summaryrefslogtreecommitdiff
path: root/libxmlsec
diff options
context:
space:
mode:
authorVladimir Glazounov <vg@openoffice.org>2005-03-10 16:49:02 +0000
committerVladimir Glazounov <vg@openoffice.org>2005-03-10 16:49:02 +0000
commitebd1b95bb5f9235d1dba1b840fd746c9b53320d2 (patch)
tree088c3116669733029db82a81704d41df3eb5474b /libxmlsec
parent3bda537671520f15486b3e84e242ff453a7bdd6d (diff)
INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED
2005/02/23 03:14:22 mmi 1.1.2.6: Issue number: Submitted by: Reviewed by: 2005/02/23 03:00:02 mmi 1.1.2.5: Support negative or zero s/n Issue number: 43020 Submitted by: Reviewed by: 2005/02/04 08:24:30 mmi 1.1.2.4: xmlsec1-1.2.6 Issue number: Submitted by: Reviewed by: 2005/02/04 08:19:51 mmi 1.1.2.3: xmlsec1-1.2.6 Issue number: Submitted by: Reviewed by: 2005/02/04 07:45:03 mmi 1.1.2.2: xmlsec1-1.2.6 Issue number: Submitted by: Reviewed by: 2005/02/04 07:37:46 mmi 1.1.2.1: xmlsec1-1.2.6 Issue number: Submitted by: Reviewed by:
Diffstat (limited to 'libxmlsec')
-rw-r--r--libxmlsec/xmlsec1-1.2.6.patch13891
1 files changed, 13891 insertions, 0 deletions
diff --git a/libxmlsec/xmlsec1-1.2.6.patch b/libxmlsec/xmlsec1-1.2.6.patch
new file mode 100644
index 000000000000..bf5a8838e61a
--- /dev/null
+++ b/libxmlsec/xmlsec1-1.2.6.patch
@@ -0,0 +1,13891 @@
+*** misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 14:00:30.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/apps/Makefile.in 2005-02-23 11:06:36.000000000 +0800
+***************
+*** 370,376 ****
+ $(CRYPTO_DEPS) \
+ $(NULL)
+
+! all: all-am
+
+ .SUFFIXES:
+ .SUFFIXES: .c .lo .o .obj
+--- 370,376 ----
+ $(CRYPTO_DEPS) \
+ $(NULL)
+
+! all:
+
+ .SUFFIXES:
+ .SUFFIXES: .c .lo .o .obj
+*** misc/xmlsec1-1.2.6/configure 2004-08-26 14:00:34.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/configure 2005-02-23 11:06:37.000000000 +0800
+***************
+*** 24598,24604 ****
+ fi
+
+ LIBXML_MIN_VERSION="2.4.2"
+! LIBXML_CONFIG="xml2-config"
+ LIBXML_CFLAGS=""
+ LIBXML_LIBS=""
+ LIBXML_FOUND="no"
+--- 24598,24604 ----
+ fi
+
+ LIBXML_MIN_VERSION="2.4.2"
+! LIBXML_CONFIG="./libxml2-config"
+ LIBXML_CFLAGS=""
+ LIBXML_LIBS=""
+ LIBXML_FOUND="no"
+***************
+*** 25683,25689 ****
+ NSS_CFLAGS=""
+ NSS_LIBS=""
+ NSS_LIBS_LIST="-lnss3 -lsmime3"
+! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
+ NSS_CRYPTO_LIB="$PACKAGE-nss"
+ NSS_FOUND="no"
+
+--- 25683,25689 ----
+ NSS_CFLAGS=""
+ NSS_LIBS=""
+ NSS_LIBS_LIST="-lnss3 -lsmime3"
+! NSPR_LIBS_LIST="-lnspr4"
+ NSS_CRYPTO_LIB="$PACKAGE-nss"
+ NSS_FOUND="no"
+
+***************
+*** 25817,25824 ****
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
+! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
+
+ echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
+ echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
+--- 25817,25824 ----
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
+! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
+
+ echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
+ echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
+*** misc/xmlsec1-1.2.6/configure.in 2004-08-26 10:49:24.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/configure.in 2005-02-23 11:06:37.000000000 +0800
+***************
+*** 143,149 ****
+ dnl find libxml
+ dnl ==========================================================================
+ LIBXML_MIN_VERSION="2.4.2"
+! LIBXML_CONFIG="xml2-config"
+ LIBXML_CFLAGS=""
+ LIBXML_LIBS=""
+ LIBXML_FOUND="no"
+--- 143,149 ----
+ dnl find libxml
+ dnl ==========================================================================
+ LIBXML_MIN_VERSION="2.4.2"
+! LIBXML_CONFIG="./libxml2-config"
+ LIBXML_CFLAGS=""
+ LIBXML_LIBS=""
+ LIBXML_FOUND="no"
+***************
+*** 508,514 ****
+ NSS_CFLAGS=""
+ NSS_LIBS=""
+ NSS_LIBS_LIST="-lnss3 -lsmime3"
+! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
+ NSS_CRYPTO_LIB="$PACKAGE-nss"
+ NSS_FOUND="no"
+
+--- 508,514 ----
+ NSS_CFLAGS=""
+ NSS_LIBS=""
+ NSS_LIBS_LIST="-lnss3 -lsmime3"
+! NSPR_LIBS_LIST="-lnspr4"
+ NSS_CRYPTO_LIB="$PACKAGE-nss"
+ NSS_FOUND="no"
+
+***************
+*** 534,541 ****
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
+! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
+
+ AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
+ NSPR_INCLUDES_FOUND="no"
+--- 534,541 ----
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
+! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
+
+ AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
+ NSPR_INCLUDES_FOUND="no"
+*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-02-23 11:06:57.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-02-23 11:06:37.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,71 ----
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright ..........................
+! */
+! #ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
+! #define __XMLSEC_MSCRYPTO_AKMNGR_H__
+!
+! #include <windows.h>
+! #include <wincrypt.h>
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/keys.h>
+! #include <xmlsec/transforms.h>
+!
+! #ifdef __cplusplus
+! extern "C" {
+! #endif /* __cplusplus */
+!
+! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
+! xmlSecMSCryptoAppliedKeysMngrCreate(
+! HCERTSTORE keyStore ,
+! HCERTSTORE certStore
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! HCRYPTKEY symKey
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! HCRYPTKEY pubKey
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! HCRYPTKEY priKey
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
+! xmlSecKeysMngrPtr mngr ,
+! HCERTSTORE keyStore
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
+! xmlSecKeysMngrPtr mngr ,
+! HCERTSTORE trustedStore
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
+! xmlSecKeysMngrPtr mngr ,
+! HCERTSTORE untrustedStore
+! ) ;
+!
+! #ifdef __cplusplus
+! }
+! #endif /* __cplusplus */
+!
+! #endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
+!
+!
+*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 14:12:46.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2005-02-23 11:06:37.000000000 +0800
+***************
+*** 77,82 ****
+--- 77,97 ----
+ PCCERT_CONTEXT cert,
+ xmlSecKeyDataType type);
+
++ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore (
++ xmlSecKeyDataStorePtr store,
++ HCERTSTORE keyStore
++ ) ;
++
++ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore (
++ xmlSecKeyDataStorePtr store,
++ HCERTSTORE trustedStore
++ ) ;
++
++ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore (
++ xmlSecKeyDataStorePtr store,
++ HCERTSTORE untrustedStore
++ ) ;
++
+
+ #endif /* XMLSEC_NO_X509 */
+
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-02-23 11:06:54.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-02-23 11:06:37.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,55 ----
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright ..........................
+! */
+! #ifndef __XMLSEC_NSS_AKMNGR_H__
+! #define __XMLSEC_NSS_AKMNGR_H__
+!
+! #include <nss.h>
+! #include <nspr.h>
+! #include <pk11func.h>
+! #include <cert.h>
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/keys.h>
+! #include <xmlsec/transforms.h>
+!
+! #ifdef __cplusplus
+! extern "C" {
+! #endif /* __cplusplus */
+!
+! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
+! xmlSecNssAppliedKeysMngrCreate(
+! PK11SlotInfo* slot ,
+! CERTCertDBHandle* handler
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssAppliedKeysMngrSymKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! PK11SymKey* symKey
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssAppliedKeysMngrPubKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! SECKEYPublicKey* pubKey
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssAppliedKeysMngrPriKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! SECKEYPrivateKey* priKey
+! ) ;
+!
+! #ifdef __cplusplus
+! }
+! #endif /* __cplusplus */
+!
+! #endif /* __XMLSEC_NSS_AKMNGR_H__ */
+!
+!
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-13 05:06:14.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 22,27 ****
+--- 22,30 ----
+ #include <xmlsec/keysmngr.h>
+ #include <xmlsec/transforms.h>
+
++ #include <xmlsec/nss/tokens.h>
++ #include <xmlsec/nss/akmngr.h>
++
+ /**
+ * Init/shutdown
+ */
+***************
+*** 34,39 ****
+--- 37,44 ----
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
++ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
++ xmlSecNssKeySlotPtr keySlot);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-02-23 11:06:55.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,35 ----
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright ..........................
+! */
+! #ifndef __XMLSEC_NSS_CIPHERS_H__
+! #define __XMLSEC_NSS_CIPHERS_H__
+!
+! #ifdef __cplusplus
+! extern "C" {
+! #endif /* __cplusplus */
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/keys.h>
+! #include <xmlsec/transforms.h>
+!
+!
+! XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
+! PK11SymKey* symkey ) ;
+!
+! XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
+!
+! XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
+!
+!
+! #ifdef __cplusplus
+! }
+! #endif /* __cplusplus */
+!
+! #endif /* __XMLSEC_NSS_CIPHERS_H__ */
+!
+!
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-13 05:06:14.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 264,269 ****
+--- 264,278 ----
+ xmlSecNssTransformRsaPkcs1GetKlass()
+ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void);
+
++ /**
++ * xmlSecNssTransformRsaOaepId:
++ *
++ * The RSA OAEP key transport transform klass.
++ */
++ #define xmlSecNssTransformRsaOaepId \
++ xmlSecNssTransformRsaOaepGetKlass()
++ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
++
+ #endif /* XMLSEC_NO_RSA */
+
+
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 10:46:35.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 16,21 ****
+--- 16,23 ----
+ #endif /* __cplusplus */
+
+ #include <xmlsec/xmlsec.h>
++ #include <xmlsec/keysmngr.h>
++ #include <xmlsec/nss/tokens.h>
+
+ /****************************************************************************
+ *
+***************
+*** 31,36 ****
+--- 33,40 ----
+ XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
+ xmlSecKeyPtr key);
++ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
++ xmlSecNssKeySlotPtr keySlot);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
+ const char *uri,
+ xmlSecKeysMngrPtr keysMngr);
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 10:46:35.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2005-02-23 11:06:37.000000000 +0800
+***************
+*** 3,8 ****
+--- 3,9 ----
+ xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
+
+ xmlsecnssinc_HEADERS = \
++ akmngr.h \
+ app.h \
+ crypto.h \
+ symbols.h \
+***************
+*** 10,15 ****
+--- 11,18 ----
+ keysstore.h \
+ pkikeys.h \
+ x509.h \
++ tokens.h \
++ ciphers.h \
+ $(NULL)
+
+ install-exec-hook:
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 14:00:31.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2005-02-23 11:06:37.000000000 +0800
+***************
+*** 273,278 ****
+--- 273,279 ----
+ NULL =
+ xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
+ xmlsecnssinc_HEADERS = \
++ akmngr.h \
+ app.h \
+ crypto.h \
+ symbols.h \
+***************
+*** 280,285 ****
+--- 281,288 ----
+ keysstore.h \
+ pkikeys.h \
+ x509.h \
++ tokens.h \
++ ciphers.h \
+ $(NULL)
+
+ all: all-am
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-02-23 11:06:56.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,182 ----
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
+! *
+! * Contributor(s): _____________________________
+! *
+! */
+! #ifndef __XMLSEC_NSS_TOKENS_H__
+! #define __XMLSEC_NSS_TOKENS_H__
+!
+! #include <string.h>
+!
+! #include <nss.h>
+! #include <pk11func.h>
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/list.h>
+!
+! #ifdef __cplusplus
+! extern "C" {
+! #endif /* __cplusplus */
+!
+! /**
+! * xmlSecNssKeySlotListId
+! *
+! * The crypto mechanism list klass
+! */
+! #define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
+! XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
+!
+! /*******************************************
+! * KeySlot interfaces
+! *******************************************/
+! /**
+! * Internal NSS key slot data
+! * @mechanismList: the mechanisms that the slot bound with.
+! * @slot: the pkcs slot
+! *
+! * This context is located after xmlSecPtrList
+! */
+! typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
+! typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
+!
+! struct _xmlSecNssKeySlot {
+! CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
+! PK11SlotInfo* slot ;
+! } ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotSetMechList(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE_PTR mechanismList
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotEnableMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE mechanism
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotDisableMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE mechanism
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
+! xmlSecNssKeySlotGetMechList(
+! xmlSecNssKeySlotPtr keySlot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotSetSlot(
+! xmlSecNssKeySlotPtr keySlot ,
+! PK11SlotInfo* slot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotInitialize(
+! xmlSecNssKeySlotPtr keySlot ,
+! PK11SlotInfo* slot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT void
+! xmlSecNssKeySlotFinalize(
+! xmlSecNssKeySlotPtr keySlot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
+! xmlSecNssKeySlotGetSlot(
+! xmlSecNssKeySlotPtr keySlot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
+! xmlSecNssKeySlotCreate() ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotCopy(
+! xmlSecNssKeySlotPtr newKeySlot ,
+! xmlSecNssKeySlotPtr keySlot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
+! xmlSecNssKeySlotDuplicate(
+! xmlSecNssKeySlotPtr keySlot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT void
+! xmlSecNssKeySlotDestroy(
+! xmlSecNssKeySlotPtr keySlot
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotBindMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE type
+! ) ;
+!
+! XMLSEC_CRYPTO_EXPORT int
+! xmlSecNssKeySlotSupportMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE type
+! ) ;
+!
+!
+! /************************************************************************
+! * PKCS#11 crypto token interfaces
+! *
+! * A PKCS#11 slot repository will be defined internally. From the
+! * repository, a user can specify a particular slot for a certain crypto
+! * mechanism.
+! *
+! * In some situation, some cryptographic operation should act in a user
+! * designated devices. The interfaces defined here provide the way. If
+! * the user do not initialize the repository distinctly, the interfaces
+! * use the default functions provided by NSS itself.
+! *
+! ************************************************************************/
+! /**
+! * Initialize NSS pkcs#11 slot repository
+! *
+! * Returns 0 if success or -1 if an error occurs.
+! */
+! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
+!
+! /**
+! * Shutdown and destroy NSS pkcs#11 slot repository
+! */
+! XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
+!
+! /**
+! * Get PKCS#11 slot handler
+! * @type the mechanism that the slot must support.
+! *
+! * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
+! *
+! * Notes: The returned handler must be destroied distinctly.
+! */
+! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
+!
+! /**
+! * Adopt a pkcs#11 slot with a mechanism into the repository
+! * @slot: the pkcs#11 slot.
+! * @mech: the mechanism.
+! *
+! * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
+! * this mechanism only can perform on the @slot.
+! *
+! * Returns 0 if success or -1 if an error occurs.
+! */
+! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
+!
+! #ifdef __cplusplus
+! }
+! #endif /* __cplusplus */
+!
+! #endif /* __XMLSEC_NSS_TOKENS_H__ */
+!
+*** misc/xmlsec1-1.2.6/libxml2-config 2005-02-23 11:07:03.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/libxml2-config 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,44 ----
+! #! /bin/sh
+!
+! prefix=${SOLARVERSION}/${INPATH}
+! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external
+! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}
+!
+! while test $# -gt 0; do
+! case "$1" in
+! -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+! *) optarg= ;;
+! esac
+!
+! case "$1" in
+! --prefix=*)
+! prefix=$optarg
+! includedir=$prefix/include
+! libdir=$prefix/lib
+! ;;
+!
+! --prefix)
+! echo $prefix
+! ;;
+!
+! --version)
+! echo 2.5.4
+! exit 0
+! ;;
+!
+! --cflags)
+! echo -I${includedir}
+! ;;
+!
+! --libs)
+! echo -L${libdir} -lxml2 -lz -lm
+! ;;
+!
+! *)
+! exit 1
+! ;;
+! esac
+! shift
+! done
+!
+! exit 0
+*** misc/xmlsec1-1.2.6/src/bn.c 2004-06-22 02:33:27.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/bn.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 170,177 ****
+ */
+ int
+ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
+! xmlSecSize i, len;
+ xmlSecByte ch;
+ int nn;
+ int ret;
+
+--- 170,179 ----
+ */
+ int
+ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
+! xmlSecSize i, len, size;
+ xmlSecByte ch;
++ xmlSecByte* data;
++ int positive;
+ int nn;
+ int ret;
+
+***************
+*** 183,189 ****
+ /* trivial case */
+ len = xmlStrlen(str);
+ if(len == 0) {
+! return(0);
+ }
+
+ /* The result size could not exceed the input string length
+--- 185,191 ----
+ /* trivial case */
+ len = xmlStrlen(str);
+ if(len == 0) {
+! return(0);
+ }
+
+ /* The result size could not exceed the input string length
+***************
+*** 191,244 ****
+ * In truth, it would be likely less than 1/2 input string length
+ * because each byte is represented by 2 chars. If needed,
+ * buffer size would be increased by Mul/Add functions.
+ */
+! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1);
+ if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnRevLookupTable",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", len / 2 + 1);
+! return (-1);
+ }
+
+! for(i = 0; i < len; i++) {
+! ch = str[i];
+! if(isspace(ch)) {
+! continue;
+! }
+!
+! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
+! nn = xmlSecBnLookupTable[ch];
+! if((nn < 0) || ((xmlSecSize)nn > base)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "char=%c;base=%d",
+! ch, base);
+! return (-1);
+! }
+!
+! ret = xmlSecBnMul(bn, base);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnMul",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! return (-1);
+! }
+!
+! ret = xmlSecBnAdd(bn, nn);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnAdd",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! return (-1);
+! }
+ }
+
+ return(0);
+--- 193,323 ----
+ * In truth, it would be likely less than 1/2 input string length
+ * because each byte is represented by 2 chars. If needed,
+ * buffer size would be increased by Mul/Add functions.
++ * Finally, we can add one byte for 00 or 10 prefix.
+ */
+! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1);
+ if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnRevLookupTable",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", len / 2 + 1);
+! return (-1);
+! }
+!
+! /* figure out if it is positive or negative number */
+! positive = 1;
+! i = 0;
+! while(i < len) {
+! ch = str[i++];
+!
+! /* skip spaces */
+! if(isspace(ch)) {
+! continue;
+! }
+!
+! /* check if it is + or - */
+! if(ch == '+') {
+! positive = 1;
+! break;
+! } else if(ch == '-') {
+! positive = 0;
+! break;
+! }
+!
+! /* otherwise, it must be start of the number */
+! nn = xmlSecBnLookupTable[ch];
+! if((nn >= 0) && ((xmlSecSize)nn < base)) {
+! xmlSecAssert2(i > 0, -1);
+!
+! /* no sign, positive by default */
+! positive = 1;
+! --i; /* make sure that we will look at this character in next loop */
+! break;
+! } else {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "char=%c;base=%d",
+! ch, base);
+! return (-1);
+! }
+! }
+!
+! /* now parse the number itself */
+! while(i < len) {
+! ch = str[i++];
+! if(isspace(ch)) {
+! continue;
+! }
+!
+! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
+! nn = xmlSecBnLookupTable[ch];
+! if((nn < 0) || ((xmlSecSize)nn > base)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "char=%c;base=%d",
+! ch, base);
+! return (-1);
+! }
+!
+! ret = xmlSecBnMul(bn, base);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnMul",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! return (-1);
+! }
+!
+! ret = xmlSecBnAdd(bn, nn);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnAdd",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! return (-1);
+! }
+ }
+
+! /* check if we need to add 00 prefix */
+! data = xmlSecBufferGetData(bn);
+! size = xmlSecBufferGetSize(bn);
+! if((size > 0 && data[0] > 127)||(size==0)) {
+! ch = 0;
+! ret = xmlSecBufferPrepend(bn, &ch, 1);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBufferPrepend",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! return (-1);
+! }
+! }
+!
+! /* do 2's compliment and add 1 to represent negative value */
+! if(positive == 0) {
+! data = xmlSecBufferGetData(bn);
+! size = xmlSecBufferGetSize(bn);
+! for(i = 0; i < size; ++i) {
+! data[i] ^= 0xFF;
+! }
+!
