret; - -- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); -+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(buf != NULL, -1); -+ xmlSecAssert2(bufSize != 0, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Create a new KeyData from a id */ -+ data = xmlSecKeyDataCreate(id); -+ if(data == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ /* Get slot */ -+ slot = xmlSecNssSlotGet(ctx->cipher); -+ if( slot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssSlotGet" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Wrap the raw key value SECItem */ -+ keyItem.type = siBuffer ; -+ keyItem.data = buf ; -+ keyItem.len = bufSize ; -+ -+ /* Import the raw key into slot temporalily and get the key handler*/ -+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; -+ if( symKey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ImportSymKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Adopt the symmetric key into key data */ -+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataBinaryValueSetBuffer", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSymKey( symKey ) ; -+ PK11_FreeSlot( slot ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ /* symKey has been duplicated into data, it isn't used any more */ -+ PK11_FreeSymKey( symKey ) ; -+ PK11_FreeSlot( slot ) ; -+ -+ /* Check value */ -+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyReqMatchKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(0); -+ } -+ -+ ret = xmlSecKeySetValue(key, data); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeySetValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ -+ return(0); - } - - static int - xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, -- xmlSecByte** buf, xmlSecSize* bufSize, -- xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ xmlSecByte** buf, xmlSecSize* bufSize, -+ xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ PK11SymKey* symKey ; -+ - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(buf != NULL, -1); -+ xmlSecAssert2(bufSize != 0, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Get symmetric key from "key" */ -+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); -+ if( symKey != NULL ) { -+ SECItem* keyItem ; -+ -+ /* Extract raw key data from symmetric key */ -+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ExtractKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Get raw key data from "symKey" */ -+ keyItem = PK11_GetKeyData( symKey ) ; -+ if(keyItem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_GetKeyData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ *bufSize = keyItem->len; -+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); -+ if( *buf == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ NULL, -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ memcpy((*buf), keyItem->data, (*bufSize)); -+ PK11_FreeSymKey( symKey ) ; -+ } - -- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); -+ return 0 ; - } - - static int - xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { -- xmlSecBufferPtr buffer; -- -+ PK11SymKey* symkey ; -+ PK11SlotInfo* slot ; -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ int ret; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); - xmlSecAssert2(sizeBits > 0, -1); - -- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); -- xmlSecAssert2(buffer != NULL, -1); -- -- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ if( sizeBits % 8 != 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ NULL, -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "Symmetric key size must be octuple"); -+ return(-1); -+ } -+ -+ /* Get slot */ -+ slot = xmlSecNssSlotGet(ctx->cipher); -+ if( slot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecNssSlotGet" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_Authenticate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ return -1 ; -+ } -+ -+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; -+ if( symkey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_KeyGen" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ return -1 ; -+ } -+ -+ if( ctx->slot != NULL ) { -+ PK11_FreeSlot( ctx->slot ) ; -+ ctx->slot = NULL ; -+ } -+ ctx->slot = slot ; -+ -+ if( ctx->symkey != NULL ) { -+ PK11_FreeSymKey( ctx->symkey ) ; -+ ctx->symkey = NULL ; -+ } -+ ctx->symkey = symkey ; -+ -+ return 0 ; - } - - static xmlSecKeyDataType - xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { -- xmlSecBufferPtr buffer; -+ xmlSecNssSymKeyDataCtxPtr context = NULL ; -+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; - - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; - -- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); -- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); -+ context = xmlSecNssSymKeyDataGetCtx( data ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "xmlSecNssSymKeyDataGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return xmlSecKeyDataTypeUnknown ; -+ } -+ -+ if( context->symkey != NULL ) { -+ type |= xmlSecKeyDataTypeSymmetric ; -+ } else { -+ type |= xmlSecKeyDataTypeUnknown ; -+ } - -- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); -+ return type ; - } - - static xmlSecSize - xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr context ; -+ unsigned int length = 0 ; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); -- -- return(xmlSecKeyDataBinaryValueGetSize(data)); -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; -+ -+ context = xmlSecNssSymKeyDataGetCtx( data ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "xmlSecNssSymKeyDataGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return 0 ; -+ } -+ -+ if( context->symkey != NULL ) { -+ length = PK11_GetKeyLength( context->symkey ) ; -+ length *= 8 ; -+ } -+ -+ return length ; - } - - static void - xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -- xmlSecKeyDataBinaryValueDebugDump(data, output); -+ /* print only size, everything else is sensitive */ -+ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , -+ xmlSecKeyDataGetSize(data)) ; - } - - static void - xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); -+ /* print only size, everything else is sensitive */ -+ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , -+ xmlSecKeyDataGetSize(data)) ; - } - - static int - xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { - #ifndef XMLSEC_NO_DES - if(klass == xmlSecNssKeyDataDesId) { -- return(1); -+ return(1); - } - #endif /* XMLSEC_NO_DES */ - - #ifndef XMLSEC_NO_AES - if(klass == xmlSecNssKeyDataAesId) { -- return(1); -+ return(1); - } - #endif /* XMLSEC_NO_AES */ - - #ifndef XMLSEC_NO_HMAC - if(klass == xmlSecNssKeyDataHmacId) { -- return(1); -+ return(1); - } - #endif /* XMLSEC_NO_HMAC */ - -@@ -199,42 +858,46 @@ - * <xmlsec:AESKeyValue> processing - * - *************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { -+#else - static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), -- xmlSecKeyDataBinarySize, -+ xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameAESKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -- /* xmlSecKeyDataUsage usage; */ -- xmlSecHrefAESKeyValue, /* const xmlChar* href; */ -- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ -- xmlSecNs, /* const xmlChar* dataNodeNs; */ -+ /* xmlSecKeyDataUsage usage; */ -+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */ -+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ -+ xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ -+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ -+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ -+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ -+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ - }; - - /** -@@ -251,9 +914,9 @@ - - /** - * xmlSecNssKeyDataAesSet: -- * @data: the pointer to AES key data. -- * @buf: the pointer to key value. -- * @bufSize: the key value size (in bytes). -+ * @data: the pointer to AES key data. -+ * @buf: the pointer to key value. -+ * @bufSize: the key value size (in bytes). - * - * Sets the value of AES key data. - * -@@ -280,42 +943,46 @@ - * <xmlsec:DESKeyValue> processing - * - *************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { -+#else - static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), -- xmlSecKeyDataBinarySize, -+ xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameDESKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -- /* xmlSecKeyDataUsage usage; */ -- xmlSecHrefDESKeyValue, /* const xmlChar* href; */ -- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ -- xmlSecNs, /* const xmlChar* dataNodeNs; */ -+ /* xmlSecKeyDataUsage usage; */ -+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */ -+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ -+ xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ -+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ -+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ -+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ -+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ - }; - - /** -@@ -332,9 +999,9 @@ - - /** - * xmlSecNssKeyDataDesSet: -- * @data: the pointer to DES key data. -- * @buf: the pointer to key value. -- * @bufSize: the key value size (in bytes). -+ * @data: the pointer to DES key data. -+ * @buf: the pointer to key value. -+ * @bufSize: the key value size (in bytes). - * - * Sets the value of DES key data. - * -@@ -362,42 +1029,46 @@ - * <xmlsec:HMACKeyValue> processing - * - *************************************************************************/ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { -+#else - static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), -- xmlSecKeyDataBinarySize, -+ xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameHMACKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -- /* xmlSecKeyDataUsage usage; */ -- xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ -- xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ -- xmlSecNs, /* const xmlChar* dataNodeNs; */ -+ /* xmlSecKeyDataUsage usage; */ -+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ -+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ -+ xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ -+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ -+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ -+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ -+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ - }; - - /** -@@ -414,9 +1085,9 @@ - - /** - * xmlSecNssKeyDataHmacSet: -- * @data: the pointer to HMAC key data. -- * @buf: the pointer to key value. -- * @bufSize: the key value size (in bytes). -+ * @data: the pointer to HMAC key data. -+ * @buf: the pointer to key value. -+ * @bufSize: the key value size (in bytes). - * - * Sets the value of HMAC key data. - * ---- misc/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:40.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:19.000000000 +0200 -@@ -1 +1,548 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright.................................. -+ * -+ * Contributor(s): _____________________________ -+ * -+ */ -+ -+/** -+ * In order to ensure that particular crypto operation is performed on -+ * particular crypto device, a subclass of xmlSecList is used to store slot and -+ * mechanism information. -+ * -+ * In the list, a slot is bound with a mechanism. If the mechanism is available, -+ * this mechanism only can perform on the slot; otherwise, it can perform on -+ * every eligibl slot in the list. -+ * -+ * When try to find a slot for a particular mechanism, the slot bound with -+ * avaliable mechanism will be looked up firstly. -+ */ -+#include "globals.h" -+#include <string.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/errors.h> -+#include <xmlsec/list.h> -+ -+#include <xmlsec/nss/tokens.h> -+ -+int -+xmlSecNssKeySlotSetMechList( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE_PTR mechanismList -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( keySlot->mechanismList != CK_NULL_PTR ) { -+ xmlFree( keySlot->mechanismList ) ; -+ -+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( keySlot->mechanismList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ for( ; counter >= 0 ; counter -- ) -+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; -+ } -+ -+ return( 0 ); -+} -+ -+int -+xmlSecNssKeySlotEnableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) { -+ int counter ; -+ CK_MECHANISM_TYPE_PTR newList ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( mechanism != CKM_INVALID_MECHANISM ) { -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( newList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; -+ *( newList + counter ) = mechanism ; -+ for( counter -= 1 ; counter >= 0 ; counter -- ) -+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ; -+ -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = newList ; -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecNssKeySlotDisableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ if( *( keySlot->mechanismList + counter ) == mechanism ) { -+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; -+ } -+ -+ break ; -+ } -+ } -+ -+ return(0); -+} -+ -+CK_MECHANISM_TYPE_PTR -+xmlSecNssKeySlotGetMechList( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ if( keySlot != NULL ) -+ return keySlot->mechanismList ; -+ else -+ return NULL ; -+} -+ -+int -+xmlSecNssKeySlotSetSlot( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) { -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( slot != NULL && keySlot->slot != slot ) { -+ if( keySlot->slot != NULL ) -+ PK11_FreeSlot( keySlot->slot ) ; -+ -+ if( keySlot->mechanismList != NULL ) { -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = NULL ; -+ } -+ -+ keySlot->slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecNssKeySlotInitialize( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) { -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ; -+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; -+ -+ if( slot != NULL ) { -+ keySlot->slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ return(0); -+} -+ -+void -+xmlSecNssKeySlotFinalize( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ -+ if( keySlot->mechanismList != NULL ) { -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = NULL ; -+ } -+ -+ if( keySlot->slot != NULL ) { -+ PK11_FreeSlot( keySlot->slot ) ; -+ keySlot->slot = NULL ; -+ } -+ -+} -+ -+PK11SlotInfo* -+xmlSecNssKeySlotGetSlot( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ if( keySlot != NULL ) -+ return keySlot->slot ; -+ else -+ return NULL ; -+} -+ -+xmlSecNssKeySlotPtr -+xmlSecNssKeySlotCreate() { -+ xmlSecNssKeySlotPtr keySlot ; -+ -+ /* Allocates a new xmlSecNssKeySlot and fill the fields */ -+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; -+ -+ return( keySlot ) ; -+} -+ -+int -+xmlSecNssKeySlotCopy( -+ xmlSecNssKeySlotPtr newKeySlot , -+ xmlSecNssKeySlotPtr keySlot -+) { -+ CK_MECHANISM_TYPE_PTR mech ; -+ int counter ; -+ -+ xmlSecAssert2( newKeySlot != NULL , -1 ) ; -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { -+ if( newKeySlot->slot != NULL ) -+ PK11_FreeSlot( newKeySlot->slot ) ; -+ -+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; -+ } -+ -+ if( keySlot->mechanismList != CK_NULL_PTR ) { -+ xmlFree( newKeySlot->mechanismList ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( newKeySlot->mechanismList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ for( ; counter >= 0 ; counter -- ) -+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; -+ } -+ -+ return( 0 ); -+} -+ -+xmlSecNssKeySlotPtr -+xmlSecNssKeySlotDuplicate( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecNssKeySlotPtr newKeySlot ; -+ int ret ; -+ -+ xmlSecAssert2( keySlot != NULL , NULL ) ; -+ -+ newKeySlot = xmlSecNssKeySlotCreate() ; -+ if( newKeySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ -+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ -+ return( newKeySlot ); -+} -+ -+void -+xmlSecNssKeySlotDestroy( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ -+ if( keySlot->mechanismList != NULL ) -+ xmlFree( keySlot->mechanismList ) ; -+ -+ if( keySlot->slot != NULL ) -+ PK11_FreeSlot( keySlot->slot ) ; -+ -+ xmlFree( keySlot ) ; -+} -+ -+int -+xmlSecNssKeySlotBindMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , 0 ) ; -+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ if( *( keySlot->mechanismList + counter ) == type ) -+ return(1) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecNssKeySlotSupportMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) { -+ xmlSecAssert2( keySlot != NULL , 0 ) ; -+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -+ -+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { -+ return(1); -+ } else -+ return(0); -+} -+ -+void -+xmlSecNssKeySlotDebugDump( -+ xmlSecNssKeySlotPtr keySlot , -+ FILE* output -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ xmlSecAssert( output != NULL ) ; -+ -+ fprintf( output, "== KEY SLOT\n" ); -+} -+ -+void -+xmlSecNssKeySlotDebugXmlDump( -+ xmlSecNssKeySlotPtr keySlot , -+ FILE* output -+) { -+} -+ -+/** -+ * Key Slot List -+ */ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -+#else -+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -+#endif -+ BAD_CAST "mechanism-list", -+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, -+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, -+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, -+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, -+}; -+ -+xmlSecPtrListId -+xmlSecNssKeySlotListGetKlass(void) { -+ return(&xmlSecNssKeySlotPtrListKlass); -+} -+ -+ -+/*- -+ * Global PKCS#11 crypto token repository -- Key slot list -+ */ -+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; -+ -+PK11SlotInfo* -+xmlSecNssSlotGet( -+ CK_MECHANISM_TYPE type -+) { -+ PK11SlotInfo* slot = NULL ; -+ xmlSecNssKeySlotPtr keySlot ; -+ xmlSecSize ksSize ; -+ xmlSecSize ksPos ; -+ char flag ; -+ -+ if( _xmlSecNssKeySlotList == NULL ) { -+ slot = PK11_GetBestSlot( type , NULL ) ; -+ } else { -+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -+ -+ /*- -+ * Firstly, checking whether the mechanism is bound with a special slot. -+ * If no bound slot, we try to find the first eligible slot in the list. -+ */ -+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ flag = 2 ; -+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ flag = 1 ; -+ } -+ -+ if( flag == 2 ) -+ break ; -+ } -+ if( slot != NULL ) -+ slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ if( slot != NULL && PK11_NeedLogin( slot ) ) { -+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ return( NULL ); -+ } -+ } -+ -+ return slot ; -+} -+ -+int -+xmlSecNssSlotInitialize( -+ void -+) { -+ if( _xmlSecNssKeySlotList != NULL ) { -+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -+ _xmlSecNssKeySlotList = NULL ; -+ } -+ -+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; -+ if( _xmlSecNssKeySlotList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ -+ return(0); -+} -+ -+void -+xmlSecNssSlotShutdown( -+ void -+) { -+ if( _xmlSecNssKeySlotList != NULL ) { -+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -+ _xmlSecNssKeySlotList = NULL ; -+ } -+} -+ -+int -+xmlSecNssSlotAdopt( -+ PK11SlotInfo* slot, -+ CK_MECHANISM_TYPE type -+) { -+ xmlSecNssKeySlotPtr keySlot ; -+ xmlSecSize ksSize ; -+ xmlSecSize ksPos ; -+ char flag ; -+ -+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; -+ xmlSecAssert2( slot != NULL, -1 ) ; -+ -+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -+ -+ /*- -+ * Firstly, checking whether the slot is in the repository already. -+ */ -+ flag = 0 ; -+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -+ /* If find the slot in the list */ -+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { -+ /* If mechnism type is valid, bind the slot with the mechanism */ -+ if( type != CKM_INVALID_MECHANISM ) { -+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ flag = 1 ; -+ } -+ } -+ -+ /* If the slot do not in the list, add a new item to the list */ -+ if( flag == 0 ) { -+ /* Create a new KeySlot */ -+ keySlot = xmlSecNssKeySlotCreate() ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Initialize the keySlot with a slot */ -+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ -+ /* If mechnism type is valid, bind the slot with the mechanism */ -+ if( type != CKM_INVALID_MECHANISM ) { -+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ } -+ -+ /* Add keySlot into the list */ -+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ } -+ -+ return(0); -+} -+ ---- misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/x509.c 2008-06-29 23:44:19.000000000 +0200 -@@ -34,7 +34,6 @@ - #include <xmlsec/keys.h> - #include <xmlsec/keyinfo.h> - #include <xmlsec/keysmngr.h> --#include <xmlsec/x509.h> - #include <xmlsec/base64.h> - #include <xmlsec/errors.h> - -@@ -61,37 +60,21 @@ - static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, - xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx); -- - static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf, - xmlSecSize size); - static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf); -@@ -104,9 +87,6 @@ - xmlSecKeyInfoCtxPtr keyInfoCtx); - static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, - int base64LineWrap); --static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); --static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); --static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); - static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, - FILE* output); - static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, -@@ -254,7 +234,11 @@ - - - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { -+#else - static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { -+#endif - sizeof(xmlSecKeyDataKlass), - xmlSecNssX509DataSize, - -@@ -378,7 +362,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - } -@@ -389,7 +373,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - ctx->numCerts++; -@@ -588,7 +572,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -627,7 +611,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "SEC_DupCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -@@ -652,7 +636,7 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); -@@ -752,31 +736,22 @@ - xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataPtr data; -+ xmlNodePtr cur; -+ xmlChar* buf; - CERTCertificate* cert; - CERTSignedCrl* crl; - xmlSecSize size, pos; -- int content = 0; -- int ret; - - xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - -- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); -- if (content < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecX509DataGetNodeContent", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "content=%d", content); -- return(-1); -- } else if(content == 0) { -- /* by default we are writing certificates and crls */ -- content = XMLSEC_X509DATA_DEFAULT; -+ /* todo: flag in ctx remove all existing content */ -+ if(0) { -+ xmlNodeSetContent(node, NULL); - } - -- /* get x509 data */ - data = xmlSecKeyGetData(key, id); - if(data == NULL) { - /* no x509 data in the key */ -@@ -795,80 +770,75 @@ - "pos=%d", pos); - return(-1); - } -- -- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { -- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509CertificateNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -+ -+ /* set base64 lines size from context */ -+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); -+ if(buf == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssX509CertBase64DerWrite", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); - } -- -- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { -- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509SubjectNameNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -+ -+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); -+ if(cur == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -+ xmlFree(buf); -+ return(-1); - } -+ /* todo: add \n around base64 data - from context */ -+ /* todo: add errors check */ -+ xmlNodeSetContent(cur, xmlSecStringCR); -+ xmlNodeSetContent(cur, buf); -+ xmlFree(buf); -+ } - -- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { -- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509IssuerSerialNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- } -+ /* write crls */ -+ size = xmlSecNssKeyDataX509GetCrlsSize(data); -+ for(pos = 0; pos < size; ++pos) { -+ crl = xmlSecNssKeyDataX509GetCrl(data, pos); -+ if(crl == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssKeyDataX509GetCrl", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "pos=%d", pos); -+ return(-1); -+ } - -- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { -- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509SKINodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- } -- } -+ /* set base64 lines size from context */ -+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); -+ if(buf == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssX509CrlBase64DerWrite", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } - -- /* write crls if needed */ -- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { -- size = xmlSecNssKeyDataX509GetCrlsSize(data); -- for(pos = 0; pos < size; ++pos) { -- crl = xmlSecNssKeyDataX509GetCrl(data, pos); -- if(crl == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssKeyDataX509GetCrl", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- -- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509CRLNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- } -+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); -+ if(cur == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "new_node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeX509CRL)); -+ xmlFree(buf); -+ return(-1); -+ } -+ /* todo: add \n around base64 data - from context */ -+ /* todo: add errors check */ -+ xmlNodeSetContent(cur, xmlSecStringCR); -+ xmlNodeSetContent(cur, buf); - } - - return(0); -@@ -1015,19 +985,13 @@ - xmlSecAssert2(keyInfoCtx != NULL, -1); - - content = xmlNodeGetContent(node); -- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { -- if(content != NULL) { -- xmlFree(content); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- return(0); -+ if(content == NULL){ -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); - } - - cert = xmlSecNssX509CertBase64DerRead(content); -@@ -1057,46 +1021,6 @@ - return(0); - } - --static int --xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlChar* buf; -- xmlNodePtr cur; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- xmlSecAssert2(keyInfoCtx != NULL, -1); -- -- /* set base64 lines size from context */ -- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CertBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -- xmlFree(buf); -- return(-1); -- } -- -- /* todo: add \n around base64 data - from context */ -- /* todo: add errors check */ -- xmlNodeSetContent(cur, xmlSecStringCR); -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- return(0); --} -- - static int - xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; -@@ -1120,19 +1044,13 @@ - } - - subject = xmlNodeGetContent(node); -- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { -- if(subject != NULL) { -- xmlFree(subject); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- return(0); -+ if(subject == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); -@@ -1167,40 +1085,6 @@ - return(0); - } - --static int --xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlChar* buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- buf = xmlSecNssX509NameWrite(&(cert->subject)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->subject))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); -- xmlFree(buf); -- return(-1); -- } -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- return(0); --} -- - static int - xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; -@@ -1226,21 +1110,9 @@ - } - - cur = xmlSecGetNextElementNode(node->children); -- if(cur == NULL) { -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -- XMLSEC_ERRORS_R_NODE_NOT_FOUND, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); -- return(-1); -- } -- return(0); -- } -- -+ - /* the first is required node X509IssuerName */ -- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { -+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -@@ -1332,78 +1204,6 @@ - return(0); - } - --static int --xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlNodePtr cur; -- xmlNodePtr issuerNameNode; -- xmlNodePtr issuerNumberNode; -- xmlChar* buf; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- /* create xml nodes */ -- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); -- return(-1); -- } -- -- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); -- if(issuerNameNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); -- return(-1); -- } -- -- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); -- if(issuerNumberNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); -- return(-1); -- } -- -- /* write data */ -- buf = xmlSecNssX509NameWrite(&(cert->issuer)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->issuer))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlNodeSetContent(issuerNameNode, buf); -- xmlFree(buf); -- -- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlNodeSetContent(issuerNumberNode, buf); -- xmlFree(buf); -- -- return(0); --} -- - static int - xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; -@@ -1427,20 +1227,14 @@ - } - - ski = xmlNodeGetContent(node); -- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { -- if(ski != NULL) { -- xmlFree(ski); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -- return(-1); -- } -- return(0); -+ if(ski == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -+ return(-1); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); -@@ -1475,41 +1269,6 @@ - return(0); - } - --static int --xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlChar *buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- buf = xmlSecNssX509SKIWrite(cert); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509SKIWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -- xmlFree(buf); -- return(-1); -- } -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- -- return(0); --} -- - static int - xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar *content; -@@ -1520,19 +1279,13 @@ - xmlSecAssert2(keyInfoCtx != NULL, -1); - - content = xmlNodeGetContent(node); -- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { -- if(content != NULL) { -- xmlFree(content); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- return(0); -+ if(content == NULL){ -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); - } - - crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); -@@ -1552,47 +1305,6 @@ - } - - static int --xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlChar* buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(crl != