summaryrefslogtreecommitdiff
path: root/libxmlsec/xmlsec1-customkeymanage.patch
diff options
context:
space:
mode:
authorPeter Foley <pefoley2@verizon.net>2012-11-29 20:50:15 -0500
committerPeter Foley <pefoley2@verizon.net>2012-11-30 11:34:29 -0500
commitec6af4194e80f5f0b2e46ca59802ff397a2a4a24 (patch)
tree9f0ff42902bdd0a7988cc462571259c873794289 /libxmlsec/xmlsec1-customkeymanage.patch
parent694a2c53810dec6d8e069d74baf51e6cdda91faa (diff)
convert libxmlsec to gbuild
Change-Id: Id0ad4e1c8e3e1ac03c625fb77b70fe0aa8ddfcdc
Diffstat (limited to 'libxmlsec/xmlsec1-customkeymanage.patch')
-rw-r--r--libxmlsec/xmlsec1-customkeymanage.patch2757
1 files changed, 0 insertions, 2757 deletions
diff --git a/libxmlsec/xmlsec1-customkeymanage.patch b/libxmlsec/xmlsec1-customkeymanage.patch
index 8a9336881a98..1881ea923495 100644
--- a/libxmlsec/xmlsec1-customkeymanage.patch
+++ b/libxmlsec/xmlsec1-customkeymanage.patch
@@ -18,81 +18,6 @@
app.h \
certkeys.h \
crypto.h \
---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200
-@@ -1 +1,71 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
-+#define __XMLSEC_MSCRYPTO_AKMNGR_H__
-+
-+#include <windows.h>
-+#include <wincrypt.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecMSCryptoAppliedKeysMngrCreate(
-+ HCERTSTORE keyStore ,
-+ HCERTSTORE certStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY priKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE keyStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE trustedStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE untrustedStore
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
-+
-+
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
@@ -10,6 +10,9 @@
@@ -117,66 +42,6 @@
$(NULL)
all: all-am
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200
-@@ -1 +1,56 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_AKMNGR_H__
-+#define __XMLSEC_NSS_AKMNGR_H__
-+
-+#include <nss.h>
-+#include <nspr.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-+
-+
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
@@ -22,6 +22,9 @@
@@ -198,45 +63,6 @@
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
const char* filename,
xmlSecKeyDataType type);
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200
-@@ -1 +1,35 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_CIPHERS_H__
-+#define __XMLSEC_NSS_CIPHERS_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
-+ PK11SymKey* symkey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-+
-+
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
@@ -16,6 +16,8 @@
@@ -257,432 +83,6 @@
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
const char *uri,
xmlSecKeysMngrPtr keysMngr);
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200
-@@ -1 +1,182 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+#ifndef __XMLSEC_NSS_TOKENS_H__
-+#define __XMLSEC_NSS_TOKENS_H__
-+
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/list.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+/**
-+ * xmlSecNssKeySlotListId
-+ *
-+ * The crypto mechanism list klass
-+ */
-+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-+
-+/*******************************************
-+ * KeySlot interfaces
-+ *******************************************/
-+/**
-+ * Internal NSS key slot data
-+ * @mechanismList: the mechanisms that the slot bound with.
-+ * @slot: the pkcs slot
-+ *
-+ * This context is located after xmlSecPtrList
-+ */
-+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
-+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
-+
-+struct _xmlSecNssKeySlot {
-+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
-+ PK11SlotInfo* slot ;
-+} ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+
-+/************************************************************************
-+ * PKCS#11 crypto token interfaces
-+ *
-+ * A PKCS#11 slot repository will be defined internally. From the
-+ * repository, a user can specify a particular slot for a certain crypto
-+ * mechanism.
-+ *
-+ * In some situation, some cryptographic operation should act in a user
-+ * designated devices. The interfaces defined here provide the way. If
-+ * the user do not initialize the repository distinctly, the interfaces
-+ * use the default functions provided by NSS itself.
-+ *
-+ ************************************************************************/
-+/**
-+ * Initialize NSS pkcs#11 slot repository
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-+
-+/**
-+ * Shutdown and destroy NSS pkcs#11 slot repository
-+ */
-+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-+
-+/**
-+ * Get PKCS#11 slot handler
-+ * @type the mechanism that the slot must support.
-+ *
-+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
-+ *
-+ * Notes: The returned handler must be destroied distinctly.