+! ret = xmlSecBnAdd(bn, 1);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnAdd",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! return (-1);
+! }
+ }
+
+ return(0);
+***************
+*** 256,263 ****
+ */
+ xmlChar*
+ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
+ xmlChar* res;
+! xmlSecSize i, len;
+ int nn;
+ xmlChar ch;
+
+--- 335,346 ----
+ */
+ xmlChar*
+ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
++ xmlSecBn bn2;
++ int positive = 1;
+ xmlChar* res;
+! xmlSecSize i, len, size;
+! xmlSecByte* data;
+! int ret;
+ int nn;
+ xmlChar ch;
+
+***************
+*** 265,299 ****
+ xmlSecAssert2(base > 1, NULL);
+ xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
+
+ /* Result string len is
+ * len = log base (256) * <bn size>
+ * Since the smallest base == 2 then we can get away with
+ * len = 8 * <bn size>
+ */
+! len = 8 * xmlSecBufferGetSize(bn) + 1;
+ res = (xmlChar*)xmlMalloc(len + 1);
+ if(res == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_MALLOC_FAILED,
+! "len=%d", len);
+! return (NULL);
+ }
+ memset(res, 0, len + 1);
+
+! for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) {
+! if(xmlSecBnDiv(bn, base, &nn) < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnDiv",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! xmlFree(res);
+! return (NULL);
+! }
+! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
+! res[i] = xmlSecBnRevLookupTable[nn];
+ }
+ xmlSecAssert2(i < len, NULL);
+
+--- 348,433 ----
+ xmlSecAssert2(base > 1, NULL);
+ xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
+
++
++ /* copy bn */
++ data = xmlSecBufferGetData(bn);
++ size = xmlSecBufferGetSize(bn);
++ ret = xmlSecBnInitialize(&bn2, size);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecBnCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "size=%d", size);
++ return (NULL);
++ }
++
++ ret = xmlSecBnSetData(&bn2, data, size);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecBnSetData",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "size=%d", size);
++ xmlSecBnFinalize(&bn2);
++ return (NULL);
++ }
++
++ /* check if it is a negative number or not */
++ data = xmlSecBufferGetData(&bn2);
++ size = xmlSecBufferGetSize(&bn2);
++ if((size > 0) && (data[0] > 127)) {
++ /* subtract 1 and do 2's compliment */
++ ret = xmlSecBnAdd(&bn2, -1);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecBnAdd",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "size=%d", size);
++ xmlSecBnFinalize(&bn2);
++ return (NULL);
++ }
++ for(i = 0; i < size; ++i) {
++ data[i] ^= 0xFF;
++ }
++
++ positive = 0;
++ } else {
++ positive = 1;
++ }
++
+ /* Result string len is
+ * len = log base (256) * <bn size>
+ * Since the smallest base == 2 then we can get away with
+ * len = 8 * <bn size>
+ */
+! len = 8 * size + 1 + 1;
+ res = (xmlChar*)xmlMalloc(len + 1);
+ if(res == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_MALLOC_FAILED,
+! "len=%d", len);
+! xmlSecBnFinalize(&bn2);
+! return (NULL);
+ }
+ memset(res, 0, len + 1);
+
+! for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) {
+! if(xmlSecBnDiv(&bn2, base, &nn) < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnDiv",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "base=%d", base);
+! xmlFree(res);
+! xmlSecBnFinalize(&bn2);
+! return (NULL);
+! }
+! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
+! res[i] = xmlSecBnRevLookupTable[nn];
+ }
+ xmlSecAssert2(i < len, NULL);
+
+***************
+*** 301,313 ****
+ for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
+ res[len] = '\0';
+
+ /* swap the string because we wrote it in reverse order */
+ for(i = 0; i < len / 2; i++) {
+! ch = res[i];
+! res[i] = res[len - i - 1];
+! res[len - i - 1] = ch;
+ }
+
+ return(res);
+ }
+
+--- 435,454 ----
+ for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
+ res[len] = '\0';
+
++ /* add "-" for negative numbers */
++ if(positive == 0) {
++ res[len] = '-';
++ res[++len] = '\0';
++ }
++
+ /* swap the string because we wrote it in reverse order */
+ for(i = 0; i < len / 2; i++) {
+! ch = res[i];
+! res[i] = res[len - i - 1];
+! res[len - i - 1] = ch;
+ }
+
++ xmlSecBnFinalize(&bn2);
+ return(res);
+ }
+
+***************
+*** 392,398 ****
+ }
+
+ data = xmlSecBufferGetData(bn);
+! for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) {
+ xmlSecAssert2(data != NULL, -1);
+
+ over = over + multiplier * data[--i];
+--- 533,541 ----
+ }
+
+ data = xmlSecBufferGetData(bn);
+! i = xmlSecBufferGetSize(bn);
+! over = 0;
+! while(i > 0) {
+ xmlSecAssert2(data != NULL, -1);
+
+ over = over + multiplier * data[--i];
+***************
+*** 487,529 ****
+ */
+ int
+ xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
+! int over;
+ xmlSecByte* data;
+ xmlSecSize i;
+ xmlSecByte ch;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+- xmlSecAssert2(delta >= 0, -1);
+
+ if(delta == 0) {
+! return(0);
+ }
+
+ data = xmlSecBufferGetData(bn);
+! for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) {
+! xmlSecAssert2(data != NULL, -1);
+
+! over += data[--i];
+! data[i] = over % 256;
+! over = over / 256;
+! }
+
+! while(over > 0) {
+! ch = over % 256;
+! over = over / 256;
+
+! ret = xmlSecBufferPrepend(bn, &ch, 1);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBufferPrepend",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=1");
+! return (-1);
+! }
+ }
+-
+ return(0);
+ }
+
+--- 630,686 ----
+ */
+ int
+ xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
+! int over, tmp;
+ xmlSecByte* data;
+ xmlSecSize i;
+ xmlSecByte ch;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+
+ if(delta == 0) {
+! return(0);
+ }
+
+ data = xmlSecBufferGetData(bn);
+! if(delta > 0) {
+! for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) {
+! xmlSecAssert2(data != NULL, -1);
+
+! tmp = data[--i];
+! over += tmp;
+! data[i] = over % 256;
+! over = over / 256;
+! }
+
+! while(over > 0) {
+! ch = over % 256;
+! over = over / 256;
+
+! ret = xmlSecBufferPrepend(bn, &ch, 1);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBufferPrepend",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=1");
+! return (-1);
+! }
+! }
+! } else {
+! for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) {
+! xmlSecAssert2(data != NULL, -1);
+!
+! tmp = data[--i];
+! if(tmp < over) {
+! data[i] = 0;
+! over = (over - tmp) / 256;
+! } else {
+! data[i] = tmp - over;
+! over = 0;
+! }
+! }
+ }
+ return(0);
+ }
+
+***************
+*** 787,793 ****
+ }
+
+ if(addLineBreaks) {
+! xmlNodeAddContent(cur, BAD_CAST "\n");
+ }
+
+ switch(format) {
+--- 944,950 ----
+ }
+
+ if(addLineBreaks) {
+! xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ switch(format) {
+***************
+*** 833,839 ****
+ }
+
+ if(addLineBreaks) {
+! xmlNodeAddContent(cur, BAD_CAST "\n");
+ }
+
+ return(0);
+--- 990,996 ----
+ }
+
+ if(addLineBreaks) {
+! xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ return(0);
+*** misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 23:57:20.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/dl.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 329,334 ****
+--- 329,338 ----
+ xmlSecCryptoDLInit(void) {
+ int ret;
+
++ /* use xmlMalloc/xmlFree */
++ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
++ xmlsec_lt_dlfree = xmlSecCryptoDLFree;
++
+ ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+***************
+*** 350,358 ****
+ }
+ /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */
+
+- /* use xmlMalloc/xmlFree */
+- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
+- xmlsec_lt_dlfree = xmlSecCryptoDLFree;
+ return(0);
+ }
+
+--- 354,359 ----
+*** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-02-23 11:06:59.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,235 ----
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright.........................
+! */
+! #include "globals.h"
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/keys.h>
+! #include <xmlsec/transforms.h>
+! #include <xmlsec/errors.h>
+!
+! #include <xmlsec/mscrypto/crypto.h>
+! #include <xmlsec/mscrypto/keysstore.h>
+! #include <xmlsec/mscrypto/akmngr.h>
+! #include <xmlsec/mscrypto/x509.h>
+!
+! /**
+! * xmlSecMSCryptoAppliedKeysMngrCreate:
+! * @hKeyStore: the pointer to key store.
+! * @hCertStore: the pointer to certificate database.
+! *
+! * Create and load key store and certificate database into keys manager
+! *
+! * Returns keys manager pointer on success or NULL otherwise.
+! */
+! xmlSecKeysMngrPtr
+! xmlSecMSCryptoAppliedKeysMngrCreate(
+! HCERTSTORE hKeyStore ,
+! HCERTSTORE hCertStore
+! ) {
+! xmlSecKeyDataStorePtr certStore = NULL ;
+! xmlSecKeysMngrPtr keyMngr = NULL ;
+! xmlSecKeyStorePtr keyStore = NULL ;
+!
+! keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
+! if( keyStore == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeyStoreCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * At present, MS Crypto engine do not provide a way to setup a key store.
+! */
+! if( keyStore != NULL ) {
+! //TODO: binding key store.
+! }
+!
+! keyMngr = xmlSecKeysMngrCreate() ;
+! if( keyMngr == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyStoreDestroy( keyStore ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * Add key store to manager, from now on keys manager destroys the store if
+! * needed
+! */
+! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+! "xmlSecKeysMngrAdoptKeyStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyStoreDestroy( keyStore ) ;
+! xmlSecKeysMngrDestroy( keyMngr ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * Initialize crypto library specific data in keys manager
+! */
+! if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecMSCryptoKeysMngrInit" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeysMngrDestroy( keyMngr ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * Set certificate databse to X509 key data store
+! */
+! /*-
+! * At present, MS Crypto engine do not provide a way to setup a cert store.
+! */
+!
+! /*-
+! * Set the getKey callback
+! */
+! keyMngr->getKey = xmlSecKeysMngrGetKey ;
+!
+! return keyMngr ;
+! }
+!
+! int
+! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! HCRYPTKEY symKey
+! ) {
+! //TODO: import the key into keys manager.
+! return(0) ;
+! }
+!
+! int
+! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! HCRYPTKEY pubKey
+! ) {
+! //TODO: import the key into keys manager.
+! return(0) ;
+! }
+!
+! int
+! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! HCRYPTKEY priKey
+! ) {
+! //TODO: import the key into keys manager.
+! return(0) ;
+! }
+!
+! int
+! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
+! xmlSecKeysMngrPtr mngr ,
+! HCERTSTORE keyStore
+! ) {
+! xmlSecKeyDataStorePtr x509Store ;
+!
+! xmlSecAssert2( mngr != NULL, -1 ) ;
+! xmlSecAssert2( keyStore != NULL, -1 ) ;
+!
+! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+! if( x509Store == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrGetDataStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 ) ;
+! }
+!
+! if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 ) ;
+! }
+!
+! return( 0 ) ;
+! }
+!
+! int
+! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
+! xmlSecKeysMngrPtr mngr ,
+! HCERTSTORE trustedStore
+! ) {
+! xmlSecKeyDataStorePtr x509Store ;
+!
+! xmlSecAssert2( mngr != NULL, -1 ) ;
+! xmlSecAssert2( trustedStore != NULL, -1 ) ;
+!
+! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+! if( x509Store == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrGetDataStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 ) ;
+! }
+!
+! if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 ) ;
+! }
+!
+! return( 0 ) ;
+! }
+!
+! int
+! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
+! xmlSecKeysMngrPtr mngr ,
+! HCERTSTORE untrustedStore
+! ) {
+! xmlSecKeyDataStorePtr x509Store ;
+!
+! xmlSecAssert2( mngr != NULL, -1 ) ;
+! xmlSecAssert2( untrustedStore != NULL, -1 ) ;
+!
+! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+! if( x509Store == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrGetDataStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 ) ;
+! }
+!
+! if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 ) ;
+! }
+!
+! return( 0 ) ;
+! }
+!
+*** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 13:06:43.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 41,46 ****
+--- 41,47 ----
+ * a public key from xml document is provided, we need HCRYPTKEY.... The focus
+ * now is however directed to certificates. Wouter
+ */
++ /** replaced by a wrapper style for WINNT 4.0
+ struct _xmlSecMSCryptoKeyDataCtx {
+ HCRYPTPROV hProv;
+ BOOL fCallerFreeProv;
+***************
+*** 51,56 ****
+--- 52,175 ----
+ HCRYPTKEY hKey;
+ xmlSecKeyDataType type;
+ };
++ */
++ /*-
++ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is
++ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support
++ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
++ */
++ struct _mscrypt_key {
++ HCRYPTKEY hKey ;
++ int refcnt ;
++ } ;
++
++ /*-
++ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is
++ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support
++ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
++ */
++ struct _mscrypt_prov {
++ HCRYPTPROV hProv ;
++ BOOL freeprov ;
++ int refcnt ;
++ } ;
++
++ struct _xmlSecMSCryptoKeyDataCtx {
++ struct _mscrypt_prov* p_prov ;
++ LPCTSTR providerName;
++ DWORD providerType;
++ PCCERT_CONTEXT pCert;
++ DWORD dwKeySpec;
++ struct _mscrypt_key* p_key ;
++ xmlSecKeyDataType type;
++ };
++
++ struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) {
++ struct _mscrypt_key* pkey ;
++
++ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ;
++ if( pkey == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE,
++ "mscrypt_create_key" ,
++ NULL ,
++ XMLSEC_ERRORS_R_MALLOC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE
++ ) ;
++ }
++
++ pkey->hKey = key ;
++ pkey->refcnt = 1 ;
++
++ return pkey ;
++ }
++
++ struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) {
++ if( key )
++ key->refcnt ++ ;
++
++ return key ;
++ }
++
++ int mscrypt_release_key( struct _mscrypt_key* key ) {
++ if( key ) {
++ key->refcnt -- ;
++ if( !key->refcnt ) {
++ if( key->hKey ) {
++ CryptDestroyKey( key->hKey ) ;
++ key->hKey = 0 ;
++ }
++ xmlFree( key ) ;
++ } else {
++ return key->refcnt ;
++ }
++ }
++
++ return 0 ;
++ }
++
++ struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) {
++ struct _mscrypt_prov* pprov ;
++
++ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ;
++ if( pprov == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE,
++ "mscrypt_create_prov" ,
++ NULL ,
++ XMLSEC_ERRORS_R_MALLOC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE
++ ) ;
++ }
++
++ pprov->hProv = prov ;
++ pprov->freeprov = callerFree ;
++ pprov->refcnt = 1 ;
++
++ return pprov ;
++ }
++
++ struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) {
++ if( prov )
++ prov->refcnt ++ ;
++
++ return prov ;
++ }
++
++ int mscrypt_release_prov( struct _mscrypt_prov* prov ) {
++ if( prov ) {
++ prov->refcnt -- ;
++ if( !prov->refcnt ) {
++ if( prov->hProv && prov->freeprov ) {
++ CryptReleaseContext( prov->hProv, 0 ) ;
++ prov->hProv = 0 ;
++ }
++ xmlFree( prov ) ;
++ } else {
++ return prov->refcnt ;
++ }
++ }
++
++ return 0 ;
++ }
+
+ /******************************************************************************
+ *
+***************
+*** 88,111 ****
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+! if (ctx->hKey != 0) {
+! CryptDestroyKey(ctx->hKey);
+! ctx->hKey = 0;
+! }
+
+ if(ctx->pCert != NULL) {
+ CertFreeCertificateContext(ctx->pCert);
+ ctx->pCert = NULL;
+ }
+
+! if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) {
+! CryptReleaseContext(ctx->hProv, 0);
+! ctx->hProv = 0;
+! ctx->fCallerFreeProv = FALSE;
+! } else {
+! ctx->hProv = 0;
+! ctx->fCallerFreeProv = FALSE;
+! }
+
+ ctx->type = type;
+
+--- 207,226 ----
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+! if( ctx->p_key != 0 ) {
+! mscrypt_release_key( ctx->p_key ) ;
+! }
+! ctx->p_key = mscrypt_create_key( 0 ) ;
+
+ if(ctx->pCert != NULL) {
+ CertFreeCertificateContext(ctx->pCert);
+ ctx->pCert = NULL;
+ }
+
+! if( ( ctx->p_prov ) ) {
+! mscrypt_release_prov( ctx->p_prov ) ;
+! }
+! ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ;
+
+ ctx->type = type;
+
+***************
+*** 116,124 ****
+ if (!CryptAcquireCertificatePrivateKey(pCert,
+ CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
+ NULL,
+! &(ctx->hProv),
+ &(ctx->dwKeySpec),
+! &(ctx->fCallerFreeProv))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptAcquireCertificatePrivateKey",
+--- 231,239 ----
+ if (!CryptAcquireCertificatePrivateKey(pCert,
+ CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
+ NULL,
+! &(ctx->p_prov->hProv),
+ &(ctx->dwKeySpec),
+! &(ctx->p_prov->freeprov))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptAcquireCertificatePrivateKey",
+***************
+*** 127,172 ****
+ return(-1);
+ }
+ } else if((type & xmlSecKeyDataTypePublic) != 0){
+! if (!CryptAcquireContext(&(ctx->hProv),
+ NULL,
+! ctx->providerName,
+ ctx->providerType,
+ CRYPT_VERIFYCONTEXT)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CryptAcquireContext",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! ctx->dwKeySpec = 0;
+! ctx->fCallerFreeProv = TRUE;
+ } else {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unsupported keytype");
+! return(-1);
+! }
+!
+! /* CryptImportPublicKeyInfo is only needed when a real key handle
+! * is needed. The key handle is needed for de/encrypting and for
+! * verifying of a signature, *not* for signing. We could call
+! * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead
+! * so no unnessecary calls to CryptImportPublicKeyInfo are being
+! * made. WK
+! */
+! if(!CryptImportPublicKeyInfo(ctx->hProv,
+! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+! &(pCert->pCertInfo->SubjectPublicKeyInfo),
+! &(ctx->hKey))) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CryptImportPublicKeyInfo",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+ }
+ ctx->pCert = pCert;
+
+--- 242,280 ----
+ return(-1);
+ }
+ } else if((type & xmlSecKeyDataTypePublic) != 0){
+! if (!CryptAcquireContext(&(ctx->p_prov->hProv),
+ NULL,
+! NULL, /*AF: replaces "ctx->providerName" with "NULL" */
+ ctx->providerType,
+ CRYPT_VERIFYCONTEXT)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CryptAcquireContext",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! ctx->dwKeySpec = 0;
+! ctx->p_prov->freeprov = TRUE;
+!
+! if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv,
+! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+! &(pCert->pCertInfo->SubjectPublicKeyInfo),
+! &(ctx->p_key->hKey) ) ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CryptImportPublicKeyInfo",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+ } else {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unsupported keytype");
+! return(-1);
+ }
+ ctx->pCert = pCert;
+
+***************
+*** 190,218 ****
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+! if(ctx->hKey != 0) {
+! CryptDestroyKey(ctx->hKey);
+! ctx->hKey = 0;
+! }
+
+ if(ctx->pCert != NULL) {
+ CertFreeCertificateContext(ctx->pCert);
+ ctx->pCert = NULL;
+ }
+
+! if((ctx->hProv != 0) && ctx->fCallerFreeProv) {
+! CryptReleaseContext(ctx->hProv, 0);
+! ctx->hProv = 0;
+! ctx->fCallerFreeProv = FALSE;
+! } else {
+! ctx->hProv = 0;
+! ctx->fCallerFreeProv = FALSE;
+! }
+
+! ctx->hProv = hProv;
+! ctx->fCallerFreeProv = fCallerFreeProv;
+ ctx->dwKeySpec = dwKeySpec;
+! ctx->hKey = hKey;
+ ctx->type = type;
+
+ return(0);
+--- 298,323 ----
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+! if( ctx->p_key != 0 ) {
+! mscrypt_release_key( ctx->p_key ) ;
+! ctx->p_key = NULL ;
+! }
+
+ if(ctx->pCert != NULL) {
+ CertFreeCertificateContext(ctx->pCert);
+ ctx->pCert = NULL;
+ }
+
+! if( ( ctx->p_prov ) ) {
+! mscrypt_release_prov( ctx->p_prov ) ;
+! ctx->p_prov = NULL ;
+! } else {
+! ctx->p_prov = NULL ;
+! }
+
+! ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ;
+ ctx->dwKeySpec = dwKeySpec;
+! ctx->p_key = mscrypt_create_key( hKey ) ;
+ ctx->type = type;
+
+ return(0);
+***************
+*** 238,244 ****
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+! return(ctx->hKey);
+ }
+
+ /**
+--- 343,349 ----
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+! return( ctx->p_key ? ctx->p_key->hKey : 0 );
+ }
+
+ /**
+***************
+*** 273,279 ****
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+! return(ctx->hProv);
+ }
+
+ DWORD
+--- 378,384 ----
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+! return( ctx->p_prov ? ctx->p_prov->hProv : 0 );
+ }
+
+ DWORD
+***************
+*** 316,340 ****
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+- }
+-
+- if (ctxSrc->hKey != 0) {
+- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+- "CryptDuplicateKey",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+ }
+! if(ctxSrc->hProv != 0) {
+! CryptContextAddRef(ctxSrc->hProv, NULL, 0);
+! ctxDst->hProv = ctxSrc->hProv;
+! ctxDst->fCallerFreeProv = TRUE;
+! } else {
+! ctxDst->hProv = 0;
+! ctxDst->fCallerFreeProv = FALSE;
+ }
+
+ ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
+--- 421,456 ----
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+!