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- xmlSecAssert2(keyInfoCtx != NULL, -1); -- -- /* set base64 lines size from context */ -- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CrlBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); -- xmlFree(buf); -- return(-1); -- } -- /* todo: add \n around base64 data - from context */ -- /* todo: add errors check */ -- xmlNodeSetContent(cur, xmlSecStringCR); -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- -- return(0); --} -- -- --static int - xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecNssX509DataCtxPtr ctx; -@@ -1600,6 +1312,10 @@ - int ret; - SECStatus status; - PRTime notBefore, notAfter; -+ -+ PK11SlotInfo* slot ; -+ SECKEYPublicKey *pubKey = NULL; -+ SECKEYPrivateKey *priKey = NULL; - - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); - xmlSecAssert2(key != NULL, -1); -@@ -1632,10 +1348,13 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - -+ /*- -+ * Get Public key from cert, which does not always work for sign action. -+ * - keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -1645,6 +1364,54 @@ - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -+ */ -+ -+ /*- -+ * I'll search key according to KeyReq. -+ */ -+ slot = cert->slot ; -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_FindPrivateKeyFromCert" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "CERT_ExtractPublicKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ if( priKey != NULL ) -+ SECKEY_DestroyPrivateKey( priKey ) ; -+ return -1 ; -+ } -+ } -+ -+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); -+ if( keyValue == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ if( priKey != NULL ) -+ SECKEY_DestroyPrivateKey( priKey ) ; -+ -+ if( pubKey != NULL ) -+ SECKEY_DestroyPublicKey( pubKey ) ; -+ -+ return -1 ; -+ } -+ /* Modify keyValue get Done */ - - /* verify that the key matches our expectations */ - if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { -@@ -1725,14 +1492,6 @@ - return(0); - } - --/** -- * xmlSecNssX509CertGetKey: -- * @cert: the certificate. -- * -- * Extracts public key from the @cert. -- * -- * Returns public key value or NULL if an error occurs. -- */ - xmlSecKeyDataPtr - xmlSecNssX509CertGetKey(CERTCertificate* cert) { - xmlSecKeyDataPtr data; -@@ -1746,7 +1505,7 @@ - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(NULL); - } - -@@ -1804,7 +1563,7 @@ - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(NULL); - } - -@@ -1827,7 +1586,7 @@ - NULL, - "cert->derCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(NULL); - } - -@@ -1890,7 +1649,7 @@ - NULL, - "PK11_GetInternalKeySlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return NULL; - } - -@@ -1905,7 +1664,7 @@ - NULL, - "PK11_ImportCRL", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - PK11_FreeSlot(slot); - return(NULL); - } -@@ -1929,7 +1688,7 @@ - NULL, - "crl->derCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(NULL); - } - -@@ -1946,86 +1705,6 @@ - return(res); - } - --static xmlChar* --xmlSecNssX509NameWrite(CERTName* nm) { -- xmlChar *res = NULL; -- char *str; -- -- xmlSecAssert2(nm != NULL, NULL); -- -- str = CERT_NameToAscii(nm); -- if (str == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_NameToAscii", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(NULL); -- } -- -- res = xmlStrdup(BAD_CAST str); -- if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlStrdup", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- PORT_Free(str); -- return(NULL); -- } -- PORT_Free(str); -- return(res); --} -- --static xmlChar* --xmlSecNssASN1IntegerWrite(SECItem *num) { -- xmlChar *res = NULL; -- -- xmlSecAssert2(num != NULL, NULL); -- -- /* TODO : to be implemented after -- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed -- */ -- return(res); --} -- --static xmlChar* --xmlSecNssX509SKIWrite(CERTCertificate* cert) { -- xmlChar *res = NULL; -- SECItem ski; -- SECStatus rv; -- -- xmlSecAssert2(cert != NULL, NULL); -- -- memset(&ski, 0, sizeof(ski)); -- -- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); -- if (rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_FindSubjectKeyIDExtension", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); -- } -- -- res = xmlSecBase64Encode(ski.data, ski.len, 0); -- if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBase64Encode", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); -- } -- SECITEM_FreeItem(&ski, PR_FALSE); -- -- return(res); --} -- -- - static void - xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { - SECItem *sn; -@@ -2084,7 +1763,11 @@ - xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx); - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { -+#else - static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { -+#endif - sizeof(xmlSecKeyDataKlass), - sizeof(xmlSecKeyData), - ---- misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2008-06-29 23:44:19.000000000 +0200 -@@ -30,6 +30,7 @@ - #include <xmlsec/keyinfo.h> - #include <xmlsec/keysmngr.h> - #include <xmlsec/base64.h> -+#include <xmlsec/bn.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -@@ -43,8 +44,8 @@ - typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, - *xmlSecNssX509StoreCtxPtr; - struct _xmlSecNssX509StoreCtx { -- CERTCertList* certsList; /* just keeping a reference to destroy later */ --}; -+ CERTCertList* certsList; /* just keeping a reference to destroy later */ -+}; - - /**************************************************************************** - * -@@ -54,45 +55,40 @@ - * - ***************************************************************************/ - #define xmlSecNssX509StoreGetCtx(store) \ -- ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ -- sizeof(xmlSecKeyDataStoreKlass))) -+ ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ -+ sizeof(xmlSecKeyDataStoreKlass))) - #define xmlSecNssX509StoreSize \ -- (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) -+ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) - - static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); - static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); --static int xmlSecNssX509NameStringRead (xmlSecByte **str, -- int *strLen, -- xmlSecByte *res, -- int resLen, -- xmlSecByte delim, -- int ingoreTrailingSpaces); --static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, -- int len); -- --static void xmlSecNssNumToItem(SECItem *it, unsigned long num); - -+static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; - -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { -+#else - static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { -- sizeof(xmlSecKeyDataStoreKlass), -- xmlSecNssX509StoreSize, -- -- /* data */ -- xmlSecNameX509Store, /* const xmlChar* name; */ -- -- /* constructors/destructor */ -- xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ -- xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ -- -- /* reserved for the future */ -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ -+#endif -+ sizeof(xmlSecKeyDataStoreKlass), -+ xmlSecNssX509StoreSize, -+ -+ /* data */ -+ xmlSecNameX509Store, /* const xmlChar* name; */ -+ -+ /* constructors/destructor */ -+ xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ -+ xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ -+ -+ /* reserved for the future */ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ - }; - - static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, -- xmlChar *issuerName, -- xmlChar *issuerSerial, -- xmlChar *ski); -+ xmlChar *issuerName, -+ xmlChar *issuerSerial, -+ xmlChar *ski); - - - /** -@@ -104,7 +100,7 @@ - */ - xmlSecKeyDataStoreId - xmlSecNssX509StoreGetKlass(void) { -- return(&xmlSecNssX509StoreKlass); -+ return(&xmlSecNssX509StoreKlass); - } - - /** -@@ -125,15 +121,15 @@ - xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, - xmlChar *issuerName, xmlChar *issuerSerial, - xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { -- xmlSecNssX509StoreCtxPtr ctx; -- -- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -- xmlSecAssert2(keyInfoCtx != NULL, NULL); -+ xmlSecNssX509StoreCtxPtr ctx; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -+ xmlSecAssert2(keyInfoCtx != NULL, NULL); - -- ctx = xmlSecNssX509StoreGetCtx(store); -- xmlSecAssert2(ctx != NULL, NULL); -+ ctx = xmlSecNssX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, NULL); - -- return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); -+ return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); - } - - /** -@@ -148,116 +144,130 @@ - */ - CERTCertificate * - xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, -- xmlSecKeyInfoCtx* keyInfoCtx) { -- xmlSecNssX509StoreCtxPtr ctx; -- CERTCertListNode* head; -- CERTCertificate* cert = NULL; -- CERTCertListNode* head1; -- CERTCertificate* cert1 = NULL; -- SECStatus status = SECFailure; -- int64 timeboundary; -- int64 tmp1, tmp2; -- -- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -- xmlSecAssert2(certs != NULL, NULL); -- xmlSecAssert2(keyInfoCtx != NULL, NULL); -- -- ctx = xmlSecNssX509StoreGetCtx(store); -- xmlSecAssert2(ctx != NULL, NULL); -- -- for (head = CERT_LIST_HEAD(certs); -- !CERT_LIST_END(head, certs); -- head = CERT_LIST_NEXT(head)) { -- cert = head->cert; -+ xmlSecKeyInfoCtx* keyInfoCtx) { -+ xmlSecNssX509StoreCtxPtr ctx; -+ CERTCertListNode* head; -+ CERTCertificate* cert = NULL; -+ CERTCertListNode* head1; -+ CERTCertificate* cert1 = NULL; -+ SECStatus status = SECFailure; -+ int64 timeboundary; -+ int64 tmp1, tmp2; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -+ xmlSecAssert2(certs != NULL, NULL); -+ xmlSecAssert2(keyInfoCtx != NULL, NULL); -+ -+ ctx = xmlSecNssX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, NULL); -+ -+ for (head = CERT_LIST_HEAD(certs); -+ !CERT_LIST_END(head, certs); -+ head = CERT_LIST_NEXT(head)) { -+ cert = head->cert; - if(keyInfoCtx->certsVerificationTime > 0) { -- /* convert the time since epoch in seconds to microseconds */ -- LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); -- tmp1 = (int64)PR_USEC_PER_SEC; -- tmp2 = timeboundary; -- LL_MUL(timeboundary, tmp1, tmp2); -+ /* convert the time since epoch in seconds to microseconds */ -+ LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); -+ tmp1 = (int64)PR_USEC_PER_SEC; -+ tmp2 = timeboundary; -+ LL_MUL(timeboundary, tmp1, tmp2); - } else { -- timeboundary = PR_Now(); -+ timeboundary = PR_Now(); - } - - /* if cert is the issuer of any other cert in the list, then it is - * to be skipped */ - for (head1 = CERT_LIST_HEAD(certs); -- !CERT_LIST_END(head1, certs); -- head1 = CERT_LIST_NEXT(head1)) { -+ !CERT_LIST_END(head1, certs); -+ head1 = CERT_LIST_NEXT(head1)) { - -- cert1 = head1->cert; -- if (cert1 == cert) { -+ cert1 = head1->cert; -+ if (cert1 == cert) { - continue; -- } -+ } - -- if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) -- == SECEqual) { -+ if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) -+ == SECEqual) { - break; -- } -+ } - } - - if (!CERT_LIST_END(head1, certs)) { -- continue; -+ continue; - } -- -- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), -- cert, PR_FALSE, -- (SECCertificateUsage)0, -- timeboundary , NULL, NULL, NULL); -- if (status == SECSuccess) { -- break; -+ /* JL: OpenOffice.org implements its own certificate verification routine. -+ The goal is to seperate validation of the signature -+ and the certificate. For example, OOo could show that the document signature is valid, -+ but the certificate could not be verified. If we do not prevent the verification of -+ the certificate by libxmlsec and the verification fails, then the XML signature may not be -+ verified. This would happen, for example, if the root certificate is not installed. -+ -+ In the store schould only be the certificate from the X509Certificate element -+ and the X509IssuerSerial element. The latter is only there -+ if the certificate is installed. Both certificates must be the same! -+ In case of writing the signature, the store contains only the certificate that -+ was created based on the information from the X509IssuerSerial element. */ -+ status = SECSuccess; -+ break; -+/* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), -+ cert, PR_FALSE, -+ (SECCertificateUsage)0, -+ timeboundary , NULL, NULL, NULL); -+ if (status == SECSuccess) { -+ break; -+ } */ - } -- } - -- if (status == SECSuccess) { -+ if (status == SECSuccess) { - return (cert); -- } -- -- switch(PORT_GetError()) { -+ } -+ -+ switch(PORT_GetError()) { - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_UNKNOWN_SIGNER: -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -- NULL, -- XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, -- "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", -- cert->subjectName); -- break; -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ NULL, -+ XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, -+ "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", -+ cert->subjectName); -+ break; - case SEC_ERROR_EXPIRED_CERTIFICATE: -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -- NULL, -- XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, -- "cert with subject name %s has expired", -- cert->subjectName); -- break; -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ NULL, -+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, -+ "cert with subject name %s has expired", -+ cert->subjectName); -+ break; - case SEC_ERROR_REVOKED_CERTIFICATE: -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -- NULL, -- XMLSEC_ERRORS_R_CERT_REVOKED, -- "cert with subject name %s has been revoked", -- cert->subjectName); -- break; -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ NULL, -+ XMLSEC_ERRORS_R_CERT_REVOKED, -+ "cert with subject name %s has been revoked", -+ cert->subjectName); -+ break; - default: -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -- NULL, -- XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, -- "cert with subject name %s could not be verified", -- cert->subjectName); -- break; -- } -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ NULL, -+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, -+ "cert with subject name %s could not be verified, errcode %d", -+ cert->subjectName, -+ PORT_GetError()); -+ break; -+ } - -- return (NULL); -+ return (NULL); - } - - /** - * xmlSecNssX509StoreAdoptCert: -- * @store: the pointer to X509 key data store klass. -- * @cert: the pointer to NSS X509 certificate. -- * @type: the certificate type (trusted/untrusted). -+ * @store: the pointer to X509 key data store klass. -+ * @cert: the pointer to NSS X509 certificate. -+ * @type: the certificate type (trusted/untrusted). - * - * Adds trusted (root) or untrusted certificate to the store. - * -@@ -265,67 +275,67 @@ - */ - int - xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { -- xmlSecNssX509StoreCtxPtr ctx; -- int ret; -+ xmlSecNssX509StoreCtxPtr ctx; -+ int ret; - -- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); -- xmlSecAssert2(cert != NULL, -1); -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); -+ xmlSecAssert2(cert != NULL, -1); - -- ctx = xmlSecNssX509StoreGetCtx(store); -- xmlSecAssert2(ctx != NULL, -1); -+ ctx = xmlSecNssX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); - -- if(ctx->certsList == NULL) { -- ctx->certsList = CERT_NewCertList(); -- if(ctx->certsList == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -- "CERT_NewCertList", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- } -- -- ret = CERT_AddCertToListTail(ctx->certsList, cert); -- if(ret != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -- "CERT_AddCertToListTail", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -+ if(ctx->certsList == NULL) { -+ ctx->certsList = CERT_NewCertList(); -+ if(ctx->certsList == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CERT_NewCertList", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code=%d", PORT_GetError()); -+ return(-1); -+ } -+ } - -- return(0); -+ ret = CERT_AddCertToListTail(ctx->certsList, cert); -+ if(ret != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CERT_AddCertToListTail", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code=%d", PORT_GetError()); -+ return(-1); -+ } -+ -+ return(0); - } - - static int - xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { -- xmlSecNssX509StoreCtxPtr ctx; -- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); -+ xmlSecNssX509StoreCtxPtr ctx; -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); - -- ctx = xmlSecNssX509StoreGetCtx(store); -- xmlSecAssert2(ctx != NULL, -1); -+ ctx = xmlSecNssX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); - -- memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); -+ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); - -- return(0); -+ return(0); - } - - static void - xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { -- xmlSecNssX509StoreCtxPtr ctx; -- xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); -+ xmlSecNssX509StoreCtxPtr ctx; -+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); - -- ctx = xmlSecNssX509StoreGetCtx(store); -- xmlSecAssert(ctx != NULL); -- -- if (ctx->certsList) { -+ ctx = xmlSecNssX509StoreGetCtx(store); -+ xmlSecAssert(ctx != NULL); -+ -+ if (ctx->certsList) { - CERT_DestroyCertList(ctx->certsList); - ctx->certsList = NULL; -- } -+ } - -- memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); -+ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); - } - - -@@ -340,376 +350,213 @@ - */ - static CERTCertificate* - xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, -- xmlChar *issuerSerial, xmlChar *ski) { -- CERTCertificate *cert = NULL; -- xmlChar *p = NULL; -- CERTName *name = NULL; -- SECItem *nameitem = NULL; -- PRArenaPool *arena = NULL; -- -- if (subjectName != NULL) { -- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); -- if (p == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "subject=%s", -- xmlSecErrorsSafeString(subjectName)); -- goto done; -- } -- -- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -- if (arena == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PORT_NewArena", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- -- name = CERT_AsciiToName((char*)p); -- if (name == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_AsciiToName", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- -- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -- SEC_ASN1_GET(CERT_NameTemplate)); -- if (nameitem == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "SEC_ASN1EncodeItem", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- -- cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); -- goto done; -- } -- -- if((issuerName != NULL) && (issuerSerial != NULL)) { -- CERTIssuerAndSN issuerAndSN; -- -- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); -- if (p == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "issuer=%s", -- xmlSecErrorsSafeString(issuerName)); -- goto done; -- } -- -- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -- if (arena == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PORT_NewArena", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- -- name = CERT_AsciiToName((char*)p); -- if (name == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_AsciiToName", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- -- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -- SEC_ASN1_GET(CERT_NameTemplate)); -- if (nameitem == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "SEC_ASN1EncodeItem", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- -- memset(&issuerAndSN, 0, sizeof(issuerAndSN)); -+ xmlChar *issuerSerial, xmlChar *ski) { -+ CERTCertificate *cert = NULL; -+ CERTName *name = NULL; -+ SECItem *nameitem = NULL; -+ PRArenaPool *arena = NULL; -+ -+ if (subjectName != NULL) { -+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -+ if (arena == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PORT_NewArena", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code=%d", PORT_GetError()); -+ goto done; -+ } - -- issuerAndSN.derIssuer.data = nameitem->data; -- issuerAndSN.derIssuer.len = nameitem->len; -+ name = CERT_AsciiToName((char*)subjectName); -+ if (name == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "CERT_AsciiToName", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "error code=%d", PORT_GetError()); -+ goto done; -+ } - -- /* TBD: serial num can be arbitrarily long */ -- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); -+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -+ SEC_ASN1_GET(CERT_NameTemplate)); -+ if (nameitem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "SEC_ASN1EncodeItem", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "error code=%d", PORT_GetError()); -+ goto done; -+ } - -- cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), -- &issuerAndSN); -- SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); -- goto done; -- } -- -- if(ski != NULL) { -- SECItem subjKeyID; -- int len; -- -- len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); -- if(len < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBase64Decode", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "ski=%s", -- xmlSecErrorsSafeString(ski)); -- goto done; -- } -- -- memset(&subjKeyID, 0, sizeof(subjKeyID)); -- subjKeyID.data = ski; -- subjKeyID.len = xmlStrlen(ski); -- cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), -- &subjKeyID); -- } -+ cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); -+ goto done; -+ } - --done: -- if (p != NULL) { -- PORT_Free(p); -- } -- if (arena != NULL) { -- PORT_FreeArena(arena, PR_FALSE); -- } -- if (name != NULL) { -- CERT_DestroyName(name); -- } -+ if((issuerName != NULL) && (issuerSerial != NULL)) { -+ CERTIssuerAndSN issuerAndSN; - -- return(cert); --} -+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -+ if (arena == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PORT_NewArena", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code=%d", PORT_GetError()); -+ goto done; -+ } - --/** -- * xmlSecNssX509NameRead: -- */ --static xmlSecByte * --xmlSecNssX509NameRead(xmlSecByte *str, int len) { -- xmlSecByte name[256]; -- xmlSecByte value[256]; -- xmlSecByte *retval = NULL; -- xmlSecByte *p = NULL; -- int nameLen, valueLen; -- -- xmlSecAssert2(str != NULL, NULL); -- -- /* return string should be no longer than input string */ -- retval = (xmlSecByte *)PORT_Alloc(len+1); -- if(retval == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PORT_Alloc", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(NULL); -- } -- p = retval; -- -- while(len > 0) { -- /* skip spaces after comma or semicolon */ -- while((len > 0) && isspace(*str)) { -- ++str; --len; -- } -- -- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); -- if(nameLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameStringRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- memcpy(p, name, nameLen); -- p+=nameLen; -- *p++='='; -- if(len > 0) { -- ++str; --len; -- if((*str) == '\"') { -- valueLen = xmlSecNssX509NameStringRead(&str, &len, -- value, sizeof(value), '"', 1); -- if(valueLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -+ name = CERT_AsciiToName((char*)issuerName); -+ if (name == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -- "xmlSecNssX509NameStringRead", -+ "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- /* skip spaces before comma or semicolon */ -- while((len > 0) && isspace(*str)) { -- ++str; --len; -+ "error code=%d", PORT_GetError()); -+ goto done; - } -- if((len > 0) && ((*str) != ',')) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "comma is expected"); -- goto done; -- } -- if(len > 0) { -- ++str; --len; -+ -+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -+ SEC_ASN1_GET(CERT_NameTemplate)); -+ if (nameitem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "SEC_ASN1EncodeItem", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "error code=%d", PORT_GetError()); -+ goto done; - } -- *p++='\"'; -- memcpy(p, value, valueLen); -- p+=valueLen; -- *p++='\"'; -- } else if((*str) == '#') { -- /* TODO: read octect values */ -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "reading octect values is not implemented yet"); -- goto done; -- } else { -- valueLen = xmlSecNssX509NameStringRead(&str, &len, -- value, sizeof(value), ',', 1); -- if(valueLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -+ -+ memset(&issuerAndSN, 0, sizeof(issuerAndSN)); -+ -+ issuerAndSN.derIssuer.data = nameitem->data; -+ issuerAndSN.derIssuer.len = nameitem->len; -+ -+ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -- "xmlSecNssX509NameStringRead", -+ "xmlSecNssIntegerToItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- memcpy(p, value, valueLen); -- p+=valueLen; -- if (len > 0) -- *p++=','; -- } -- } else { -- valueLen = 0; -+ "serial number=%s", -+ xmlSecErrorsSafeString(issuerSerial)); -+ goto done; -+ } -+ -+ cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), -+ &issuerAndSN); -+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); -+ goto done; -+ } -+ -+ if(ski != NULL) { -+ SECItem subjKeyID; -+ int len; -+ -+ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); -+ if(len < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBase64Decode", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "ski=%s", -+ xmlSecErrorsSafeString(ski)); -+ goto done; -+ } -+ -+ memset(&subjKeyID, 0, sizeof(subjKeyID)); -+ subjKeyID.data = ski; -+ subjKeyID.len = xmlStrlen(ski); -+ cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), -+ &subjKeyID); - } -- if(len > 0) { -- ++str; --len; -- } -- } -- -- *p = 0; -- return(retval); -- -+ - done: -- PORT_Free(retval); -- return (NULL); -+ if (arena != NULL) { -+ PORT_FreeArena(arena, PR_FALSE); -+ } -+ if (name != NULL) { -+ CERT_DestroyName(name); -+ } -+ -+ return(cert); - } - -+static int -+xmlSecNssIntegerToItem( -+ const xmlChar* integer , -+ SECItem *item -+) { -+ xmlSecBn bn ; -+ xmlSecSize