-+ */
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-+
-+/**
-+ * Adopt a pkcs#11 slot with a mechanism into the repository
-+ * @slot: the pkcs#11 slot.
-+ * @mech: the mechanism.
-+ *
-+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
-+ * this mechanism only can perform on the @slot.
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_TOKENS_H__ */
-+
---- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200
-+++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200
-@@ -1 +1,236 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/keysmngr.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/mscrypto/crypto.h>
-+#include <xmlsec/mscrypto/keysstore.h>
-+#include <xmlsec/mscrypto/akmngr.h>
-+#include <xmlsec/mscrypto/x509.h>
-+
-+/**
-+ * xmlSecMSCryptoAppliedKeysMngrCreate:
-+ * @hKeyStore: the pointer to key store.
-+ * @hCertStore: the pointer to certificate database.
-+ *
-+ * Create and load key store and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecMSCryptoAppliedKeysMngrCreate(
-+ HCERTSTORE hKeyStore ,
-+ HCERTSTORE hCertStore
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+
-+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * At present, MS Crypto engine do not provide a way to setup a key store.
-+ */
-+ if( keyStore != NULL ) {
-+ /*TODO: binding key store.*/
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecMSCryptoKeysMngrInit" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /*-
-+ * At present, MS Crypto engine do not provide a way to setup a cert store.
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY symKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY pubKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY priKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE keyStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( keyStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE trustedStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE untrustedStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
--- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
@@ -35,6 +35,9 @@
@@ -762,394 +162,6 @@
libxmlsec1_nss_la-bignum.lo: bignum.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
---- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200
-+++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200
-@@ -1 +1,384 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <nspr.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+#include <keyhi.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/keysstore.h>
-+
-+/**
-+ * xmlSecNssAppliedKeysMngrCreate:
-+ * @slot: array of pointers to NSS PKCS#11 slot information.
-+ * @cSlots: number of slots in the array
-+ * @handler: the pointer to NSS certificate database.
-+ *
-+ * Create and load NSS crypto slot and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+ int islot = 0;
-+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ for (islot = 0; islot < cSlots; islot++)
-+ {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Create a key slot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /* Set slot */
-+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotSetSlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+
-+ /* Adopt keySlot */
-+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeysStoreAdoptKeySlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /**
-+ * Because Tej's implementation of certDB use the default DB, so I ignore
-+ * the certDB handler at present. I'll modify the cert store sources to
-+ * accept particular certDB instead of default ones.
-+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
-+ if( certStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( pubKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( priKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
--- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200
@@ -23,8 +23,8 @@
@@ -2110,1223 +1122,6 @@
+ xmlFreeDoc(doc);
+ return(0);
}
---- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200
-+++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200
-@@ -1 +1,1213 @@
--dummy
-+/**
-+ *
-+ * XMLSec library
-+ *
-+ * AES Algorithm support
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright .................................
-+ */
-+#include "globals.h"
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <hasht.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+
-+#define XMLSEC_NSS_AES128_KEY_SIZE 16
-+#define XMLSEC_NSS_AES192_KEY_SIZE 24
-+#define XMLSEC_NSS_AES256_KEY_SIZE 32
-+#define XMLSEC_NSS_DES3_KEY_SIZE 24
-+#define XMLSEC_NSS_DES3_KEY_LENGTH 24
-+#define XMLSEC_NSS_DES3_IV_LENGTH 8
-+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
-+
-+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
-+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
-+};
-+
-+/*********************************************************************
-+ *
-+ * key wrap transforms
-+ *
-+ ********************************************************************/
-+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
-+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
-+
-+#define xmlSecNssKeyWrapSize \
-+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
-+
-+#define xmlSecNssKeyWrapGetCtx( transform ) \
-+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
-+
-+struct _xmlSecNssKeyWrapCtx {
-+ CK_MECHANISM_TYPE cipher ;
-+ PK11SymKey* symkey ;
-+ xmlSecKeyDataId keyId ;
-+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
-+} ;
-+
-+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