+! if( ctxSrc->p_key ) {
+! if( ctxDst->p_key )
+! mscrypt_release_key( ctxDst->p_key ) ;
+!
+! ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ;
+! if( !ctxDst->p_key ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+! "mscrypt_acquire_key",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! }
+!
+! if( ctxSrc->p_prov ) {
+! if( ctxDst->p_prov )
+! mscrypt_release_prov( ctxDst->p_prov ) ;
+!
+! ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ;
+! if( !ctxDst->p_prov ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+! "mscrypt_acquire_prov",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+ }
+
+ ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
+***************
+*** 355,370 ****
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+! if (ctx->hKey != 0) {
+! CryptDestroyKey(ctx->hKey);
+ }
+
+ if(ctx->pCert != NULL) {
+ CertFreeCertificateContext(ctx->pCert);
+ }
+
+! if ((ctx->hProv != 0) && ctx->fCallerFreeProv) {
+! CryptReleaseContext(ctx->hProv, 0);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
+--- 471,486 ----
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+! if( ctx->p_key ) {
+! mscrypt_release_key( ctx->p_key ) ;
+ }
+
+ if(ctx->pCert != NULL) {
+ CertFreeCertificateContext(ctx->pCert);
+ }
+
+! if( ctx->p_prov ) {
+! mscrypt_release_prov( ctx->p_prov ) ;
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
+***************
+*** 384,397 ****
+ xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
+ return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
+! } else if (ctx->hKey != 0) {
+ DWORD length = 0;
+ DWORD lenlen = sizeof(DWORD);
+!
+! if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+--- 500,513 ----
+ xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
+ return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
+! } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) {
+ DWORD length = 0;
+ DWORD lenlen = sizeof(DWORD);
+!
+! if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+***************
+*** 938,946 ****
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->hKey != 0, -1);
+
+! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+--- 1054,1063 ----
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->p_key != 0, -1);
+! xmlSecAssert2(ctx->p_key->hKey != 0, -1);
+
+! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+***************
+*** 960,966 ****
+ }
+
+ blob = xmlSecBufferGetData(&buf);
+! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+--- 1077,1083 ----
+ }
+
+ blob = xmlSecBufferGetData(&buf);
+! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+***************
+*** 1797,1805 ****
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->hKey != 0, -1);
+
+! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+--- 1914,1923 ----
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->p_key != 0, -1);
+! xmlSecAssert2(ctx->p_key->hKey != 0, -1);
+
+! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+***************
+*** 1819,1825 ****
+ }
+
+ blob = xmlSecBufferGetData(&buf);
+! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+--- 1937,1943 ----
+ }
+
+ blob = xmlSecBufferGetData(&buf);
+! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+***************
+*** 2010,2016 ****
+ HCRYPTKEY hKey = 0;
+ DWORD dwKeySpec;
+ DWORD dwSize;
+- int res = -1;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+--- 2128,2133 ----
+***************
+*** 2043,2054 ****
+ dwKeySpec = AT_SIGNATURE;
+ dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
+ if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
+--- 2160,2173 ----
+ dwKeySpec = AT_SIGNATURE;
+ dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
+ if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! if (hProv != 0)
+! CryptReleaseContext(hProv, 0);
+! return -1 ;
+ }
+
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
+***************
+*** 2059,2082 ****
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+! hProv = 0;
+! hKey = 0;
+
+! /* success */
+! res = 0;
+!
+! done:
+! if (hProv != 0) {
+! CryptReleaseContext(ctx->hProv, 0);
+ }
+
+! if (hKey != 0) {
+! CryptDestroyKey(hKey);
+! }
+!
+! return(res);
+ }
+
+ static xmlSecKeyDataType
+--- 2178,2194 ----
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! if( hKey != 0 )
+! CryptDestroyKey( hKey ) ;
+! if( hProv != 0 )
+! CryptReleaseContext( hProv, 0 ) ;
+
+! return -1 ;
+ }
++ hProv = 0 ;
++ hKey = 0 ;
+
+! return 0 ;
+ }
+
+ static xmlSecKeyDataType
+*** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 10:38:51.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 330,342 ****
+ BYTE*
+ xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
+ BYTE* str = NULL;
+!
+ xmlSecAssert2(pszX500 != NULL, NULL);
+ xmlSecAssert2(len != NULL, NULL);
+
+ if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
+! NULL, NULL, len, NULL)) {
+ /* this might not be an error, string might just not exist */
+ return(NULL);
+ }
+
+--- 330,344 ----
+ BYTE*
+ xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
+ BYTE* str = NULL;
+! LPCTSTR ppszError = NULL;
+!
+ xmlSecAssert2(pszX500 != NULL, NULL);
+ xmlSecAssert2(len != NULL, NULL);
+
+ if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
+! NULL, NULL, len, &ppszError)) {
+ /* this might not be an error, string might just not exist */
++ DWORD dw = GetLastError();
+ return(NULL);
+ }
+
+*** misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 08:58:13.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 1572,1577 ****
+--- 1572,1578 ----
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+ xmlSecKeyDataStorePtr x509Store;
++ PCCERT_CONTEXT pCert ;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+***************
+*** 1610,1615 ****
+--- 1611,1619 ----
+ return(-1);
+ }
+
++ /*-
++ * Get Public key from cert, which does not always work for sign action.
++ *
+ keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+***************
+*** 1619,1624 ****
+--- 1623,1673 ----
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
++ */
++
++ /*-
++ * I'll search key according to KeyReq.
++ */
++ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
++ if( pCert == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ "CertDuplicateCertificateContext",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++
++ return(-1);
++ }
++
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
++ if(keyValue == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ "xmlSecMSCryptoCertAdopt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++
++ CertFreeCertificateContext( pCert ) ;
++ return(-1);
++ }
++ pCert = NULL ;
++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
++ if(keyValue == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ "xmlSecMSCryptoCertAdopt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++
++ CertFreeCertificateContext( pCert ) ;
++ return(-1);
++ }
++ pCert = NULL ;
++ }
++
++
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+***************
+*** 1882,1888 ****
+ xmlSecAssert2(nm->pbData != NULL, NULL);
+ xmlSecAssert2(nm->cbData > 0, NULL);
+
+! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0);
+ str = (char *)xmlMalloc(csz);
+ if (NULL == str) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+--- 1931,1937 ----
+ xmlSecAssert2(nm->pbData != NULL, NULL);
+ xmlSecAssert2(nm->cbData > 0, NULL);
+
+! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
+ str = (char *)xmlMalloc(csz);
+ if (NULL == str) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+***************
+*** 1893,1899 ****
+ return (NULL);
+ }
+
+! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz);
+ if (csz < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+--- 1942,1948 ----
+ return (NULL);
+ }
+
+! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz);
+ if (csz < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+***************
+*** 1904,1920 ****
+ return(NULL);
+ }
+
+! res = xmlStrdup(BAD_CAST str);
+! if(res == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlStrdup",
+! XMLSEC_ERRORS_R_MALLOC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlFree(str);
+! return(NULL);
+ }
+-
+ xmlFree(str);
+ return(res);
+ }
+--- 1953,1989 ----
+ return(NULL);
+ }
+
+! /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead.
+! * don't ask me how is it possible not to read something you wrote yourself but also
+! * see comment in the xmlSecMSCryptoX509FindCert function.
+! */
+! if(strncmp(str, "E=", 2) == 0) {
+! res = xmlMalloc(strlen(str) + 13 + 1);
+! if(res == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlMalloc",
+! XMLSEC_ERRORS_R_MALLOC_FAILED,
+! "size=%d",
+! strlen(str) + 13 + 1);
+! xmlFree(str);
+! return(NULL);
+! }
+!
+! memcpy(res, "emailAddress=", 13);
+! strcpy(res + 13, BAD_CAST (str + 2));
+! } else {
+! res = xmlStrdup(BAD_CAST str);
+! if(res == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlStrdup",
+! XMLSEC_ERRORS_R_MALLOC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlFree(str);
+! return(NULL);
+! }
+ }
+ xmlFree(str);
+ return(res);
+ }
+*** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 11:12:22.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 125,130 ****
+--- 125,131 ----
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
++ PCCERT_CONTEXT pCert ;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+***************
+*** 132,141 ****
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->untrusted != NULL, NULL);
+
+! return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski));
+! }
+
+
+ static void
+ xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
+--- 133,149 ----
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->untrusted != NULL, NULL);
++ xmlSecAssert2(ctx->trusted != NULL, NULL);
+
+! pCert = NULL ;
+! if( ctx->untrusted != NULL )
+! pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ;
+!
+! if( ctx->trusted != NULL && pCert == NULL )
+! pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ;
+
++ return( pCert ) ;
++ }
+
+ static void
+ xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
+***************
+*** 252,268 ****
+ }
+
+ static BOOL
+! xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
+! xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ PCCERT_CONTEXT issuerCert = NULL;
+ FILETIME fTime;
+ DWORD flags;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
+ xmlSecAssert2(cert != NULL, FALSE);
+ xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
+! xmlSecAssert2(certs != NULL, FALSE);
+ xmlSecAssert2(keyInfoCtx != NULL, FALSE);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+--- 260,281 ----
+ }
+
+ static BOOL
+! xmlSecMSCryptoX509StoreConstructCertsChain(
+! xmlSecKeyDataStorePtr store ,
+! PCCERT_CONTEXT cert ,
+! HCERTSTORE certStore ,
+! xmlSecKeyInfoCtx* keyInfoCtx
+! ) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ PCCERT_CONTEXT issuerCert = NULL;
+ FILETIME fTime;
+ DWORD flags;
++ BOOL selfSigned ;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
+ xmlSecAssert2(cert != NULL, FALSE);
+ xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
+! xmlSecAssert2(certStore != NULL, FALSE);
+ xmlSecAssert2(keyInfoCtx != NULL, FALSE);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+***************
+*** 283,342 ****
+ return(FALSE);
+ }
+
+! if (!xmlSecMSCryptoCheckRevocation(certs, cert)) {
+ return(FALSE);
+ }
+
+! /* try the untrusted certs in the chain */
+! issuerCert = CertFindCertificateInStore(certs,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+! &(cert->pCertInfo->Issuer),
+ NULL);
+! if(issuerCert == cert) {
+! /* self signed cert, forget it */
+! CertFreeCertificateContext(issuerCert);
+! } else if(issuerCert != NULL) {
+! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
+! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+! }
+! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
+! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+! }
+! CertFreeCertificateContext(issuerCert);
+! return(TRUE);
+ }
+
+! /* try the untrusted certs in the store */
+! issuerCert = CertFindCertificateInStore(ctx->untrusted,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &(cert->pCertInfo->Issuer),
+ NULL);
+! if(issuerCert == cert) {
+! /* self signed cert, forget it */
+! CertFreeCertificateContext(issuerCert);
+! } else if(issuerCert != NULL) {
+! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
+! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+! }
+! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+ }
+- CertFreeCertificateContext(issuerCert);
+- return(TRUE);
+- }
+
+ /* try to find issuer cert in the trusted cert in the store */
+ issuerCert = CertFindCertificateInStore(ctx->trusted,
+--- 296,380 ----
+ return(FALSE);
+ }
+
+! if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) {
+ return(FALSE);
+ }
+
+! /*-
+! * Firstly try to find the cert in the trusted cert store. We will trust
+! * the certificate in the trusted store.
+! */
+! issuerCert = CertFindCertificateInStore(ctx->trusted,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+! &(cert->pCertInfo->Subject),
+ NULL);
+! if( issuerCert != NULL ) {
+! /* We have found the trusted cert, so return true */
+! CertFreeCertificateContext( issuerCert ) ;
+! return( TRUE ) ;
+ }
+
+! /* Check whether the certificate is self signed certificate */
+! selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ;
+!
+! /* try the untrusted certs in the chain */
+! if( !selfSigned ) {
+! issuerCert = CertFindCertificateInStore(certStore,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &(cert->pCertInfo->Issuer),
+ NULL);
+! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
+! /* self signed cert, forget it */
+! CertFreeCertificateContext(issuerCert);
+! } else if(issuerCert != NULL) {
+! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
+! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+! }
+! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
+! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+! }
+!
+! CertFreeCertificateContext(issuerCert);
+! return(TRUE);
+! }
+! }
+!
+! /* try the untrusted certs in the store */
+! if( !selfSigned ) {
+! issuerCert = CertFindCertificateInStore(ctx->untrusted,
+! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+! 0,
+! CERT_FIND_SUBJECT_NAME,
+! &(cert->pCertInfo->Issuer),
+! NULL);
+! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
+! /* self signed cert, forget it */
+! CertFreeCertificateContext(issuerCert);
+! } else if(issuerCert != NULL) {
+! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
+! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+! }
+! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
+! CertFreeCertificateContext(issuerCert);
+! return(FALSE);
+! }
+!
+! CertFreeCertificateContext(issuerCert);
+! return(TRUE);
+! }
+ }
+
+ /* try to find issuer cert in the trusted cert in the store */
+ issuerCert = CertFindCertificateInStore(ctx->trusted,
+***************
+*** 379,404 ****
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+! while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){
+! PCCERT_CONTEXT nextCert = NULL;
+
+! xmlSecAssert2(cert->pCertInfo != NULL, NULL);
+
+! /* if cert is the issuer of any other cert in the list, then it is
+! * to be skipped */
+! nextCert = CertFindCertificateInStore(certs,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_ISSUER_NAME,
+ &(cert->pCertInfo->Subject),
+! NULL);
+! if(nextCert != NULL) {
+! CertFreeCertificateContext(nextCert);
+! continue;
+! }
+! if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
+! return(cert);
+! }
+ }
+
+ return (NULL);
+--- 417,463 ----
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+! while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) {
+! PCCERT_CONTEXT nextCert ;
+! unsigned char selected ;
+
+! xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ;
+
+! /* if cert is the issuer of any other cert in the list, then it is
+! * to be skipped except that the cert list only have one self-signed
+! * certificate.
+! */
+! for( selected = 0, nextCert = NULL ; ; ) {
+! nextCert = CertFindCertificateInStore( certs,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_ISSUER_NAME,
+ &(cert->pCertInfo->Subject),
+! nextCert ) ;
+! if( nextCert != NULL ) {
+! if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) {
+! selected = 1 ;
+! continue ;
+! } else {
+! selected = 0 ;
+! break ;
+! }
+! } else {
+! selected = 1 ;
+! break ;
+! }
+! }
+!
+! if( nextCert != NULL )
+! CertFreeCertificateContext( nextCert ) ;
+!
+! if( !selected ) {
+! continue ;
+! }
+!
+! if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) {
+! return( cert ) ;
+! }
+ }
+
+ return (NULL);
+***************
+*** 458,466 ****
+--- 517,642 ----
+ return(0);
+ }
+
++ int
++ xmlSecMSCryptoX509StoreAdoptKeyStore (
++ xmlSecKeyDataStorePtr store,
++ HCERTSTORE keyStore
++ ) {
++ xmlSecMSCryptoX509StoreCtxPtr ctx;
++ int ret;
++
++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
++ xmlSecAssert2( keyStore != NULL, -1);
++
++ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
++ xmlSecAssert2(ctx != NULL, -1);
++ xmlSecAssert2(ctx->trusted != NULL, -1);
++
++ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
++ "CertAddStoreToCollection",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ {
++ PCCERT_CONTEXT ptCert ;
++
++ ptCert = NULL ;
++ while( 1 ) {
++ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
++ if( ptCert == NULL )
++ break ;
++ }
++ }
++
++ return(0);
++ }
++
++ int
++ xmlSecMSCryptoX509StoreAdoptTrustedStore (
++ xmlSecKeyDataStorePtr store,
++ HCERTSTORE trustedStore
++ ) {
++ xmlSecMSCryptoX509StoreCtxPtr ctx;
++ int ret;
++
++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
++ xmlSecAssert2( trustedStore != NULL, -1);
++
++ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
++ xmlSecAssert2(ctx != NULL, -1);
++ xmlSecAssert2(ctx->trusted != NULL, -1);
++
++ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
++ "CertAddStoreToCollection",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ {
++ PCCERT_CONTEXT ptCert ;
++
++ ptCert = NULL ;
++ while( 1 ) {
++ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
++ if( ptCert == NULL )
++ break ;
++ }
++ }
++
++ return(0);
++ }
++
++ int
++ xmlSecMSCryptoX509StoreAdoptUntrustedStore (
++ xmlSecKeyDataStorePtr store,
++ HCERTSTORE untrustedStore
++ ) {
++ xmlSecMSCryptoX509StoreCtxPtr ctx;
++ int ret;
++
++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
++ xmlSecAssert2( untrustedStore != NULL, -1);
++
++ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
++ xmlSecAssert2(ctx != NULL, -1);
++ xmlSecAssert2(ctx->untrusted != NULL, -1);
++
++ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
++ "CertAddStoreToCollection",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ {
++ PCCERT_CONTEXT ptCert ;
++
++ ptCert = NULL ;
++ while( 1 ) {
++ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ;
++ if( ptCert == NULL )
++ break ;
++ }
++ }
++
++ return(0);
++ }
++
+ static int
+ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
++ HCERTSTORE hTrustedMemStore ;
++ HCERTSTORE hUntrustedMemStore ;
++
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+***************
+*** 468,503 ****
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
+
+ /* create trusted certs store */
+! ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+! if(ctx->trusted == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+! /* create trusted certs store */
+! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+! if(ctx->untrusted == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+ }
+
+--- 644,747 ----
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
+
++ /* create trusted certs store collection */
++ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
++ 0,
++ NULL,
++ 0,
++ NULL);
++ if(ctx->trusted == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
++ "CertOpenStore",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
+ /* create trusted certs store */
+! hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+! if(hTrustedMemStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
++ ctx->trusted = NULL ;
+ return(-1);
+ }
+
+! /* add the memory trusted certs store to trusted certs store collection */
+! if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! "CertAddStoreToCollection",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+! ctx->trusted = NULL ;
+! return(-1);
+! }
+! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+!
+! /* create untrusted certs store collection */
+! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
+! 0,
+! NULL,
+! 0,
+! NULL);
+! if(ctx->untrusted == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! "CertOpenStore",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+! ctx->trusted = NULL ;
+! return(-1);
+! }
+!
+! /* create untrusted certs store */
+! hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+! if(hUntrustedMemStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
++ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
++ ctx->trusted = NULL ;
++ ctx->untrusted = NULL ;
+ return(-1);
+ }
+
++ /* add the memory trusted certs store to untrusted certs store collection */
++ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
++ "CertAddStoreToCollection",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
++ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
++ ctx->trusted = NULL ;
++ ctx->untrusted = NULL ;
++ return(-1);
++ }
++ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
++
+ return(0);
+ }
+
+***************
+*** 567,576 ****
+--- 811,851 ----
+
+ if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
+ xmlSecBn issuerSerialBn;
++ xmlChar * p;
+ CERT_NAME_BLOB cnb;
++ CRYPT_INTEGER_BLOB cib;
+ BYTE *cName = NULL;
+ DWORD cNameLen = 0;
++
++ /* aleksey: for some unknown to me reasons, mscrypto wants Email
++ * instead of emailAddress. This code is not bullet proof and may
++ * produce incorrect results if someone has "emailAddress=" string
++ * in one of the fields, but it is best I can suggest to fix this problem.
++ * Also see xmlSecMSCryptoX509NameWrite function.
++ */
++ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) {
++ memcpy(p, " Email=", 13);
++ }
++
++
++
++ /* get issuer name */
++ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
++ issuerName,
++ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
++ &cNameLen);
++ if(cName == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecMSCryptoCertStrToName",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return (NULL);
++ }
++ cnb.pbData = cName;
++ cnb.cbData = cNameLen;
+
++ /* get serial number */
+ ret = xmlSecBnInitialize(&issuerSerialBn, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+***************
+*** 578,583 ****
+--- 853,859 ----
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlFree(cName);
+ return(NULL);
+ }
+
+***************
+*** 589,614 ****
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&issuerSerialBn);
+! return(NULL);
+ }
+
+! cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+! issuerName,
+! CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+! &cNameLen);
+! if(cName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "xmlSecMSCryptoCertStrToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&issuerSerialBn);
+! return (NULL);
+ }
+
+! cnb.pbData = cName;
+! cnb.cbData = cNameLen;
+! while((pCert = CertFindCertificateInStore(store,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_ISSUER_NAME,
+--- 865,894 ----
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&issuerSerialBn);
+! xmlFree(cName);
+! return(NULL);
+ }
+
+! /* I have no clue why at a sudden a swap is needed to
+! * convert from lsb... This code is purely based upon
+! * trial and error :( WK
+! */
+! ret = xmlSecBnReverse(&issuerSerialBn);
+! if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "xmlSecBnReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&issuerSerialBn);
+! xmlFree(cName);
+! return(NULL);
+ }
+
+! cib.pbData = xmlSecBufferGetData(&issuerSerialBn);
+! cib.cbData = xmlSecBufferGetSize(&issuerSerialBn);
+!