i, length ; -+ const xmlSecByte* bnInteger ; - -+ xmlSecAssert2( integer != NULL, -1 ) ; -+ xmlSecAssert2( item != NULL, -1 ) ; - --/** -- * xmlSecNssX509NameStringRead: -- */ --static int --xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, -- xmlSecByte *res, int resLen, -- xmlSecByte delim, int ingoreTrailingSpaces) { -- xmlSecByte *p, *q, *nonSpace; -- -- xmlSecAssert2(str != NULL, -1); -- xmlSecAssert2(strLen != NULL, -1); -- xmlSecAssert2(res != NULL, -1); -- -- p = (*str); -- nonSpace = q = res; -- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { -- if((*p) != '\\') { -- if(ingoreTrailingSpaces && !isspace(*p)) { -- nonSpace = q; -- } -- *(q++) = *(p++); -- } else { -- ++p; -- nonSpace = q; -- if(xmlSecIsHex((*p))) { -- if((p - (*str) + 1) >= (*strLen)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "two hex digits expected"); -- return(-1); -- } -- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); -- p += 2; -- } else { -- if(((++p) - (*str)) >= (*strLen)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "escaped symbol missed"); -- return(-1); -- } -- *(q++) = *(p++); -- } -- } -- } -- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_SIZE, -- "buffer is too small"); -- return(-1); -- } -- (*strLen) -= (p - (*str)); -- (*str) = p; -- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); --} -+ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnInitialize", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - --/* code lifted from NSS */ --static void --xmlSecNssNumToItem(SECItem *it, unsigned long ui) --{ -- unsigned char bb[5]; -- int len; -- -- bb[0] = 0; -- bb[1] = (unsigned char) (ui >> 24); -- bb[2] = (unsigned char) (ui >> 16); -- bb[3] = (unsigned char) (ui >> 8); -- bb[4] = (unsigned char) (ui); -- -- /* -- ** Small integers are encoded in a single byte. Larger integers -- ** require progressively more space. -- */ -- if (ui > 0x7f) { -- if (ui > 0x7fff) { -- if (ui > 0x7fffffL) { -- if (ui >= 0x80000000L) { -- len = 5; -- } else { -- len = 4; -- } -- } else { -- len = 3; -- } -- } else { -- len = 2; -- } -- } else { -- len = 1; -- } -- -- it->data = (unsigned char *)PORT_Alloc(len); -- if (it->data == NULL) { -- return; -- } -+ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnFromDecString", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecBnFinalize( &bn ) ; -+ return -1 ; -+ } -+ -+ length = xmlSecBnGetSize( &bn ) ; -+ if( length <= 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnGetSize", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecBnFinalize( &bn ) ; -+ return -1 ; -+ } -+ -+ bnInteger = xmlSecBnGetData( &bn ) ; -+ if( bnInteger == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnGetData", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; - -- it->len = len; -- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); -+ xmlSecBnFinalize( &bn ) ; -+ return -1 ; -+ } -+ -+ item->data = ( unsigned char * )PORT_Alloc( length ); -+ if( item->data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ NULL, -+ "PORT_Alloc", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecBnFinalize( &bn ) ; -+ return -1 ; -+ } -+ -+ item->len = length; -+ -+ for( i = 0 ; i < length ; i ++ ) -+ item->data[i] = *( bnInteger + i ) ; -+ -+ xmlSecBnFinalize( &bn ) ; -+ -+ return 0 ; - } --#endif /* XMLSEC_NO_X509 */ - -+#endif /* XMLSEC_NO_X509 */ - ---- misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200 -+++ misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2008-06-29 23:44:19.000000000 +0200 -@@ -223,6 +223,10 @@ - $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj - - XMLSEC_NSS_OBJS = \ -+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ -+ $(XMLSEC_NSS_INTDIR)\keytrans.obj\ -+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ -+ $(XMLSEC_NSS_INTDIR)\tokens.obj\ - $(XMLSEC_NSS_INTDIR)\app.obj\ - $(XMLSEC_NSS_INTDIR)\bignum.obj\ - $(XMLSEC_NSS_INTDIR)\ciphers.obj \ -@@ -235,9 +239,6 @@ - $(XMLSEC_NSS_INTDIR)\x509.obj\ - $(XMLSEC_NSS_INTDIR)\x509vfy.obj\ - $(XMLSEC_NSS_INTDIR)\keysstore.obj\ -- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\ -- $(XMLSEC_NSS_INTDIR)\kw_des.obj\ -- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\ - $(XMLSEC_NSS_INTDIR)\strings.obj - XMLSEC_NSS_OBJS_A = \ - $(XMLSEC_NSS_INTDIR_A)\app.obj\ -@@ -258,6 +259,7 @@ - $(XMLSEC_NSS_INTDIR_A)\strings.obj - - XMLSEC_MSCRYPTO_OBJS = \ -+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ - $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ - $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ - $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ -@@ -376,7 +378,7 @@ - XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib - XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib - --XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib -+XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib - XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib - - XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib diff --git a/libxmlsec/xmlsec1-configure.patch b/libxmlsec/xmlsec1-configure.patch new file mode 100644 index 000000000000..d804c2729076 --- /dev/null +++ b/libxmlsec/xmlsec1-configure.patch @@ -0,0 +1,288 @@ +--- misc/xmlsec1-1.2.12/Makefile.in 2009-06-25 22:53:34.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/Makefile.in 2009-10-01 10:32:48.708515261 +0200 +@@ -340,8 +340,9 @@ + target_alias = @target_alias@ + NULL = + SAFE_VERSION = @XMLSEC_VERSION_SAFE@ +-SUBDIRS = include src apps man docs +-TEST_APP = apps/xmlsec1 ++#Do not build xmlsec1 app. It is not needed. Also the libtool includes ++#a -L/path_to_lib_dir which may contain an incompatible lixbml2. ++SUBDIRS = include src man docs + DEFAULT_CRYPTO = @XMLSEC_CRYPTO@ + bin_SCRIPTS = xmlsec1-config + pkgconfig_DATA = xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@ +--- misc/xmlsec1-1.2.12/configure 2009-06-25 22:53:35.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/configure 2009-10-01 10:28:50.980389049 +0200 +@@ -24769,7 +24769,11 @@ + fi + + LIBXML_MIN_VERSION="2.6.12" +-LIBXML_CONFIG="xml2-config" ++if test -f "$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config" ; then ++ LIBXML_CONFIG="$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config" ++else ++ LIBXML_CONFIG="xml2-config" ++fi + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +@@ -25678,12 +25682,26 @@ + + XMLSEC_NO_NSS="1" + MOZILLA_MIN_VERSION="1.4" ++if test "z$MOZ_FLAVOUR" = "zfirefox" ; then ++ MOZILLA_MIN_VERSION="1.0" ++fi + NSS_MIN_VERSION="3.2" + NSPR_MIN_VERSION="4.0" + NSS_CFLAGS="" + NSS_LIBS="" +-NSS_LIBS_LIST="-lnss3 -lsmime3" +-NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ++case $host_os in ++cygwin* | mingw* | pw32*) ++ NSS_LIBS_LIST="-lnss3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4" ++ ;; ++ ++*) ++ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ;; ++esac ++ + NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss" + NSS_FOUND="no" + NSPR_PACKAGE=mozilla-nspr +@@ -25776,6 +25794,104 @@ + else + PKG_CONFIG_MIN_VERSION=0.9.0 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then ++ echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION" >&5 ++echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 ++ ++ if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION" ; then ++ echo "$as_me:$LINENO: result: yes" >&5 ++echo "${ECHO_T}yes" >&6 ++ succeeded=yes ++ ++ echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 ++echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 ++ NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION"` ++ echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 ++echo "${ECHO_T}$NSS_CFLAGS" >&6 ++ ++ echo "$as_me:$LINENO: checking NSS_LIBS" >&5 ++echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 ++ NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION"` ++ echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 ++echo "${ECHO_T}$NSS_LIBS" >&6 ++ else ++ NSS_CFLAGS="" ++ NSS_LIBS="" ++ ## If we have a custom action on failure, don't print errors, but ++ ## do set a variable so people can do so. ++ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION"` ++ ++ fi ++ ++ ++ ++ else ++ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." ++ echo "*** See http://www.freedesktop.org/software/pkgconfig" ++ fi ++ fi ++ ++ if test $succeeded = yes; then ++ NSS_FOUND=yes NSPR_PACKAGE=$MOZ_FLAVOUR-nspr NSS_PACKAGE=$MOZ_FLAVOUR-nss ++ else ++ NSS_FOUND=no ++ fi ++ ++ fi ++ if test "z$NSS_FOUND" = "zno" ; then ++ ++ succeeded=no ++ ++ if test -z "$PKG_CONFIG"; then ++ # Extract the first word of "pkg-config", so it can be a program name with args. ++set dummy pkg-config; ac_word=$2 ++echo "$as_me:$LINENO: checking for $ac_word" >&5 ++echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 ++if test "${ac_cv_path_PKG_CONFIG+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ case $PKG_CONFIG in ++ [\\/]* | ?:[\\/]*) ++ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ++ ;; ++ *) ++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ test -z "$as_dir" && as_dir=. ++ for ac_exec_ext in '' $ac_executable_extensions; do ++ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" ++ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ break 2 ++ fi ++done ++done ++ ++ test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" ++ ;; ++esac ++fi ++PKG_CONFIG=$ac_cv_path_PKG_CONFIG ++ ++if test -n "$PKG_CONFIG"; then ++ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 ++echo "${ECHO_T}$PKG_CONFIG" >&6 ++else ++ echo "$as_me:$LINENO: result: no" >&5 ++echo "${ECHO_T}no" >&6 ++fi ++ ++ fi ++ ++ if test "$PKG_CONFIG" = "no" ; then ++ echo "*** The pkg-config script could not be found. Make sure it is" ++ echo "*** in your path, or set the PKG_CONFIG environment variable" ++ echo "*** to the full path to pkg-config." ++ echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." ++ else ++ PKG_CONFIG_MIN_VERSION=0.9.0 ++ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then + echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5 + echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 + +@@ -26026,8 +26142,8 @@ + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" +- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" ++ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ++ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" + + echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 + echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 +@@ -26062,7 +26178,7 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnspr4$shrext ; then ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then + if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" + else +@@ -26148,7 +26264,7 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnss3$shrext ; then ++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then + if test "z$dir" = "z/usr/lib" ; then + NSS_LIBS="$NSS_LIBS_LIST" + else +--- misc/xmlsec1-1.2.12/configure.in 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/configure.in 2009-10-01 10:28:50.990755126 +0200 +@@ -183,7 +183,11 @@ + dnl find libxml + dnl ========================================================================== + LIBXML_MIN_VERSION="2.6.12" +-LIBXML_CONFIG="xml2-config" ++if test -f "$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config" ; then ++ LIBXML_CONFIG="$SOLARVERSION/$INPATH/bin$UPDMINOREXT/xml2-config" ++else ++ LIBXML_CONFIG="xml2-config" ++fi + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +@@ -490,12 +494,26 @@ + + XMLSEC_NO_NSS="1" + MOZILLA_MIN_VERSION="1.4" ++if test "z$MOZ_FLAVOUR" = "zfirefox" ; then ++ MOZILLA_MIN_VERSION="1.0" ++fi + NSS_MIN_VERSION="3.2" + NSPR_MIN_VERSION="4.0" + NSS_CFLAGS="" + NSS_LIBS="" +-NSS_LIBS_LIST="-lnss3 -lsmime3" +-NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ++case $host_os in ++cygwin* | mingw* | pw32*) ++ NSS_LIBS_LIST="-lnss3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4" ++ ;; ++ ++*) ++ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ;; ++esac ++ + NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss" + NSS_FOUND="no" + NSPR_PACKAGE=mozilla-nspr +@@ -521,6 +539,11 @@ + dnl We are going to try all options + dnl + if test "z$NSS_FOUND" = "zno" ; then ++ PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR >= $MOZILLA_MIN_VERSION, ++ [NSS_FOUND=yes NSPR_PACKAGE=$MOZ_FLAVOUR-nspr NSS_PACKAGE=$MOZ_FLAVOUR-nss], ++ [NSS_FOUND=no]) ++ fi ++ if test "z$NSS_FOUND" = "zno" ; then + PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, + [NSS_FOUND=yes NSPR_PACKAGE=mozilla-nspr NSS_PACKAGE=mozilla-nss], + [NSS_FOUND=no]) +@@ -547,8 +570,8 @@ + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" +- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" ++ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ++ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" + + AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) + NSPR_INCLUDES_FOUND="no" +@@ -583,7 +606,7 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnspr4$shrext ; then ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" +@@ -654,7 +677,7 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnss3$shrext ; then ++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSS_LIBS="$NSS_LIBS_LIST" +--- misc/xmlsec1-1.2.12/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/win32/Makefile.msvc 2009-10-01 10:28:50.997747312 +0200 +@@ -381,7 +381,7 @@ + XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + +-XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib ++XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib + + XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib diff --git a/libxmlsec/xmlsec1-customkeymanage.patch b/libxmlsec/xmlsec1-customkeymanage.patch new file mode 100644 index 000000000000..80cb7de93a70 --- /dev/null +++ b/libxmlsec/xmlsec1-customkeymanage.patch @@ -0,0 +1,6086 @@ +--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200 +@@ -3,6 +3,7 @@ + xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto + + xmlsecmscryptoinc_HEADERS = \ ++akmngr.h \ + app.h \ + certkeys.h \ + crypto.h \ +--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200 +@@ -308,6 +308,7 @@ + NULL = + xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto + xmlsecmscryptoinc_HEADERS = \ ++akmngr.h \ + app.h \ + certkeys.h \ + crypto.h \ +--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200 +@@ -1 +1,71 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright .......................... ++ */ ++#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ ++#define __XMLSEC_MSCRYPTO_AKMNGR_H__ ++ ++#include <windows.h> ++#include <wincrypt.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ++xmlSecMSCryptoAppliedKeysMngrCreate( ++ HCERTSTORE keyStore , ++ HCERTSTORE certStore ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY symKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY pubKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY priKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE keyStore ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE trustedStore ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE untrustedStore ++) ; ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ ++ ++ +--- misc/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200 +@@ -10,6 +10,9 @@ + keysstore.h \ + pkikeys.h \ + x509.h \ ++akmngr.h \ ++tokens.h \ ++ciphers.h \ + $(NULL) + + install-exec-hook: +--- misc/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200 +@@ -315,6 +315,9 @@ + keysstore.h \ + pkikeys.h \ + x509.h \ ++akmngr.h \ ++tokens.h \ ++ciphers.h \ + $(NULL) + + all: all-am +--- misc/xmlsec1-1.2.12/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200 +@@ -1 +1,56 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright .......................... ++ */ ++#ifndef __XMLSEC_NSS_AKMNGR_H__ ++#define __XMLSEC_NSS_AKMNGR_H__ ++ ++#include <nss.h> ++#include <nspr.h> ++#include <pk11func.h> ++#include <cert.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ++xmlSecNssAppliedKeysMngrCreate( ++ PK11SlotInfo** slots, ++ int cSlots, ++ CERTCertDBHandle* handler ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ PK11SymKey* symKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPublicKey* pubKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPrivateKey* priKey ++) ; ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_NSS_AKMNGR_H__ */ ++ ++ +--- misc/xmlsec1-1.2.12/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200 +@@ -22,6 +22,9 @@ + #include <xmlsec/keysmngr.h> + #include <xmlsec/transforms.h> + ++#include <xmlsec/nss/tokens.h> ++#include <xmlsec/nss/akmngr.h> ++ + /** + * Init/shutdown + */ +@@ -36,6 +39,8 @@ + xmlSecKeyPtr key); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, + const char* uri); ++XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, + const char* filename, + xmlSecKeyDataType type); +--- misc/xmlsec1-1.2.12/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200 +@@ -1 +1,35 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright .......................... ++ */ ++#ifndef __XMLSEC_NSS_CIPHERS_H__ ++#define __XMLSEC_NSS_CIPHERS_H__ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++ ++ ++XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, ++ PK11SymKey* symkey ) ; ++ ++XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; ++ ++XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); ++ ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_NSS_CIPHERS_H__ */ ++ ++ +--- misc/xmlsec1-1.2.12/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200 +@@ -16,6 +16,8 @@ + #endif /* __cplusplus */ + + #include <xmlsec/xmlsec.h> ++#include <xmlsec/keysmngr.h> ++#include <xmlsec/nss/tokens.h> + + /**************************************************************************** + * +@@ -31,6 +33,8 @@ + XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, + xmlSecKeyPtr key); ++XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, + const char *uri, + xmlSecKeysMngrPtr keysMngr); +--- misc/xmlsec1-1.2.12/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200 ++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200 +@@ -1 +1,182 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. ++ * ++ * Contributor(s): _____________________________ ++ * ++ */ ++#ifndef __XMLSEC_NSS_TOKENS_H__ ++#define __XMLSEC_NSS_TOKENS_H__ ++ ++#include <string.h> ++ ++#include <nss.h> ++#include <pk11func.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/list.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++/** ++ * xmlSecNssKeySlotListId ++ * ++ * The crypto mechanism list klass ++ */ ++#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() ++XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; ++ ++/******************************************* ++ * KeySlot interfaces ++ *******************************************/ ++/** ++ * Internal NSS key slot data ++ * @mechanismList: the mechanisms that the slot bound with. ++ * @slot: the pkcs slot ++ * ++ * This context is located after xmlSecPtrList ++ */ ++typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; ++typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; ++ ++struct _xmlSecNssKeySlot { ++ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ ++ PK11SlotInfo* slot ; ++} ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotSetMechList( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE_PTR mechanismList ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotEnableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotDisableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) ; ++ ++XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR ++xmlSecNssKeySlotGetMechList( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotSetSlot( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotInitialize( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT void ++xmlSecNssKeySlotFinalize( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT PK11SlotInfo* ++xmlSecNssKeySlotGetSlot( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ++xmlSecNssKeySlotCreate() ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotCopy( ++ xmlSecNssKeySlotPtr newKeySlot , ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ++xmlSecNssKeySlotDuplicate( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT void ++xmlSecNssKeySlotDestroy( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotBindMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotSupportMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) ; ++ ++ ++/************************************************************************ ++ * PKCS#11 crypto token interfaces ++ * ++ * A PKCS#11 slot repository will be defined internally. From the ++ * repository, a user can specify a particular slot for a certain crypto ++ * mechanism. ++ * ++ * In some situation, some cryptographic operation should act in a user ++ * designated devices. The interfaces defined here provide the way. If ++ * the user do not initialize the repository distinctly, the interfaces ++ * use the default functions provided by NSS itself. ++ * ++ ************************************************************************/ ++/** ++ * Initialize NSS pkcs#11 slot repository ++ * ++ * Returns 0 if success or -1 if an error occurs. ++ */ ++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; ++ ++/** ++ * Shutdown and destroy NSS pkcs#11 slot repository ++ */ ++XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; ++ ++/** ++ * Get PKCS#11 slot handler ++ * @type the mechanism that the slot must support. ++ * ++ * Returns a pointer to PKCS#11 slot or NULL if an error occurs. ++ * ++ * Notes: The returned handler must be destroied distinctly. ++ */ ++XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; ++ ++/** ++ * Adopt a pkcs#11 slot with a mechanism into the repository ++ * @slot: the pkcs#11 slot. ++ * @mech: the mechanism. ++ * ++ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with ++ * this mechanism only can perform on the @slot. ++ * ++ * Returns 0 if success or -1 if an error occurs. ++ */ ++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_NSS_TOKENS_H__ */ ++ +--- misc/xmlsec1-1.2.12/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200 +@@ -1 +1,235 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright......................... ++ */ ++#include "globals.h" ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/errors.h> ++ ++#include <xmlsec/mscrypto/crypto.h> ++#include <xmlsec/mscrypto/keysstore.h> ++#include <xmlsec/mscrypto/akmngr.h> ++#include <xmlsec/mscrypto/x509.h> ++ ++/** ++ * xmlSecMSCryptoAppliedKeysMngrCreate: ++ * @hKeyStore: the pointer to key store. ++ * @hCertStore: the pointer to certificate database. ++ * ++ * Create and load key store and certificate database into keys manager ++ * ++ * Returns keys manager pointer on success or NULL otherwise. ++ */ ++xmlSecKeysMngrPtr ++xmlSecMSCryptoAppliedKeysMngrCreate( ++ HCERTSTORE hKeyStore , ++ HCERTSTORE hCertStore ++) { ++ xmlSecKeyDataStorePtr certStore = NULL ; ++ xmlSecKeysMngrPtr keyMngr = NULL ; ++ xmlSecKeyStorePtr keyStore = NULL ; ++ ++ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyStoreCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * At present, MS Crypto engine do not provide a way to setup a key store. ++ */ ++ if( keyStore != NULL ) { ++ /*TODO: binding key store.*/ ++ } ++ ++ keyMngr = xmlSecKeysMngrCreate() ; ++ if( keyMngr == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Add key store to manager, from now on keys manager destroys the store if ++ * needed ++ */ ++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecKeysMngrAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Initialize crypto library specific data in keys manager ++ */ ++ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecMSCryptoKeysMngrInit" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Set certificate databse to X509 key data store ++ */ ++ /*- ++ * At present, MS Crypto engine do not provide a way to setup a cert store. ++ */ ++ ++ /*- ++ * Set the getKey callback ++ */ ++ keyMngr->getKey = xmlSecKeysMngrGetKey ; ++ ++ return keyMngr ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY symKey ++) { ++ /*TODO: import the key into keys manager.*/ ++ return(0) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY pubKey ++) { ++ /*TODO: import the key into keys manager.*/ ++ return(0) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY priKey ++) { ++ /*TODO: import the key into keys manager.*/ ++ return(0) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE keyStore ++) { ++ xmlSecKeyDataStorePtr x509Store ; ++ ++ xmlSecAssert2( mngr != NULL, -1 ) ; ++ xmlSecAssert2( keyStore != NULL, -1 ) ; ++ ++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ++ if( x509Store == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ++ "xmlSecMSCryptoX509StoreAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ return( 0 ) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE trustedStore ++) { ++ xmlSecKeyDataStorePtr x509Store ; ++ ++ xmlSecAssert2( mngr != NULL, -1 ) ; ++ xmlSecAssert2( trustedStore != NULL, -1 ) ; ++ ++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ++ if( x509Store == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ++ "xmlSecMSCryptoX509StoreAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ return( 0 ) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE untrustedStore ++) { ++ xmlSecKeyDataStorePtr x509Store ; ++ ++ xmlSecAssert2( mngr != NULL, -1 ) ; ++ xmlSecAssert2( untrustedStore != NULL, -1 ) ; ++ ++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ++ if( x509Store == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ++ "xmlSecMSCryptoX509StoreAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ return( 0 ) ; ++} ++ +--- misc/xmlsec1-1.2.12/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200 +@@ -35,6 +35,9 @@ + kw_des.c \ + kw_aes.c \ + globals.h \ ++ akmngr.c \ ++ keywrapers.c \ ++ tokens.c \ + $(NULL) + + if SHAREDLIB_HACK +--- misc/xmlsec1-1.2.12/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200 +@@ -61,7 +61,8 @@ + am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \ + digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ + x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ +- ../strings.c ++ ../strings.c \ ++ akmngr.c keywrapers.c tokens.c + am__objects_1 = + @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo + am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \ +@@ -72,6 +73,8 @@ + libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \ + libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \ + libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \ ++ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \ ++ libxmlsec1_nss_la-tokens.lo \ + $(am__objects_1) $(am__objects_2) + libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +@@ -357,6 +360,7 @@ + libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \ + digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ + x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ ++ akmngr.c keywrapers.c tokens.c \ + $(NULL) $(am__append_1) + libxmlsec1_nss_la_LIBADD = \ + ../libxmlsec1.la \ +@@ -458,6 +462,9 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@ + + .c.o: + @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@@ -487,6 +494,27 @@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c + ++libxmlsec1_nss_la-akmngr.lo: akmngr.c ++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c ++ ++libxmlsec1_nss_la-keywrapers.lo: keywrapers.c ++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c ++ ++libxmlsec1_nss_la-tokens.lo: tokens.c ++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c ++ + libxmlsec1_nss_la-bignum.lo: bignum.c + @am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo" -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c; \ + @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-bignum.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo"; exit 1; fi +--- misc/xmlsec1-1.2.12/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200 +@@ -1 +1,384 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright......................... ++ */ ++#include "globals.h" ++ ++#include <nspr.h> ++#include <nss.h> ++#include <pk11func.h> ++#include <cert.h> ++#include <keyhi.