-+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
-+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
-+ xmlSecKeyReqPtr keyReq);
-+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
-+ xmlSecKeyPtr key);
-+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
-+ int last,
-+ xmlSecTransformCtxPtr transformCtx);
-+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
-+
-+static int
-+xmlSecNssKeyWrapCheckId(
-+ xmlSecTransformPtr transform
-+) {
-+ #ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
-+ return(1);
-+ }
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
-+
-+ return(1);
-+ }
-+ #endif /* XMLSEC_NO_AES */
-+
-+ return(0);
-+}
-+
-+static xmlSecSize
-+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
-+#ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
-+ return(XMLSEC_NSS_DES3_KEY_SIZE);
-+ } else
-+#endif /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
-+ return(XMLSEC_NSS_AES128_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
-+ return(XMLSEC_NSS_AES192_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
-+ return(XMLSEC_NSS_AES256_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
-+ return(XMLSEC_NSS_AES256_KEY_SIZE);
-+ } else
-+#endif /* XMLSEC_NO_AES */
-+
-+ if(1)
-+ return(0);
-+}
-+
-+
-+static int
-+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+ int ret;
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ #ifndef XMLSEC_NO_DES
-+ if( transform->id == xmlSecNssTransformKWDes3Id ) {
-+ context->cipher = CKM_DES3_CBC ;
-+ context->keyId = xmlSecNssKeyDataDesId ;
-+ } else
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( transform->id == xmlSecNssTransformKWAes128Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( transform->id == xmlSecNssTransformKWAes192Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( transform->id == xmlSecNssTransformKWAes256Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ #endif /* XMLSEC_NO_AES */
-+
-+
-+ if( 1 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->symkey = NULL ;
-+ context->material = NULL ;
-+
-+ return(0);
-+}
-+
-+static void
-+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+
-+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
-+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert( context != NULL ) ;
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+
-+ if( context->material != NULL ) {
-+ xmlSecBufferDestroy(context->material);
-+ context->material = NULL ;
-+ }
-+}
-+
-+static int
-+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+ xmlSecSize cipherSize = 0 ;
-+
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(keyReq != NULL, -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ keyReq->keyId = context->keyId;
-+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
-+ if(transform->operation == xmlSecTransformOperationEncrypt) {
-+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
-+ } else {
-+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
-+ }
-+
-+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
-+ xmlSecNssKeyWrapCtxPtr context = NULL ;
-+ xmlSecKeyDataPtr keyData = NULL ;
-+ PK11SymKey* symkey = NULL ;
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-+
-+ keyData = xmlSecKeyGetValue( key ) ;
-+ if( keyData == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
-+ "xmlSecKeyGetValue" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
-+ "xmlSecNssSymKeyDataGetKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->symkey = symkey ;
-+
-+ return(0) ;
-+}
-+
-+/**
-+ * key wrap transform
-+ */
-+static int
-+xmlSecNssKeyWrapCtxInit(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecSize blockSize ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ if( ctx->material != NULL ) {
-+ xmlSecBufferDestroy( ctx->material ) ;
-+ ctx->material = NULL ;
-+ }
-+
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ ctx->material = xmlSecBufferCreate( blockSize ) ;
-+ if( ctx->material == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* read raw key material into context */
-+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetData" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+/**
-+ * key wrap transform update
-+ */
-+static int
-+xmlSecNssKeyWrapCtxUpdate(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
-+ xmlSecSize s;
-+ xmlSecSize i;
-+ xmlSecByte c;
-+
-+ xmlSecAssert2(buf != NULL, -1);
-+
-+ s = size / 2;
-+ --size;
-+ for(i = 0; i < s; ++i) {
-+ c = buf[i];
-+ buf[i] = buf[size - i];
-+ buf[size - i] = c;
-+ }
-+ return(0);
-+}
-+
-+static xmlSecByte *
-+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
-+ xmlSecByte *out, xmlSecSize outSize)
-+{
-+ PK11Context *context = NULL;
-+ SECStatus s;
-+ xmlSecByte *digest = NULL;
-+ unsigned int len;
-+
-+ xmlSecAssert2(in != NULL, NULL);
-+ xmlSecAssert2(out != NULL, NULL);
-+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
-+
-+ /* Create a context for hashing (digesting) */
-+ context = PK11_CreateDigestContext(SEC_OID_SHA1);
-+ if (context == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CreateDigestContext",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestBegin(context);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestBegin",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestOp(context, in, inSize);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestOp",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestFinal(context, out, &len, outSize);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestFinal",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+ xmlSecAssert2(len == SHA1_LENGTH, NULL);