+! while((pCert = CertFindCertificateInStore(store,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_ISSUER_NAME,
+***************
+*** 622,631 ****
+ if((pCert->pCertInfo != NULL) &&
+ (pCert->pCertInfo->SerialNumber.pbData != NULL) &&
+ (pCert->pCertInfo->SerialNumber.cbData > 0) &&
+! (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData,
+! pCert->pCertInfo->SerialNumber.cbData))) {
+!
+! break;
+ }
+ }
+ xmlFree(cName);
+--- 902,910 ----
+ if((pCert->pCertInfo != NULL) &&
+ (pCert->pCertInfo->SerialNumber.pbData != NULL) &&
+ (pCert->pCertInfo->SerialNumber.cbData > 0) &&
+! (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE)
+! ) {
+! break;
+ }
+ }
+ xmlFree(cName);
+*** misc/xmlsec1-1.2.6/src/nss/akmngr.c 2005-02-23 11:06:58.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,381 ----
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright.........................
+! */
+! #include "globals.h"
+!
+! #include <nspr.h>
+! #include <nss.h>
+! #include <pk11func.h>
+! #include <cert.h>
+! #include <keyhi.h>
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/keys.h>
+! #include <xmlsec/transforms.h>
+! #include <xmlsec/errors.h>
+!
+! #include <xmlsec/nss/crypto.h>
+! #include <xmlsec/nss/tokens.h>
+! #include <xmlsec/nss/akmngr.h>
+! #include <xmlsec/nss/pkikeys.h>
+! #include <xmlsec/nss/ciphers.h>
+! #include <xmlsec/nss/keysstore.h>
+!
+! /**
+! * xmlSecNssAppliedKeysMngrCreate:
+! * @slot: the pointer to NSS PKCS#11 slot infomation.
+! * @handler: the pointer to NSS certificate database.
+! *
+! * Create and load NSS crypto slot and certificate database into keys manager
+! *
+! * Returns keys manager pointer on success or NULL otherwise.
+! */
+! xmlSecKeysMngrPtr
+! xmlSecNssAppliedKeysMngrCreate(
+! PK11SlotInfo* slot ,
+! CERTCertDBHandle* handler
+! ) {
+! xmlSecKeyDataStorePtr certStore = NULL ;
+! xmlSecKeysMngrPtr keyMngr = NULL ;
+! xmlSecKeyStorePtr keyStore = NULL ;
+!
+! keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
+! if( keyStore == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeyStoreCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return NULL ;
+! }
+!
+! if( slot != NULL ) {
+! xmlSecNssKeySlotPtr keySlot ;
+!
+! /* Create a key slot */
+! keySlot = xmlSecNssKeySlotCreate() ;
+! if( keySlot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+! "xmlSecNssKeySlotCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyStoreDestroy( keyStore ) ;
+! return NULL ;
+! }
+!
+! /* Set slot */
+! if( xmlSecNssKeySlotSetSlot( keySlot , slot ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+! "xmlSecNssKeySlotSetSlot" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyStoreDestroy( keyStore ) ;
+! xmlSecNssKeySlotDestroy( keySlot ) ;
+! return NULL ;
+! }
+!
+! /* Adopt keySlot */
+! if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+! "xmlSecNssKeysStoreAdoptKeySlot" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyStoreDestroy( keyStore ) ;
+! xmlSecNssKeySlotDestroy( keySlot ) ;
+! return NULL ;
+! }
+! }
+!
+! keyMngr = xmlSecKeysMngrCreate() ;
+! if( keyMngr == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyStoreDestroy( keyStore ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * Add key store to manager, from now on keys manager destroys the store if
+! * needed
+! */
+! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+! "xmlSecKeysMngrAdoptKeyStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyStoreDestroy( keyStore ) ;
+! xmlSecKeysMngrDestroy( keyMngr ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * Initialize crypto library specific data in keys manager
+! */
+! if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeysMngrDestroy( keyMngr ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * Set certificate databse to X509 key data store
+! */
+! /**
+! * Because Tej's implementation of certDB use the default DB, so I ignore
+! * the certDB handler at present. I'll modify the cert store sources to
+! * accept particular certDB instead of default ones.
+! certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
+! if( certStore == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+! "xmlSecKeysMngrGetDataStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeysMngrDestroy( keyMngr ) ;
+! return NULL ;
+! }
+!
+! if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+! "xmlSecNssKeyDataStoreX509SetCertDb" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeysMngrDestroy( keyMngr ) ;
+! return NULL ;
+! }
+! */
+!
+! /*-
+! * Set the getKey callback
+! */
+! keyMngr->getKey = xmlSecKeysMngrGetKey ;
+!
+! return keyMngr ;
+! }
+!
+! int
+! xmlSecNssAppliedKeysMngrSymKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! PK11SymKey* symKey
+! ) {
+! xmlSecKeyPtr key ;
+! xmlSecKeyDataPtr data ;
+! xmlSecKeyStorePtr keyStore ;
+!
+! xmlSecAssert2( mngr != NULL , -1 ) ;
+! xmlSecAssert2( symKey != NULL , -1 ) ;
+!
+! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+! if( keyStore == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrGetKeysStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1) ;
+! }
+! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+!
+! data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
+! if( data == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1) ;
+! }
+!
+! key = xmlSecKeyCreate() ;
+! if( key == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! if( xmlSecKeySetValue( key , data ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDestroy( key ) ;
+! return(-1) ;
+! }
+!
+! return(0) ;
+! }
+!
+! int
+! xmlSecNssAppliedKeysMngrPubKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! SECKEYPublicKey* pubKey
+! ) {
+! xmlSecKeyPtr key ;
+! xmlSecKeyDataPtr data ;
+! xmlSecKeyStorePtr keyStore ;
+!
+! xmlSecAssert2( mngr != NULL , -1 ) ;
+! xmlSecAssert2( pubKey != NULL , -1 ) ;
+!
+! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+! if( keyStore == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrGetKeysStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1) ;
+! }
+! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+!
+! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
+! if( data == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssPKIAdoptKey" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1) ;
+! }
+!
+! key = xmlSecKeyCreate() ;
+! if( key == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! if( xmlSecKeySetValue( key , data ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDestroy( key ) ;
+! return(-1) ;
+! }
+!
+! return(0) ;
+! }
+!
+! int
+! xmlSecNssAppliedKeysMngrPriKeyLoad(
+! xmlSecKeysMngrPtr mngr ,
+! SECKEYPrivateKey* priKey
+! ) {
+! xmlSecKeyPtr key ;
+! xmlSecKeyDataPtr data ;
+! xmlSecKeyStorePtr keyStore ;
+!
+! xmlSecAssert2( mngr != NULL , -1 ) ;
+! xmlSecAssert2( priKey != NULL , -1 ) ;
+!
+! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+! if( keyStore == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeysMngrGetKeysStore" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1) ;
+! }
+! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+!
+! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
+! if( data == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssPKIAdoptKey" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1) ;
+! }
+!
+! key = xmlSecKeyCreate() ;
+! if( key == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! if( xmlSecKeySetValue( key , data ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSymKeyDataKeyAdopt" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDestroy( key ) ;
+! return(-1) ;
+! }
+!
+! return(0) ;
+! }
+!
+*** misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 08:58:15.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 1,838 ****
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+! * Copyright (c) 2003 America Online, Inc. All rights reserved.
+! */
+ #include "globals.h"
+
+ #include <string.h>
+
+- #include <nspr.h>
+ #include <nss.h>
+- #include <secoid.h>
+ #include <pk11func.h>
+
+ #include <xmlsec/xmlsec.h>
+ #include <xmlsec/keys.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
+
+! #define XMLSEC_NSS_MAX_KEY_SIZE 32
+! #define XMLSEC_NSS_MAX_IV_SIZE 32
+! #define XMLSEC_NSS_MAX_BLOCK_SIZE 32
+!
+! /**************************************************************************
+! *
+! * Internal Nss Block cipher CTX
+ *
+! *****************************************************************************/
+! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
+! *xmlSecNssBlockCipherCtxPtr;
+ struct _xmlSecNssBlockCipherCtx {
+! CK_MECHANISM_TYPE cipher;
+! PK11Context* cipherCtx;
+! xmlSecKeyDataId keyId;
+! int keyInitialized;
+! int ctxInitialized;
+! xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
+! xmlSecSize keySize;
+! xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
+! xmlSecSize ivSize;
+! };
+! static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
+! xmlSecBufferPtr in,
+! xmlSecBufferPtr out,
+! int encrypt,
+! const xmlChar* cipherName,
+! xmlSecTransformCtxPtr transformCtx);
+! static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
+! xmlSecBufferPtr in,
+! xmlSecBufferPtr out,
+! int encrypt,
+! const xmlChar* cipherName,
+! xmlSecTransformCtxPtr transformCtx);
+! static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
+! xmlSecBufferPtr in,
+! xmlSecBufferPtr out,
+! int encrypt,
+! const xmlChar* cipherName,
+! xmlSecTransformCtxPtr transformCtx);
+! static int
+! xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
+! xmlSecBufferPtr in, xmlSecBufferPtr out,
+! int encrypt,
+! const xmlChar* cipherName,
+! xmlSecTransformCtxPtr transformCtx) {
+! SECItem keyItem;
+! SECItem ivItem;
+! PK11SlotInfo* slot;
+! PK11SymKey* symKey;
+! int ivLen;
+! SECStatus rv;
+! int ret;
+!
+! xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->cipher != 0, -1);
+! xmlSecAssert2(ctx->cipherCtx == NULL, -1);
+! xmlSecAssert2(ctx->keyInitialized != 0, -1);
+! xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+! xmlSecAssert2(in != NULL, -1);
+! xmlSecAssert2(out != NULL, -1);
+! xmlSecAssert2(transformCtx != NULL, -1);
+!
+! ivLen = PK11_GetIVLength(ctx->cipher);
+! xmlSecAssert2(ivLen > 0, -1);
+! xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
+!
+! if(encrypt) {
+! /* generate random iv */
+! rv = PK11_GenerateRandom(ctx->iv, ivLen);
+! if(rv != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "PK11_GenerateRandom",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "size=%d", ivLen);
+! return(-1);
+! }
+!
+! /* write iv to the output */
+! ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferAppend",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", ivLen);
+! return(-1);
+! }
+!
+! } else {
+! /* if we don't have enough data, exit and hope that
+! * we'll have iv next time */
+! if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
+! return(0);
+! }
+!
+! /* copy iv to our buffer*/
+! xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+! memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
+!
+! /* and remove from input */
+! ret = xmlSecBufferRemoveHead(in, ivLen);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferRemoveHead",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", ivLen);
+! return(-1);
+ }
+! }
+
+! memset(&keyItem, 0, sizeof(keyItem));
+! keyItem.data = ctx->key;
+! keyItem.len = ctx->keySize;
+! memset(&ivItem, 0, sizeof(ivItem));
+! ivItem.data = ctx->iv;
+! ivItem.len = ctx->ivSize;
+!
+! slot = PK11_GetBestSlot(ctx->cipher, NULL);
+! if(slot == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "PK11_GetBestSlot",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
+! CKA_SIGN, &keyItem, NULL);
+! if(symKey == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "PK11_ImportSymKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! PK11_FreeSlot(slot);
+! return(-1);
+! }
+
+! ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
+! (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
+! symKey, &ivItem);
+! if(ctx->cipherCtx == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "PK11_CreateContextBySymKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! PK11_FreeSymKey(symKey);
+! PK11_FreeSlot(slot);
+! return(-1);
+ }
+!
+! ctx->ctxInitialized = 1;
+! PK11_FreeSymKey(symKey);
+! PK11_FreeSlot(slot);
+! return(0);
+ }
+
+! static int
+! xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
+! xmlSecBufferPtr in, xmlSecBufferPtr out,
+! int encrypt,
+! const xmlChar* cipherName,
+! xmlSecTransformCtxPtr transformCtx) {
+! xmlSecSize inSize, inBlocks, outSize;
+! int blockLen;
+! int outLen = 0;
+! xmlSecByte* outBuf;
+! SECStatus rv;
+! int ret;
+!
+! xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->cipher != 0, -1);
+! xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+! xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+! xmlSecAssert2(in != NULL, -1);
+! xmlSecAssert2(out != NULL, -1);
+! xmlSecAssert2(transformCtx != NULL, -1);
+
+! blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
+! xmlSecAssert2(blockLen > 0, -1);
+
+! inSize = xmlSecBufferGetSize(in);
+! outSize = xmlSecBufferGetSize(out);
+!
+! if(inSize < (xmlSecSize)blockLen) {
+! return(0);
+! }
+
+! if(encrypt) {
+! inBlocks = inSize / ((xmlSecSize)blockLen);
+! } else {
+! /* we want to have the last block in the input buffer
+! * for padding check */
+! inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+! }
+! inSize = inBlocks * ((xmlSecSize)blockLen);
+
+! /* we write out the input size plus may be one block */
+! ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferSetMaxSize",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", outSize + inSize + blockLen);
+! return(-1);
+! }
+! outBuf = xmlSecBufferGetData(out) + outSize;
+!
+! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
+! xmlSecBufferGetData(in), inSize);
+! if(rv != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "PK11_CipherOp",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
+!
+! /* set correct output buffer size */
+! ret = xmlSecBufferSetSize(out, outSize + outLen);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferSetSize",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", outSize + outLen);
+! return(-1);
+! }
+!
+! /* remove the processed block from input */
+! ret = xmlSecBufferRemoveHead(in, inSize);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferRemoveHead",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", inSize);
+! return(-1);
+! }
+! return(0);
+ }
+
+! static int
+! xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
+! xmlSecBufferPtr in,
+! xmlSecBufferPtr out,
+! int encrypt,
+! const xmlChar* cipherName,
+! xmlSecTransformCtxPtr transformCtx) {
+! xmlSecSize inSize, outSize;
+! int blockLen, outLen = 0;
+! xmlSecByte* inBuf;
+! xmlSecByte* outBuf;
+! SECStatus rv;
+! int ret;
+!
+! xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->cipher != 0, -1);
+! xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+! xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+! xmlSecAssert2(in != NULL, -1);
+! xmlSecAssert2(out != NULL, -1);
+! xmlSecAssert2(transformCtx != NULL, -1);
+!
+! blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
+! xmlSecAssert2(blockLen > 0, -1);
+
+! inSize = xmlSecBufferGetSize(in);
+! outSize = xmlSecBufferGetSize(out);
+
+! if(encrypt != 0) {
+! xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+!
+! /* create padding */
+! ret = xmlSecBufferSetMaxSize(in, blockLen);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferSetMaxSize",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", blockLen);
+! return(-1);
+! }
+! inBuf = xmlSecBufferGetData(in);
+!
+! /* generate random padding */
+! if((xmlSecSize)blockLen > (inSize + 1)) {
+! rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
+! if(rv != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "PK11_GenerateRandom",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "size=%d", blockLen - inSize - 1);
+! return(-1);
+! }
+! }
+! inBuf[blockLen - 1] = blockLen - inSize;
+! inSize = blockLen;
+! } else {
+! if(inSize != (xmlSecSize)blockLen) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "data=%d;block=%d", inSize, blockLen);
+! return(-1);
+ }
+- }
+-
+- /* process last block */
+- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(cipherName),
+- "xmlSecBufferSetMaxSize",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "size=%d", outSize + 2 * blockLen);
+- return(-1);
+- }
+- outBuf = xmlSecBufferGetData(out) + outSize;
+
+! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
+! xmlSecBufferGetData(in), inSize);
+! if(rv != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "PK11_CipherOp",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
+!
+! if(encrypt == 0) {
+! /* check padding */
+! if(outLen < outBuf[blockLen - 1]) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "padding=%d;buffer=%d",
+! outBuf[blockLen - 1], outLen);
+! return(-1);
+! }
+! outLen -= outBuf[blockLen - 1];
+! }
+!
+! /* set correct output buffer size */
+! ret = xmlSecBufferSetSize(out, outSize + outLen);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferSetSize",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", outSize + outLen);
+! return(-1);
+! }
+
+! /* remove the processed block from input */
+! ret = xmlSecBufferRemoveHead(in, inSize);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(cipherName),
+! "xmlSecBufferRemoveHead",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "size=%d", inSize);
+! return(-1);
+! }
+
+! return(0);
+ }
+
+!
+! /******************************************************************************
+! *
+! * EVP Block Cipher transforms
+ *
+! * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
+ *
+! *****************************************************************************/
+! #define xmlSecNssBlockCipherSize \
+! (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
+! #define xmlSecNssBlockCipherGetCtx(transform) \
+! ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+!
+! static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
+! static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
+! static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+! xmlSecKeyReqPtr keyReq);
+! static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
+! xmlSecKeyPtr key);
+! static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
+! int last,
+! xmlSecTransformCtxPtr transformCtx);
+! static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
+!
+
+
+ static int
+! xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
+! #ifndef XMLSEC_NO_DES
+! if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
+! return(1);
+! }
+! #endif /* XMLSEC_NO_DES */
+
+! #ifndef XMLSEC_NO_AES
+! if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
+! xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
+! xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
+!
+! return(1);
+! }
+! #endif /* XMLSEC_NO_AES */
+!
+! return(0);
+ }
+
+ static int
+! xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
+! xmlSecNssBlockCipherCtxPtr ctx;
+!
+! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+
+! ctx = xmlSecNssBlockCipherGetCtx(transform);
+! xmlSecAssert2(ctx != NULL, -1);
+!
+! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
+
+! #ifndef XMLSEC_NO_DES
+! if(transform->id == xmlSecNssTransformDes3CbcId) {
+! ctx->cipher = CKM_DES3_CBC;
+! ctx->keyId = xmlSecNssKeyDataDesId;
+! ctx->keySize = 24;
+! } else
+! #endif /* XMLSEC_NO_DES */
+!
+! #ifndef XMLSEC_NO_AES
+! if(transform->id == xmlSecNssTransformAes128CbcId) {
+! ctx->cipher = CKM_AES_CBC;
+! ctx->keyId = xmlSecNssKeyDataAesId;
+! ctx->keySize = 16;
+! } else if(transform->id == xmlSecNssTransformAes192CbcId) {
+! ctx->cipher = CKM_AES_CBC;
+! ctx->keyId = xmlSecNssKeyDataAesId;
+! ctx->keySize = 24;
+! } else if(transform->id == xmlSecNssTransformAes256CbcId) {
+! ctx->cipher = CKM_AES_CBC;
+! ctx->keyId = xmlSecNssKeyDataAesId;
+! ctx->keySize = 32;
+! } else
+! #endif /* XMLSEC_NO_AES */
+!
+! if(1) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! return(0);
+ }
+
+! static void
+! xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
+! xmlSecNssBlockCipherCtxPtr ctx;
+
+! xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
+! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
+
+! ctx = xmlSecNssBlockCipherGetCtx(transform);
+! xmlSecAssert(ctx != NULL);
+
+! if(ctx->cipherCtx != NULL) {
+! PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
+! }
+!
+! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
+ }
+
+- static int
+- xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+- xmlSecNssBlockCipherCtxPtr ctx;
+
+- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+- xmlSecAssert2(keyReq != NULL, -1);
+-
+- ctx = xmlSecNssBlockCipherGetCtx(transform);
+- xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(ctx->keyId != NULL, -1);
+-
+- keyReq->keyId = ctx->keyId;
+- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+- if(transform->operation == xmlSecTransformOperationEncrypt) {
+- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+- } else {
+- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+- }
+- keyReq->keyBitsSize = 8 * ctx->keySize;
+- return(0);
+- }
+
+ static int
+! xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+! xmlSecNssBlockCipherCtxPtr ctx;
+! xmlSecBufferPtr buffer;
+!
+! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+! xmlSecAssert2(key != NULL, -1);
+!
+! ctx = xmlSecNssBlockCipherGetCtx(transform);
+! xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(ctx->cipher != 0, -1);
+! xmlSecAssert2(ctx->keyInitialized == 0, -1);
+! xmlSecAssert2(ctx->keyId != NULL, -1);
+! xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+!