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/errors.h> ++ ++#include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/tokens.h> ++#include <xmlsec/nss/akmngr.h> ++#include <xmlsec/nss/pkikeys.h> ++#include <xmlsec/nss/ciphers.h> ++#include <xmlsec/nss/keysstore.h> ++ ++/** ++ * xmlSecNssAppliedKeysMngrCreate: ++ * @slot: array of pointers to NSS PKCS#11 slot infomation. ++ * @cSlots: number of slots in the array ++ * @handler: the pointer to NSS certificate database. ++ * ++ * Create and load NSS crypto slot and certificate database into keys manager ++ * ++ * Returns keys manager pointer on success or NULL otherwise. ++ */ ++xmlSecKeysMngrPtr ++xmlSecNssAppliedKeysMngrCreate( ++ PK11SlotInfo** slots, ++ int cSlots, ++ CERTCertDBHandle* handler ++) { ++ xmlSecKeyDataStorePtr certStore = NULL ; ++ xmlSecKeysMngrPtr keyMngr = NULL ; ++ xmlSecKeyStorePtr keyStore = NULL ; ++ int islot = 0; ++ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyStoreCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ for (islot = 0; islot < cSlots; islot++) ++ { ++ xmlSecNssKeySlotPtr keySlot ; ++ ++ /* Create a key slot */ ++ keySlot = xmlSecNssKeySlotCreate() ; ++ if( keySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeySlotCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ return NULL ; ++ } ++ ++ /* Set slot */ ++ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeySlotSetSlot" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return NULL ; ++ } ++ ++ /* Adopt keySlot */ ++ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeysStoreAdoptKeySlot" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return NULL ; ++ } ++ } ++ ++ keyMngr = xmlSecKeysMngrCreate() ; ++ if( keyMngr == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Add key store to manager, from now on keys manager destroys the store if ++ * needed ++ */ ++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecKeysMngrAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Initialize crypto library specific data in keys manager ++ */ ++ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Set certificate databse to X509 key data store ++ */ ++ /** ++ * Because Tej's implementation of certDB use the default DB, so I ignore ++ * the certDB handler at present. I'll modify the cert store sources to ++ * accept particular certDB instead of default ones. ++ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; ++ if( certStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeyDataStoreX509SetCertDb" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ */ ++ ++ /*- ++ * Set the getKey callback ++ */ ++ keyMngr->getKey = xmlSecKeysMngrGetKey ; ++ ++ return keyMngr ; ++} ++ ++int ++xmlSecNssAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ PK11SymKey* symKey ++) { ++ xmlSecKeyPtr key ; ++ xmlSecKeyDataPtr data ; ++ xmlSecKeyStorePtr keyStore ; ++ ++ xmlSecAssert2( mngr != NULL , -1 ) ; ++ xmlSecAssert2( symKey != NULL , -1 ) ; ++ ++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetKeysStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ++ ++ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ key = xmlSecKeyCreate() ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDestroy( key ) ; ++ return(-1) ; ++ } ++ ++ return(0) ; ++} ++ ++int ++xmlSecNssAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPublicKey* pubKey ++) { ++ xmlSecKeyPtr key ; ++ xmlSecKeyDataPtr data ; ++ xmlSecKeyStorePtr keyStore ; ++ ++ xmlSecAssert2( mngr != NULL , -1 ) ; ++ xmlSecAssert2( pubKey != NULL , -1 ) ; ++ ++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetKeysStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ++ ++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssPKIAdoptKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ key = xmlSecKeyCreate() ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDestroy( key ) ; ++ return(-1) ; ++ } ++ ++ return(0) ; ++} ++ ++int ++xmlSecNssAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPrivateKey* priKey ++) { ++ xmlSecKeyPtr key ; ++ xmlSecKeyDataPtr data ; ++ xmlSecKeyStorePtr keyStore ; ++ ++ xmlSecAssert2( mngr != NULL , -1 ) ; ++ xmlSecAssert2( priKey != NULL , -1 ) ; ++ ++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetKeysStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ++ ++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssPKIAdoptKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ key = xmlSecKeyCreate() ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDestroy( key ) ; ++ return(-1) ; ++ } ++ ++ return(0) ; ++} ++ +--- misc/xmlsec1-1.2.12/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200 +@@ -23,8 +23,8 @@ + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + +-#include <xmlsec/nss/app.h> + #include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/tokens.h> + + #define XMLSEC_NSS_MIN_HMAC_SIZE 40 + #define XMLSEC_NSS_MAX_HMAC_SIZE 128 +@@ -284,13 +284,13 @@ + keyItem.data = xmlSecBufferGetData(buffer); + keyItem.len = xmlSecBufferGetSize(buffer); + +- slot = PK11_GetBestSlot(ctx->digestType, NULL); ++ slot = xmlSecNssSlotGet(ctx->digestType); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +--- misc/xmlsec1-1.2.12/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200 +@@ -1,36 +1,56 @@ + /** + * XMLSec library + * +- * Nss keys store that uses Simple Keys Store under the hood. Uses the +- * Nss DB as a backing store for the finding keys, but the NSS DB is +- * not written to by the keys store. +- * So, if store->findkey is done and the key is not found in the simple +- * keys store, the NSS DB is looked up. +- * If store is called to adopt a key, that key is not written to the NSS +- * DB. +- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate +- * source of keys for xmlsec +- * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * + * Copyright (c) 2003 America Online, Inc. All rights reserved. + */ ++ ++/** ++ * NSS key store uses a key list and a slot list as the key repository. NSS slot ++ * list is a backup repository for the finding keys. If a key is not found from ++ * the key list, the NSS slot list is looked up. ++ * ++ * Any key in the key list will not save to pkcs11 slot. When a store to called ++ * to adopt a key, the key is resident in the key list; While a store to called ++ * to set a is resident in the key list; While a store to called to set a slot ++ * list, which means that the keys in the listed slot can be used for xml sign- ++ * nature or encryption. ++ * ++ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. ++ * ++ * The framework will decrease the user interfaces to administrate xmlSec crypto ++ * engine. He can only focus on NSS layer functions. For examples, after the ++ * user set up a slot list handler to the keys store, he do not need to do any ++ * other work atop xmlSec interfaces, his action on the slot list handler, such ++ * as add a token to, delete a token from the list, will directly effect the key ++ * store behaviors. ++ * ++ * For example, a scenariio: ++ * 0. Create a slot list;( NSS interfaces ) ++ * 1. Create a keys store;( xmlSec interfaces ) ++ * 2. Set slot list with the keys store;( xmlSec Interfaces ) ++ * 3. Add a slot to the slot list;( NSS interfaces ) ++ * 4. Perform xml signature; ( xmlSec Interfaces ) ++ * 5. Deleter a slot from the slot list;( NSS interfaces ) ++ * 6. Perform xml encryption; ( xmlSec Interfaces ) ++ * 7. Perform xml signature;( xmlSec Interfaces ) ++ * 8. Destroy the keys store;( xmlSec Interfaces ) ++ * 8. Destroy the slot list.( NSS Interfaces ) ++ */ + #include "globals.h" + + #include <stdlib.h> + #include <string.h> + + #include <nss.h> +-#include <cert.h> + #include <pk11func.h> ++#include <prinit.h> + #include <keyhi.h> + +-#include <libxml/tree.h> +- + #include <xmlsec/xmlsec.h> +-#include <xmlsec/buffer.h> +-#include <xmlsec/base64.h> ++#include <xmlsec/keys.h> + #include <xmlsec/errors.h> + #include <xmlsec/xmltree.h> + +@@ -38,82 +58,464 @@ + + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/keysstore.h> +-#include <xmlsec/nss/x509.h> ++#include <xmlsec/nss/tokens.h> ++#include <xmlsec/nss/ciphers.h> + #include <xmlsec/nss/pkikeys.h> + + /**************************************************************************** + * +- * Nss Keys Store. Uses Simple Keys Store under the hood ++ * Internal NSS key store context + * +- * Simple Keys Store ptr is located after xmlSecKeyStore ++ * This context is located after xmlSecKeyStore + * + ***************************************************************************/ ++typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; ++typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; ++ ++struct _xmlSecNssKeysStoreCtx { ++ xmlSecPtrListPtr keyList ; ++ xmlSecPtrListPtr slotList ; ++} ; ++ + #define xmlSecNssKeysStoreSize \ +- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) ++ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) + +-#define xmlSecNssKeysStoreGetSS(store) \ +- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ +- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ +- (xmlSecKeyStorePtr*)NULL) +- +-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); +-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); +-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, +- const xmlChar* name, +- xmlSecKeyInfoCtxPtr keyInfoCtx); ++#define xmlSecNssKeysStoreGetCtx( data ) \ ++ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) + +-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { +- sizeof(xmlSecKeyStoreKlass), +- xmlSecNssKeysStoreSize, ++int xmlSecNssKeysStoreAdoptKeySlot( ++ xmlSecKeyStorePtr store , ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( context->slotList == NULL ) { ++ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCheckId" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListAdd" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + +- /* data */ +- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ +- +- /* constructors/destructor */ +- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ +- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ +- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ +- +- /* reserved for the future */ +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +-}; ++ return 0 ; ++} + +-/** +- * xmlSecNssKeysStoreGetKlass: +- * +- * The Nss list based keys store klass. ++int xmlSecNssKeysStoreAdoptKey( ++ xmlSecKeyStorePtr store , ++ xmlSecKeyPtr key ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( context->keyList == NULL ) { ++ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCheckId" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListAdd" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ return 0 ; ++} ++ ++/* ++ * xmlSecKeyStoreInitializeMethod: ++ * @store: the store. ++ * ++ * Keys store specific initialization method. + * +- * Returns Nss list based keys store klass. ++ * Returns 0 on success or a negative value if an error occurs. + */ +-xmlSecKeyStoreId +-xmlSecNssKeysStoreGetKlass(void) { +- return(&xmlSecNssKeysStoreKlass); ++static int ++xmlSecNssKeysStoreInitialize( ++ xmlSecKeyStorePtr store ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ context->keyList = NULL ; ++ context->slotList = NULL ; ++ ++ return 0 ; + } + + /** +- * xmlSecNssKeysStoreAdoptKey: +- * @store: the pointer to Nss keys store. +- * @key: the pointer to key. +- * +- * Adds @key to the @store. + * +- * Returns 0 on success or a negative value if an error occurs. ++ * xmlSecKeyStoreFinalizeMethod: ++ * @store: the store. ++ * ++ * Keys store specific finalization (destroy) method. + */ +-int +-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { +- xmlSecKeyStorePtr *ss; +- +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +- xmlSecAssert2((key != NULL), -1); ++void ++xmlSecNssKeysStoreFinalize( ++ xmlSecKeyStorePtr store ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; ++ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return ; ++ } ++ ++ if( context->keyList != NULL ) { ++ xmlSecPtrListDestroy( context->keyList ) ; ++ context->keyList = NULL ; ++ } ++ ++ if( context->slotList != NULL ) { ++ xmlSecPtrListDestroy( context->slotList ) ; ++ context->slotList = NULL ; ++ } ++} + +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); ++xmlSecKeyPtr ++xmlSecNssKeysStoreFindKeyFromSlot( ++ PK11SlotInfo* slot, ++ const xmlChar* name, ++ xmlSecKeyInfoCtxPtr keyInfoCtx ++) { ++ xmlSecKeyPtr key = NULL ; ++ xmlSecKeyDataPtr data = NULL ; ++ int length ; ++ ++ xmlSecAssert2( slot != NULL , NULL ) ; ++ xmlSecAssert2( name != NULL , NULL ) ; ++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { ++ PK11SymKey* symKey ; ++ PK11SymKey* curKey ; ++ ++ /* Find symmetric key from the slot by name */ ++ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; ++ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { ++ /* Check the key request */ ++ length = PK11_GetKeyLength( curKey ) ; ++ length *= 8 ; ++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ++ ( length > 0 ) && ++ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ++ continue ; ++ ++ /* We find a eligible key */ ++ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; ++ if( data == NULL ) { ++ /* Do nothing */ ++ } ++ break ; ++ } ++ ++ /* Destroy the sym key list */ ++ for( curKey = symKey ; curKey != NULL ; ) { ++ symKey = curKey ; ++ curKey = PK11_GetNextSymKey( symKey ) ; ++ PK11_FreeSymKey( symKey ) ; ++ } ++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ SECKEYPublicKeyList* pubKeyList ; ++ SECKEYPublicKey* pubKey ; ++ SECKEYPublicKeyListNode* curPub ; ++ ++ /* Find asymmetric key from the slot by name */ ++ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; ++ pubKey = NULL ; ++ curPub = PUBKEY_LIST_HEAD(pubKeyList); ++ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { ++ /* Check the key request */ ++ length = SECKEY_PublicKeyStrength( curPub->key ) ; ++ length *= 8 ; ++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ++ ( length > 0 ) && ++ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ++ continue ; ++ ++ /* We find a eligible key */ ++ pubKey = curPub->key ; ++ break ; ++ } ++ ++ if( pubKey != NULL ) { ++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ++ if( data == NULL ) { ++ /* Do nothing */ ++ } ++ } ++ ++ /* Destroy the public key list */ ++ SECKEY_DestroyPublicKeyList( pubKeyList ) ; ++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ SECKEYPrivateKeyList* priKeyList = NULL ; ++ SECKEYPrivateKey* priKey = NULL ; ++ SECKEYPrivateKeyListNode* curPri ; ++ ++ /* Find asymmetric key from the slot by name */ ++ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; ++ priKey = NULL ; ++ curPri = PRIVKEY_LIST_HEAD(priKeyList); ++ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { ++ /* Check the key request */ ++ length = PK11_SignatureLen( curPri->key ) ; ++ length *= 8 ; ++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ++ ( length > 0 ) && ++ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ++ continue ; ++ ++ /* We find a eligible key */ ++ priKey = curPri->key ; ++ break ; ++ } ++ ++ if( priKey != NULL ) { ++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ++ if( data == NULL ) { ++ /* Do nothing */ ++ } ++ } ++ ++ /* Destroy the private key list */ ++ SECKEY_DestroyPrivateKeyList( priKeyList ) ; ++ } ++ ++ /* If we have gotten the key value */ ++ if( data != NULL ) { ++ if( ( key = xmlSecKeyCreate() ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyDataDestroy( data ) ; ++ return NULL ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeySetValue" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyDestroy( key ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return NULL ; ++ } ++ } + +- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); ++ return(key); + } + ++ ++/** ++ * xmlSecKeyStoreFindKeyMethod: ++ * @store: the store. ++ * @name: the desired key name. ++ * @keyInfoCtx: the pointer to key info context. ++ * ++ * Keys store specific find method. The caller is responsible for destroying ++ * the returned key using #xmlSecKeyDestroy method. ++ * ++ * Returns the pointer to a key or NULL if key is not found or an error occurs. ++ */ ++static xmlSecKeyPtr ++xmlSecNssKeysStoreFindKey( ++ xmlSecKeyStorePtr store , ++ const xmlChar* name , ++ xmlSecKeyInfoCtxPtr keyInfoCtx ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ xmlSecKeyPtr key = NULL ; ++ xmlSecNssKeySlotPtr keySlot = NULL ; ++ xmlSecSize pos ; ++ xmlSecSize size ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; ++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Look for key at keyList at first. ++ */ ++ if( context->keyList != NULL ) { ++ size = xmlSecPtrListGetSize( context->keyList ) ; ++ for( pos = 0 ; pos < size ; pos ++ ) { ++ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; ++ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { ++ return xmlSecKeyDuplicate( key ) ; ++ } ++ } ++ } ++ ++ /*- ++ * Find the key from slotList ++ */ ++ if( context->slotList != NULL ) { ++ PK11SlotInfo* slot = NULL ; ++ ++ size = xmlSecPtrListGetSize( context->slotList ) ; ++ for( pos = 0 ; pos < size ; pos ++ ) { ++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; ++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ++ if( slot == NULL ) { ++ continue ; ++ } else { ++ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; ++ if( key == NULL ) { ++ continue ; ++ } else { ++ return( key ) ; ++ } ++ } ++ } ++ } ++ ++ /*- ++ * Create a session key if we can not find the key from keyList and slotList ++ */ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { ++ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecKeySetValue" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ return key ; ++ } ++ ++ /** ++ * We have no way to find the key any more. ++ */ ++ return NULL ; ++} ++ ++static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ++ sizeof( xmlSecKeyStoreKlass ) , ++ xmlSecNssKeysStoreSize , ++ BAD_CAST "implicit_nss_keys_store" , ++ xmlSecNssKeysStoreInitialize , ++ xmlSecNssKeysStoreFinalize , ++ xmlSecNssKeysStoreFindKey , ++ NULL , ++ NULL ++} ; ++ ++/** ++ * xmlSecNssKeysStoreGetKlass: ++ * ++ * The simple list based keys store klass. ++ * ++ * Returns simple list based keys store klass. ++ */ ++xmlSecKeyStoreId ++xmlSecNssKeysStoreGetKlass( void ) { ++ return &xmlSecNssKeysStoreKlass ; ++} ++ ++/************************** ++ * Application routines ++ */ ++ + /** + * xmlSecNssKeysStoreLoad: + * @store: the pointer to Nss keys store. +@@ -252,234 +654,147 @@ + */ + int + xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { +- xmlSecKeyStorePtr *ss; ++ xmlSecKeyInfoCtx keyInfoCtx; ++ xmlSecNssKeysStoreCtxPtr context ; ++ xmlSecPtrListPtr list; ++ xmlSecKeyPtr key; ++ xmlSecSize i, keysSize; ++ xmlDocPtr doc; ++ xmlNodePtr cur; ++ xmlSecKeyDataPtr data; ++ xmlSecPtrListPtr idsList; ++ xmlSecKeyDataId dataId; ++ xmlSecSize idsSize, j; ++ int ret; + + xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +- xmlSecAssert2((filename != NULL), -1); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; ++ xmlSecAssert2(filename != NULL, -1); + +- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); +-} ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ xmlSecAssert2( context != NULL, -1 ); + +-static int +-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { +- xmlSecKeyStorePtr *ss; ++ list = context->keyList ; ++ xmlSecAssert2( list != NULL, -1 ); ++ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); + +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2((*ss == NULL), -1); +- +- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); +- if(*ss == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ /* create doc */ ++ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); ++ if(doc == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +- "xmlSecKeyStoreCreate", ++ "xmlSecCreateTree", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "xmlSecSimpleKeysStoreId"); ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +- return(0); +-} ++ idsList = xmlSecKeyDataIdsGet(); ++ xmlSecAssert2(idsList != NULL, -1); + +-static void +-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { +- xmlSecKeyStorePtr *ss; +- +- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert((ss != NULL) && (*ss != NULL)); +- +- xmlSecKeyStoreDestroy(*ss); +-} ++ keysSize = xmlSecPtrListGetSize(list); ++ idsSize = xmlSecPtrListGetSize(idsList); ++ for(i = 0; i < keysSize; ++i) { ++ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); ++ xmlSecAssert2(key != NULL, -1); + +-static xmlSecKeyPtr +-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, +- xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlSecKeyStorePtr* ss; +- xmlSecKeyPtr key = NULL; +- xmlSecKeyPtr retval = NULL; +- xmlSecKeyReqPtr keyReq = NULL; +- CERTCertificate *cert = NULL; +- SECKEYPublicKey *pubkey = NULL; +- SECKEYPrivateKey *privkey = NULL; +- xmlSecKeyDataPtr data = NULL; +- xmlSecKeyDataPtr x509Data = NULL; +- int ret; +- +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); +- xmlSecAssert2(keyInfoCtx != NULL, NULL); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); +- +- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); +- if (key != NULL) { +- return (key); +- } +- +- /* Try to find the key in the NSS DB, and construct an xmlSecKey. +- * we must have a name to lookup keys in NSS DB. +- */ +- if (name == NULL) { +- goto done; +- } +- +- /* what type of key are we looking for? +- * TBD: For now, we'll look only for public/private keys using the +- * name as a cert nickname. Later on, we can attempt to find +- * symmetric keys using PK11_FindFixedKey +- */ +- keyReq = &(keyInfoCtx->keyReq); +- if (keyReq->keyType & +- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { +- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); +- if (cert == NULL) { +- goto done; +- } +- +- if (keyReq->keyType & xmlSecKeyDataTypePublic) { +- pubkey = CERT_ExtractPublicKey(cert); +- if (pubkey == NULL) { ++ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); ++ if(cur == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_ExtractPublicKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); ++ xmlFreeDoc(doc); ++ return(-1); + } + +- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { +- privkey = PK11_FindKeyByAnyCert(cert, NULL); +- if (privkey == NULL) { ++ /* special data key name */ ++ if(xmlSecKeyGetName(key) != NULL) { ++ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PK11_FindKeyByAnyCert", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeKeyName)); ++ xmlFreeDoc(doc); ++ return(-1); + } + } + +- data = xmlSecNssPKIAdoptKey(privkey, pubkey); +- if(data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssPKIAdoptKey", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- privkey = NULL; +- pubkey = NULL; +- +- key = xmlSecKeyCreate(); +- if (key == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyCreate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return (NULL); +- } +- +- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); +- if(x509Data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyDataCreate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "transform=%s", +- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); +- goto done; +- } ++ /* create nodes for other keys data */ ++ for(j = 0; j < idsSize; ++j) { ++ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); ++ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); ++ ++ if(dataId->dataNodeName == NULL) { ++ continue; ++ } ++ ++ data = xmlSecKeyGetData(key, dataId); ++ if(data == NULL) { ++ continue; ++ } + +- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); +- if (ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssKeyDataX509AdoptKeyCert", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; +- } +- cert = CERT_DupCertificate(cert); +- if (cert == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_DupCertificate", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; ++ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "node=%s", ++ xmlSecErrorsSafeString(dataId->dataNodeName)); ++ xmlFreeDoc(doc); ++ return(-1); ++ } + } + +- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); ++ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); + if (ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssKeyDataX509AdoptCert", ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecKeyInfoCtxInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlFreeDoc(doc); ++ return(-1); + } +- cert = NULL; + +- ret = xmlSecKeySetValue(key, data); +- if (ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeySetValue", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); +- goto done; +- } +- data = NULL; ++ keyInfoCtx.mode = xmlSecKeyInfoModeWrite; ++ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; ++ keyInfoCtx.keyReq.keyType = type; ++ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; + +- ret = xmlSecKeyAdoptData(key, x509Data); ++ /* finally write key in the node */ ++ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); + if (ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyAdoptData", ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecKeyInfoNodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; +- } +- x509Data = NULL; ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); ++ xmlFreeDoc(doc); ++ return(-1); ++ } + +- retval = key; +- key = NULL; ++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); + } + +-done: +- if (cert != NULL) { +- CERT_DestroyCertificate(cert); +- } +- if (pubkey != NULL) { +- SECKEY_DestroyPublicKey(pubkey); +- } +- if (privkey != NULL) { +- SECKEY_DestroyPrivateKey(privkey); +- } +- if (data != NULL) { +- xmlSecKeyDataDestroy(data); +- } +- if (x509Data != NULL) { +- xmlSecKeyDataDestroy(x509Data); +- } +- if (key != NULL) { +- xmlSecKeyDestroy(key); ++ /* now write result */ ++ ret = xmlSaveFormatFile(filename, doc, 1); ++ if (ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSaveFormatFile", ++ XMLSEC_ERRORS_R_XML_FAILED, ++ "filename=%s", ++ xmlSecErrorsSafeString(filename)); ++ xmlFreeDoc(doc); ++ return(-1); + } + +- return (retval); ++ xmlFreeDoc(doc); ++ return(0); + } +--- misc/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200 +@@ -1 +1,1213 @@ +-dummy ++/** ++ * ++ * XMLSec library ++ * ++ * AES Algorithm support ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright ................................. ++ */ ++#include "globals.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++#include <string.h> ++ ++#include <nss.h> ++#include <pk11func.h> ++#include <hasht.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/xmltree.