-+
-+ digest = out;
-+
-+done:
-+ if (context != NULL) {
-+ PK11_DestroyContext(context, PR_TRUE);
-+ }
-+ return (digest);
-+}
-+
-+static int
-+xmlSecNssKWDes3Encrypt(
-+ PK11SymKey* symKey ,
-+ CK_MECHANISM_TYPE cipherMech ,
-+ const xmlSecByte* iv ,
-+ xmlSecSize ivSize ,
-+ const xmlSecByte* in ,
-+ xmlSecSize inSize ,
-+ xmlSecByte* out ,
-+ xmlSecSize outSize ,
-+ int enc
-+) {
-+ PK11Context* EncContext = NULL;
-+ SECItem ivItem ;
-+ SECItem* secParam = NULL ;
-+ int tmp1_outlen;
-+ unsigned int tmp2_outlen;
-+ int result_len = -1;
-+ SECStatus rv;
-+
-+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+ xmlSecAssert2(iv != NULL, -1);
-+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
-+ xmlSecAssert2(in != NULL, -1);
-+ xmlSecAssert2(inSize > 0, -1);
-+ xmlSecAssert2(out != NULL, -1);
-+ xmlSecAssert2(outSize >= inSize, -1);
-+
-+ /* Prepare IV */
-+ ivItem.data = ( unsigned char* )iv ;
-+ ivItem.len = ivSize ;
-+
-+ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
-+ if (secParam == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_ParamFromIV",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ EncContext = PK11_CreateContextBySymKey(cipherMech,
-+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
-+ symKey, secParam);
-+ if (EncContext == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CreateContextBySymKey",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ tmp1_outlen = tmp2_outlen = 0;
-+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
-+ (unsigned char *)in, inSize);
-+ if (rv != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CipherOp",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
-+ &tmp2_outlen, outSize-tmp1_outlen);
-+ if (rv != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestFinal",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ result_len = tmp1_outlen + tmp2_outlen;
-+
-+done:
-+ if (secParam) {
-+ SECITEM_FreeItem(secParam, PR_TRUE);
-+ }
-+ if (EncContext) {
-+ PK11_DestroyContext(EncContext, PR_TRUE);
-+ }
-+
-+ return(result_len);
-+}
-+
-+static int
-+xmlSecNssKeyWrapDesOp(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ int encrypt ,
-+ xmlSecBufferPtr result
-+) {
-+ xmlSecByte sha1[SHA1_LENGTH];
-+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
-+ xmlSecByte* in;
-+ xmlSecSize inSize;
-+ xmlSecByte* out;
-+ xmlSecSize outSize;
-+ xmlSecSize s;
-+ int ret;
-+ SECStatus status;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( result != NULL , -1 ) ;
-+
-+ in = xmlSecBufferGetData(ctx->material);
-+ inSize = xmlSecBufferGetSize(ctx->material) ;
-+ out = xmlSecBufferGetData(result);
-+ outSize = xmlSecBufferGetMaxSize(result) ;
-+ if( encrypt ) {
-+ /* step 2: calculate sha1 and CMS */
-+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssComputeSHA1",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 3: construct WKCKS */
-+ memcpy(out, in, inSize);
-+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
-+
-+ /* step 4: generate random iv */
-+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
-+ if(status != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_GenerateRandom",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ return(-1);
-+ }
-+
-+ /* step 5: first encryption, result is TEMP1 */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, outSize, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 6: construct TEMP2=IV || TEMP1 */
-+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
-+ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
-+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
-+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
-+
-+ /* step 7: reverse octets order, result is TEMP3 */
-+ ret = xmlSecNssKWDes3BufferReverse(out, s);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3BufferReverse",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 8: second encryption with static IV */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, s,
-+ out, outSize, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret;
-+
-+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferSetSize",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ } else {
-+ /* step 2: first decryption with static IV, result is TEMP3 */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ in, inSize,
-+ out, outSize, 0);
-+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret;
-+
-+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
-+ ret = xmlSecNssKWDes3BufferReverse(out, s);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3BufferReverse",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ out, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, outSize, 0);
-+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
-+
-+ /* steps 6 and 7: calculate SHA1 and validate it */
-+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssComputeSHA1",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ NULL,
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ "SHA1 does not match");
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferSetSize",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapAesOp(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ int encrypt ,
-+ xmlSecBufferPtr result
-+) {
-+ PK11Context* cipherCtx = NULL;
-+ SECItem ivItem ;
-+ SECItem* secParam = NULL ;
-+ xmlSecSize inSize ;
-+ xmlSecSize inBlocks ;
-+ int blockSize ;
-+ int midSize ;
-+ int finSize ;
-+ xmlSecByte* out ;