+! xmlSecAssert2(ctx->keySize > 0, -1);
+! xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
+!
+! buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+! xmlSecAssert2(buffer != NULL, -1);
+!
+! if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+! "keySize=%d;expected=%d",
+! xmlSecBufferGetSize(buffer), ctx->keySize);
+! return(-1);
+! }
+!
+! xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+! memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
+!
+! ctx->keyInitialized = 1;
+! return(0);
+ }
+
+! static int
+! xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+! xmlSecNssBlockCipherCtxPtr ctx;
+! xmlSecBufferPtr in, out;
+! int ret;
+!
+! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+! xmlSecAssert2(transformCtx != NULL, -1);
+
+! in = &(transform->inBuf);
+! out = &(transform->outBuf);
+
+- ctx = xmlSecNssBlockCipherGetCtx(transform);
+- xmlSecAssert2(ctx != NULL, -1);
+
+! if(transform->status == xmlSecTransformStatusNone) {
+! transform->status = xmlSecTransformStatusWorking;
+! }
+
+! if(transform->status == xmlSecTransformStatusWorking) {
+! if(ctx->ctxInitialized == 0) {
+! ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
+! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+! xmlSecTransformGetName(transform), transformCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! "xmlSecNssBlockCipherCtxInit",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! }
+! if((ctx->ctxInitialized == 0) && (last != 0)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "not enough data to initialize transform");
+! return(-1);
+! }
+!
+! if(ctx->ctxInitialized != 0) {
+! ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
+! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+! xmlSecTransformGetName(transform), transformCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! "xmlSecNssBlockCipherCtxUpdate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! }
+!
+! if(last) {
+! ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
+! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+! xmlSecTransformGetName(transform), transformCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! "xmlSecNssBlockCipherCtxFinal",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! transform->status = xmlSecTransformStatusFinished;
+! }
+! } else if(transform->status == xmlSecTransformStatusFinished) {
+! /* the only way we can get here is if there is no input */
+! xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+! } else if(transform->status == xmlSecTransformStatusNone) {
+! /* the only way we can get here is if there is no enough data in the input */
+! xmlSecAssert2(last == 0, -1);
+! } else {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_STATUS,
+! "status=%d", transform->status);
+! return(-1);
+! }
+!
+! return(0);
+! }
+
+
+! #ifndef XMLSEC_NO_AES
+! /*********************************************************************
+! *
+! * AES CBC cipher transforms
+! *
+! ********************************************************************/
+! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+!
+! xmlSecNameAes128Cbc, /* const xmlChar* name; */
+! xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+
+! /**
+! * xmlSecNssTransformAes128CbcGetKlass:
+! *
+! * AES 128 CBC encryption transform klass.
+! *
+! * Returns pointer to AES 128 CBC encryption transform.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformAes128CbcGetKlass(void) {
+! return(&xmlSecNssAes128CbcKlass);
+! }
+
+! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+!
+! xmlSecNameAes192Cbc, /* const xmlChar* name; */
+! xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+
+ /**
+! * xmlSecNssTransformAes192CbcGetKlass:
+! *
+! * AES 192 CBC encryption transform klass.
+! *
+! * Returns pointer to AES 192 CBC encryption transform.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformAes192CbcGetKlass(void) {
+! return(&xmlSecNssAes192CbcKlass);
+ }
+
+- static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
+- /* klass/object sizes */
+- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+-
+- xmlSecNameAes256Cbc, /* const xmlChar* name; */
+- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+-
+- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+- NULL, /* xmlSecTransformNodeReadMethod readNode; */
+- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+- NULL, /* xmlSecTransformValidateMethod validate; */
+- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+- NULL, /* xmlSecTransformPopXmlMethod popXml; */
+- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+-
+- NULL, /* void* reserved0; */
+- NULL, /* void* reserved1; */
+- };
+-
+ /**
+! * xmlSecNssTransformAes256CbcGetKlass:
+! *
+! * AES 256 CBC encryption transform klass.
+! *
+! * Returns pointer to AES 256 CBC encryption transform.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformAes256CbcGetKlass(void) {
+! return(&xmlSecNssAes256CbcKlass);
+ }
+
+! #endif /* XMLSEC_NO_AES */
+!
+! #ifndef XMLSEC_NO_DES
+! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+!
+! xmlSecNameDes3Cbc, /* const xmlChar* name; */
+! xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+
+! /**
+! * xmlSecNssTransformDes3CbcGetKlass:
+ *
+! * Triple DES CBC encryption transform klass.
+! *
+! * Returns pointer to Triple DES encryption transform.
+ */
+! xmlSecTransformId
+! xmlSecNssTransformDes3CbcGetKlass(void) {
+! return(&xmlSecNssDes3CbcKlass);
+ }
+! #endif /* XMLSEC_NO_DES */
+
+--- 1,951 ----
+! /* -- C Source File -- **/
+ #include "globals.h"
+
++ #include <stdlib.h>
+ #include <string.h>
+
+ #include <nss.h>
+ #include <pk11func.h>
+
+ #include <xmlsec/xmlsec.h>
++ #include <xmlsec/xmltree.h>
++ #include <xmlsec/base64.h>
+ #include <xmlsec/keys.h>
++ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
++ #include <xmlsec/nss/ciphers.h>
+
+! /**
+! * Internal Nss Block Cipher Context
+ *
+! * This context is designed for repositing a block cipher for transform
+! */
+! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
+! typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
+!
+ struct _xmlSecNssBlockCipherCtx {
+! CK_MECHANISM_TYPE cipher ;
+! PK11SymKey* symkey ;
+! PK11Context* cipherCtx ;
+! xmlSecKeyDataId keyId ;
+! } ;
+!
+! #define xmlSecNssBlockCipherSize \
+! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
+!
+! #define xmlSecNssBlockCipherGetCtx( transform ) \
+! ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+!
+! static int
+! xmlSecNssBlockCipherCheckId(
+! xmlSecTransformPtr transform
+! ) {
+! #ifndef XMLSEC_NO_DES
+! if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
+! return 1 ;
+ }
+! #endif /* XMLSEC_NO_DES */
+
+! #ifndef XMLSEC_NO_AES
+! if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
+! xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
+! xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
+
+! return 1 ;
+ }
+! #endif /* XMLSEC_NO_AES */
+!
+! return 0 ;
+ }
+
+! static int
+! xmlSecNssBlockCipherFetchCtx(
+! xmlSecNssBlockCipherCtxPtr context ,
+! xmlSecTransformId id
+! ) {
+! xmlSecAssert2( context != NULL, -1 ) ;
+!
+! #ifndef XMLSEC_NO_DES
+! if( id == xmlSecNssTransformDes3CbcId ) {
+! context->cipher = CKM_DES3_CBC ;
+! context->keyId = xmlSecNssKeyDataDesId ;
+! } else
+! #endif /* XMLSEC_NO_DES */
+!
+! #ifndef XMLSEC_NO_AES
+! if( id == xmlSecNssTransformAes128CbcId ) {
+! context->cipher = CKM_AES_CBC ;
+! context->keyId = xmlSecNssKeyDataAesId ;
+! } else
+! if( id == xmlSecNssTransformAes192CbcId ) {
+! context->cipher = CKM_AES_CBC ;
+! context->keyId = xmlSecNssKeyDataAesId ;
+! } else
+! if( id == xmlSecNssTransformAes256CbcId ) {
+! context->cipher = CKM_AES_CBC ;
+! context->keyId = xmlSecNssKeyDataAesId ;
+! } else
+! #endif /* XMLSEC_NO_AES */
+!
+! if( 1 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+
+! return 0 ;
+! }
+
+! /**
+! * xmlSecTransformInitializeMethod:
+! * @transform: the pointer to transform object.
+! *
+! * The transform specific initialization method.
+! *
+! * Returns 0 on success or a negative value otherwise.
+! */
+! static int
+! xmlSecNssBlockCipherInitialize(
+! xmlSecTransformPtr transform
+! ) {
+! xmlSecNssBlockCipherCtxPtr context = NULL ;
+!
+! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
+! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
+!
+! context = xmlSecNssBlockCipherGetCtx( transform ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherFetchCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+
+! context->symkey = NULL ;
+! context->cipherCtx = NULL ;
+
+! return 0 ;
+ }
+
+! /**
+! * xmlSecTransformFinalizeMethod:
+! * @transform: the pointer to transform object.
+! *
+! * The transform specific destroy method.
+! */
+! static void
+! xmlSecNssBlockCipherFinalize(
+! xmlSecTransformPtr transform
+! ) {
+! xmlSecNssBlockCipherCtxPtr context = NULL ;
+
+! xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
+! xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
+
+! context = xmlSecNssBlockCipherGetCtx( transform ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return ;
+ }
+
+! if( context->cipherCtx != NULL ) {
+! PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
+! context->cipherCtx = NULL ;
+! }
+
+! if( context->symkey != NULL ) {
+! PK11_FreeSymKey( context->symkey ) ;
+! context->symkey = NULL ;
+! }
+
+! context->cipher = CKM_INVALID_MECHANISM ;
+! context->keyId = NULL ;
+ }
+
+! /**
+! * xmlSecTransformSetKeyRequirementsMethod:
+! * @transform: the pointer to transform object.
+! * @keyReq: the pointer to key requirements structure.
+ *
+! * Transform specific method to set transform's key requirements.
+ *
+! * Returns 0 on success or a negative value otherwise.
+! */
+! static int
+! xmlSecNssBlockCipherSetKeyReq(
+! xmlSecTransformPtr transform ,
+! xmlSecKeyReqPtr keyReq
+! ) {
+! xmlSecNssBlockCipherCtxPtr context = NULL ;
+! xmlSecSize cipherSize = 0 ;
+!
+! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
+! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
+! xmlSecAssert2( keyReq != NULL , -1 ) ;
+! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+!
+! context = xmlSecNssBlockCipherGetCtx( transform ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! keyReq->keyId = context->keyId ;
+! keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
+!
+! if( transform->operation == xmlSecTransformOperationEncrypt ) {
+! keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
+! } else {
+! keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
+! }
+!
+! /*
+! if( context->symkey != NULL )
+! cipherSize = PK11_GetKeyLength( context->symkey ) ;
+!
+! keyReq->keyBitsSize = cipherSize * 8 ;
+! */
+
++ return 0 ;
++ }
+
++ /**
++ * xmlSecTransformSetKeyMethod:
++ * @transform: the pointer to transform object.
++ * @key: the pointer to key.
++ *
++ * The transform specific method to set the key for use.
++ *
++ * Returns 0 on success or a negative value otherwise.
++ */
+ static int
+! xmlSecNssBlockCipherSetKey(
+! xmlSecTransformPtr transform ,
+! xmlSecKeyPtr key
+! ) {
+! xmlSecNssBlockCipherCtxPtr context = NULL ;
+! xmlSecKeyDataPtr keyData = NULL ;
+! PK11SymKey* symkey = NULL ;
+! CK_ATTRIBUTE_TYPE operation ;
+! int ivLen ;
+!
+! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
+! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
+! xmlSecAssert2( key != NULL , -1 ) ;
+! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+!
+! context = xmlSecNssBlockCipherGetCtx( transform ) ;
+! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+!
+! keyData = xmlSecKeyGetValue( key ) ;
+! if( keyData == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+! "xmlSecKeyGetValue" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+! "xmlSecNssSymKeyDataGetKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+
+! context->symkey = symkey ;
+!
+! return 0 ;
+ }
+
++ /**
++ * Block cipher transform init
++ */
+ static int
+! xmlSecNssBlockCipherCtxInit(
+! xmlSecNssBlockCipherCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! const xmlChar* cipherName ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! SECItem ivItem ;
+! SECItem* secParam = NULL ;
+! xmlSecBufferPtr ivBuf = NULL ;
+! int ivLen ;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! ivLen = PK11_GetIVLength( ctx->cipher ) ;
+! if( ivLen < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_GetIVLength" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferCreate" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( encrypt ) {
+! if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_GenerateRandom" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+! return -1 ;
+! }
+! if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferSetSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferAppend" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+! return -1 ;
+! }
+! } else {
+! if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferSetData" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+! return -1 ;
+! }
+! }
+!
+! ivItem.data = xmlSecBufferGetData( ivBuf ) ;
+! ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
+! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_ParamFromIV" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+! return -1 ;
+! }
+!
+! ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
+! if( ctx->cipherCtx == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! SECITEM_FreeItem( secParam , PR_TRUE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+! return -1 ;
+! }
+
+! SECITEM_FreeItem( secParam , PR_TRUE ) ;
+! xmlSecBufferDestroy( ivBuf ) ;
+
+! return 0 ;
+ }
+
+! /**
+! * Block cipher transform update
+! */
+! static int
+! xmlSecNssBlockCipherCtxUpdate(
+! xmlSecNssBlockCipherCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! const xmlChar* cipherName ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! xmlSecSize inSize ;
+! xmlSecSize outSize ;
+! xmlSecSize inBlocks ;
+! int blockSize ;
+! int outLen ;
+! xmlSecByte* outBuf ;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_GetBlockSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! inSize = xmlSecBufferGetSize( in ) ;
+! outSize = xmlSecBufferGetSize( out ) ;
+!
+! inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
+! inSize = inBlocks * blockSize ;
+!
+! if( inSize < blockSize ) {
+! return 0 ;
+! }
+!
+! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferSetMaxSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! outBuf = xmlSecBufferGetData( out ) + outSize ;
+!
+! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_CipherOp" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferSetSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+
+! return 0 ;
+! }
+
+! /**
+! * Block cipher transform final
+! */
+! static int
+! xmlSecNssBlockCipherCtxFinal(
+! xmlSecNssBlockCipherCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! const xmlChar* cipherName ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! xmlSecSize inSize ;
+! xmlSecSize outSize ;
+! int blockSize ;
+! int outLen ;
+! xmlSecByte* inBuf ;
+! xmlSecByte* outBuf ;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_GetBlockSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! inSize = xmlSecBufferGetSize( in ) ;
+! outSize = xmlSecBufferGetSize( out ) ;
+!
+! /******************************************************************/
+! if( encrypt != 0 ) {
+! xmlSecAssert2( inSize < blockSize, -1 ) ;
+!
+! /* create padding */
+! if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferSetMaxSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! inBuf = xmlSecBufferGetData( in ) ;
+!
+! /* generate random */
+! if( blockSize > ( inSize + 1 ) ) {
+! if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_GenerateRandom" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! }
+!
+! inBuf[blockSize-1] = blockSize - inSize ;
+! inSize = blockSize ;
+! } else {
+! if( inSize != blockSize ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! }
+!
+! /* process the last block */
+! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferSetMaxSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! outBuf = xmlSecBufferGetData( out ) + outSize ;
+!
+! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_CipherOp" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( encrypt == 0 ) {
+! /* check padding */
+! if( outLen < outBuf[blockSize-1] ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! outLen -= outBuf[blockSize-1] ;
+! }
+! /******************************************************************/
+!
+! /******************************************************************
+! if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferSetMaxSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! outBuf = xmlSecBufferGetData( out ) + outSize ;
+!
+! if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "PK11_DigestFinal" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! ******************************************************************/
+!
+! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferSetSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( cipherName ) ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! // PK11_Finalize( ctx->cipherCtx ) ;
+! PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ;
+! ctx->cipherCtx = NULL ;
+
+! return 0 ;
+ }
+
+
+
++ /**
++ * xmlSecTransformExecuteMethod:
++ * @transform: the pointer to transform object.
++ * @last: the flag: if set to 1 then it's the last data chunk.
++ * @transformCtx: the pointer to transform context object.
++ *
++ * Transform specific method to process a chunk of data.
++ *
++ * Returns 0 on success or a negative value otherwise.
++ */
+ static int
+! xmlSecNssBlockCipherExecute(
+! xmlSecTransformPtr transform ,
+! int last ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! xmlSecNssBlockCipherCtxPtr context = NULL ;
+! xmlSecBufferPtr inBuf = NULL ;
+! xmlSecBufferPtr outBuf = NULL ;
+! const xmlChar* cipherName ;
+! int operation ;
+! int rtv ;
+!
+! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
+! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
+! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! context = xmlSecNssBlockCipherGetCtx( transform ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! inBuf = &( transform->inBuf ) ;
+! outBuf = &( transform->outBuf ) ;
+!
+! if( transform->status == xmlSecTransformStatusNone ) {
+! transform->status = xmlSecTransformStatusWorking ;
+! }
+!
+! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+! cipherName = xmlSecTransformGetName( transform ) ;
+!
+! if( transform->status == xmlSecTransformStatusWorking ) {
+! if( context->cipherCtx == NULL ) {
+! rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherCtxInit" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! }
+!
+! if( context->cipherCtx == NULL && last != 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "No enough data to intialize transform" ) ;
+! return -1 ;
+! }
+!
+! if( context->cipherCtx != NULL ) {
+! rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherCtxUpdate" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! }
+!
+! if( last ) {
+! rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssBlockCipherCtxFinal" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! transform->status = xmlSecTransformStatusFinished ;
+! }
+! } else if( transform->status == xmlSecTransformStatusFinished ) {
+! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "status=%d", transform->status ) ;
+! return -1 ;
+! }
+! } else {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "status=%d", transform->status ) ;
+! return -1 ;
+! }
+!
+! return 0 ;
+ }
+
+! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
+! sizeof( xmlSecTransformKlass ) ,
+! xmlSecNssBlockCipherSize ,
+
+! xmlSecNameAes128Cbc ,
+! xmlSecHrefAes128Cbc ,
+! xmlSecTransformUsageEncryptionMethod ,
+!
+! xmlSecNssBlockCipherInitialize ,
+! xmlSecNssBlockCipherFinalize ,
+! NULL ,
+! NULL ,
+!
+! xmlSecNssBlockCipherSetKeyReq ,
+! xmlSecNssBlockCipherSetKey ,
+! NULL ,
+! xmlSecTransformDefaultGetDataType ,
+!
+! xmlSecTransformDefaultPushBin ,
+! xmlSecTransformDefaultPopBin ,
+! NULL ,
+! NULL ,
+! xmlSecNssBlockCipherExecute ,
+!
+! NULL ,
+! NULL
+! } ;
+
+
+! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
+! sizeof( xmlSecTransformKlass ) ,
+! xmlSecNssBlockCipherSize ,
+
+! xmlSecNameAes192Cbc ,
+! xmlSecHrefAes192Cbc ,
+! xmlSecTransformUsageEncryptionMethod ,
+!
+! xmlSecNssBlockCipherInitialize ,
+! xmlSecNssBlockCipherFinalize ,
+! NULL ,
+! NULL ,
+!
+! xmlSecNssBlockCipherSetKeyReq ,
+! xmlSecNssBlockCipherSetKey ,
+! NULL ,
+! xmlSecTransformDefaultGetDataType ,
+!
+! xmlSecTransformDefaultPushBin ,
+! xmlSecTransformDefaultPopBin ,
+! NULL ,
+! NULL ,
+! xmlSecNssBlockCipherExecute ,
+!
+! NULL ,
+! NULL
+! } ;
+
+
+! static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
+! sizeof( xmlSecTransformKlass ) ,
+! xmlSecNssBlockCipherSize ,
+
+! xmlSecNameAes256Cbc ,
+! xmlSecHrefAes256Cbc ,
+! xmlSecTransformUsageEncryptionMethod ,
+!
+! xmlSecNssBlockCipherInitialize ,
+! xmlSecNssBlockCipherFinalize ,
+! NULL ,
+! NULL ,
+!
+! xmlSecNssBlockCipherSetKeyReq ,
+! xmlSecNssBlockCipherSetKey ,
+! NULL ,
+! xmlSecTransformDefaultGetDataType ,
+!
+! xmlSecTransformDefaultPushBin ,
+! xmlSecTransformDefaultPopBin ,
+! NULL ,
+! NULL ,
+! xmlSecNssBlockCipherExecute ,
+!
+! NULL ,
+! NULL
+! } ;
+
+! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
+! sizeof( xmlSecTransformKlass ) ,
+! xmlSecNssBlockCipherSize ,
+!
+! xmlSecNameDes3Cbc ,
+! xmlSecHrefDes3Cbc ,
+! xmlSecTransformUsageEncryptionMethod ,
+!
+! xmlSecNssBlockCipherInitialize ,
+! xmlSecNssBlockCipherFinalize ,
+! NULL ,
+! NULL ,
+!
+! xmlSecNssBlockCipherSetKeyReq ,
+! xmlSecNssBlockCipherSetKey ,
+! NULL ,
+! xmlSecTransformDefaultGetDataType ,
+!
+! xmlSecTransformDefaultPushBin ,
+! xmlSecTransformDefaultPopBin ,
+! NULL ,
+! NULL ,
+! xmlSecNssBlockCipherExecute ,
+!