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/errors.h> ++ ++#include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/ciphers.h> ++ ++#define XMLSEC_NSS_AES128_KEY_SIZE 16 ++#define XMLSEC_NSS_AES192_KEY_SIZE 24 ++#define XMLSEC_NSS_AES256_KEY_SIZE 32 ++#define XMLSEC_NSS_DES3_KEY_SIZE 24 ++#define XMLSEC_NSS_DES3_KEY_LENGTH 24 ++#define XMLSEC_NSS_DES3_IV_LENGTH 8 ++#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 ++ ++static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { ++ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 ++}; ++ ++/********************************************************************* ++ * ++ * key wrap transforms ++ * ++ ********************************************************************/ ++typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; ++typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; ++ ++#define xmlSecNssKeyWrapSize \ ++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) ++ ++#define xmlSecNssKeyWrapGetCtx( transform ) \ ++ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ++ ++struct _xmlSecNssKeyWrapCtx { ++ CK_MECHANISM_TYPE cipher ; ++ PK11SymKey* symkey ; ++ xmlSecKeyDataId keyId ; ++ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ ++} ; ++ ++static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); ++static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); ++static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, ++ xmlSecKeyReqPtr keyReq); ++static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, ++ xmlSecKeyPtr key); ++static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, ++ int last, ++ xmlSecTransformCtxPtr transformCtx); ++static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); ++ ++static int ++xmlSecNssKeyWrapCheckId( ++ xmlSecTransformPtr transform ++) { ++ #ifndef XMLSEC_NO_DES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ++ return(1); ++ } ++ #endif /* XMLSEC_NO_DES */ ++ ++ #ifndef XMLSEC_NO_AES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { ++ ++ return(1); ++ } ++ #endif /* XMLSEC_NO_AES */ ++ ++ return(0); ++} ++ ++static xmlSecSize ++xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { ++#ifndef XMLSEC_NO_DES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ++ return(XMLSEC_NSS_DES3_KEY_SIZE); ++ } else ++#endif /* XMLSEC_NO_DES */ ++ ++#ifndef XMLSEC_NO_AES ++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { ++ return(XMLSEC_NSS_AES128_KEY_SIZE); ++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { ++ return(XMLSEC_NSS_AES192_KEY_SIZE); ++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ++ return(XMLSEC_NSS_AES256_KEY_SIZE); ++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ++ return(XMLSEC_NSS_AES256_KEY_SIZE); ++ } else ++#endif /* XMLSEC_NO_AES */ ++ ++ if(1) ++ return(0); ++} ++ ++ ++static int ++xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { ++ xmlSecNssKeyWrapCtxPtr context ; ++ int ret; ++ ++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ xmlSecAssert2( context != NULL , -1 ) ; ++ ++ #ifndef XMLSEC_NO_DES ++ if( transform->id == xmlSecNssTransformKWDes3Id ) { ++ context->cipher = CKM_DES3_CBC ; ++ context->keyId = xmlSecNssKeyDataDesId ; ++ } else ++ #endif /* XMLSEC_NO_DES */ ++ ++ #ifndef XMLSEC_NO_AES ++ if( transform->id == xmlSecNssTransformKWAes128Id ) { ++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( transform->id == xmlSecNssTransformKWAes192Id ) { ++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( transform->id == xmlSecNssTransformKWAes256Id ) { ++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ #endif /* XMLSEC_NO_AES */ ++ ++ ++ if( 1 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ context->symkey = NULL ; ++ context->material = NULL ; ++ ++ return(0); ++} ++ ++static void ++xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { ++ xmlSecNssKeyWrapCtxPtr context ; ++ ++ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); ++ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ xmlSecAssert( context != NULL ) ; ++ ++ if( context->symkey != NULL ) { ++ PK11_FreeSymKey( context->symkey ) ; ++ context->symkey = NULL ; ++ } ++ ++ if( context->material != NULL ) { ++ xmlSecBufferDestroy(context->material); ++ context->material = NULL ; ++ } ++} ++ ++static int ++xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ++ xmlSecNssKeyWrapCtxPtr context ; ++ xmlSecSize cipherSize = 0 ; ++ ++ ++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ++ xmlSecAssert2(keyReq != NULL, -1); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ xmlSecAssert2( context != NULL , -1 ) ; ++ ++ keyReq->keyId = context->keyId; ++ keyReq->keyType = xmlSecKeyDataTypeSymmetric; ++ if(transform->operation == xmlSecTransformOperationEncrypt) { ++ keyReq->keyUsage = xmlSecKeyUsageEncrypt; ++ } else { ++ keyReq->keyUsage = xmlSecKeyUsageDecrypt; ++ } ++ ++ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ++ xmlSecNssKeyWrapCtxPtr context = NULL ; ++ xmlSecKeyDataPtr keyData = NULL ; ++ PK11SymKey* symkey = NULL ; ++ ++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ++ xmlSecAssert2(key != NULL, -1); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ++ ++ keyData = xmlSecKeyGetValue( key ) ; ++ if( keyData == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ++ "xmlSecKeyGetValue" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ++ "xmlSecNssSymKeyDataGetKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ context->symkey = symkey ; ++ ++ return(0) ; ++} ++ ++/** ++ * key wrap transform ++ */ ++static int ++xmlSecNssKeyWrapCtxInit( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecSize blockSize ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ if( ctx->material != NULL ) { ++ xmlSecBufferDestroy( ctx->material ) ; ++ ctx->material = NULL ; ++ } ++ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ ctx->material = xmlSecBufferCreate( blockSize ) ; ++ if( ctx->material == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* read raw key material into context */ ++ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetData" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++/** ++ * key wrap transform update ++ */ ++static int ++xmlSecNssKeyWrapCtxUpdate( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ /* read raw key material and append into context */ ++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { ++ xmlSecSize s; ++ xmlSecSize i; ++ xmlSecByte c; ++ ++ xmlSecAssert2(buf != NULL, -1); ++ ++ s = size / 2; ++ --size; ++ for(i = 0; i < s; ++i) { ++ c = buf[i]; ++ buf[i] = buf[size - i]; ++ buf[size - i] = c; ++ } ++ return(0); ++} ++ ++static xmlSecByte * ++xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, ++ xmlSecByte *out, xmlSecSize outSize) ++{ ++ PK11Context *context = NULL; ++ SECStatus s; ++ xmlSecByte *digest = NULL; ++ unsigned int len; ++ ++ xmlSecAssert2(in != NULL, NULL); ++ xmlSecAssert2(out != NULL, NULL); ++ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); ++ ++ /* Create a context for hashing (digesting) */ ++ context = PK11_CreateDigestContext(SEC_OID_SHA1); ++ if (context == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_CreateDigestContext", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ s = PK11_DigestBegin(context); ++ if (s != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestBegin", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ s = PK11_DigestOp(context, in, inSize); ++ if (s != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestOp", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ s = PK11_DigestFinal(context, out, &len, outSize); ++ if (s != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestFinal", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ xmlSecAssert2(len == SHA1_LENGTH, NULL); ++ ++ digest = out; ++ ++done: ++ if (context != NULL) { ++ PK11_DestroyContext(context, PR_TRUE); ++ } ++ return (digest); ++} ++ ++static int ++xmlSecNssKWDes3Encrypt( ++ PK11SymKey* symKey , ++ CK_MECHANISM_TYPE cipherMech , ++ const xmlSecByte* iv , ++ xmlSecSize ivSize , ++ const xmlSecByte* in , ++ xmlSecSize inSize , ++ xmlSecByte* out , ++ xmlSecSize outSize , ++ int enc ++) { ++ PK11Context* EncContext = NULL; ++ SECItem ivItem ; ++ SECItem* secParam = NULL ; ++ int tmp1_outlen; ++ unsigned int tmp2_outlen; ++ int result_len = -1; ++ SECStatus rv; ++ ++ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( symKey != NULL , -1 ) ; ++ xmlSecAssert2(iv != NULL, -1); ++ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); ++ xmlSecAssert2(in != NULL, -1); ++ xmlSecAssert2(inSize > 0, -1); ++ xmlSecAssert2(out != NULL, -1); ++ xmlSecAssert2(outSize >= inSize, -1); ++ ++ /* Prepare IV */ ++ ivItem.data = ( unsigned char* )iv ; ++ ivItem.len = ivSize ; ++ ++ secParam = PK11_ParamFromIV(cipherMech, &ivItem); ++ if (secParam == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_ParamFromIV", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ EncContext = PK11_CreateContextBySymKey(cipherMech, ++ enc ? CKA_ENCRYPT : CKA_DECRYPT, ++ symKey, secParam); ++ if (EncContext == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_CreateContextBySymKey", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ tmp1_outlen = tmp2_outlen = 0; ++ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, ++ (unsigned char *)in, inSize); ++ if (rv != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_CipherOp", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, ++ &tmp2_outlen, outSize-tmp1_outlen); ++ if (rv != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestFinal", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ result_len = tmp1_outlen + tmp2_outlen; ++ ++done: ++ if (secParam) { ++ SECITEM_FreeItem(secParam, PR_TRUE); ++ } ++ if (EncContext) { ++ PK11_DestroyContext(EncContext, PR_TRUE); ++ } ++ ++ return(result_len); ++} ++ ++static int ++xmlSecNssKeyWrapDesOp( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ int encrypt , ++ xmlSecBufferPtr result ++) { ++ xmlSecByte sha1[SHA1_LENGTH]; ++ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; ++ xmlSecByte* in; ++ xmlSecSize inSize; ++ xmlSecByte* out; ++ xmlSecSize outSize; ++ xmlSecSize s; ++ int ret; ++ SECStatus status; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( result != NULL , -1 ) ; ++ ++ in = xmlSecBufferGetData(ctx->material); ++ inSize = xmlSecBufferGetSize(ctx->material) ; ++ out = xmlSecBufferGetData(result); ++ outSize = xmlSecBufferGetMaxSize(result) ; ++ if( encrypt ) { ++ /* step 2: calculate sha1 and CMS */ ++ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssComputeSHA1", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* step 3: construct WKCKS */ ++ memcpy(out, in, inSize); ++ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); ++ ++ /* step 4: generate random iv */ ++ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); ++ if(status != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_GenerateRandom", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ return(-1); ++ } ++ ++ /* step 5: first encryption, result is TEMP1 */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ iv, XMLSEC_NSS_DES3_IV_LENGTH, ++ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, ++ out, outSize, 1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* step 6: construct TEMP2=IV || TEMP1 */ ++ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, ++ inSize + XMLSEC_NSS_DES3_IV_LENGTH); ++ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); ++ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; ++ ++ /* step 7: reverse octets order, result is TEMP3 */ ++ ret = xmlSecNssKWDes3BufferReverse(out, s); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3BufferReverse", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* step 8: second encryption with static IV */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ++ out, s, ++ out, outSize, 1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ s = ret; ++ ++ if( xmlSecBufferSetSize( result , s ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBufferSetSize", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ } else { ++ /* step 2: first decryption with static IV, result is TEMP3 */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ++ in, inSize, ++ out, outSize, 0); ++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ s = ret; ++ ++ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ ++ ret = xmlSecNssKWDes3BufferReverse(out, s); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3BufferReverse", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ out, XMLSEC_NSS_DES3_IV_LENGTH, ++ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, ++ out, outSize, 0); ++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; ++ ++ /* steps 6 and 7: calculate SHA1 and validate it */ ++ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssComputeSHA1", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ NULL, ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ "SHA1 does not match"); ++ return(-1); ++ } ++ ++ if( xmlSecBufferSetSize( result , s ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBufferSetSize", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ } ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyWrapAesOp( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ int encrypt , ++ xmlSecBufferPtr result ++) { ++ PK11Context* cipherCtx = NULL; ++ SECItem ivItem ; ++ SECItem* secParam = NULL ; ++ xmlSecSize inSize ; ++ xmlSecSize inBlocks ; ++ int blockSize ; ++ int midSize ; ++ int finSize ; ++ xmlSecByte* out ; ++ xmlSecSize outSize; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( result != NULL , -1 ) ; ++ ++ /* Do not set any IV */ ++ memset(&ivItem, 0, sizeof(ivItem)); ++ ++ /* Get block size */ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ inSize = xmlSecBufferGetSize( ctx->material ) ; ++ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetMaxSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* Get Param for context initialization */ ++ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_ParamFromIV" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; ++ if( cipherCtx == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_CreateContextBySymKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ SECITEM_FreeItem( secParam , PR_TRUE ) ; ++ return(-1); ++ } ++ ++ out = xmlSecBufferGetData(result) ; ++ outSize = xmlSecBufferGetMaxSize(result) ; ++ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_CipherOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_DigestFinal" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return 0 ; ++} ++ ++/** ++ * Block cipher transform final ++ */ ++static int ++xmlSecNssKeyWrapCtxFinal( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ PK11SymKey* targetKey ; ++ xmlSecSize blockSize ; ++ xmlSecBufferPtr result ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ /* read raw key material and append into context */ ++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* Now we get all of the key materail */ ++ /* from now on we will wrap or unwrap the key */ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ result = xmlSecBufferCreate( blockSize ) ; ++ if( result == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ switch( ctx->cipher ) { ++ case CKM_DES3_CBC : ++ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssKeyWrapDesOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ break ; ++ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ ++ case CKM_AES_CBC : ++ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssKeyWrapAesOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ break ; ++ } ++ ++ /* Write output */ ++ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ xmlSecBufferDestroy(result); ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ++ xmlSecNssKeyWrapCtxPtr context = NULL ; ++ xmlSecBufferPtr inBuf, outBuf ; ++ int operation ; ++ int rtv ; ++ ++ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ inBuf = &( transform->inBuf ) ; ++ outBuf = &( transform->outBuf ) ; ++ ++ if( transform->status == xmlSecTransformStatusNone ) { ++ transform->status = xmlSecTransformStatusWorking ; ++ } ++ ++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ++ if( transform->status == xmlSecTransformStatusWorking ) { ++ if( context->material == NULL ) { ++ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapCtxInit" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ if( context->material == NULL && last != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "No enough data to intialize transform" ) ; ++ return(-1); ++ } ++ ++ if( context->material != NULL ) { ++ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapCtxUpdate" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ if( last ) { ++ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapCtxFinal" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ transform->status = xmlSecTransformStatusFinished ; ++ } ++ } else if( transform->status == xmlSecTransformStatusFinished ) { ++ if( xmlSecBufferGetSize( inBuf ) != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return(-1); ++ } ++ } else { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++#ifndef XMLSEC_NO_AES ++ ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWAes128Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWAes128, /* const xmlChar* name; */ ++ xmlSecHrefKWAes128, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWAes192Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWAes192, /* const xmlChar* name; */ ++ xmlSecHrefKWAes192, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWAes256Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWAes256, /* const xmlChar* name; */ ++ xmlSecHrefKWAes256, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecNssTransformKWAes128GetKlass: ++ * ++ * The AES-128 key wrapper transform klass. ++ * ++ * Returns AES-128 key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWAes128GetKlass(void) { ++ return(&xmlSecNssKWAes128Klass); ++} ++ ++/** ++ * xmlSecNssTransformKWAes192GetKlass: ++ * ++ * The AES-192 key wrapper transform klass. ++ * ++ * Returns AES-192 key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWAes192GetKlass(void) { ++ return(&xmlSecNssKWAes192Klass); ++} ++ ++/** ++ * ++ * The AES-256 key wrapper transform klass. ++ * ++ * Returns AES-256 key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWAes256GetKlass(void) { ++ return(&xmlSecNssKWAes256Klass); ++} ++ ++#endif /* XMLSEC_NO_AES */ ++ ++ ++#ifndef XMLSEC_NO_DES ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWDes3Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWDes3, /* const xmlChar* name; */ ++ xmlSecHrefKWDes3, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecNssTransformKWDes3GetKlass: ++ * ++ * The Triple DES key wrapper transform klass. ++ * ++ * Returns Triple DES key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWDes3GetKlass(void) { ++ return(&xmlSecNssKWDes3Klass); ++} ++ ++#endif /* XMLSEC_NO_DES */ ++ +--- misc/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200 +@@ -24,6 +24,7 @@ + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/bignum.h> + #include <xmlsec/nss/pkikeys.h> ++#include <xmlsec/nss/tokens.h> + + /************************************************************************** + * +@@ -115,6 +116,8 @@ + xmlSecNssPKIKeyDataCtxPtr ctxSrc) + { + xmlSecNSSPKIKeyDataCtxFree(ctxDst); ++ ctxDst->privkey = NULL ; ++ ctxDst->pubkey = NULL ; + if (ctxSrc->privkey != NULL) { + ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); + if(ctxDst->privkey == NULL) { +@@ -588,13 +591,13 @@ + goto done; + } + +- slot = PK11_GetBestSlot(CKM_DSA, NULL); ++ slot = xmlSecNssSlotGet(CKM_DSA); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +@@ -792,14 +795,14 @@ + if (slot != NULL) { + PK11_FreeSlot(slot); + } +- if (ret != 0) { ++ + if (pubkey != NULL) { + SECKEY_DestroyPublicKey(pubkey); + } + if (data != NULL) { + xmlSecKeyDataDestroy(data); + } +- } ++ + return(ret); + } + +@@ -818,7 +821,7 @@ + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { + /* we can have only private key or public key */ +@@ -940,7 +943,8 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_ParamGen", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", sizeBits); ++ "size=%d, error code=%d", sizeBits, PORT_GetError()); ++ ret = -1; + goto done; + } + +@@ -950,11 +954,12 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_VerifyParams", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", sizeBits); ++ "size=%d, error code=%d", sizeBits, PORT_GetError()); ++ ret = -1; + goto done; + } + +- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); ++ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, + &pubkey, PR_FALSE, PR_TRUE, NULL); +@@ -964,8 +969,9 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ++ ret = -1; + goto done; + } + +@@ -979,6 +985,8 @@ + goto done; + } + ++ privkey = NULL ; ++ pubkey = NULL ; + ret = 0; + + done: +@@ -991,16 +999,13 @@ + if (pqgVerify != NULL) { + PK11_PQG_DestroyVerify(pqgVerify); + } +- if (ret == 0) { +- return (0); +- } + if (pubkey != NULL) { + SECKEY_DestroyPublicKey(pubkey); + } + if (privkey != NULL) { + SECKEY_DestroyPrivateKey(privkey); + } +- return(-1); ++ return(ret); + } + + static xmlSecKeyDataType +@@ -1010,10 +1015,10 @@ + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ + if (ctx->privkey != NULL) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); +- } else { ++ } else if( ctx->pubkey != NULL ) { + return(xmlSecKeyDataTypePublic); + } + +@@ -1027,7 +1032,7 @@ + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +@@ -1216,13 +1221,13 @@ + goto done; + } + +- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); ++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +@@ -1384,7 +1389,7 @@ + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ + + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { +@@ -1455,7 +1460,7 @@ + params.keySizeInBits = sizeBits; + params.pe = 65537; + +- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); ++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, + &pubkey, PR_FALSE, PR_TRUE, NULL); +@@ -1525,7 +1530,7 @@ + + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +--- misc/xmlsec1-1.2.12/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200 +@@ -15,20 +15,41 @@ + #include <stdio.h> + #include <string.h> + ++#include <pk11func.h> ++#include <nss.h> ++ + #include <xmlsec/xmlsec.h> + #include <xmlsec/xmltree.h> ++#include <xmlsec/base64.h> + #include <xmlsec/keys.h> + #include <xmlsec/keyinfo.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/ciphers.h> ++#include <xmlsec/nss/tokens.h> + + /***************************************************************************** + * +- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary ++ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey + * + ****************************************************************************/ ++typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; ++typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; ++ ++struct _xmlSecNssSymKeyDataCtx { ++ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ ++ PK11SlotInfo* slot ; /* the key resident slot */ ++ PK11SymKey* symkey ; /* the symmetic key */ ++} ; ++ ++#define xmlSecNssSymKeyDataSize \ ++ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) ++ ++#define xmlSecNssSymKeyDataGetCtx( data ) \ ++ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) ++ + static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); + static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +@@ -67,107 +88,743 @@ + (xmlSecKeyDataIsValid((data)) && \ + xmlSecNssSymKeyDataKlassCheck((data)->id)) + ++/** ++ * xmlSecNssSymKeyDataAdoptKey: ++ * @data: the pointer to symmetric key data. ++ * @symkey: the symmetric key ++ * ++ * Set the value of symmetric key data. ++ * ++ * Returns 0 on success or a negative value if an error occurs. ++ */ ++int ++xmlSecNssSymKeyDataAdoptKey( ++ xmlSecKeyDataPtr data , ++ PK11SymKey* symkey ++) { ++ xmlSecNssSymKeyDataCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; ++ xmlSecAssert2( symkey != NULL, -1 ) ; ++ ++ context = xmlSecNssSymKeyDataGetCtx( data ) ; ++ xmlSecAssert2(context != NULL, -1); ++ ++ context->cipher = PK11_GetMechanism( symkey ) ; ++ ++ if( context->slot != NULL ) { ++ PK11_FreeSlot( context->slot ) ; ++ context->slot = NULL ; ++ } ++ context->slot = PK11_GetSlotFromKey( symkey ) ; ++ ++ if( context->symkey != NULL ) { ++ PK11_FreeSymKey( context->symkey ) ; ++ context->symkey = NULL ; ++ } ++ context->symkey = PK11_ReferenceSymKey( symkey ) ; ++ ++ return 0 ; ++} ++ ++xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( ++ PK11SymKey* symKey ++) { ++ xmlSecKeyDataPtr data = NULL ; ++ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; ++ ++ xmlSecAssert2( symKey != NULL , NULL ) ; ++ ++ mechanism = PK11_GetMechanism( symKey ) ; ++ switch( mechanism ) { ++ case CKM_DES3_KEY_GEN : ++ case CKM_DES3_CBC : ++ case CKM_DES3_MAC : ++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyDataCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "xmlSecNssKeyDataDesId" ) ; ++ return NULL ; ++ } ++ break ; ++ case CKM_AES_KEY_GEN : ++ case CKM_AES_CBC : ++ case CKM_AES_MAC : ++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyDataCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "xmlSecNssKeyDataDesId" ) ; ++ return NULL ; ++ } ++ break ; ++ default : ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "Unsupported mechanism" ) ; ++ return NULL ; ++ } ++ ++ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataAdoptKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyDataDestroy( data ) ; ++ return NULL ; ++ } ++ ++ return data ; ++} ++ ++ ++PK11SymKey* ++xmlSecNssSymKeyDataGetKey( ++ xmlSecKeyDataPtr data ++) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ PK11SymKey* symkey ; ++ ++ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, NULL); ++ ++ if( ctx->symkey != NULL ) { ++ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; ++ } else { ++ symkey = NULL ; ++ } ++ ++ return(symkey); ++} ++ + static int + xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); +- +- return(xmlSecKeyDataBinaryValueInitialize(data)); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); ++ ++ /* Set the block cipher mechanism */ ++#ifndef XMLSEC_NO_DES ++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ++ ctx->cipher = CKM_DES3_KEY_GEN; ++ } else ++#endif /* XMLSEC_NO_DES */ ++ ++#ifndef XMLSEC_NO_AES ++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ++ ctx->cipher = CKM_AES_KEY_GEN; ++ } else ++#endif /* XMLSEC_NO_AES */ ++ ++ if(1) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ "Unsupported block cipher" ) ; ++ return(-1) ; ++ } ++ ++ return(0); + } + + static int + xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { ++ xmlSecNssSymKeyDataCtxPtr ctxDst; ++ xmlSecNssSymKeyDataCtxPtr ctxSrc; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); + xmlSecAssert2(dst->id == src->id, -1); +- +- return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); ++ ++ ctxDst = xmlSecNssSymKeyDataGetCtx(dst); ++ xmlSecAssert2(ctxDst != NULL, -1); ++ ++ ctxSrc = xmlSecNssSymKeyDataGetCtx(src); ++ xmlSecAssert2(ctxSrc != NULL, -1); ++ ++ ctxDst->cipher = ctxSrc->cipher ; ++ ++ if( ctxSrc->slot != NULL ) { ++ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { ++ PK11_FreeSlot( ctxDst->slot ) ; ++ ctxDst->slot = NULL ; ++ } ++ ++ if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) ++ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; ++ } else { ++ if( ctxDst->slot != NULL ) { ++ PK11_FreeSlot( ctxDst->slot ) ; ++ ctxDst->slot = NULL ; ++ } ++ } ++ ++ if( ctxSrc->symkey != NULL ) { ++ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { ++ PK11_FreeSymKey( ctxDst->symkey ) ; ++ ctxDst->symkey = NULL ; ++ } ++ ++ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) ++ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; ++ } else { ++ if( ctxDst->symkey != NULL ) { ++ PK11_FreeSymKey( ctxDst->symkey ) ; ++ ctxDst->symkey = NULL ; ++ } ++ } ++ ++ return(0); + } + + static void + xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); +- +- xmlSecKeyDataBinaryValueFinalize(data); ++ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert(ctx != NULL); ++ ++ if( ctx->slot != NULL ) { ++ PK11_FreeSlot( ctx->slot ) ; ++ ctx->slot = NULL ; ++ } ++ ++ if( ctx->symkey != NULL ) { ++ PK11_FreeSymKey( ctx->symkey ) ; ++ ctx->symkey = NULL ; ++ } ++ ++ ctx->cipher = CKM_INVALID_MECHANISM ; + } + + static int + xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ PK11SymKey* symKey ; ++ PK11SlotInfo* slot ; ++ xmlSecBufferPtr keyBuf; ++ xmlSecSize len; ++ xmlSecKeyDataPtr data; ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ SECItem keyItem ; ++ int ret; ++ ++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(node != NULL, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Create a new KeyData from a id */ ++ data = xmlSecKeyDataCreate(id); ++ if(data == NULL ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ /* Create a buffer for raw symmetric key value */ ++ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Read the raw key value */ ++ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecBufferDestroy( keyBuf ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Get slot */ ++ slot = xmlSecNssSlotGet(ctx->cipher); ++ if( slot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssSlotGet" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecBufferDestroy( keyBuf ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Wrap the raw key value SECItem */ ++ keyItem.type = siBuffer ; ++ keyItem.data = xmlSecBufferGetData( keyBuf ) ; ++ keyItem.len = xmlSecBufferGetSize( keyBuf ) ; ++ ++ /* Import the raw key into slot temporalily and get the key handler*/ ++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ++ if( symKey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ImportSymKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ PK11_FreeSlot( slot ) ; ++ xmlSecBufferDestroy( keyBuf ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ PK11_FreeSlot( slot ) ; ++ ++ /* raw key material has been copied into symKey, it isn't used any more */ ++ xmlSecBufferDestroy( keyBuf ) ; ++ ++ /* Adopt the symmetric key into key data */ ++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataBinaryValueSetBuffer", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ /* symKey has been duplicated into data, it isn't used any more */ ++ PK11_FreeSymKey( symKey ) ; ++ ++ /* Check value */ ++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyReqMatchKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(0); ++ } + +- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); ++ ret = xmlSecKeySetValue(key, data); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeySetValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ ++ return(0); + } + + static int + xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ PK11SymKey* symKey ; ++ + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); +- +- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(node != NULL, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Get symmetric key from "key" */ ++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); ++ if( symKey != NULL ) { ++ SECItem* keyItem ; ++ xmlSecBufferPtr keyBuf ; ++ ++ /* Extract raw key data from symmetric key */ ++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ExtractKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Get raw key data from "symKey" */ ++ keyItem = PK11_GetKeyData( symKey ) ; ++ if(keyItem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_GetKeyData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Create key data buffer with raw kwy material */ ++ keyBuf = xmlSecBufferCreate(keyItem->len) ; ++ if(keyBuf == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; ++ ++ /* Write raw key material into current xml node */ ++ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferBase64NodeContentWrite", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecBufferDestroy(keyBuf); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ xmlSecBufferDestroy(keyBuf); ++ PK11_FreeSymKey( symKey ) ; ++ } ++ ++ return 0 ; + } + + static int + xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + const xmlSecByte* buf, xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ PK11SymKey* symKey ; ++ PK11SlotInfo* slot ; ++ xmlSecKeyDataPtr data; ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ SECItem keyItem ; ++ int ret; ++ ++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(buf != NULL, -1); ++ xmlSecAssert2(bufSize != 0, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Create a new KeyData from a id */ ++ data = xmlSecKeyDataCreate(id); ++ if(data == NULL ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ /* Get slot */ ++ slot = xmlSecNssSlotGet(ctx->cipher); ++ if( slot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssSlotGet" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Wrap the raw key value SECItem */ ++ keyItem.type = siBuffer ; ++ keyItem.data = buf ; ++ keyItem.len = bufSize ; ++ ++ /* Import the raw key into slot temporalily and get the key handler*/ ++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ++ if( symKey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ImportSymKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Adopt the symmetric key into key data */ ++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataBinaryValueSetBuffer", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSymKey( symKey ) ; ++ PK11_FreeSlot( slot ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ /* symKey has been duplicated into data, it isn't used any more */ ++ PK11_FreeSymKey( symKey ) ; ++ PK11_FreeSlot( slot ) ; ++ ++ /* Check value */ ++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyReqMatchKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(0); ++ } + +- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); ++ ret = xmlSecKeySetValue(key, data); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeySetValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ ++ return(0); + } + + static int + xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlSecByte** buf, xmlSecSize* bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ PK11SymKey* symKey ; ++ + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(buf != NULL, -1); ++ xmlSecAssert2(bufSize != 0, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Get symmetric key from "key" */ ++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); ++ if( symKey != NULL ) { ++ SECItem* keyItem ; ++ ++ /* Extract raw key data from symmetric key */ ++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ExtractKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Get raw key data from "symKey" */ ++ keyItem = PK11_GetKeyData( symKey ) ; ++ if(keyItem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_GetKeyData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ *bufSize = keyItem->len; ++ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); ++ if( *buf == NULL ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ NULL, ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ memcpy((*buf), keyItem->data, (*bufSize)); ++ PK11_FreeSymKey( symKey ) ; ++ } + +- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); ++ return 0 ; + } + + static int + xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +- xmlSecBufferPtr buffer; ++ PK11SymKey* symkey ; ++ PK11SlotInfo* slot ; ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ int ret; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); + xmlSecAssert2(sizeBits > 0, -1); + +- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); +- xmlSecAssert2(buffer != NULL, -1); +- +- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ if( sizeBits % 8 != 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ NULL, ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "Symmetric key size must be octuple"); ++ return(-1); ++ } ++ ++ /* Get slot */ ++ slot = xmlSecNssSlotGet(ctx->cipher); ++ if( slot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecNssSlotGet" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_Authenticate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ return -1 ; ++ } ++ ++ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; ++ if( symkey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_KeyGen" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ return -1 ; ++ } ++ ++ if( ctx->slot != NULL ) { ++ PK11_FreeSlot( ctx->slot ) ; ++ ctx->slot = NULL ; ++ } ++ ctx->slot = slot ; ++ ++ if( ctx->symkey != NULL ) { ++ PK11_FreeSymKey( ctx->symkey ) ; ++ ctx->symkey = NULL ; ++ } ++ ctx->symkey = symkey ; ++ ++ return 0; + } + + static xmlSecKeyDataType + xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { +- xmlSecBufferPtr buffer; ++ xmlSecNssSymKeyDataCtxPtr context = NULL ; ++ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; + +- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); +- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); ++ context = xmlSecNssSymKeyDataGetCtx( data ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "xmlSecNssSymKeyDataGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return xmlSecKeyDataTypeUnknown ; ++ } + +- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); ++ if( context->symkey != NULL ) { ++ type |= xmlSecKeyDataTypeSymmetric ; ++ } else { ++ type |= xmlSecKeyDataTypeUnknown ; ++ } ++ ++ return type ; + } + + static xmlSecSize + xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr context ; ++ unsigned int length = 0 ; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; ++ context = xmlSecNssSymKeyDataGetCtx( data ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "xmlSecNssSymKeyDataGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return 0 ; ++ } ++ ++ if( context->symkey != NULL ) { ++ length = PK11_GetKeyLength( context->symkey ) ; ++ length *= 8 ; ++ } + +- return(xmlSecKeyDataBinaryValueGetSize(data)); ++ return length ; + } + + static void + xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); + +- xmlSecKeyDataBinaryValueDebugDump(data, output); ++ /* print only size, everything else is sensitive */ ++ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , ++ xmlSecKeyDataGetSize(data)) ; + } + + static void + xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); +- +- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); ++ ++ /* print only size, everything else is sensitive */ ++ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , ++ xmlSecKeyDataGetSize(data)) ; + } + + static int +@@ -201,7 +858,7 @@ + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { + sizeof(xmlSecKeyDataKlass), +- xmlSecKeyDataBinarySize, ++ xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameAESKeyValue, +@@ -282,7 +939,7 @@ + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { + sizeof(xmlSecKeyDataKlass), +- xmlSecKeyDataBinarySize, ++ xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameDESKeyValue, +@@ -364,7 +1021,7 @@ + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { + sizeof(xmlSecKeyDataKlass), +- xmlSecKeyDataBinarySize, ++ xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameHMACKeyValue, +--- misc/xmlsec1-1.2.12/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200 +@@ -1 +1,548 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright.................................. ++ * ++ * Contributor(s): _____________________________ ++ * ++ */ ++ ++/** ++ * In order to ensure that particular crypto operation is performed on ++ * particular crypto device, a subclass of xmlSecList is used to store slot and ++ * mechanism information. ++ * ++ * In the list, a slot is bound with a mechanism. If the mechanism is available, ++ * this mechanism only can perform on the slot; otherwise, it can perform on ++ * every eligibl slot in the list. ++ * ++ * When try to find a slot for a particular mechanism, the slot bound with ++ * avaliable mechanism will be looked up firstly. ++ */ ++#include "globals.h" ++#include <string.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/errors.h> ++#include <xmlsec/list.h> ++ ++#include <xmlsec/nss/tokens.h> ++ ++int ++xmlSecNssKeySlotSetMechList( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE_PTR mechanismList ++) { ++ int counter ; ++ ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( keySlot->mechanismList != CK_NULL_PTR ) { ++ xmlFree( keySlot->mechanismList ) ; ++ ++ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ++ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ++ if( keySlot->mechanismList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ for( ; counter >= 0 ; counter -- ) ++ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; ++ } ++ ++ return( 0 ); ++} ++ ++int ++xmlSecNssKeySlotEnableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) { ++ int counter ; ++ CK_MECHANISM_TYPE_PTR newList ; ++ ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( mechanism != CKM_INVALID_MECHANISM ) { ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ++ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ++ if( newList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; ++ *( newList + counter ) = mechanism ; ++ for( counter -= 1 ; counter >= 0 ; counter -- ) ++ *( newList + counter ) = *( keySlot->mechanismList + counter ) ; ++ ++ xmlFree( keySlot->mechanismList ) ; ++ keySlot->mechanismList = newList ; ++ } ++ ++ return(0); ++} ++ ++int ++xmlSecNssKeySlotDisableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) { ++ int counter ; ++ ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ++ if( *( keySlot->mechanismList + counter ) == mechanism ) { ++ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ++ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; ++ } ++ ++ break ; ++ } ++ } ++ ++ return(0); ++} ++ ++CK_MECHANISM_TYPE_PTR ++xmlSecNssKeySlotGetMechList( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ if( keySlot != NULL ) ++ return keySlot->mechanismList ; ++ else ++ return NULL ; ++} ++ ++int ++xmlSecNssKeySlotSetSlot( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) { ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( slot != NULL && keySlot->slot != slot ) { ++ if( keySlot->slot != NULL ) ++ PK11_FreeSlot( keySlot->slot ) ; ++ ++ if( keySlot->mechanismList != NULL ) { ++ xmlFree( keySlot->mechanismList ) ; ++ keySlot->mechanismList = NULL ; ++ } ++ ++ keySlot->slot = PK11_ReferenceSlot( slot ) ; ++ } ++ ++ return(0); ++} ++ ++int ++xmlSecNssKeySlotInitialize( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) { ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ xmlSecAssert2( keySlot->slot == NULL , -1 ) ; ++ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; ++ ++ if( slot != NULL ) { ++ keySlot->slot = PK11_ReferenceSlot( slot ) ; ++ } ++ ++ return(0); ++} ++ ++void ++xmlSecNssKeySlotFinalize( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecAssert( keySlot != NULL ) ; ++ ++ if( keySlot->mechanismList != NULL ) { ++ xmlFree( keySlot->mechanismList ) ; ++ keySlot->mechanismList = NULL ; ++ } ++ ++ if( keySlot->slot != NULL ) { ++ PK11_FreeSlot( keySlot->slot ) ; ++ keySlot->slot = NULL ; ++ } ++ ++} ++ ++PK11SlotInfo* ++xmlSecNssKeySlotGetSlot( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ if( keySlot != NULL ) ++ return keySlot->slot ; ++ else ++ return NULL ; ++} ++ ++xmlSecNssKeySlotPtr ++xmlSecNssKeySlotCreate() { ++ xmlSecNssKeySlotPtr keySlot ; ++ ++ /* Allocates a new xmlSecNssKeySlot and fill the fields */ ++ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; ++ if( keySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( NULL ); ++ } ++ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; ++ ++ return( keySlot ) ; ++} ++ ++int ++xmlSecNssKeySlotCopy( ++ xmlSecNssKeySlotPtr newKeySlot , ++ xmlSecNssKeySlotPtr keySlot ++) { ++ CK_MECHANISM_TYPE_PTR mech ; ++ int counter ; ++ ++ xmlSecAssert2( newKeySlot != NULL , -1 ) ; ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { ++ if( newKeySlot->slot != NULL ) ++ PK11_FreeSlot( newKeySlot->slot ) ; ++ ++ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; ++ } ++ ++ if( keySlot->mechanismList != CK_NULL_PTR ) { ++ xmlFree( newKeySlot->mechanismList ) ; ++ ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ++ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ++ if( newKeySlot->mechanismList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ for( ; counter >= 0 ; counter -- ) ++ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; ++ } ++ ++ return( 0 ); ++} ++ ++xmlSecNssKeySlotPtr ++xmlSecNssKeySlotDuplicate( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecNssKeySlotPtr newKeySlot ; ++ int ret ; ++ ++ xmlSecAssert2( keySlot != NULL , NULL ) ; ++ ++ newKeySlot = xmlSecNssKeySlotCreate() ; ++ if( newKeySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( NULL ); ++ } ++ ++ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( NULL ); ++ } ++ ++ return( newKeySlot ); ++} ++ ++void ++xmlSecNssKeySlotDestroy( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecAssert( keySlot != NULL ) ; ++ ++ if( keySlot->mechanismList != NULL ) ++ xmlFree( keySlot->mechanismList ) ; ++ ++ if( keySlot->slot != NULL ) ++ PK11_FreeSlot( keySlot->slot ) ; ++ ++ xmlFree( keySlot ) ; ++} ++ ++int ++xmlSecNssKeySlotBindMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) { ++ int counter ; ++ ++ xmlSecAssert2( keySlot != NULL , 0 ) ; ++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ++ ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ++ if( *( keySlot->mechanismList + counter ) == type ) ++ return(1) ; ++ } ++ ++ return( 0 ) ; ++} ++ ++int ++xmlSecNssKeySlotSupportMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) { ++ xmlSecAssert2( keySlot != NULL , 0 ) ; ++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ++ ++ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { ++ return(1); ++ } else ++ return(0); ++} ++ ++void ++xmlSecNssKeySlotDebugDump( ++ xmlSecNssKeySlotPtr keySlot , ++ FILE* output ++) { ++ xmlSecAssert( keySlot != NULL ) ; ++ xmlSecAssert( output != NULL ) ; ++ ++ fprintf( output, "== KEY SLOT\n" ); ++} ++ ++void ++xmlSecNssKeySlotDebugXmlDump( ++ xmlSecNssKeySlotPtr keySlot , ++ FILE* output ++) { ++} ++ ++/** ++ * Key Slot List ++ */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { ++#else ++static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { ++#endif ++ BAD_CAST "mechanism-list", ++ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, ++ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, ++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, ++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, ++}; ++ ++xmlSecPtrListId ++xmlSecNssKeySlotListGetKlass(void) { ++ return(&xmlSecNssKeySlotPtrListKlass); ++} ++ ++ ++/*- ++ * Global PKCS#11 crypto token repository -- Key slot list ++ */ ++static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; ++ ++PK11SlotInfo* ++xmlSecNssSlotGet( ++ CK_MECHANISM_TYPE type ++) { ++ PK11SlotInfo* slot = NULL ; ++ xmlSecNssKeySlotPtr keySlot ; ++ xmlSecSize ksSize ; ++ xmlSecSize ksPos ; ++ char flag ; ++ ++ if( _xmlSecNssKeySlotList == NULL ) { ++ slot = PK11_GetBestSlot( type , NULL ) ; ++ } else { ++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ++ ++ /*- ++ * Firstly, checking whether the mechanism is bound with a special slot. ++ * If no bound slot, we try to find the first eligible slot in the list. ++ */ ++ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ++ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { ++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ++ flag = 2 ; ++ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { ++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ++ flag = 1 ; ++ } ++ ++ if( flag == 2 ) ++ break ; ++ } ++ if( slot != NULL ) ++ slot = PK11_ReferenceSlot( slot ) ; ++ } ++ ++ if( slot != NULL && PK11_NeedLogin( slot ) ) { ++ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ return( NULL ); ++ } ++ } ++ ++ return slot ; ++} ++ ++int ++xmlSecNssSlotInitialize( ++ void ++) { ++ if( _xmlSecNssKeySlotList != NULL ) { ++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ++ _xmlSecNssKeySlotList = NULL ; ++ } ++ ++ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; ++ if( _xmlSecNssKeySlotList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ ++ return(0); ++} ++ ++void ++xmlSecNssSlotShutdown( ++ void ++) { ++ if( _xmlSecNssKeySlotList != NULL ) { ++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ++ _xmlSecNssKeySlotList = NULL ; ++ } ++} ++ ++int ++xmlSecNssSlotAdopt( ++ PK11SlotInfo* slot, ++ CK_MECHANISM_TYPE type ++) { ++ xmlSecNssKeySlotPtr keySlot ; ++ xmlSecSize ksSize ; ++ xmlSecSize ksPos ; ++ char flag ; ++ ++ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; ++ xmlSecAssert2( slot != NULL, -1 ) ; ++ ++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ++ ++ /*- ++ * Firstly, checking whether the slot is in the repository already. ++ */ ++ flag = 0 ; ++ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ++ /* If find the slot in the list */ ++ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { ++ /* If mechnism type is valid, bind the slot with the mechanism */ ++ if( type != CKM_INVALID_MECHANISM ) { ++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ flag = 1 ; ++ } ++ } ++ ++ /* If the slot do not in the list, add a new item to the list */ ++ if( flag == 0 ) { ++ /* Create a new KeySlot */ ++ keySlot = xmlSecNssKeySlotCreate() ; ++ if( keySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* Initialize the keySlot with a slot */ ++ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return(-1); ++ } ++ ++ /* If mechnism type is valid, bind the slot with the mechanism */ ++ if( type != CKM_INVALID_MECHANISM ) { ++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return(-1); ++ } ++ } ++ ++ /* Add keySlot into the list */ ++ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return(-1); ++ } ++ } ++ ++ return(0); ++} ++ +--- misc/xmlsec1-1.2.12/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200 +@@ -34,7 +34,6 @@ + #include <xmlsec/keys.h> + #include <xmlsec/keyinfo.h> + #include <xmlsec/keysmngr.h> +-#include <xmlsec/x509.h> + #include <xmlsec/base64.h> + #include <xmlsec/errors.h> + +@@ -61,33 +60,18 @@ + static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx); +@@ -104,9 +88,6 @@ + xmlSecKeyInfoCtxPtr keyInfoCtx); + static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, + int base64LineWrap); +-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); +-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); +-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); + static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, + FILE* output); + static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, +@@ -752,31 +733,22 @@ + xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataPtr data; ++ xmlNodePtr cur; ++ xmlChar* buf; + CERTCertificate* cert; + CERTSignedCrl* crl; + xmlSecSize size, pos; +- int content = 0; +- int ret; + + xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + +- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); +- if (content < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecX509DataGetNodeContent", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "content=%d", content); +- return(-1); +- } else if(content == 0) { +- /* by default we are writing certificates and crls */ +- content = XMLSEC_X509DATA_DEFAULT; ++ /* todo: flag in ctx remove all existing content */ ++ if(0) { ++ xmlNodeSetContent(node, NULL); + } + +- /* get x509 data */ + data = xmlSecKeyGetData(key, id); + if(data == NULL) { + /* no x509 data in the key */ +@@ -796,79 +768,74 @@ + return(-1); + } + +- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { +- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { ++ /* set base64 lines size from context */ ++ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); ++ if(buf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509CertificateNodeWrite", ++ "xmlSecNssX509CertBase64DerWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); +- } + } + +- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { +- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { ++ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); ++ if(cur == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509SubjectNameNodeWrite", ++ "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); ++ xmlFree(buf); + return(-1); +- } + } ++ /* todo: add \n around base64 data - from context */ ++ /* todo: add errors check */ ++ xmlNodeSetContent(cur, xmlSecStringCR); ++ xmlNodeSetContent(cur, buf); ++ xmlFree(buf); ++ } + +- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { +- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509IssuerSerialNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } ++ /* write crls */ ++ size = xmlSecNssKeyDataX509GetCrlsSize(data); ++ for(pos = 0; pos < size; ++pos) { ++ crl = xmlSecNssKeyDataX509GetCrl(data, pos); ++ if(crl == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssKeyDataX509GetCrl", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "pos=%d", pos); ++ return(-1); + } + +- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { +- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509SKINodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } ++ /* set base64 lines size from context */ ++ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); ++ if(buf == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssX509CrlBase64DerWrite", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); + } +- } + +- /* write crls if needed */ +- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { +- size = xmlSecNssKeyDataX509GetCrlsSize(data); +- for(pos = 0; pos < size; ++pos) { +- crl = xmlSecNssKeyDataX509GetCrl(data, pos); +- if(crl == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssKeyDataX509GetCrl", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } +- +- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509CRLNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } +- } ++ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); ++ if(cur == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "new_node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeX509CRL)); ++ xmlFree(buf); ++ return(-1); ++ } ++ /* todo: add \n around base64 data - from context */ ++ /* todo: add errors check */ ++ xmlNodeSetContent(cur, xmlSecStringCR); ++ xmlNodeSetContent(cur, buf); + } + + return(0); +@@ -1057,46 +1024,6 @@ + return(0); + } + +-static int +-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlChar* buf; +- xmlNodePtr cur; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- xmlSecAssert2(keyInfoCtx != NULL, -1); +- +- /* set base64 lines size from context */ +- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CertBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); +- xmlFree(buf); +- return(-1); +- } +- +- /* todo: add \n around base64 data - from context */ +- /* todo: add errors check */ +- xmlNodeSetContent(cur, xmlSecStringCR); +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- return(0); +-} +- + static int + xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +@@ -1120,19 +1047,13 @@ + } + + subject = xmlNodeGetContent(node); +- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { +- if(subject != NULL) { +- xmlFree(subject); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ++ if(subject == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); +- } +- return(0); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); +@@ -1169,40 +1090,6 @@ + return(0); + } + +-static int +-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlChar* buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- buf = xmlSecNssX509NameWrite(&(cert->subject)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->subject))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); +- xmlFree(buf); +- return(-1); +- } +- xmlSecNodeEncodeAndSetContent(cur, buf); +- xmlFree(buf); +- return(0); +-} +- + static int + xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +@@ -1228,21 +1115,9 @@ + } + + cur = xmlSecGetNextElementNode(node->children); +- if(cur == NULL) { +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +- XMLSEC_ERRORS_R_NODE_NOT_FOUND, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); +- return(-1); +- } +- return(0); +- } + + /* the first is required node X509IssuerName */ +- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { ++ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +@@ -1336,78 +1211,6 @@ + return(0); + } + +-static int +-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlNodePtr cur; +- xmlNodePtr issuerNameNode; +- xmlNodePtr issuerNumberNode; +- xmlChar* buf; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- /* create xml nodes */ +- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); +- return(-1); +- } +- +- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); +- if(issuerNameNode == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); +- return(-1); +- } +- +- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); +- if(issuerNumberNode == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); +- return(-1); +- } +- +- /* write data */ +- buf = xmlSecNssX509NameWrite(&(cert->issuer)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->issuer))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); +- xmlFree(buf); +- +- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlNodeSetContent(issuerNumberNode, buf); +- xmlFree(buf); +- +- return(0); +-} +- + static int + xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +@@ -1431,11 +1234,7 @@ + } + + ski = xmlNodeGetContent(node); +- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { +- if(ski != NULL) { +- xmlFree(ski); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ++ if(ski == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +@@ -1443,8 +1242,6 @@ + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + return(-1); +- } +- return(0); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); +@@ -1479,41 +1276,6 @@ + return(0); + } + +-static int +-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlChar *buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- buf = xmlSecNssX509SKIWrite(cert); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509SKIWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); +- xmlFree(buf); +- return(-1); +- } +- xmlSecNodeEncodeAndSetContent(cur, buf); +- xmlFree(buf); +- +- return(0); +-} +- + static int + xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlChar *content; +@@ -1524,19 +1286,13 @@ + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); +- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { +- if(content != NULL) { +- xmlFree(content); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ++ if(content == NULL){ + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); +- } +- return(0); + } + + crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); +@@ -1556,47 +1312,6 @@ + } + + static int +-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlChar* buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(crl != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- xmlSecAssert2(keyInfoCtx != NULL, -1); +- +- /* set base64 lines size from context */ +- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CrlBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); +- xmlFree(buf); +- return(-1); +- } +- /* todo: add \n around base64 data - from context */ +- /* todo: add errors check */ +- xmlNodeSetContent(cur, xmlSecStringCR); +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- +- return(0); +-} +- +- +-static int + xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecNssX509DataCtxPtr ctx; +@@ -1604,6 +1319,10 @@ + int ret; + SECStatus status; + PRTime notBefore, notAfter; ++ ++ PK11SlotInfo* slot ; ++ SECKEYPublicKey *pubKey = NULL; ++ SECKEYPrivateKey *priKey = NULL; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); + xmlSecAssert2(key != NULL, -1); +@@ -1636,10 +1355,14 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } +- ++ ++ /*- ++ * Get Public key from cert, which does not always work for sign ++ * action. ++ * + keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -1649,6 +1372,54 @@ + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ++ */ ++ /*- ++ * I'll search key according to KeyReq. ++ */ ++ slot = cert->slot ; ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_FindPrivateKeyFromCert" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "CERT_ExtractPublicKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ ++ if( priKey != NULL ) ++ SECKEY_DestroyPrivateKey( priKey ) ; ++ return -1 ; ++ } ++ } ++ ++ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); ++ if( keyValue == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "xmlSecNssPKIAdoptKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ if( priKey != NULL ) ++ SECKEY_DestroyPrivateKey( priKey ) ; ++ ++ if( pubKey != NULL ) ++ SECKEY_DestroyPublicKey( pubKey ) ; ++ ++ return -1 ; ++ } ++ /* Modify keyValue get Done */ + + /* verify that the key matches our expectations */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { +@@ -1950,86 +1721,6 @@ + return(res); + } + +-static xmlChar* +-xmlSecNssX509NameWrite(CERTName* nm) { +- xmlChar *res = NULL; +- char *str; +- +- xmlSecAssert2(nm != NULL, NULL); +- +- str = CERT_NameToAscii(nm); +- if (str == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_NameToAscii", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(NULL); +- } +- +- res = xmlStrdup(BAD_CAST str); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlStrdup", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- PORT_Free(str); +- return(NULL); +- } +- PORT_Free(str); +- return(res); +-} +- +-static xmlChar* +-xmlSecNssASN1IntegerWrite(SECItem *num) { +- xmlChar *res = NULL; +- +- xmlSecAssert2(num != NULL, NULL); +- +- /* TODO : to be implemented after +- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed +- */ +- return(res); +-} +- +-static xmlChar* +-xmlSecNssX509SKIWrite(CERTCertificate* cert) { +- xmlChar *res = NULL; +- SECItem ski; +- SECStatus rv; +- +- xmlSecAssert2(cert != NULL, NULL); +- +- memset(&ski, 0, sizeof(ski)); +- +- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); +- if (rv != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_FindSubjectKeyIDExtension", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); +- } +- +- res = xmlSecBase64Encode(ski.data, ski.len, 0); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBase64Encode", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); +- } +- SECITEM_FreeItem(&ski, PR_FALSE); +- +- return(res); +-} +- +- + static void + xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { + SECItem *sn; +--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200 +@@ -30,6 +30,7 @@ + #include <xmlsec/keyinfo.h> + #include <xmlsec/keysmngr.h> + #include <xmlsec/base64.h> ++#include <xmlsec/bn.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> +@@ -61,17 +62,7 @@ + + static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); + static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); +-static int xmlSecNssX509NameStringRead (xmlSecByte **str, +- int *strLen, +- xmlSecByte *res, +- int resLen, +- xmlSecByte delim, +- int ingoreTrailingSpaces); +-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, +- int len); +- +-static void xmlSecNssNumToItem(SECItem *it, unsigned long num); +- ++static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; + + static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { + sizeof(xmlSecKeyDataStoreKlass), +@@ -343,40 +334,28 @@ + xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, + xmlChar *issuerSerial, xmlChar *ski) { + CERTCertificate *cert = NULL; +- xmlChar *p = NULL; + CERTName *name = NULL; + SECItem *nameitem = NULL; + PRArenaPool *arena = NULL; + + if (subjectName != NULL) { +- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); +- if (p == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "subject=%s", +- xmlSecErrorsSafeString(subjectName)); +- goto done; +- } +- + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + goto done; + } + +- name = CERT_AsciiToName((char*)p); ++ name = CERT_AsciiToName((char*)subjectName); + if (name == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CERT_AsciiToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + goto done; + } + +@@ -398,34 +377,23 @@ + if((issuerName != NULL) && (issuerSerial != NULL)) { + CERTIssuerAndSN issuerAndSN; + +- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); +- if (p == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "issuer=%s", +- xmlSecErrorsSafeString(issuerName)); +- goto done; +- } +- + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + goto done; + } + +- name = CERT_AsciiToName((char*)p); ++ name = CERT_AsciiToName((char*)issuerName); + if (name == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CERT_AsciiToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + goto done; + } + +@@ -445,8 +413,15 @@ + issuerAndSN.derIssuer.data = nameitem->data; + issuerAndSN.derIssuer.len = nameitem->len; + +- /* TBD: serial num can be arbitrarily long */ +- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); ++ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssIntegerToItem", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "serial number=%s", ++ xmlSecErrorsSafeString(issuerSerial)); ++ goto done; ++ } + + cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), + &issuerAndSN); +@@ -477,9 +452,6 @@ + } + + done: +- if (p != NULL) { +- PORT_Free(p); +- } + if (arena != NULL) { + PORT_FreeArena(arena, PR_FALSE); + } +@@ -490,226 +462,76 @@ + return(cert); + } + +-/** +- * xmlSecNssX509NameRead: +- */ +-static xmlSecByte * +-xmlSecNssX509NameRead(xmlSecByte *str, int len) { +- xmlSecByte name[256]; +- xmlSecByte value[256]; +- xmlSecByte *retval = NULL; +- xmlSecByte *p = NULL; +- int nameLen, valueLen; ++static int ++xmlSecNssIntegerToItem( ++ const xmlChar* integer , ++ SECItem *item ++) { ++ xmlSecBn bn ; ++ xmlSecSize i, length ; ++ const xmlSecByte* bnInteger ; + +- xmlSecAssert2(str != NULL, NULL); +- +- /* return string should be no longer than input string */ +- retval = (xmlSecByte *)PORT_Alloc(len+1); +- if(retval == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PORT_Alloc", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(NULL); +- } +- p = retval; +- +- while(len > 0) { +- /* skip spaces after comma or semicolon */ +- while((len > 0) && isspace(*str)) { +- ++str; --len; +- } ++ xmlSecAssert2( integer != NULL, -1 ) ; ++ xmlSecAssert2( item != NULL, -1 ) ; + +- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); +- if(nameLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- "xmlSecNssX509NameStringRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "xmlSecBnInitialize", ++ XMLSEC_ERRORS_R_INVALID_DATA, + XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- memcpy(p, name, nameLen); +- p+=nameLen; +- *p++='='; +- if(len > 0) { +- ++str; --len; +- if((*str) == '\"') { +- valueLen = xmlSecNssX509NameStringRead(&str, &len, +- value, sizeof(value), '"', 1); +- if(valueLen < 0) { ++ return -1 ; ++ } ++ ++ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- "xmlSecNssX509NameStringRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "xmlSecBnFromDecString", ++ XMLSEC_ERRORS_R_INVALID_DATA, + XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- /* skip spaces before comma or semicolon */ +- while((len > 0) && isspace(*str)) { +- ++str; --len; +- } +- if((len > 0) && ((*str) != ',')) { ++ xmlSecBnFinalize( &bn ) ; ++ return -1 ; ++ } ++ ++ length = xmlSecBnGetSize( &bn ) ; ++ if( length <= 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- NULL, ++ "xmlSecBnGetSize", + XMLSEC_ERRORS_R_INVALID_DATA, +- "comma is expected"); +- goto done; +- } +- if(len > 0) { +- ++str; --len; +- } +- *p++='\"'; +- memcpy(p, value, valueLen); +- p+=valueLen; +- *p++='\"'; +- } else if((*str) == '#') { +- /* TODO: read octect values */ +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "reading octect values is not implemented yet"); +- goto done; +- } else { +- valueLen = xmlSecNssX509NameStringRead(&str, &len, +- value, sizeof(value), ',', 1); +- if(valueLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameStringRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- memcpy(p, value, valueLen); +- p+=valueLen; +- if (len > 0) +- *p++=','; +- } +- } else { +- valueLen = 0; +- } +- if(len > 0) { +- ++str; --len; +- } + } + +- *p = 0; +- return(retval); +- +-done: +- PORT_Free(retval); +- return (NULL); +-} +- +- +- +-/** +- * xmlSecNssX509NameStringRead: +- */ +-static int +-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, +- xmlSecByte *res, int resLen, +- xmlSecByte delim, int ingoreTrailingSpaces) { +- xmlSecByte *p, *q, *nonSpace; +- +- xmlSecAssert2(str != NULL, -1); +- xmlSecAssert2(strLen != NULL, -1); +- xmlSecAssert2(res != NULL, -1); +- +- p = (*str); +- nonSpace = q = res; +- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { +- if((*p) != '\\') { +- if(ingoreTrailingSpaces && !isspace(*p)) { +- nonSpace = q; +- } +- *(q++) = *(p++); +- } else { +- ++p; +- nonSpace = q; +- if(xmlSecIsHex((*p))) { +- if((p - (*str) + 1) >= (*strLen)) { ++ bnInteger = xmlSecBnGetData( &bn ) ; ++ if( bnInteger == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- NULL, ++ "xmlSecBnGetData", + XMLSEC_ERRORS_R_INVALID_DATA, +- "two hex digits expected"); +- return(-1); +- } +- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); +- p += 2; +- } else { +- if(((++p) - (*str)) >= (*strLen)) { ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBnFinalize( &bn ) ; ++ return -1 ; ++ } ++ ++ item->data = ( unsigned char * )PORT_Alloc( length ); ++ if( item->data == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- NULL, ++ "PORT_Alloc", + XMLSEC_ERRORS_R_INVALID_DATA, +- "escaped symbol missed"); +- return(-1); +- } +- *(q++) = *(p++); +- } +- } ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBnFinalize( &bn ) ; ++ return -1 ; + } +- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_SIZE, +- "buffer is too small"); +- return(-1); +- } +- (*strLen) -= (p - (*str)); +- (*str) = p; +- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); +-} + +-/* code lifted from NSS */ +-static void +-xmlSecNssNumToItem(SECItem *it, unsigned long ui) +-{ +- unsigned char bb[5]; +- int len; +- +- bb[0] = 0; +- bb[1] = (unsigned char) (ui >> 24); +- bb[2] = (unsigned char) (ui >> 16); +- bb[3] = (unsigned char) (ui >> 8); +- bb[4] = (unsigned char) (ui); +- +- /* +- ** Small integers are encoded in a single byte. Larger integers +- ** require progressively more space. +- */ +- if (ui > 0x7f) { +- if (ui > 0x7fff) { +- if (ui > 0x7fffffL) { +- if (ui >= 0x80000000L) { +- len = 5; +- } else { +- len = 4; +- } +- } else { +- len = 3; +- } +- } else { +- len = 2; +- } +- } else { +- len = 1; +- } ++ item->len = length; + +- it->data = (unsigned char *)PORT_Alloc(len); +- if (it->data == NULL) { +- return; +- } ++ for( i = 0 ; i < length ; i ++ ) ++ item->data[i] = *( bnInteger + i ) ; ++ ++ xmlSecBnFinalize( &bn ) ; + +- it->len = len; +- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); ++ return 0 ; + } + #endif /* XMLSEC_NO_X509 */ + +--- misc/xmlsec1-1.2.12/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200 +@@ -223,6 +223,9 @@ + $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj + + XMLSEC_NSS_OBJS = \ ++ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ ++ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ ++ $(XMLSEC_NSS_INTDIR)\tokens.obj\ + $(XMLSEC_NSS_INTDIR)\app.obj\ + $(XMLSEC_NSS_INTDIR)\bignum.obj\ + $(XMLSEC_NSS_INTDIR)\ciphers.obj \ +@@ -258,6 +261,7 @@ + $(XMLSEC_NSS_INTDIR_A)\strings.obj + + XMLSEC_MSCRYPTO_OBJS = \ ++ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ + $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ + $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ + $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ diff --git a/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch b/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch new file mode 100644 index 000000000000..87a4bb55d1a2 --- /dev/null +++ b/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch @@ -0,0 +1,62 @@ +--- misc/xmlsec1-1.2.12/src/mscrypto/Makefile.am 2009-06-26 05:53:18.000000000 +0900 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/Makefile.am 2009-09-30 18:53:05.373000000 +0900 +@@ -35,6 +35,7 @@ + csp_oid.h \ + globals.h \ + xmlsec-mingw.h \ ++ akmngr.c \ + $(NULL) + + if SHAREDLIB_HACK +--- misc/xmlsec1-1.2.12/src/mscrypto/Makefile.in 2009-06-26 05:53:32.000000000 +0900 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/Makefile.in 2009-09-30 19:00:50.107375000 +0900 +@@ -61,7 +61,8 @@ + am__libxmlsec1_mscrypto_la_SOURCES_DIST = app.c certkeys.c ciphers.c \ + crypto.c digests.c keysstore.c kt_rsa.c signatures.c symkeys.c \ + x509.c x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \ +- ../strings.c ++ ../strings.c \ ++ akmngr.c + am__objects_1 = + @SHAREDLIB_HACK_TRUE@am__objects_2 = \ + @SHAREDLIB_HACK_TRUE@ libxmlsec1_mscrypto_la-strings.lo +@@ -75,7 +76,8 @@ + libxmlsec1_mscrypto_la-signatures.lo \ + libxmlsec1_mscrypto_la-symkeys.lo \ + libxmlsec1_mscrypto_la-x509.lo \ +- libxmlsec1_mscrypto_la-x509vfy.lo $(am__objects_1) \ ++ libxmlsec1_mscrypto_la-x509vfy.lo \ ++ libxmlsec1_mscrypto_la-akmngr.lo $(am__objects_1) \ + $(am__objects_2) + libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +@@ -362,6 +364,7 @@ + libxmlsec1_mscrypto_la_SOURCES = app.c certkeys.c ciphers.c crypto.c \ + digests.c keysstore.c kt_rsa.c signatures.c symkeys.c x509.c \ + x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \ ++ akmngr.c \ + $(NULL) $(am__append_1) + libxmlsec1_mscrypto_la_LIBADD = \ + ../libxmlsec1.la \ +@@ -460,6 +463,7 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Plo@am__quote@ + + .c.o: + @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@@ -489,6 +493,13 @@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c + ++libxmlsec1_mscrypto_la-akmngr.lo: akmngr.c ++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo" -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_mscrypto_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c ++ + libxmlsec1_mscrypto_la-certkeys.lo: certkeys.c + @am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-certkeys.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo" -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c; \ + @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo" "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo"; exit 1; fi diff --git a/libxmlsec/xmlsec1-mingw32.patch b/libxmlsec/xmlsec1-mingw32.patch new file mode 100644 index 000000000000..d2ff676facb1 --- /dev/null +++ b/libxmlsec/xmlsec1-mingw32.patch @@ -0,0 +1,764 @@ +--- misc/xmlsec1-1.2.12/aclocal.m4 2009-06-25 22:53:24.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/aclocal.m4 2009-09-29 15:49:39.550158665 +0200 +@@ -6219,6 +6219,10 @@ + AC_SUBST(LIBADD_DL) + AC_LANG_PUSH([C]) + ++case $host_os in ++mingw*) ++;; ++*) + AC_CHECK_FUNC([shl_load], + [AC_DEFINE([HAVE_SHL_LOAD], [1], + [Define if you have the shl_load function.])], +@@ -6254,6 +6258,8 @@ + ]) + ]) + ]) ++;; ++esac + + if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes + then +--- misc/xmlsec1-1.2.12/configure 2009-09-29 15:55:33.269924586 +0200 ++++ misc/build/xmlsec1-1.2.12/configure 2009-09-29 15:55:08.838176411 +0200 +@@ -21883,6 +21883,10 @@ + ac_compiler_gnu=$ac_cv_c_compiler_gnu + + ++case $host_os in ++mingw*) ++;; ++*) + echo "$as_me:$LINENO: checking for shl_load" >&5 + echo $ECHO_N "checking for shl_load... $ECHO_C" >&6 + if test "${ac_cv_func_shl_load+set}" = set; then +@@ -22434,6 +22438,8 @@ + + fi + ++;; ++esac + + if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes + then +@@ -22614,7 +22620,7 @@ + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<EOF +-#line 22617 "configure" ++#line 22623 "configure" + #include "confdefs.h" + + #if HAVE_DLFCN_H +@@ -26178,7 +26184,9 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnspr4.$libext ; then + if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" + else +@@ -26191,6 +26199,25 @@ + NSPR_LIBS_FOUND="yes" + break + fi ++ ;; ++ ++ *) ++ ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ++ if test "z$dir" = "z/usr/lib" ; then ++ NSPR_LIBS="$NSPR_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" ++ else ++ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" ++ fi ++ fi ++ NSPR_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ esac + done + fi + +@@ -26264,6 +26291,24 @@ + done + + for dir in $ac_nss_lib_dir ; do ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnss3.$libext ; then ++ if test "z$dir" = "z/usr/lib" ; then ++ NSS_LIBS="$NSS_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" ++ else ++ NSS_LIBS="-L$dir $NSS_LIBS_LIST" ++ fi ++ fi ++ NSS_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ ++ *) + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then + if test "z$dir" = "z/usr/lib" ; then + NSS_LIBS="$NSS_LIBS_LIST" +@@ -26277,6 +26322,8 @@ + NSS_LIBS_FOUND="yes" + break + fi ++ ;; ++ esac + done + fi + +@@ -26769,7 +26816,7 @@ + echo "${ECHO_T}$MSCRYPTO_ENABLE" >&6 + else + LIBS_SAVE="$LIBS" +- LIBS="$LIBS -lcrypt32" ++ LIBS="$LIBS ${PSDK_HOME}/lib/crypt32.lib" + echo "$as_me:$LINENO: checking for mscrypto libraries" >&5 + echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6 + cat >conftest.$ac_ext <<_ACEOF +@@ -26819,13 +26866,7 @@ + XMLSEC_NO_MSCRYPTO="0" + + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1" +- case $host in +- *-*-mingw*) +- MSCRYPTO_LIBS='-Wl,$(srcdir)/mingw-crypt32.def';; +- *) +- MSCRYPTO_LIBS="-lcrypt32";; +- esac +- ++ MSCRYPTO_LIBS="${PSDK_HOME}/lib/crypt32.lib" + if test "z$XMLSEC_CRYPTO" = "z" ; then + XMLSEC_CRYPTO="mscrypto" + XMLSEC_CRYPTO_LIB="$MSCRYPTO_CRYPTO_LIB" +--- misc/xmlsec1-1.2.12/configure.in 2009-09-29 15:55:33.282288142 +0200 ++++ misc/build/xmlsec1-1.2.12/configure.in 2009-09-29 15:49:39.614223428 +0200 +@@ -606,7 +606,9 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnspr4.$libext ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" +@@ -620,6 +622,26 @@ + NSPR_LIBS_FOUND="yes" + break + fi ++ ;; ++ ++ *) ++ ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ++ dnl do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then ++ NSPR_LIBS="$NSPR_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" ++ else ++ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" ++ fi ++ fi ++ NSPR_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ esac + done + fi + +@@ -677,6 +699,25 @@ + done + + for dir in $ac_nss_lib_dir ; do ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnss3.$libext ; then ++ dnl do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then ++ NSS_LIBS="$NSS_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" ++ else ++ NSS_LIBS="-L$dir $NSS_LIBS_LIST" ++ fi ++ fi ++ NSS_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ ++ *) + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then +@@ -691,6 +732,8 @@ + NSS_LIBS_FOUND="yes" + break + fi ++ ;; ++ esac + done + fi + +@@ -861,7 +904,7 @@ + dnl cannot detect __stdcall functions + dnl AC_CHECK_LIB(crypt32, CertOpenStore, .... + LIBS_SAVE="$LIBS" +- LIBS="$LIBS -lcrypt32" ++ LIBS="$LIBS ${PSDK_HOME}/lib/crypt32.lib" + AC_MSG_CHECKING(for mscrypto libraries) + AC_LINK_IFELSE([ + #include <windows.h> +@@ -878,15 +921,7 @@ + XMLSEC_NO_MSCRYPTO="0" + + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1" +- case $host in +- *-*-mingw*) +- dnl since mingw crypt32 library is limited +- dnl we use own def-file +- MSCRYPTO_LIBS='-Wl,$(srcdir)/mingw-crypt32.def';; +- *) +- MSCRYPTO_LIBS="-lcrypt32";; +- esac +- ++ MSCRYPTO_LIBS="${PSDK_HOME}/lib/crypt32.lib" + dnl first crypto library is default one + if test "z$XMLSEC_CRYPTO" = "z" ; then + XMLSEC_CRYPTO="mscrypto" +--- misc/xmlsec1-1.2.12/ltmain.sh 2009-06-25 22:53:19.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/ltmain.sh 2009-09-29 15:49:39.628349554 +0200 +@@ -1661,6 +1661,11 @@ + fi + ;; + ++ *.lib) ++ deplibs="$deplibs $arg" ++ continue ++ ;; ++ + *.$libext) + # An archive. + deplibs="$deplibs $arg" +@@ -1974,6 +1979,10 @@ + continue + ;; + *.la) lib="$deplib" ;; ++ *.lib) ++ deplibs="$deplib $deplibs" ++ continue ++ ;; + *.$libext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" +--- misc/xmlsec1-1.2.12/src/mscrypto/certkeys.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/certkeys.c 2009-09-29 15:49:39.643186151 +0200 +@@ -938,7 +938,11 @@ + static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); + static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoKeyDataSize, + +@@ -1649,7 +1653,11 @@ + static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoKeyDataSize, + +--- misc/xmlsec1-1.2.12/src/mscrypto/ciphers.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/ciphers.c 2009-09-29 15:49:39.652528324 +0200 +@@ -802,7 +802,11 @@ + * AES CBC cipher transforms + * + ********************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ +@@ -841,7 +845,11 @@ + return(&xmlSecMSCryptoAes128CbcKlass); + } + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ +@@ -880,7 +888,11 @@ + return(&xmlSecMSCryptoAes192CbcKlass); + } + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ +@@ -923,7 +935,11 @@ + + + #ifndef XMLSEC_NO_DES ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCryptoBlockCipherSize, /* size_t objSize */ +--- misc/xmlsec1-1.2.12/src/mscrypto/digests.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/digests.c 2009-09-29 15:49:39.660554904 +0200 +@@ -329,7 +329,11 @@ + * SHA1 + * + *****************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCryptoDigestSize, /* size_t objSize */ +--- misc/xmlsec1-1.2.12/src/mscrypto/keysstore.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/keysstore.c 2009-09-29 15:49:39.667289994 +0200 +@@ -66,7 +66,11 @@ + const xmlChar* name, + xmlSecKeyInfoCtxPtr keyInfoCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { ++#else + static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { ++#endif + sizeof(xmlSecKeyStoreKlass), + xmlSecMSCryptoKeysStoreSize, + +--- misc/xmlsec1-1.2.12/src/mscrypto/kt_rsa.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/kt_rsa.c 2009-09-29 15:49:39.674284044 +0200 +@@ -66,7 +66,11 @@ + static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform, + xmlSecTransformCtxPtr transformCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.12/src/mscrypto/signatures.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/signatures.c 2009-09-29 15:49:39.682580497 +0200 +@@ -524,7 +524,11 @@ + * RSA-SHA1 signature transform + * + ***************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ +@@ -572,7 +576,11 @@ + * + ***************************************************************************/ + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.12/src/mscrypto/symkeys.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/symkeys.c 2009-09-29 15:49:39.691081347 +0200 +@@ -72,7 +72,11 @@ + * <xmlsec:AESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecKeyDataBinarySize, + +@@ -153,7 +157,11 @@ + * <xmlsec:DESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecKeyDataBinarySize, + +--- misc/xmlsec1-1.2.12/src/mscrypto/x509.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509.c 2009-09-29 15:49:39.699931741 +0200 +@@ -243,7 +243,11 @@ + + + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoX509DataSize, + +@@ -2148,7 +2152,11 @@ + xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + sizeof(xmlSecKeyData), + +--- misc/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-29 15:55:33.502779834 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-29 15:49:39.708831697 +0200 +@@ -67,7 +67,11 @@ + static int xmlSecMSCryptoX509StoreInitialize (xmlSecKeyDataStorePtr store); + static void xmlSecMSCryptoX509StoreFinalize (xmlSecKeyDataStorePtr store); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { ++#else + static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { ++#endif + sizeof(xmlSecKeyDataStoreKlass), + xmlSecMSCryptoX509StoreSize, + +--- misc/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-29 15:55:33.488430535 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-29 15:49:39.717511164 +0200 +@@ -777,7 +777,11 @@ + * AES CBC cipher transforms + * + ********************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +@@ -816,7 +820,11 @@ + return(&xmlSecNssAes128CbcKlass); + } + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +@@ -855,7 +863,11 @@ + return(&xmlSecNssAes192CbcKlass); + } + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +@@ -897,7 +909,11 @@ + #endif /* XMLSEC_NO_AES */ + + #ifndef XMLSEC_NO_DES ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.12/src/nss/digests.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/digests.c 2009-09-29 15:49:39.725650968 +0200 +@@ -285,7 +285,11 @@ + * SHA1 Digest transforms + * + *****************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssDigestSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.12/src/nss/hmac.c 2009-09-29 15:55:33.409285968 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/hmac.c 2009-09-29 15:49:39.733673690 +0200 +@@ -502,7 +502,11 @@ + /** + * HMAC SHA1 + */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssHmacSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ +@@ -544,7 +548,11 @@ + /** + * HMAC Ripemd160 + */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { ++#else + static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ +@@ -586,7 +594,11 @@ + /** + * HMAC Md5 + */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = { ++#else + static xmlSecTransformKlass xmlSecNssHmacMd5Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.12/src/nss/keysstore.c 2009-09-29 15:55:33.422265895 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/keysstore.c 2009-09-29 15:49:39.741628057 +0200 +@@ -489,7 +489,11 @@ + return NULL ; + } + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ++#else + static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ++#endif + sizeof( xmlSecKeyStoreKlass ) , + xmlSecNssKeysStoreSize , + BAD_CAST "implicit_nss_keys_store" , +--- misc/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-29 15:55:33.430875248 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-29 15:49:39.749963247 +0200 +@@ -1126,6 +1126,7 @@ + NULL, /* void* reserved1; */ + }; + ++#ifndef __MINGW32__ + /** + * xmlSecNssTransformKWAes128GetKlass: + * +@@ -1160,6 +1161,7 @@ + xmlSecNssTransformKWAes256GetKlass(void) { + return(&xmlSecNssKWAes256Klass); + } ++#endif /* __MINGW32__ */ + + #endif /* XMLSEC_NO_AES */ + +@@ -1197,6 +1199,7 @@ + NULL, /* void* reserved1; */ + }; + ++#ifndef __MINGW32__ + /** + * xmlSecNssTransformKWDes3GetKlass: + * +@@ -1208,6 +1211,7 @@ + xmlSecNssTransformKWDes3GetKlass(void) { + return(&xmlSecNssKWDes3Klass); + } ++#endif /* __MINGW32__ */ + + #endif /* XMLSEC_NO_DES */ + +--- misc/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-09-29 15:55:33.440002568 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-09-29 15:49:39.757984523 +0200 +@@ -491,7 +491,11 @@ + static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data, + FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssPKIKeyDataSize, + +@@ -1124,7 +1128,11 @@ + static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data, + FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssPKIKeyDataSize, + +--- misc/xmlsec1-1.2.12/src/nss/signatures.