-+ xmlSecSize outSize;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( result != NULL , -1 ) ;
-+
-+ /* Do not set any IV */
-+ memset(&ivItem, 0, sizeof(ivItem));
-+
-+ /* Get block size */
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ inSize = xmlSecBufferGetSize( ctx->material ) ;
-+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetMaxSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Get Param for context initialization */
-+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_ParamFromIV" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
-+ if( cipherCtx == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_CreateContextBySymKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
-+ return(-1);
-+ }
-+
-+ out = xmlSecBufferGetData(result) ;
-+ outSize = xmlSecBufferGetMaxSize(result) ;
-+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_CipherOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_DigestFinal" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return 0 ;
-+}
-+
-+/**
-+ * Block cipher transform final
-+ */
-+static int
-+xmlSecNssKeyWrapCtxFinal(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ PK11SymKey* targetKey ;
-+ xmlSecSize blockSize ;
-+ xmlSecBufferPtr result ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Now we get all of the key materail */
-+ /* from now on we will wrap or unwrap the key */
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ result = xmlSecBufferCreate( blockSize ) ;
-+ if( result == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ switch( ctx->cipher ) {
-+ case CKM_DES3_CBC :
-+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssKeyWrapDesOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ break ;
-+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
-+ case CKM_AES_CBC :
-+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssKeyWrapAesOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ break ;
-+ }
-+
-+ /* Write output */
-+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(result);
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
-+ xmlSecNssKeyWrapCtxPtr context = NULL ;
-+ xmlSecBufferPtr inBuf, outBuf ;
-+ int operation ;
-+ int rtv ;
-+
-+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ inBuf = &( transform->inBuf ) ;
-+ outBuf = &( transform->outBuf ) ;
-+
-+ if( transform->status == xmlSecTransformStatusNone ) {
-+ transform->status = xmlSecTransformStatusWorking ;
-+ }
-+
-+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
-+ if( transform->status == xmlSecTransformStatusWorking ) {
-+ if( context->material == NULL ) {
-+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxInit" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( context->material == NULL && last != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "No enough data to intialize transform" ) ;
-+ return(-1);
-+ }
-+
-+ if( context->material != NULL ) {
-+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxUpdate" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( last ) {
-+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxFinal" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ transform->status = xmlSecTransformStatusFinished ;
-+ }
-+ } else if( transform->status == xmlSecTransformStatusFinished ) {
-+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+ } else {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+#ifndef XMLSEC_NO_AES
-+
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes128, /* const xmlChar* name; */
-+ xmlSecHrefKWAes128, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes192, /* const xmlChar* name; */
-+ xmlSecHrefKWAes192, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes256, /* const xmlChar* name; */
-+ xmlSecHrefKWAes256, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+/**
-+ * xmlSecNssTransformKWAes128GetKlass:
-+ *
-+ * The AES-128 key wrapper transform klass.
-+ *
-+ * Returns AES-128 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes128GetKlass(void) {
-+ return(&xmlSecNssKWAes128Klass);
-+}
-+
-+/**
-+ * xmlSecNssTransformKWAes192GetKlass:
-+ *
-+ * The AES-192 key wrapper transform klass.
-+ *
-+ * Returns AES-192 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes192GetKlass(void) {
-+ return(&xmlSecNssKWAes192Klass);
-+}
-+
-+/**
-+ *
-+ * The AES-256 key wrapper transform klass.
-+ *
-+ * Returns AES-256 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes256GetKlass(void) {
-+ return(&xmlSecNssKWAes256Klass);
-+}
-+
-+#endif /* XMLSEC_NO_AES */
-+
-+
-+#ifndef XMLSEC_NO_DES
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWDes3, /* const xmlChar* name; */
-+ xmlSecHrefKWDes3, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+/**
-+ * xmlSecNssTransformKWDes3GetKlass:
-+ *
-+ * The Triple DES key wrapper transform klass.
-+ *
-+ * Returns Triple DES key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWDes3GetKlass(void) {
-+ return(&xmlSecNssKWDes3Klass);
-+}
-+
-+#endif /* XMLSEC_NO_DES */
-+
--- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200
@@ -24,6 +24,7 @@
@@ -4360,558 +2155,6 @@
/* data */
xmlSecNameHMACKeyValue,
---- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200
-+++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200
-@@ -1 +1,548 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright..................................
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+
-+/**
-+ * In order to ensure that particular crypto operation is performed on
-+ * particular crypto device, a subclass of xmlSecList is used to store slot and
-+ * mechanism information.