+! NULL ,
+! NULL
+! } ;
+
+ /**
+! * xmlSecNssTransformAes128CbcGetKlass
+! *
+! * Get the AES128_CBC transform klass
+! *
+! * Return AES128_CBC transform klass
+! */
+! xmlSecTransformId
+! xmlSecNssTransformAes128CbcGetKlass( void ) {
+! return ( &xmlSecNssAes128CbcKlass ) ;
+ }
+
+ /**
+! * xmlSecNssTransformAes192CbcGetKlass
+! *
+! * Get the AES192_CBC transform klass
+! *
+! * Return AES192_CBC transform klass
+! */
+! xmlSecTransformId
+! xmlSecNssTransformAes192CbcGetKlass( void ) {
+! return ( &xmlSecNssAes192CbcKlass ) ;
+ }
+
+! /**
+! * xmlSecNssTransformAes256CbcGetKlass
+! *
+! * Get the AES256_CBC transform klass
+! *
+! * Return AES256_CBC transform klass
+! */
+! xmlSecTransformId
+! xmlSecNssTransformAes256CbcGetKlass( void ) {
+! return ( &xmlSecNssAes256CbcKlass ) ;
+! }
+
+! /**
+! * xmlSecNssTransformDes3CbcGetKlass
+ *
+! * Get the DES3_CBC transform klass
+! *
+! * Return DES3_CBC transform klass
+ */
+! xmlSecTransformId
+! xmlSecNssTransformDes3CbcGetKlass( void ) {
+! return ( &xmlSecNssDes3CbcKlass ) ;
+ }
+!
+
+*** misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 23:57:25.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 130,135 ****
+--- 130,136 ----
+ /**
+ * High level routines form xmlsec command line utility
+ */
++ /*
+ gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
+ gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
+***************
+*** 143,152 ****
+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
+! #endif /* XMLSEC_NO_X509 */
+ gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
+
+ return(gXmlSecNssFunctions);
+ }
+--- 144,172 ----
+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
+! #endif
+ gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
++ */
++
++ gXmlSecNssFunctions->cryptoAppInit = NULL ;
++ gXmlSecNssFunctions->cryptoAppShutdown = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ;
++ #ifndef XMLSEC_NO_X509
++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ;
++ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ;
++ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ;
++ #endif /* XMLSEC_NO_X509 */
++ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ;
++ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ;
++ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ;
+
+ return(gXmlSecNssFunctions);
+ }
+*** misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 08:58:15.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/digests.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 21,27 ****
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+- #include <xmlsec/nss/app.h>
+ #include <xmlsec/nss/crypto.h>
+
+ #define XMLSEC_NSS_MAX_DIGEST_SIZE 32
+--- 21,26 ----
+***************
+*** 107,113 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SECOID_FindOIDByTag",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 106,112 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SECOID_FindOIDByTag",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+***************
+*** 117,123 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 116,122 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+***************
+*** 208,214 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
+--- 207,213 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
+***************
+*** 225,231 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 224,230 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+***************
+*** 246,252 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+--- 245,251 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+*** misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 08:58:15.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 23,30 ****
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+- #include <xmlsec/nss/app.h>
+ #include <xmlsec/nss/crypto.h>
+
+ #define XMLSEC_NSS_MAX_HMAC_SIZE 128
+
+--- 23,30 ----
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
++ #include <xmlsec/nss/tokens.h>
+
+ #define XMLSEC_NSS_MAX_HMAC_SIZE 128
+
+***************
+*** 241,253 ****
+ keyItem.data = xmlSecBufferGetData(buffer);
+ keyItem.len = xmlSecBufferGetSize(buffer);
+
+! slot = PK11_GetBestSlot(ctx->digestType, NULL);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 241,253 ----
+ keyItem.data = xmlSecBufferGetData(buffer);
+ keyItem.len = xmlSecBufferGetSize(buffer);
+
+! slot = xmlSecNssSlotGet(ctx->digestType);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+***************
+*** 258,264 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSlot(slot);
+ return(-1);
+ }
+--- 258,264 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ PK11_FreeSlot(slot);
+ return(-1);
+ }
+***************
+*** 269,275 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSlot(slot);
+ return(-1);
+--- 269,275 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSlot(slot);
+ return(-1);
+***************
+*** 368,374 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
+--- 368,374 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
+***************
+*** 385,391 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 385,391 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+***************
+*** 408,414 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(dgstSize > 0, -1);
+--- 408,414 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ xmlSecAssert2(dgstSize > 0, -1);
+*** misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 08:58:15.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 1,119 ****
+ /**
+ * XMLSec library
+ *
+- * Nss keys store that uses Simple Keys Store under the hood. Uses the
+- * Nss DB as a backing store for the finding keys, but the NSS DB is
+- * not written to by the keys store.
+- * So, if store->findkey is done and the key is not found in the simple
+- * keys store, the NSS DB is looked up.
+- * If store is called to adopt a key, that key is not written to the NSS
+- * DB.
+- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
+- * source of keys for xmlsec
+- *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+! * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+- #include "globals.h"
+
+! #include <stdlib.h>
+ #include <string.h>
+
+! #include <nss.h>
+! #include <cert.h>
+! #include <pk11func.h>
+! #include <keyhi.h>
+
+- #include <libxml/tree.h>
+
+ #include <xmlsec/xmlsec.h>
+! #include <xmlsec/buffer.h>
+! #include <xmlsec/base64.h>
+! #include <xmlsec/errors.h>
+! #include <xmlsec/xmltree.h>
+!
+ #include <xmlsec/keysmngr.h>
+
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/keysstore.h>
+! #include <xmlsec/nss/x509.h>
+ #include <xmlsec/nss/pkikeys.h>
+
+! /****************************************************************************
+ *
+! * Nss Keys Store. Uses Simple Keys Store under the hood
+! *
+! * Simple Keys Store ptr is located after xmlSecKeyStore
+ *
+! ***************************************************************************/
+! #define xmlSecNssKeysStoreSize \
+! (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
+!
+! #define xmlSecNssKeysStoreGetSS(store) \
+! ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
+! (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
+! (xmlSecKeyStorePtr*)NULL)
+!
+! static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
+! static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
+! static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
+! const xmlChar* name,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
+! sizeof(xmlSecKeyStoreKlass),
+! xmlSecNssKeysStoreSize,
+
+! /* data */
+! BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
+!
+! /* constructors/destructor */
+! xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+! xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+! xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+!
+! /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+
+! /**
+! * xmlSecNssKeysStoreGetKlass:
+! *
+! * The Nss list based keys store klass.
+ *
+! * Returns Nss list based keys store klass.
+ */
+! xmlSecKeyStoreId
+! xmlSecNssKeysStoreGetKlass(void) {
+! return(&xmlSecNssKeysStoreKlass);
+ }
+
+! /**
+! * xmlSecNssKeysStoreAdoptKey:
+! * @store: the pointer to Nss keys store.
+! * @key: the pointer to key.
+! *
+! * Adds @key to the @store.
+ *
+! * Returns 0 on success or a negative value if an error occurs.
+ */
+! int
+! xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
+! xmlSecKeyStorePtr *ss;
+!
+! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+! xmlSecAssert2((key != NULL), -1);
+
+! ss = xmlSecNssKeysStoreGetSS(store);
+! xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+
+! return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
+ }
+
+ /**
+ * xmlSecNssKeysStoreLoad:
+ * @store: the pointer to Nss keys store.
+--- 1,518 ----
+ /**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+! * Copyright................................
+ */
+
+! /**
+! * NSS key store uses a key list and a slot list as the key repository. NSS slot
+! * list is a backup repository for the finding keys. If a key is not found from
+! * the key list, the NSS slot list is looked up.
+! *
+! * Any key in the key list will not save to pkcs11 slot. When a store to called
+! * to adopt a key, the key is resident in the key list; While a store to called
+! * to set a is resident in the key list; While a store to called to set a slot
+! * list, which means that the keys in the listed slot can be used for xml sign-
+! * nature or encryption.
+! *
+! * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
+! *
+! * The framework will decrease the user interfaces to administrate xmlSec crypto
+! * engine. He can only focus on NSS layer functions. For examples, after the
+! * user set up a slot list handler to the keys store, he do not need to do any
+! * other work atop xmlSec interfaces, his action on the slot list handler, such
+! * as add a token to, delete a token from the list, will directly effect the key
+! * store behaviors.
+! *
+! * For example, a scenariio:
+! * 0. Create a slot list;( NSS interfaces )
+! * 1. Create a keys store;( xmlSec interfaces )
+! * 2. Set slot list with the keys store;( xmlSec Interfaces )
+! * 3. Add a slot to the slot list;( NSS interfaces )
+! * 4. Perform xml signature; ( xmlSec Interfaces )
+! * 5. Deleter a slot from the slot list;( NSS interfaces )
+! * 6. Perform xml encryption; ( xmlSec Interfaces )
+! * 7. Perform xml signature;( xmlSec Interfaces )
+! * 8. Destroy the keys store;( xmlSec Interfaces )
+! * 8. Destroy the slot list.( NSS Interfaces )
+! */
+!
+! #include "globals.h"
+ #include <string.h>
+
+! #include <nss.h>
+! #include <pk11func.h>
+! #include <prinit.h>
+! #include <keyhi.h>
+
+
+ #include <xmlsec/xmlsec.h>
+! #include <xmlsec/keys.h>
+ #include <xmlsec/keysmngr.h>
++ #include <xmlsec/transforms.h>
++ #include <xmlsec/xmltree.h>
++ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/keysstore.h>
+! #include <xmlsec/nss/tokens.h>
+! #include <xmlsec/nss/ciphers.h>
+ #include <xmlsec/nss/pkikeys.h>
+
+! /**
+! * Internal NSS key store context
+ *
+! * This context is located after xmlSecKeyStore
+! */
+! typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
+! typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
+!
+! struct _xmlSecNssKeysStoreCtx {
+! xmlSecPtrListPtr keyList ;
+! xmlSecPtrListPtr slotList ;
+! } ;
+!
+! #define xmlSecNssKeysStoreSize \
+! ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
+!
+! #define xmlSecNssKeysStoreGetCtx( data ) \
+! ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
+!
+! int xmlSecNssKeysStoreAdoptKeySlot(
+! xmlSecKeyStorePtr store ,
+! xmlSecNssKeySlotPtr keySlot
+! ) {
+! xmlSecNssKeysStoreCtxPtr context = NULL ;
+!
+! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
+! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
+!
+! context = xmlSecNssKeysStoreGetCtx( store ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecNssKeysStoreGetCtx" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( context->slotList == NULL ) {
+! if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecPtrListCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! }
+!
+! if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecPtrListCheckId" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecPtrListAdd" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! return 0 ;
+! }
+!
+! int xmlSecNssKeysStoreAdoptKey(
+! xmlSecKeyStorePtr store ,
+! xmlSecKeyPtr key
+! ) {
+! xmlSecNssKeysStoreCtxPtr context = NULL ;
+!
+! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
+! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
+!
+! context = xmlSecNssKeysStoreGetCtx( store ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecNssKeysStoreGetCtx" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( context->keyList == NULL ) {
+! if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecPtrListCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+! }
+!
+! if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecPtrListCheckId" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecPtrListAdd" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+!
+! return 0 ;
+! }
+!
+! /**
+! * xmlSecKeyStoreInitializeMethod:
+! * @store: the store.
+ *
+! * Keys store specific initialization method.
+! *
+! * Returns 0 on success or a negative value if an error occurs.
+! */
+! static int
+! xmlSecNssKeysStoreInitialize(
+! xmlSecKeyStorePtr store
+! ) {
+! xmlSecNssKeysStoreCtxPtr context = NULL ;
+!
+! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
+! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
+!
+! context = xmlSecNssKeysStoreGetCtx( store ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecNssKeysStoreGetCtx" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+
+! context->keyList = NULL ;
+! context->slotList = NULL ;
+
+! return 0 ;
+! }
+
+! /**
+! * xmlSecKeyStoreFinalizeMethod:
+! * @store: the store.
+ *
+! * Keys store specific finalization (destroy) method.
+ */
+! void
+! xmlSecNssKeysStoreFinalize(
+! xmlSecKeyStorePtr store
+! ) {
+! xmlSecNssKeysStoreCtxPtr context = NULL ;
+!
+! xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
+! xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
+!
+! context = xmlSecNssKeysStoreGetCtx( store ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecNssKeysStoreGetCtx" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return ;
+! }
+!
+! if( context->keyList != NULL ) {
+! xmlSecPtrListDestroy( context->keyList ) ;
+! context->keyList = NULL ;
+! }
+!
+! if( context->slotList != NULL ) {
+! xmlSecPtrListDestroy( context->slotList ) ;
+! context->slotList = NULL ;
+! }
+ }
+
+! xmlSecKeyPtr
+! xmlSecNssKeysStoreFindKeyFromSlot(
+! PK11SlotInfo* slot,
+! const xmlChar* name,
+! xmlSecKeyInfoCtxPtr keyInfoCtx
+! ) {
+! xmlSecKeyPtr key = NULL ;
+! xmlSecKeyDataPtr data = NULL ;
+! int length ;
+!
+! xmlSecAssert2( slot != NULL , NULL ) ;
+! xmlSecAssert2( name != NULL , NULL ) ;
+! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
+!
+! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
+! PK11SymKey* symKey ;
+! PK11SymKey* curKey ;
+!
+! /* Find symmetric key from the slot by name */
+! symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
+! for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
+! /* Check the key request */
+! length = PK11_GetKeyLength( curKey ) ;
+! length *= 8 ;
+! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
+! ( length > 0 ) &&
+! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
+! continue ;
+!
+! /* We find a eligible key */
+! data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
+! if( data == NULL ) {
+! /* Do nothing */
+! }
+! break ;
+! }
+!
+! /* Destroy the sym key list */
+! for( curKey = symKey ; curKey != NULL ; ) {
+! symKey = curKey ;
+! curKey = PK11_GetNextSymKey( symKey ) ;
+! PK11_FreeSymKey( symKey ) ;
+! }
+! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
+! SECKEYPublicKeyList* pubKeyList ;
+! SECKEYPublicKey* pubKey ;
+! SECKEYPublicKeyListNode* curPub ;
+!
+! /* Find asymmetric key from the slot by name */
+! pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
+! pubKey = NULL ;
+! curPub = PUBKEY_LIST_HEAD(pubKeyList);
+! for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
+! /* Check the key request */
+! length = SECKEY_PublicKeyStrength( curPub->key ) ;
+! length *= 8 ;
+! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
+! ( length > 0 ) &&
+! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
+! continue ;
+!
+! /* We find a eligible key */
+! pubKey = curPub->key ;
+! break ;
+! }
+!
+! if( pubKey != NULL ) {
+! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
+! if( data == NULL ) {
+! /* Do nothing */
+! }
+! }
+!
+! /* Destroy the public key list */
+! SECKEY_DestroyPublicKeyList( pubKeyList ) ;
+! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
+! SECKEYPrivateKeyList* priKeyList = NULL ;
+! SECKEYPrivateKey* priKey = NULL ;
+! SECKEYPrivateKeyListNode* curPri ;
+!
+! /* Find asymmetric key from the slot by name */
+! priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
+! priKey = NULL ;
+! curPri = PRIVKEY_LIST_HEAD(priKeyList);
+! for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
+! /* Check the key request */
+! length = PK11_SignatureLen( curPri->key ) ;
+! length *= 8 ;
+! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
+! ( length > 0 ) &&
+! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
+! continue ;
+!
+! /* We find a eligible key */
+! priKey = curPri->key ;
+! break ;
+! }
+!
+! if( priKey != NULL ) {
+! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
+! if( data == NULL ) {
+! /* Do nothing */
+! }
+! }
+!
+! /* Destroy the private key list */
+! SECKEY_DestroyPrivateKeyList( priKeyList ) ;
+! }
+!
+! /* If we have gotten the key value */
+! if( data != NULL ) {
+! if( ( key = xmlSecKeyCreate() ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeyCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyDataDestroy( data ) ;
+! return NULL ;
+! }
+!
+! if( xmlSecKeySetValue( key , data ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecKeySetValue" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecKeyDestroy( key ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return NULL ;
+! }
+! }
+!
+! return(key);
+! }
+!
+! /**
+! * xmlSecKeyStoreFindKeyMethod:
+! * @store: the store.
+! * @name: the desired key name.
+! * @keyInfoCtx: the pointer to key info context.
+ *
+! * Keys store specific find method. The caller is responsible for destroying
+! * the returned key using #xmlSecKeyDestroy method.
+! *
+! * Returns the pointer to a key or NULL if key is not found or an error occurs.
+ */
+! static xmlSecKeyPtr
+! xmlSecNssKeysStoreFindKey(
+! xmlSecKeyStorePtr store ,
+! const xmlChar* name ,
+! xmlSecKeyInfoCtxPtr keyInfoCtx
+! ) {
+! xmlSecNssKeysStoreCtxPtr context = NULL ;
+! xmlSecKeyPtr key = NULL ;
+! xmlSecNssKeySlotPtr keySlot = NULL ;
+! xmlSecSize pos ;
+! xmlSecSize size ;
+!
+! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
+! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
+! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
+!
+! context = xmlSecNssKeysStoreGetCtx( store ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecNssKeysStoreGetCtx" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return NULL ;
+! }
+!
+! /*-
+! * Look for key at keyList at first.
+! */
+! if( context->keyList != NULL ) {
+! size = xmlSecPtrListGetSize( context->keyList ) ;
+! for( pos = 0 ; pos < size ; pos ++ ) {
+! key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
+! if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
+! return xmlSecKeyDuplicate( key ) ;
+! }
+! }
+! }
+!
+! /*-
+! * Find the key from slotList
+! */
+! if( context->slotList != NULL ) {
+! PK11SlotInfo* slot = NULL ;
+!
+! size = xmlSecPtrListGetSize( context->slotList ) ;
+! for( pos = 0 ; pos < size ; pos ++ ) {
+! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
+! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
+! if( slot == NULL ) {
+! continue ;
+! } else {
+! key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
+! if( key == NULL ) {
+! continue ;
+! } else {
+! return( key ) ;
+! }
+! }
+! }
+! }
+!
+! /*-
+! * Create a session key if we can not find the key from keyList and slotList
+! */
+! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
+! key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
+! if( key == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
+! "xmlSecKeySetValue" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return NULL ;
+! }
+!
+! return key ;
+! }
+!
+! /**
+! * We have no way to find the key any more.
+! */
+! return NULL ;
+! }
+
+! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
+! sizeof( xmlSecKeyStoreKlass ) ,
+! xmlSecNssKeysStoreSize ,
+! BAD_CAST "implicit_nss_keys_store" ,
+! xmlSecNssKeysStoreInitialize ,
+! xmlSecNssKeysStoreFinalize ,
+! xmlSecNssKeysStoreFindKey ,
+! NULL ,
+! NULL
+! } ;
+
+! /**
+! * xmlSecNssKeysStoreGetKlass:
+! *
+! * The simple list based keys store klass.
+! *
+! * Returns simple list based keys store klass.
+! */
+! xmlSecKeyStoreId
+! xmlSecNssKeysStoreGetKlass( void ) {
+! return &xmlSecNssKeysStoreKlass ;
+ }
+
++
++ /**************************
++ * Application routines
++ */
+ /**
+ * xmlSecNssKeysStoreLoad:
+ * @store: the pointer to Nss keys store.
+***************
+*** 125,132 ****
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+ int
+! xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+! xmlSecKeysMngrPtr keysMngr) {
+ xmlDocPtr doc;
+ xmlNodePtr root;
+ xmlNodePtr cur;
+--- 524,534 ----
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+ int
+! xmlSecNssKeysStoreLoad(
+! xmlSecKeyStorePtr store,
+! const char *uri,
+! xmlSecKeysMngrPtr keysMngr
+! ) {
+ xmlDocPtr doc;
+ xmlNodePtr root;
+ xmlNodePtr cur;
+***************
+*** 252,505 ****
+ */
+ int
+ xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
+! xmlSecKeyStorePtr *ss;
+!
+! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+! xmlSecAssert2((filename != NULL), -1);
+!
+! ss = xmlSecNssKeysStoreGetSS(store);
+! xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+!
+! return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
+! }
+!
+! static int
+! xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
+! xmlSecKeyStorePtr *ss;
+!
+! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+
+! ss = xmlSecNssKeysStoreGetSS(store);
+! xmlSecAssert2((*ss == NULL), -1);
+
+! *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+! if(*ss == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "xmlSecSimpleKeysStoreId");
+! return(-1);
+ }
+-
+- return(0);
+- }
+-
+- static void
+- xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
+- xmlSecKeyStorePtr *ss;
+-
+- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert((ss != NULL) && (*ss != NULL));
+
+! xmlSecKeyStoreDestroy(*ss);
+! }
+!