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/signatures.c 2009-09-29 15:49:39.765851110 +0200 +@@ -459,7 +459,11 @@ + * + ***************************************************************************/ + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssDsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ +@@ -506,7 +510,11 @@ + * RSA-SHA1 signature transform + * + ***************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssRsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.12/src/nss/symkeys.c 2009-09-29 15:55:33.448817761 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/symkeys.c 2009-09-29 15:49:39.773211741 +0200 +@@ -856,7 +856,11 @@ + * <xmlsec:AESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssSymKeyDataSize, + +@@ -937,7 +941,11 @@ + * <xmlsec:DESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssSymKeyDataSize, + +@@ -1019,7 +1027,11 @@ + * <xmlsec:HMACKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssSymKeyDataSize, + +--- misc/xmlsec1-1.2.12/src/nss/x509.c 2009-09-29 15:55:33.465839785 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/x509.c 2009-09-29 15:49:39.784408301 +0200 +@@ -235,7 +235,11 @@ + + + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssX509DataSize, + +@@ -1779,7 +1783,11 @@ + xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + sizeof(xmlSecKeyData), + +--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-29 15:55:33.510337681 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-29 15:49:39.791239957 +0200 +@@ -64,7 +64,11 @@ + static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); + static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { ++#else + static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { ++#endif + sizeof(xmlSecKeyDataStoreKlass), + xmlSecNssX509StoreSize, + diff --git a/libxmlsec/xmlsec1-noverify.patch b/libxmlsec/xmlsec1-noverify.patch new file mode 100644 index 000000000000..0015c8e62e7a --- /dev/null +++ b/libxmlsec/xmlsec1-noverify.patch @@ -0,0 +1,59 @@ +--- misc/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200 +@@ -559,9 +559,16 @@ + CertFreeCertificateContext(nextCert); + } + +- if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { +- return(cert); +- } ++ /* JL: OpenOffice.org implements its own certificate verification routine. ++ The goal is to seperate validation of the signature ++ and the certificate. For example, OOo could show that the document signature is valid, ++ but the certificate could not be verified. If we do not prevent the verification of ++ the certificate by libxmlsec and the verification fails, then the XML signature will not be ++ verified. This would happen, for example, if the root certificate is not installed. ++ */ ++/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */ ++ if (selected == 1) ++ return cert; + } + + return (NULL); +--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200 +@@ -191,13 +191,27 @@ + continue; + } + +- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), +- cert, PR_FALSE, +- (SECCertificateUsage)0, +- timeboundary , NULL, NULL, NULL); +- if (status == SECSuccess) { +- break; +- } ++ ++ /* ++ JL: OpenOffice.org implements its own certificate verification routine. ++ The goal is to seperate validation of the signature ++ and the certificate. For example, OOo could show that the document signature is valid, ++ but the certificate could not be verified. If we do not prevent the verification of ++ the certificate by libxmlsec and the verification fails, then the XML signature may not be ++ verified. This would happen, for example, if the root certificate is not installed. ++ ++ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), ++ cert, PR_FALSE, ++ (SECCertificateUsage)0, ++ timeboundary , NULL, NULL, NULL); ++ if (status == SECSuccess) { ++ break; ++ } ++ ++ */ ++ status = SECSuccess; ++ break; ++ + } + + if (status == SECSuccess) { diff --git a/libxmlsec/xmlsec1-nssdisablecallbacks.patch b/libxmlsec/xmlsec1-nssdisablecallbacks.patch new file mode 100644 index 000000000000..48b0b552441b --- /dev/null +++ b/libxmlsec/xmlsec1-nssdisablecallbacks.patch @@ -0,0 +1,36 @@ +--- misc/xmlsec1-1.2.12.orig/src/nss/crypto.c 2009-09-10 07:06:17.000000000 -0400 ++++ misc/build/xmlsec1-1.2.12/src/nss/crypto.c 2009-09-10 07:08:24.000000000 -0400 +@@ -136,6 +136,7 @@ + /** + * High level routines form xmlsec command line utility + */ ++#if 0 + gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; + gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; +@@ -153,6 +154,25 @@ + gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback(); ++#else ++ gXmlSecNssFunctions->cryptoAppInit = NULL ; ++ gXmlSecNssFunctions->cryptoAppShutdown = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; ++#ifndef XMLSEC_NO_X509 ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; ++ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; ++ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; ++#endif /* XMLSEC_NO_X509 */ ++ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; ++#endif + + return(gXmlSecNssFunctions); + } diff --git a/libxmlsec/xmlsec1-nssmangleciphers.patch b/libxmlsec/xmlsec1-nssmangleciphers.patch new file mode 100644 index 000000000000..6d64914859a7 --- /dev/null +++ b/libxmlsec/xmlsec1-nssmangleciphers.patch @@ -0,0 +1,1134 @@ +--- misc/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-10 05:16:27.000000000 -0400 ++++ misc/build/xmlsec1-1.2.12/src/nss/ciphers.c 2009-09-10 06:59:39.000000000 -0400 +@@ -11,180 +11,421 @@ + + #include <string.h> + +-#include <nspr.h> + #include <nss.h> +-#include <secoid.h> + #include <pk11func.h> + + #include <xmlsec/xmlsec.h> ++#include <xmlsec/xmltree.h> ++#include <xmlsec/base64.h> + #include <xmlsec/keys.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> +- +-#define XMLSEC_NSS_MAX_KEY_SIZE 32 +-#define XMLSEC_NSS_MAX_IV_SIZE 32 +-#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 ++#include <xmlsec/nss/ciphers.h> + + /************************************************************************** + * +- * Internal Nss Block cipher CTX ++ * Internal Nss Block Cipher Context ++ * This context is designed for repositing a block cipher for transform + * + *****************************************************************************/ +-typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, +- *xmlSecNssBlockCipherCtxPtr; ++typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; ++typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; ++ + struct _xmlSecNssBlockCipherCtx { + CK_MECHANISM_TYPE cipher; ++ PK11SymKey* symkey ; + PK11Context* cipherCtx; + xmlSecKeyDataId keyId; +- int keyInitialized; +- int ctxInitialized; +- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; +- xmlSecSize keySize; +- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; +- xmlSecSize ivSize; + }; +-static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); ++ ++#define xmlSecNssBlockCipherSize \ ++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) ++ ++#define xmlSecNssBlockCipherGetCtx( transform ) \ ++ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ++ ++static int ++xmlSecNssBlockCipherCheckId( ++ xmlSecTransformPtr transform ++) { ++ #ifndef XMLSEC_NO_DES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { ++ return 1 ; ++ } ++ #endif /* XMLSEC_NO_DES */ ++ ++ #ifndef XMLSEC_NO_AES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { ++ ++ return 1 ; ++ } ++ #endif /* XMLSEC_NO_AES */ ++ ++ return 0 ; ++} ++ ++static int ++xmlSecNssBlockCipherFetchCtx( ++ xmlSecNssBlockCipherCtxPtr context , ++ xmlSecTransformId id ++) { ++ xmlSecAssert2( context != NULL, -1 ) ; ++ ++ #ifndef XMLSEC_NO_DES ++ if( id == xmlSecNssTransformDes3CbcId ) { ++ context->cipher = CKM_DES3_CBC ; ++ context->keyId = xmlSecNssKeyDataDesId ; ++ } else ++ #endif /* XMLSEC_NO_DES */ ++ ++ #ifndef XMLSEC_NO_AES ++ if( id == xmlSecNssTransformAes128CbcId ) { ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( id == xmlSecNssTransformAes192CbcId ) { ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( id == xmlSecNssTransformAes256CbcId ) { ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ #endif /* XMLSEC_NO_AES */ ++ ++ if( 1 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ return 0 ; ++} ++ ++/** ++ * xmlSecTransformInitializeMethod: ++ * @transform: the pointer to transform object. ++ * ++ * The transform specific initialization method. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ ++static int ++xmlSecNssBlockCipherInitialize( ++ xmlSecTransformPtr transform ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherFetchCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ context->symkey = NULL ; ++ context->cipherCtx = NULL ; ++ ++ return 0 ; ++} ++ ++/** ++ * xmlSecTransformFinalizeMethod: ++ * @transform: the pointer to transform object. ++ * ++ * The transform specific destroy method. ++ */ ++static void ++xmlSecNssBlockCipherFinalize( ++ xmlSecTransformPtr transform ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ ++ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; ++ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return ; ++ } ++ ++ if( context->cipherCtx != NULL ) { ++ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; ++ context->cipherCtx = NULL ; ++ } ++ ++ if( context->symkey != NULL ) { ++ PK11_FreeSymKey( context->symkey ) ; ++ context->symkey = NULL ; ++ } ++ ++ context->cipher = CKM_INVALID_MECHANISM ; ++ context->keyId = NULL ; ++} ++ ++/** ++ * xmlSecTransformSetKeyRequirementsMethod: ++ * @transform: the pointer to transform object. ++ * @keyReq: the pointer to key requirements structure. ++ * ++ * Transform specific method to set transform's key requirements. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ ++static int ++xmlSecNssBlockCipherSetKeyReq( ++ xmlSecTransformPtr transform , ++ xmlSecKeyReqPtr keyReq ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ xmlSecSize cipherSize = 0 ; ++ ++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ++ xmlSecAssert2( keyReq != NULL , -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ keyReq->keyId = context->keyId ; ++ keyReq->keyType = xmlSecKeyDataTypeSymmetric ; ++ ++ if( transform->operation == xmlSecTransformOperationEncrypt ) { ++ keyReq->keyUsage = xmlSecKeyUsageEncrypt ; ++ } else { ++ keyReq->keyUsage = xmlSecKeyUsageDecrypt ; ++ } ++ ++ /* ++ if( context->symkey != NULL ) ++ cipherSize = PK11_GetKeyLength( context->symkey ) ; ++ ++ keyReq->keyBitsSize = cipherSize * 8 ; ++ */ ++ ++ return 0 ; ++} ++ ++/** ++ * xmlSecTransformSetKeyMethod: ++ * @transform: the pointer to transform object. ++ * @key: the pointer to key. ++ * ++ * The transform specific method to set the key for use. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ ++static int ++xmlSecNssBlockCipherSetKey( ++ xmlSecTransformPtr transform , ++ xmlSecKeyPtr key ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ xmlSecKeyDataPtr keyData = NULL ; ++ PK11SymKey* symkey = NULL ; ++ CK_ATTRIBUTE_TYPE operation ; ++ int ivLen ; ++ ++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ++ xmlSecAssert2( key != NULL , -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ++ ++ keyData = xmlSecKeyGetValue( key ) ; ++ if( keyData == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ++ "xmlSecKeyGetValue" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ++ "xmlSecNssSymKeyDataGetKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ context->symkey = symkey ; ++ ++ return 0 ; ++} ++ + static int + xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { +- SECItem keyItem; + SECItem ivItem; +- PK11SlotInfo* slot; +- PK11SymKey* symKey; ++ SECItem* secParam = NULL ; ++ xmlSecBufferPtr ivBuf = NULL ; + int ivLen; +- SECStatus rv; +- int ret; + + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2(ctx->cipherCtx == NULL, -1); +- xmlSecAssert2(ctx->keyInitialized != 0, -1); +- xmlSecAssert2(ctx->ctxInitialized == 0, -1); ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ivLen = PK11_GetIVLength(ctx->cipher); +- xmlSecAssert2(ivLen > 0, -1); +- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); ++ if( ivLen < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetIVLength" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + + if(encrypt) { +- /* generate random iv */ +- rv = PK11_GenerateRandom(ctx->iv, ivLen); +- if(rv != SECSuccess) { ++ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_GenerateRandom", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", ivLen); ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); + } ++ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } + +- /* write iv to the output */ +- ret = xmlSecBufferAppend(out, ctx->iv, ivLen); +- if(ret < 0) { ++ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferAppend", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", ivLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); + } + + } else { +- /* if we don't have enough data, exit and hope that +- * we'll have iv next time */ +- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { +- return(0); +- } +- +- /* copy iv to our buffer*/ +- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); +- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); +- +- /* and remove from input */ +- ret = xmlSecBufferRemoveHead(in, ivLen); +- if(ret < 0) { ++ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", ivLen); ++ "xmlSecBufferSetData", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); + } + } + +- memset(&keyItem, 0, sizeof(keyItem)); +- keyItem.data = ctx->key; +- keyItem.len = ctx->keySize; +- memset(&ivItem, 0, sizeof(ivItem)); +- ivItem.data = ctx->iv; +- ivItem.len = ctx->ivSize; +- +- slot = PK11_GetBestSlot(ctx->cipher, NULL); +- if(slot == NULL) { ++ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "PK11_GetBestSlot", ++ "xmlSecBufferRemoveHead", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); + } + +- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, +- CKA_SIGN, &keyItem, NULL); +- if(symKey == NULL) { ++ ivItem.data = xmlSecBufferGetData( ivBuf ) ; ++ ivItem.len = xmlSecBufferGetSize( ivBuf ) ; ++ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "PK11_ImportSymKey", ++ "PK11_ParamFromIV", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- PK11_FreeSlot(slot); ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); + } + + ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, + (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, +- symKey, &ivItem); ++ ctx->symkey, secParam); + if(ctx->cipherCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "PK11_CreateContextBySymKey", ++ "xmlSecBufferRemoveHead", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- PK11_FreeSymKey(symKey); +- PK11_FreeSlot(slot); ++ SECITEM_FreeItem( secParam , PR_TRUE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); + } + +- ctx->ctxInitialized = 1; +- PK11_FreeSymKey(symKey); +- PK11_FreeSlot(slot); ++ SECITEM_FreeItem( secParam , PR_TRUE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; + return(0); + } + ++/** ++ * Block cipher transform update ++ */ + static int + xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, +@@ -192,54 +433,49 @@ + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { + xmlSecSize inSize, inBlocks, outSize; +- int blockLen; ++ int blockSize; + int outLen = 0; + xmlSecByte* outBuf; +- SECStatus rv; +- int ret; + + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2(ctx->cipherCtx != NULL, -1); +- xmlSecAssert2(ctx->ctxInitialized != 0, -1); ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + +- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); +- xmlSecAssert2(blockLen > 0, -1); ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); +- +- if(inSize < (xmlSecSize)blockLen) { +- return(0); ++ ++ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; ++ inSize = inBlocks * blockSize ; ++ ++ if( inSize < blockSize ) { ++ return 0 ; + } + +- if(encrypt) { +- inBlocks = inSize / ((xmlSecSize)blockLen); +- } else { +- /* we want to have the last block in the input buffer +- * for padding check */ +- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); +- } +- inSize = inBlocks * ((xmlSecSize)blockLen); +- +- /* we write out the input size plus may be one block */ +- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); +- if(ret < 0) { ++ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + inSize + blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + outBuf = xmlSecBufferGetData(out) + outSize; + +- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, +- xmlSecBufferGetData(in), inSize); +- if(rv != SECSuccess) { ++ if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_CipherOp", +@@ -247,27 +483,22 @@ + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } +- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); + +- /* set correct output buffer size */ +- ret = xmlSecBufferSetSize(out, outSize + outLen); +- if(ret < 0) { ++ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + outLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +- /* remove the processed block from input */ +- ret = xmlSecBufferRemoveHead(in, inSize); +- if(ret < 0) { ++ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", inSize); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + return(0); +@@ -281,81 +512,82 @@ + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { + xmlSecSize inSize, outSize; +- int blockLen, outLen = 0; ++ int blockSize, outLen = 0; + xmlSecByte* inBuf; + xmlSecByte* outBuf; +- SECStatus rv; +- int ret; + + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2(ctx->cipherCtx != NULL, -1); +- xmlSecAssert2(ctx->ctxInitialized != 0, -1); ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + +- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); +- xmlSecAssert2(blockLen > 0, -1); ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); + ++ /******************************************************************/ + if(encrypt != 0) { +- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); ++ xmlSecAssert2( inSize < blockSize, -1 ) ; + + /* create padding */ +- ret = xmlSecBufferSetMaxSize(in, blockLen); +- if(ret < 0) { ++ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + inBuf = xmlSecBufferGetData(in); + +- /* generate random padding */ +- if((xmlSecSize)blockLen > (inSize + 1)) { +- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); +- if(rv != SECSuccess) { ++ /* generate random */ ++ if( blockSize > ( inSize + 1 ) ) { ++ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_GenerateRandom", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", blockLen - inSize - 1); ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +- inBuf[blockLen - 1] = blockLen - inSize; +- inSize = blockLen; ++ inBuf[blockSize-1] = blockSize - inSize ; ++ inSize = blockSize ; + } else { +- if(inSize != (xmlSecSize)blockLen) { ++ if( inSize != blockSize ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "data=%d;block=%d", inSize, blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + +- /* process last block */ +- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); +- if(ret < 0) { ++ /* process the last block */ ++ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + 2 * blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + outBuf = xmlSecBufferGetData(out) + outSize; + +- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, +- xmlSecBufferGetData(in), inSize); +- if(rv != SECSuccess) { ++ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_CipherOp", +@@ -363,300 +595,169 @@ + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } +- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); + + if(encrypt == 0) { + /* check padding */ +- if(outLen < outBuf[blockLen - 1]) { ++ if( outLen < outBuf[blockSize-1] ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "padding=%d;buffer=%d", +- outBuf[blockLen - 1], outLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } +- outLen -= outBuf[blockLen - 1]; ++ outLen -= outBuf[blockSize-1] ; + } + +- /* set correct output buffer size */ +- ret = xmlSecBufferSetSize(out, outSize + outLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + outLen); +- return(-1); +- } ++ /******************************************************************/ + +- /* remove the processed block from input */ +- ret = xmlSecBufferRemoveHead(in, inSize); +- if(ret < 0) { ++ /****************************************************************** ++ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", inSize); +- return(-1); +- } +- +- return(0); +-} +- +- +-/****************************************************************************** +- * +- * EVP Block Cipher transforms +- * +- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure +- * +- *****************************************************************************/ +-#define xmlSecNssBlockCipherSize \ +- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) +-#define xmlSecNssBlockCipherGetCtx(transform) \ +- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) +- +-static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); +-static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); +-static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, +- xmlSecKeyReqPtr keyReq); +-static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, +- xmlSecKeyPtr key); +-static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, +- int last, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); +- +- +- +-static int +-xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { +-#ifndef XMLSEC_NO_DES +- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { +- return(1); +- } +-#endif /* XMLSEC_NO_DES */ +- +-#ifndef XMLSEC_NO_AES +- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || +- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || +- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { +- +- return(1); +- } +-#endif /* XMLSEC_NO_AES */ +- +- return(0); +-} +- +-static int +-xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { +- xmlSecNssBlockCipherCtxPtr ctx; +- +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); +- +- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); +- +-#ifndef XMLSEC_NO_DES +- if(transform->id == xmlSecNssTransformDes3CbcId) { +- ctx->cipher = CKM_DES3_CBC; +- ctx->keyId = xmlSecNssKeyDataDesId; +- ctx->keySize = 24; +- } else +-#endif /* XMLSEC_NO_DES */ +- +-#ifndef XMLSEC_NO_AES +- if(transform->id == xmlSecNssTransformAes128CbcId) { +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 16; +- } else if(transform->id == xmlSecNssTransformAes192CbcId) { +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 24; +- } else if(transform->id == xmlSecNssTransformAes256CbcId) { +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 32; +- } else +-#endif /* XMLSEC_NO_AES */ +- +- if(1) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_TRANSFORM, ++ "xmlSecBufferSetMaxSize", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); +- } +- +- return(0); +-} +- +-static void +-xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { +- xmlSecNssBlockCipherCtxPtr ctx; +- +- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); +- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert(ctx != NULL); +- +- if(ctx->cipherCtx != NULL) { +- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); + } +- +- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); +-} + +-static int +-xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { +- xmlSecNssBlockCipherCtxPtr ctx; +- +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- xmlSecAssert2(keyReq != NULL, -1); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->keyId != NULL, -1); ++ outBuf = xmlSecBufferGetData( out ) + outSize ; ++ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_DigestFinal" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ******************************************************************/ ++ ++ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++/* PK11_Finalize( ctx->cipherCtx ) ;*/ ++ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); ++ ctx->cipherCtx = NULL ; + +- keyReq->keyId = ctx->keyId; +- keyReq->keyType = xmlSecKeyDataTypeSymmetric; +- if(transform->operation == xmlSecTransformOperationEncrypt) { +- keyReq->keyUsage = xmlSecKeyUsageEncrypt; +- } else { +- keyReq->keyUsage = xmlSecKeyUsageDecrypt; +- } +- keyReq->keyBitsSize = 8 * ctx->keySize; + return(0); + } + +-static int +-xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { +- xmlSecNssBlockCipherCtxPtr ctx; +- xmlSecBufferPtr buffer; ++/** ++ * xmlSecTransformExecuteMethod: ++ * @transform: the pointer to transform object. ++ * @last: the flag: if set to 1 then it's the last data chunk. ++ * @transformCtx: the pointer to transform context object. ++ * ++ * Transform specific method to process a chunk of data. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ ++xmlSecNssBlockCipherExecute( ++ xmlSecTransformPtr transform , ++ int last , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ xmlSecBufferPtr inBuf = NULL ; ++ xmlSecBufferPtr outBuf = NULL ; ++ const xmlChar* cipherName ; ++ int operation ; ++ int rtv ; + + xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- xmlSecAssert2(key != NULL, -1); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); +- xmlSecAssert2(ctx->keyInitialized == 0, -1); +- xmlSecAssert2(ctx->keyId != NULL, -1); +- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); +- +- xmlSecAssert2(ctx->keySize > 0, -1); +- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); + +- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); +- xmlSecAssert2(buffer != NULL, -1); ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; + +- if(xmlSecBufferGetSize(buffer) < ctx->keySize) { ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, +- "keySize=%d;expected=%d", +- xmlSecBufferGetSize(buffer), ctx->keySize); +- return(-1); ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; + } +- +- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); +- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); +- +- ctx->keyInitialized = 1; +- return(0); +-} +- +-static int +-xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { +- xmlSecNssBlockCipherCtxPtr ctx; +- xmlSecBufferPtr in, out; +- int ret; +- +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- xmlSecAssert2(transformCtx != NULL, -1); + +- in = &(transform->inBuf); +- out = &(transform->outBuf); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); ++ inBuf = &( transform->inBuf ) ; ++ outBuf = &( transform->outBuf ) ; + + if(transform->status == xmlSecTransformStatusNone) { + transform->status = xmlSecTransformStatusWorking; + } + ++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ++ cipherName = xmlSecTransformGetName( transform ) ; ++ + if(transform->status == xmlSecTransformStatusWorking) { +- if(ctx->ctxInitialized == 0) { +- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { ++ if( context->cipherCtx == NULL ) { ++ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ++ if( rtv < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecNssBlockCipherCtxInit", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +- if((ctx->ctxInitialized == 0) && (last != 0)) { ++ if( context->cipherCtx == NULL && last != 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + "not enough data to initialize transform"); + return(-1); + } + +- if(ctx->ctxInitialized != 0) { +- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { ++ if( context->cipherCtx != NULL ) { ++ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ++ if( rtv < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecNssBlockCipherCtxUpdate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + if(last) { +- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { ++ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ++ if( rtv < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecNssBlockCipherCtxFinal", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusFinished; + } + } else if(transform->status == xmlSecTransformStatusFinished) { +- /* the only way we can get here is if there is no input */ +- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); +- } else if(transform->status == xmlSecTransformStatusNone) { +- /* the only way we can get here is if there is no enough data in the input */ +- xmlSecAssert2(last == 0, -1); ++ if( xmlSecBufferGetSize( inBuf ) != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return -1 ; ++ } + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), |