-+ *
-+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
-+ * this mechanism only can perform on the slot; otherwise, it can perform on
-+ * every eligibl slot in the list.
-+ *
-+ * When try to find a slot for a particular mechanism, the slot bound with
-+ * avaliable mechanism will be looked up firstly.
-+ */
-+#include "globals.h"
-+#include <string.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/errors.h>
-+#include <xmlsec/list.h>
-+
-+#include <xmlsec/nss/tokens.h>
-+
-+int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( keySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+ CK_MECHANISM_TYPE_PTR newList ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( mechanism != CKM_INVALID_MECHANISM ) {
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
-+ *( newList + counter ) = mechanism ;
-+ for( counter -= 1 ; counter >= 0 ; counter -- )
-+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
-+
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = newList ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == mechanism ) {
-+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
-+ }
-+
-+ break ;
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->mechanismList ;
-+ else
-+ return NULL ;
-+}
-+
-+int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( slot != NULL && keySlot->slot != slot ) {
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
-+
-+ if( slot != NULL ) {
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ if( keySlot->slot != NULL ) {
-+ PK11_FreeSlot( keySlot->slot ) ;
-+ keySlot->slot = NULL ;
-+ }
-+
-+}
-+
-+PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->slot ;
-+ else
-+ return NULL ;
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Allocates a new xmlSecNssKeySlot and fill the fields */
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
-+
-+ return( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ CK_MECHANISM_TYPE_PTR mech ;
-+ int counter ;
-+
-+ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
-+ if( newKeySlot->slot != NULL )
-+ PK11_FreeSlot( newKeySlot->slot ) ;
-+
-+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
-+ }
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( newKeySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newKeySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeySlotPtr newKeySlot ;
-+ int ret ;
-+
-+ xmlSecAssert2( keySlot != NULL , NULL ) ;
-+
-+ newKeySlot = xmlSecNssKeySlotCreate() ;
-+ if( newKeySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ return( newKeySlot );
-+}
-+
-+void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL )
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ xmlFree( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == type )
-+ return(1) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
-+ return(1);
-+ } else
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotDebugDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+ xmlSecAssert( output != NULL ) ;
-+
-+ fprintf( output, "== KEY SLOT\n" );
-+}
-+
-+void
-+xmlSecNssKeySlotDebugXmlDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+}
-+
-+/**
-+ * Key Slot List
-+ */
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-+#else
-+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-+#endif
-+ BAD_CAST "mechanism-list",
-+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
-+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
-+};
-+
-+xmlSecPtrListId
-+xmlSecNssKeySlotListGetKlass(void) {
-+ return(&xmlSecNssKeySlotPtrListKlass);
-+}
-+
-+
-+/*-
-+ * Global PKCS#11 crypto token repository -- Key slot list
-+ */
-+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
-+
-+PK11SlotInfo*
-+xmlSecNssSlotGet(
-+ CK_MECHANISM_TYPE type
-+) {
-+ PK11SlotInfo* slot = NULL ;
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ slot = PK11_GetBestSlot( type , NULL ) ;
-+ } else {
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the mechanism is bound with a special slot.
-+ * If no bound slot, we try to find the first eligible slot in the list.
-+ */
-+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 2 ;
-+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 1 ;
-+ }
-+
-+ if( flag == 2 )
-+ break ;
-+ }
-+ if( slot != NULL )
-+ slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ if( slot != NULL && PK11_NeedLogin( slot ) ) {
-+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return( NULL );
-+ }
-+ }
-+
-+ return slot ;
-+}
-+
-+int
-+xmlSecNssSlotInitialize(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+
-+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssSlotShutdown(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+}
-+
-+int
-+xmlSecNssSlotAdopt(
-+ PK11SlotInfo* slot,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
-+ xmlSecAssert2( slot != NULL, -1 ) ;
-+
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the slot is in the repository already.
-+ */
-+ flag = 0 ;
-+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ /* If find the slot in the list */
-+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ flag = 1 ;
-+ }
-+ }
-+
-+ /* If the slot do not in the list, add a new item to the list */
-+ if( flag == 0 ) {
-+ /* Create a new KeySlot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Initialize the keySlot with a slot */
-+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ /* Add keySlot into the list */
-+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ return(0);
-+}
-+
--- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200
@@ -34,7 +34,6 @@
generated by cgit (git 2.34.1) at 2025-01-29 06:54:16 +0000