+! static xmlSecKeyPtr
+! xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+! xmlSecKeyInfoCtxPtr keyInfoCtx) {
+! xmlSecKeyStorePtr* ss;
+! xmlSecKeyPtr key = NULL;
+! xmlSecKeyPtr retval = NULL;
+! xmlSecKeyReqPtr keyReq = NULL;
+! CERTCertificate *cert = NULL;
+! SECKEYPublicKey *pubkey = NULL;
+! SECKEYPrivateKey *privkey = NULL;
+! xmlSecKeyDataPtr data = NULL;
+! xmlSecKeyDataPtr x509Data = NULL;
+! int ret;
+!
+! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
+! xmlSecAssert2(keyInfoCtx != NULL, NULL);
+!
+! ss = xmlSecNssKeysStoreGetSS(store);
+! xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
+!
+! key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
+! if (key != NULL) {
+! return (key);
+! }
+
+! /* Try to find the key in the NSS DB, and construct an xmlSecKey.
+! * we must have a name to lookup keys in NSS DB.
+! */
+! if (name == NULL) {
+! goto done;
+! }
+
+! /* what type of key are we looking for?
+! * TBD: For now, we'll look only for public/private keys using the
+! * name as a cert nickname. Later on, we can attempt to find
+! * symmetric keys using PK11_FindFixedKey
+! */
+! keyReq = &(keyInfoCtx->keyReq);
+! if (keyReq->keyType &
+! (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
+! cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
+! if (cert == NULL) {
+! goto done;
+! }
+!
+! if (keyReq->keyType & xmlSecKeyDataTypePublic) {
+! pubkey = CERT_ExtractPublicKey(cert);
+! if (pubkey == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CERT_ExtractPublicKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+ }
+- }
+
+! if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
+! privkey = PK11_FindKeyByAnyCert(cert, NULL);
+! if (privkey == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_FindKeyByAnyCert",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+ }
+ }
+
+! data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+! if(data == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssPKIAdoptKey",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+! privkey = NULL;
+! pubkey = NULL;
+!
+! key = xmlSecKeyCreate();
+! if (key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! return (NULL);
+! }
+!
+! x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
+! if(x509Data == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeyDataCreate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "transform=%s",
+! xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+! goto done;
+! }
+!
+! ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
+! if (ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKeyDataX509AdoptKeyCert",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "data=%s",
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+! goto done;
+! }
+! cert = CERT_DupCertificate(cert);
+! if (cert == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CERT_DupCertificate",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "data=%s",
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+! goto done;
+! }
+!
+! ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
+! if (ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKeyDataX509AdoptCert",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "data=%s",
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+! goto done;
+ }
+- cert = NULL;
+
+! ret = xmlSecKeySetValue(key, data);
+! if (ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeySetValue",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "data=%s",
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+! goto done;
+! }
+! data = NULL;
+
+! ret = xmlSecKeyAdoptData(key, x509Data);
+! if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "data=%s",
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+! goto done;
+! }
+! x509Data = NULL;
+!
+! retval = key;
+! key = NULL;
+! }
+!
+! done:
+! if (cert != NULL) {
+! CERT_DestroyCertificate(cert);
+! }
+! if (pubkey != NULL) {
+! SECKEY_DestroyPublicKey(pubkey);
+! }
+! if (privkey != NULL) {
+! SECKEY_DestroyPrivateKey(privkey);
+! }
+! if (data != NULL) {
+! xmlSecKeyDataDestroy(data);
+! }
+! if (x509Data != NULL) {
+! xmlSecKeyDataDestroy(x509Data);
+! }
+! if (key != NULL) {
+! xmlSecKeyDestroy(key);
+ }
+!
+! /* now that we have a key, make sure it is valid and let the simple
+! * store adopt it */
+! if (retval) {
+! if (xmlSecKeyIsValid(retval)) {
+! ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval);
+! if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecSimpleKeysStoreAdoptKey",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyDestroy(retval);
+! retval = NULL;
+! }
+! } else {
+! xmlSecKeyDestroy(retval);
+! retval = NULL;
+! }
+! }
+!
+! return (retval);
+ }
+--- 654,800 ----
+ */
+ int
+ xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
+! xmlSecKeyInfoCtx keyInfoCtx;
+! xmlSecNssKeysStoreCtxPtr context ;
+! xmlSecPtrListPtr list;
+! xmlSecKeyPtr key;
+! xmlSecSize i, keysSize;
+! xmlDocPtr doc;
+! xmlNodePtr cur;
+! xmlSecKeyDataPtr data;
+! xmlSecPtrListPtr idsList;
+! xmlSecKeyDataId dataId;
+! xmlSecSize idsSize, j;
+! int ret;
+
+! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ;
+! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
+! xmlSecAssert2(filename != NULL, -1);
+!
+! context = xmlSecNssKeysStoreGetCtx( store ) ;
+! xmlSecAssert2( context != NULL, -1 );
+!
+! list = context->keyList ;
+! xmlSecAssert2( list != NULL, -1 );
+! xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
+
+! /* create doc */
+! doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
+! if(doc == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecCreateTree",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+ }
+
+! idsList = xmlSecKeyDataIdsGet();
+! xmlSecAssert2(idsList != NULL, -1);
+!
+! keysSize = xmlSecPtrListGetSize(list);
+! idsSize = xmlSecPtrListGetSize(idsList);
+! for(i = 0; i < keysSize; ++i) {
+! key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
+! xmlSecAssert2(key != NULL, -1);
+!
+! cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
+! if(cur == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecAddChild",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "node=%s",
+! xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+! xmlFreeDoc(doc);
+! return(-1);
+! }
+
+! /* special data key name */
+! if(xmlSecKeyGetName(key) != NULL) {
+! if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecAddChild",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "node=%s",
+! xmlSecErrorsSafeString(xmlSecNodeKeyName));
+! xmlFreeDoc(doc);
+! return(-1);
+! }
+! }
+!
+! /* create nodes for other keys data */
+! for(j = 0; j < idsSize; ++j) {
+! dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
+! xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
+
+! if(dataId->dataNodeName == NULL) {
+! continue;
+! }
+!
+! data = xmlSecKeyGetData(key, dataId);
+! if(data == NULL) {
+! continue;
+ }
+
+! if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecAddChild",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "node=%s",
+! xmlSecErrorsSafeString(dataId->dataNodeName));
+! xmlFreeDoc(doc);
+! return(-1);
+ }
+ }
+
+! ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+! if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! xmlFreeDoc(doc);
+! return(-1);
+ }
+
+! keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
+! keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+! keyInfoCtx.keyReq.keyType = type;
+! keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
+
+! /* finally write key in the node */
+! ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
+! if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+! xmlFreeDoc(doc);
+! return(-1);
+! }
+! xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ }
+!
+! /* now write result */
+! ret = xmlSaveFormatFile(filename, doc, 1);
+! if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+! "xmlSaveFormatFile",
+! XMLSEC_ERRORS_R_XML_FAILED,
+! "filename=%s",
+! xmlSecErrorsSafeString(filename));
+! xmlFreeDoc(doc);
+! return(-1);
+! }
+!
+! xmlFreeDoc(doc);
+! return(0);
+ }
++
+*** misc/xmlsec1-1.2.6/src/nss/keytrans.c 2005-02-23 11:07:00.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,744 ----
+! /**
+! *
+! * XMLSec library
+! *
+! * AES Algorithm support
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright .................................
+! */
+! #include "globals.h"
+!
+! #include <stdlib.h>
+! #include <stdio.h>
+! #include <string.h>
+!
+! #include <nss.h>
+! #include <pk11func.h>
+! #include <keyhi.h>
+! #include <key.h>
+! #include <hasht.h>
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/xmltree.h>
+! #include <xmlsec/keys.h>
+! #include <xmlsec/transforms.h>
+! #include <xmlsec/errors.h>
+!
+! #include <xmlsec/nss/crypto.h>
+! #include <xmlsec/nss/pkikeys.h>
+! #include <xmlsec/nss/tokens.h>
+!
+! /*********************************************************************
+! *
+! * key transform transforms
+! *
+! ********************************************************************/
+! typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ;
+! typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ;
+!
+! #define xmlSecNssKeyTransportSize \
+! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
+!
+! #define xmlSecNssKeyTransportGetCtx( transform ) \
+! ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+!
+! struct _xmlSecNssKeyTransportCtx {
+! CK_MECHANISM_TYPE cipher ;
+! SECKEYPublicKey* pubkey ;
+! SECKEYPrivateKey* prikey ;
+! xmlSecKeyDataId keyId ;
+! xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
+! } ;
+!
+! static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform);
+! static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform);
+! static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform,
+! xmlSecKeyReqPtr keyReq);
+! static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform,
+! xmlSecKeyPtr key);
+! static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform,
+! int last,
+! xmlSecTransformCtxPtr transformCtx);
+! static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform);
+!
+! static int
+! xmlSecNssKeyTransportCheckId(
+! xmlSecTransformPtr transform
+! ) {
+! #ifndef XMLSEC_NO_RSA
+! if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) ||
+! xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) {
+!
+! return(1);
+! }
+! #endif /* XMLSEC_NO_RSA */
+!
+! return(0);
+! }
+!
+! static int
+! xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) {
+! xmlSecNssKeyTransportCtxPtr context ;
+! int ret;
+!
+! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
+!
+! context = xmlSecNssKeyTransportGetCtx( transform ) ;
+! xmlSecAssert2( context != NULL , -1 ) ;
+!
+! #ifndef XMLSEC_NO_RSA
+! if( transform->id == xmlSecNssTransformRsaPkcs1Id ) {
+! context->cipher = CKM_RSA_PKCS ;
+! context->keyId = xmlSecNssKeyDataRsaId ;
+! } else if( transform->id == xmlSecNssTransformRsaOaepId ) {
+! context->cipher = CKM_RSA_PKCS_OAEP ;
+! context->keyId = xmlSecNssKeyDataRsaId ;
+! } else
+! #endif /* XMLSEC_NO_RSA */
+!
+! if( 1 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! NULL ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! context->pubkey = NULL ;
+! context->prikey = NULL ;
+! context->material = NULL ;
+!
+! return(0);
+! }
+!
+! static void
+! xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) {
+! xmlSecNssKeyTransportCtxPtr context ;
+!
+! xmlSecAssert(xmlSecNssKeyTransportCheckId(transform));
+! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize));
+!
+! context = xmlSecNssKeyTransportGetCtx( transform ) ;
+! xmlSecAssert( context != NULL ) ;
+!
+! if( context->pubkey != NULL ) {
+! SECKEY_DestroyPublicKey( context->pubkey ) ;
+! context->pubkey = NULL ;
+! }
+!
+! if( context->prikey != NULL ) {
+! SECKEY_DestroyPrivateKey( context->prikey ) ;
+! context->prikey = NULL ;
+! }
+!
+! if( context->material != NULL ) {
+! xmlSecBufferDestroy(context->material);
+! context->material = NULL ;
+! }
+! }
+!
+! static int
+! xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+! xmlSecNssKeyTransportCtxPtr context ;
+! xmlSecSize cipherSize = 0 ;
+!
+!
+! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
+! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+! xmlSecAssert2(keyReq != NULL, -1);
+!
+! context = xmlSecNssKeyTransportGetCtx( transform ) ;
+! xmlSecAssert2( context != NULL , -1 ) ;
+!
+! keyReq->keyId = context->keyId;
+! if(transform->operation == xmlSecTransformOperationEncrypt) {
+! keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+! keyReq->keyType = xmlSecKeyDataTypePublic;
+! } else {
+! keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+! keyReq->keyType = xmlSecKeyDataTypePrivate;
+! }
+!
+! return(0);
+! }
+!
+! static int
+! xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+! xmlSecNssKeyTransportCtxPtr context = NULL ;
+! xmlSecKeyDataPtr keyData = NULL ;
+! SECKEYPublicKey* pubkey = NULL ;
+! SECKEYPrivateKey* prikey = NULL ;
+!
+! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
+! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+! xmlSecAssert2(key != NULL, -1);
+!
+! context = xmlSecNssKeyTransportGetCtx( transform ) ;
+! if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyTransportGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+!
+! keyData = xmlSecKeyGetValue( key ) ;
+! if( keyData == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+! "xmlSecKeyGetValue" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if(transform->operation == xmlSecTransformOperationEncrypt) {
+! if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+! "xmlSecNssPKIKeyDataGetPubKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! context->pubkey = pubkey ;
+! } else {
+! if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+! "xmlSecNssPKIKeyDataGetPrivKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! context->prikey = prikey ;
+! }
+!
+! return(0) ;
+! }
+!
+! /**
+! * key wrap transform
+! */
+! static int
+! xmlSecNssKeyTransportCtxInit(
+! xmlSecNssKeyTransportCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! xmlSecSize blockSize ;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! if( ctx->material != NULL ) {
+! xmlSecBufferDestroy( ctx->material ) ;
+! ctx->material = NULL ;
+! }
+!
+! if( ctx->pubkey != NULL ) {
+! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
+! } else if( ctx->prikey != NULL ) {
+! blockSize = PK11_SignatureLen( ctx->prikey ) ;
+! } else {
+! blockSize = -1 ;
+! }
+!
+! if( blockSize < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! ctx->material = xmlSecBufferCreate( blockSize ) ;
+! if( ctx->material == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferCreate" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! /* read raw key material into context */
+! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferSetData" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! return(0);
+! }
+!
+! /**
+! * key wrap transform update
+! */
+! static int
+! xmlSecNssKeyTransportCtxUpdate(
+! xmlSecNssKeyTransportCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( ctx->material != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! /* read raw key material and append into context */
+! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferAppend" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! return(0);
+! }
+!
+! /**
+! * Block cipher transform final
+! */
+! static int
+! xmlSecNssKeyTransportCtxFinal(
+! xmlSecNssKeyTransportCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! SECKEYPublicKey* targetKey ;
+! PK11SymKey* symKey ;
+! PK11SlotInfo* slot ;
+! SECItem oriskv ;
+! xmlSecSize blockSize ;
+! xmlSecBufferPtr result ;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( ctx->material != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! /* read raw key material and append into context */
+! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferAppend" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! /* Now we get all of the key materail */
+! /* from now on we will wrap or unwrap the key */
+! if( ctx->pubkey != NULL ) {
+! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
+! } else if( ctx->prikey != NULL ) {
+! blockSize = PK11_SignatureLen( ctx->prikey ) ;
+! } else {
+! blockSize = -1 ;
+! }
+!
+! if( blockSize < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_GetBlockSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! result = xmlSecBufferCreate( blockSize * 2 ) ;
+! if( result == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferCreate" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! oriskv.type = siBuffer ;
+! oriskv.data = xmlSecBufferGetData( ctx->material ) ;
+! oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
+!
+! if( encrypt != 0 ) {
+! CK_OBJECT_HANDLE id ;
+! SECItem wrpskv ;
+!
+! /* Create template symmetric key from material */
+! if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) {
+! slot = xmlSecNssSlotGet( ctx->cipher ) ;
+! if( slot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssSlotGet" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+!
+! id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
+! if( id == CK_INVALID_HANDLE ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_ImportPublicKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! PK11_FreeSlot( slot ) ;
+! return(-1);
+! }
+! }
+!
+! /* pay attention to mechanism */
+! symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
+! if( symKey == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_ImportSymKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! PK11_FreeSlot( slot ) ;
+! return(-1);
+! }
+!
+! wrpskv.type = siBuffer ;
+! wrpskv.data = xmlSecBufferGetData( result ) ;
+! wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
+!
+! if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_PubWrapSymKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSymKey( symKey ) ;
+! xmlSecBufferDestroy(result);
+! PK11_FreeSlot( slot ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferSetSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSymKey( symKey ) ;
+! xmlSecBufferDestroy(result);
+! PK11_FreeSlot( slot ) ;
+! return(-1);
+! }
+! PK11_FreeSymKey( symKey ) ;
+! PK11_FreeSlot( slot ) ;
+! } else {
+! SECItem* keyItem ;
+! CK_OBJECT_HANDLE id1 ;
+!
+! /* pay attention to mechanism */
+! if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_PubUnwrapSymKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+!
+! /* Extract raw data from symmetric key */
+! if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_ExtractKeyValue" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSymKey( symKey ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+!
+! if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_GetKeyData" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSymKey( symKey ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+!
+! if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_PubUnwrapSymKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSymKey( symKey ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+! PK11_FreeSymKey( symKey ) ;
+! }
+!
+! /* Write output */
+! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferAppend" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+! xmlSecBufferDestroy(result);
+!
+! return(0);
+! }
+!
+! static int
+! xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+! xmlSecNssKeyTransportCtxPtr context = NULL ;
+! xmlSecBufferPtr inBuf, outBuf ;
+! int operation ;
+! int rtv ;
+!
+! xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
+! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
+! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! context = xmlSecNssKeyTransportGetCtx( transform ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyTransportGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! inBuf = &( transform->inBuf ) ;
+! outBuf = &( transform->outBuf ) ;
+!
+! if( transform->status == xmlSecTransformStatusNone ) {
+! transform->status = xmlSecTransformStatusWorking ;
+! }
+!
+! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+! if( transform->status == xmlSecTransformStatusWorking ) {
+! if( context->material == NULL ) {
+! rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyTransportCtxInit" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! }
+!
+! if( context->material == NULL && last != 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "No enough data to intialize transform" ) ;
+! return(-1);
+! }
+!
+! if( context->material != NULL ) {
+! rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyTransportCtxUpdate" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! }
+!
+! if( last ) {
+! rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyTransportCtxFinal" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! transform->status = xmlSecTransformStatusFinished ;
+! }
+! } else if( transform->status == xmlSecTransformStatusFinished ) {
+! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "status=%d", transform->status ) ;
+! return(-1);
+! }
+! } else {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "status=%d", transform->status ) ;
+! return(-1);
+! }
+!
+! return(0);
+! }
+!
+!
+! #ifndef XMLSEC_NO_RSA
+!
+! static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
+!
+! xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+! xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+!
+! static xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
+!
+! xmlSecNameRsaOaep, /* const xmlChar* name; */
+! xmlSecHrefRsaOaep, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+!
+! /**
+! * xmlSecNssTransformRsaPkcs1GetKlass:
+! *
+! * The RSA-PKCS1 key transport transform klass.
+! *
+! * Returns RSA-PKCS1 key transport transform klass.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformRsaPkcs1GetKlass(void) {
+! return(&xmlSecNssRsaPkcs1Klass);
+! }
+!
+! /**
+! * xmlSecNssTransformRsaOaepGetKlass:
+! *
+! * The RSA-PKCS1 key transport transform klass.
+! *
+! * Returns RSA-PKCS1 key transport transform klass.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformRsaOaepGetKlass(void) {
+! return(&xmlSecNssRsaOaepKlass);
+! }
+!
+! #endif /* XMLSEC_NO_RSA */
+!
+*** misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-02-23 11:07:01.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,1197 ----
+! /**
+! *
+! * XMLSec library
+! *
+! * AES Algorithm support
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright .................................
+! */
+! #include "globals.h"
+!
+! #include <stdlib.h>
+! #include <stdio.h>
+! #include <string.h>
+!
+! #include <nss.h>
+! #include <pk11func.h>
+! #include <hasht.h>
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/xmltree.h>
+! #include <xmlsec/keys.h>
+! #include <xmlsec/transforms.h>
+! #include <xmlsec/errors.h>
+!
+! #include <xmlsec/nss/crypto.h>
+! #include <xmlsec/nss/ciphers.h>
+!
+! #define XMLSEC_NSS_AES128_KEY_SIZE 16
+! #define XMLSEC_NSS_AES192_KEY_SIZE 24
+! #define XMLSEC_NSS_AES256_KEY_SIZE 32
+! #define XMLSEC_NSS_DES3_KEY_SIZE 24
+! #define XMLSEC_NSS_DES3_KEY_LENGTH 24
+! #define XMLSEC_NSS_DES3_IV_LENGTH 8
+! #define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
+!
+! static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
+! 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
+! };
+!
+! /*********************************************************************
+! *
+! * key wrap transforms
+! *
+! ********************************************************************/
+! typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
+! typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
+!
+! #define xmlSecNssKeyWrapSize \
+! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
+!
+! #define xmlSecNssKeyWrapGetCtx( transform ) \
+! ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+!
+! struct _xmlSecNssKeyWrapCtx {
+! CK_MECHANISM_TYPE cipher ;
+! PK11SymKey* symkey ;
+! xmlSecKeyDataId keyId ;
+! xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
+! } ;
+!
+! static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
+! static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
+! static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
+! xmlSecKeyReqPtr keyReq);
+! static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
+! xmlSecKeyPtr key);
+! static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
+! int last,
+! xmlSecTransformCtxPtr transformCtx);
+! static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
+!
+! static int
+! xmlSecNssKeyWrapCheckId(
+! xmlSecTransformPtr transform
+! ) {
+! #ifndef XMLSEC_NO_DES
+! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+! return(1);
+! }
+! #endif /* XMLSEC_NO_DES */
+!
+! #ifndef XMLSEC_NO_AES
+! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
+! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
+! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
+!
+! return(1);
+! }
+! #endif /* XMLSEC_NO_AES */
+!
+! return(0);
+! }
+!
+! static xmlSecSize
+! xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
+! #ifndef XMLSEC_NO_DES
+! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+! return(XMLSEC_NSS_DES3_KEY_SIZE);
+! } else
+! #endif /* XMLSEC_NO_DES */
+!
+! #ifndef XMLSEC_NO_AES
+! if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
+! return(XMLSEC_NSS_AES128_KEY_SIZE);
+! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
+! return(XMLSEC_NSS_AES192_KEY_SIZE);
+! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+! return(XMLSEC_NSS_AES256_KEY_SIZE);
+! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+! return(XMLSEC_NSS_AES256_KEY_SIZE);
+! } else
+! #endif /* XMLSEC_NO_AES */
+!
+! if(1)
+! return(0);
+! }
+!
+!
+! static int
+! xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
+! xmlSecNssKeyWrapCtxPtr context ;
+! int ret;
+!
+! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+!
+! context = xmlSecNssKeyWrapGetCtx( transform ) ;
+! xmlSecAssert2( context != NULL , -1 ) ;
+!
+! #ifndef XMLSEC_NO_DES
+! if( transform->id == xmlSecNssTransformKWDes3Id ) {
+! context->cipher = CKM_DES3_CBC ;
+! context->keyId = xmlSecNssKeyDataDesId ;
+! } else
+! #endif /* XMLSEC_NO_DES */
+!
+! #ifndef XMLSEC_NO_AES
+! if( transform->id == xmlSecNssTransformKWAes128Id ) {
+! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
+! context->cipher = CKM_AES_CBC ;
+! context->keyId = xmlSecNssKeyDataAesId ;
+! } else
+! if( transform->id == xmlSecNssTransformKWAes192Id ) {
+! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
+! context->cipher = CKM_AES_CBC ;
+! context->keyId = xmlSecNssKeyDataAesId ;
+! } else
+! if( transform->id == xmlSecNssTransformKWAes256Id ) {
+! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
+! context->cipher = CKM_AES_CBC ;
+! context->keyId = xmlSecNssKeyDataAesId ;
+! } else
+! #endif /* XMLSEC_NO_AES */
+!
+!
+! if( 1 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+! NULL ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! context->symkey = NULL ;
+! context->material = NULL ;
+!
+! return(0);
+! }
+!
+! static void
+! xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
+! xmlSecNssKeyWrapCtxPtr context ;
+!
+! xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
+! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
+!
+! context = xmlSecNssKeyWrapGetCtx( transform ) ;
+! xmlSecAssert( context != NULL ) ;
+!
+! if( context->symkey != NULL ) {
+! PK11_FreeSymKey( context->symkey ) ;
+! context->symkey = NULL ;
+! }
+!
+! if( context->material != NULL ) {
+! xmlSecBufferDestroy(context->material);
+! context->material = NULL ;
+! }
+! }
+!
+! static int
+! xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+! xmlSecNssKeyWrapCtxPtr context ;
+! xmlSecSize cipherSize = 0 ;
+!
+!
+! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+! xmlSecAssert2(keyReq != NULL, -1);
+!
+! context = xmlSecNssKeyWrapGetCtx( transform ) ;
+! xmlSecAssert2( context != NULL , -1 ) ;
+!
+! keyReq->keyId = context->keyId;
+! keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+! if(transform->operation == xmlSecTransformOperationEncrypt) {
+! keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+! } else {
+! keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+! }
+!
+! keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
+!
+! return(0);
+! }
+!
+! static int
+! xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+! xmlSecNssKeyWrapCtxPtr context = NULL ;
+! xmlSecKeyDataPtr keyData = NULL ;
+! PK11SymKey* symkey = NULL ;
+!
+! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+! xmlSecAssert2(key != NULL, -1);
+!
+! context = xmlSecNssKeyWrapGetCtx( transform ) ;
+! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyWrapGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+!
+! keyData = xmlSecKeyGetValue( key ) ;
+! if( keyData == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+! "xmlSecKeyGetValue" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+! "xmlSecNssSymKeyDataGetKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! context->symkey = symkey ;
+!
+! return(0) ;
+! }
+!
+! /**
+! * key wrap transform
+! */
+! static int
+! xmlSecNssKeyWrapCtxInit(
+! xmlSecNssKeyWrapCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! xmlSecSize blockSize ;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! if( ctx->material != NULL ) {
+! xmlSecBufferDestroy( ctx->material ) ;
+! ctx->material = NULL ;
+! }
+!
+! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_GetBlockSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! ctx->material = xmlSecBufferCreate( blockSize ) ;
+! if( ctx->material == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferCreate" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! /* read raw key material into context */
+! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferSetData" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! return(0);
+! }
+!
+! /**
+! * key wrap transform update
+! */
+! static int
+! xmlSecNssKeyWrapCtxUpdate(
+! xmlSecNssKeyWrapCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( ctx->material != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! /* read raw key material and append into context */
+! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferAppend" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! return(0);
+! }
+!
+! /**
+! * Block cipher transform final
+! */
+! static int
+! xmlSecNssKeyWrapCtxFinal(
+! xmlSecNssKeyWrapCtxPtr ctx ,
+! xmlSecBufferPtr in ,
+! xmlSecBufferPtr out ,
+! int encrypt ,
+! xmlSecTransformCtxPtr transformCtx
+! ) {
+! PK11SymKey* targetKey ;
+! xmlSecSize blockSize ;
+! xmlSecBufferPtr result ;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( ctx->material != NULL , -1 ) ;
+! xmlSecAssert2( in != NULL , -1 ) ;
+! xmlSecAssert2( out != NULL , -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! /* read raw key material and append into context */
+! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferAppend" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferRemoveHead" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! /* Now we get all of the key materail */
+! /* from now on we will wrap or unwrap the key */
+! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_GetBlockSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! result = xmlSecBufferCreate( blockSize ) ;
+! if( result == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferCreate" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! switch( ctx->cipher ) {
+! case CKM_DES3_CBC :
+! if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssKeyWrapDesOp" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+! break ;
+! // case CKM_NETSCAPE_AES_KEY_WRAP :
+! case CKM_AES_CBC :
+! if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecNssKeyWrapAesOp" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+! break ;
+! }
+!
+! /* Write output */
+! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferAppend" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecBufferDestroy(result);
+! return(-1);
+! }
+! xmlSecBufferDestroy(result);
+!
+! return(0);
+! }
+!
+! static int
+! xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
+! xmlSecSize s;
+! xmlSecSize i;
+! xmlSecByte c;
+!
+! xmlSecAssert2(buf != NULL, -1);
+!
+! s = size / 2;
+! --size;
+! for(i = 0; i < s; ++i) {
+! c = buf[i];
+! buf[i] = buf[size - i];
+! buf[size - i] = c;
+! }
+! return(0);
+! }
+!
+! static xmlSecByte *
+! xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
+! xmlSecByte *out, xmlSecSize outSize)
+! {
+! PK11Context *context = NULL;
+! SECStatus s;
+! xmlSecByte *digest = NULL;
+! unsigned int len;
+!
+! xmlSecAssert2(in != NULL, NULL);
+! xmlSecAssert2(out != NULL, NULL);
+! xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
+!
+! /* Create a context for hashing (digesting) */
+! context = PK11_CreateDigestContext(SEC_OID_SHA1);
+! if (context == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_CreateDigestContext",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code = %d", PORT_GetError());
+! goto done;
+! }
+!
+! s = PK11_DigestBegin(context);
+! if (s != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_DigestBegin",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code = %d", PORT_GetError());
+! goto done;
+! }
+!
+! s = PK11_DigestOp(context, in, inSize);
+! if (s != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_DigestOp",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code = %d", PORT_GetError());
+! goto done;
+! }
+!
+! s = PK11_DigestFinal(context, out, &len, outSize);
+! if (s != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_DigestFinal",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code = %d", PORT_GetError());
+! goto done;
+! }
+! xmlSecAssert2(len == SHA1_LENGTH, NULL);
+!
+! digest = out;
+!
+! done:
+! if (context != NULL) {
+! PK11_DestroyContext(context, PR_TRUE);
+! }
+! return (digest);
+! }
+!
+! static int
+! xmlSecNssKWDes3Encrypt(
+! PK11SymKey* symKey ,
+! CK_MECHANISM_TYPE cipherMech ,
+! const xmlSecByte* iv ,
+! xmlSecSize ivSize ,
+! const xmlSecByte* in ,
+! xmlSecSize inSize ,
+! xmlSecByte* out ,
+! xmlSecSize outSize ,
+! int enc
+! ) {
+! PK11Context* EncContext = NULL;
+! SECItem ivItem ;
+! SECItem* secParam = NULL ;
+! int tmp1_outlen;
+! unsigned int tmp2_outlen;
+! int result_len = -1;
+! SECStatus rv;
+!
+! xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( symKey != NULL , -1 ) ;
+! xmlSecAssert2(iv != NULL, -1);
+! xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
+! xmlSecAssert2(in != NULL, -1);
+! xmlSecAssert2(inSize > 0, -1);
+! xmlSecAssert2(out != NULL, -1);
+! xmlSecAssert2(outSize >= inSize, -1);
+!
+! /* Prepare IV */
+! ivItem.data = ( unsigned char* )iv ;
+! ivItem.len = ivSize ;
+!
+! secParam = PK11_ParamFromIV(cipherMech, &ivItem);
+! if (secParam == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_ParamFromIV",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "Error code = %d", PORT_GetError());
+! goto done;
+! }
+!
+! EncContext = PK11_CreateContextBySymKey(cipherMech,
+! enc ? CKA_ENCRYPT : CKA_DECRYPT,
+! symKey, secParam);
+! if (EncContext == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_CreateContextBySymKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "Error code = %d", PORT_GetError());
+! goto done;
+! }
+!
+! tmp1_outlen = tmp2_outlen = 0;
+! rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
+! (unsigned char *)in, inSize);
+! if (rv != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_CipherOp",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "Error code = %d", PORT_GetError());
+! goto done;
+! }
+!
+! rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
+! &tmp2_outlen, outSize-tmp1_outlen);
+! if (rv != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_DigestFinal",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "Error code = %d", PORT_GetError());
+! goto done;
+! }
+!
+! result_len = tmp1_outlen + tmp2_outlen;
+!
+! done:
+! if (secParam) {
+! SECITEM_FreeItem(secParam, PR_TRUE);
+! }
+! if (EncContext) {
+! PK11_DestroyContext(EncContext, PR_TRUE);
+! }
+!
+! return(result_len);
+! }
+!
+! static int
+! xmlSecNssKeyWrapDesOp(
+! xmlSecNssKeyWrapCtxPtr ctx ,
+! int encrypt ,
+! xmlSecBufferPtr result
+! ) {
+! xmlSecByte sha1[SHA1_LENGTH];
+! xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
+! xmlSecByte* in;
+! xmlSecSize inSize;
+! xmlSecByte* out;
+! xmlSecSize outSize;
+! xmlSecSize s;
+! int ret;
+! SECStatus status;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( ctx->material != NULL , -1 ) ;
+! xmlSecAssert2( result != NULL , -1 ) ;
+!
+! in = xmlSecBufferGetData(ctx->material);
+! inSize = xmlSecBufferGetSize(ctx->material) ;
+! out = xmlSecBufferGetData(result);
+! outSize = xmlSecBufferGetMaxSize(result) ;
+! if( encrypt ) {
+! /* step 2: calculate sha1 and CMS */
+! if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssComputeSHA1",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! /* step 3: construct WKCKS */
+! memcpy(out, in, inSize);
+! memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
+!
+! /* step 4: generate random iv */
+! status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
+! if(status != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PK11_GenerateRandom",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code = %d", PORT_GetError());
+! return(-1);
+! }
+!
+! /* step 5: first encryption, result is TEMP1 */
+! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+! iv, XMLSEC_NSS_DES3_IV_LENGTH,
+! out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
+! out, outSize, 1);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKWDes3Encrypt",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! /* step 6: construct TEMP2=IV || TEMP1 */
+! memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
+! inSize + XMLSEC_NSS_DES3_IV_LENGTH);
+! memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
+! s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
+!
+! /* step 7: reverse octets order, result is TEMP3 */
+! ret = xmlSecNssKWDes3BufferReverse(out, s);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKWDes3BufferReverse",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! /* step 8: second encryption with static IV */
+! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+! out, s,
+! out, outSize, 1);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKWDes3Encrypt",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! s = ret;
+!
+! if( xmlSecBufferSetSize( result , s ) < 0 ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBufferSetSize",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! } else {
+! /* step 2: first decryption with static IV, result is TEMP3 */
+! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+! in, inSize,
+! out, outSize, 0);
+! if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKWDes3Encrypt",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! s = ret;
+!
+! /* step 3: reverse octets order in TEMP3, result is TEMP2 */
+! ret = xmlSecNssKWDes3BufferReverse(out, s);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKWDes3BufferReverse",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
+! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+! out, XMLSEC_NSS_DES3_IV_LENGTH,
+! out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
+! out, outSize, 0);
+! if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssKWDes3Encrypt",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
+!
+! /* steps 6 and 7: calculate SHA1 and validate it */
+! if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssComputeSHA1",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "SHA1 does not match");
+! return(-1);
+! }
+!
+! if( xmlSecBufferSetSize( result , s ) < 0 ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBufferSetSize",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! }
+!
+! return(0);
+! }
+!
+! static int
+! xmlSecNssKeyWrapAesOp(
+! xmlSecNssKeyWrapCtxPtr ctx ,
+! int encrypt ,
+! xmlSecBufferPtr result
+! ) {
+! PK11Context* cipherCtx = NULL;
+! SECItem ivItem ;
+! SECItem* secParam = NULL ;
+! xmlSecSize inSize ;
+! xmlSecSize inBlocks ;
+! int blockSize ;
+! int midSize ;
+! int finSize ;
+! xmlSecByte* out ;
+! xmlSecSize outSize;
+!
+! xmlSecAssert2( ctx != NULL , -1 ) ;
+! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+! xmlSecAssert2( ctx->material != NULL , -1 ) ;
+! xmlSecAssert2( result != NULL , -1 ) ;
+!
+! /* Do not set any IV */
+! memset(&ivItem, 0, sizeof(ivItem));
+!
+! /* Get block size */
+! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_GetBlockSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! inSize = xmlSecBufferGetSize( ctx->material ) ;
+! if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferSetMaxSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! /* Get Param for context initialization */
+! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_ParamFromIV" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
+! if( cipherCtx == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_CreateContextBySymKey" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! SECITEM_FreeItem( secParam , PR_TRUE ) ;
+! return(-1);
+! }
+!
+! out = xmlSecBufferGetData(result) ;
+! outSize = xmlSecBufferGetMaxSize(result) ;
+! if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_CipherOp" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "PK11_DigestFinal" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! "xmlSecBufferSetSize" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! return 0 ;
+! }
+!
+! static int
+! xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+! xmlSecNssKeyWrapCtxPtr context = NULL ;
+! xmlSecBufferPtr inBuf, outBuf ;
+! int operation ;
+! int rtv ;
+!
+! xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
+! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
+! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+! xmlSecAssert2( transformCtx != NULL , -1 ) ;
+!
+! context = xmlSecNssKeyWrapGetCtx( transform ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyWrapGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! inBuf = &( transform->inBuf ) ;
+! outBuf = &( transform->outBuf ) ;
+!
+! if( transform->status == xmlSecTransformStatusNone ) {
+! transform->status = xmlSecTransformStatusWorking ;
+! }
+!
+! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+! if( transform->status == xmlSecTransformStatusWorking ) {
+! if( context->material == NULL ) {
+! rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyWrapCtxInit" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! }
+!
+! if( context->material == NULL && last != 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "No enough data to intialize transform" ) ;
+! return(-1);
+! }
+!
+! if( context->material != NULL ) {
+! rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyWrapCtxUpdate" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! }
+!
+! if( last ) {
+! rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
+! if( rtv < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! "xmlSecNssKeyWrapCtxFinal" ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! transform->status = xmlSecTransformStatusFinished ;
+! }
+! } else if( transform->status == xmlSecTransformStatusFinished ) {
+! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "status=%d", transform->status ) ;
+! return(-1);
+! }
+! } else {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+! NULL ,
+! XMLSEC_ERRORS_R_INVALID_STATUS ,
+! "status=%d", transform->status ) ;
+! return(-1);
+! }
+!
+! return(0);
+! }
+!
+! #ifndef XMLSEC_NO_AES
+!
+!
+! static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+!
+! xmlSecNameKWAes128, /* const xmlChar* name; */
+! xmlSecHrefKWAes128, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+!
+! static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+!
+! xmlSecNameKWAes192, /* const xmlChar* name; */
+! xmlSecHrefKWAes192, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+!
+! static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+!
+! xmlSecNameKWAes256, /* const xmlChar* name; */
+! xmlSecHrefKWAes256, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+!
+! /**
+! * xmlSecNssTransformKWAes128GetKlass:
+! *
+! * The AES-128 key wrapper transform klass.
+! *
+! * Returns AES-128 key wrapper transform klass.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformKWAes128GetKlass(void) {
+! return(&xmlSecNssKWAes128Klass);
+! }
+!
+! /**
+! * xmlSecNssTransformKWAes192GetKlass:
+! *
+! * The AES-192 key wrapper transform klass.
+! *
+! * Returns AES-192 key wrapper transform klass.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformKWAes192GetKlass(void) {
+! return(&xmlSecNssKWAes192Klass);
+! }
+!
+! /**
+! *
+! * The AES-256 key wrapper transform klass.
+! *
+! * Returns AES-256 key wrapper transform klass.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformKWAes256GetKlass(void) {
+! return(&xmlSecNssKWAes256Klass);
+! }
+!
+! #endif /* XMLSEC_NO_AES */
+!
+!
+! #ifndef XMLSEC_NO_DES
+!
+! static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+! /* klass/object sizes */
+! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+!
+! xmlSecNameKWDes3, /* const xmlChar* name; */
+! xmlSecHrefKWDes3, /* const xmlChar* href; */
+! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+!
+! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+! NULL, /* xmlSecTransformNodeReadMethod readNode; */
+! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+! NULL, /* xmlSecTransformValidateMethod validate; */
+! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+! NULL, /* xmlSecTransformPopXmlMethod popXml; */
+! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+!
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+! };
+!
+! /**
+! * xmlSecNssTransformKWDes3GetKlass:
+! *
+! * The Triple DES key wrapper transform klass.
+! *
+! * Returns Triple DES key wrapper transform klass.
+! */
+! xmlSecTransformId
+! xmlSecNssTransformKWDes3GetKlass(void) {
+! return(&xmlSecNssKWDes3Klass);
+! }
+!
+! #endif /* XMLSEC_NO_DES */
+!
+*** misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 17:43:03.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 20,40 ****
+ $(NULL)
+
+ libxmlsec1_nss_la_SOURCES =\
+ app.c \
+ bignum.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ pkikeys.c \
+ signatures.c \
+ symkeys.c \
+ x509.c \
+ x509vfy.c \
+- keysstore.c \
+- kt_rsa.c \
+- kw_des.c \
+- kw_aes.c \
+ $(NULL)
+
+ libxmlsec1_nss_la_LIBADD = \
+--- 20,41 ----
+ $(NULL)
+
+ libxmlsec1_nss_la_SOURCES =\
++ akmngr.c \
+ app.c \
+ bignum.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
++ keysstore.c \
++ keytrans.c \
++ keywrapers.c \
+ pkikeys.c \
+ signatures.c \
+ symkeys.c \
++ tokens.c \
+ x509.c \
+ x509vfy.c \
+ $(NULL)
+
+ libxmlsec1_nss_la_LIBADD = \
+*** misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 14:00:32.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2005-02-23 11:06:38.000000000 +0800
+***************
+*** 54,62 ****
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ am__objects_1 =
+! am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \
+ digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
+! x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \
+ $(am__objects_1)
+ libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
+ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+--- 54,62 ----
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ am__objects_1 =
+! am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \
+ digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
+! x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \
+ $(am__objects_1)
+ libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
+ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+***************
+*** 65,75 ****
+ @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
+! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \
+! @AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
+! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo
+ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
+--- 65,75 ----
+ @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
+! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \
+! @AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
+ @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
+! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo
+ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
+***************
+*** 321,341 ****
+ $(NULL)
+
+ libxmlsec1_nss_la_SOURCES = \
+ app.c \
+ bignum.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ pkikeys.c \
+ signatures.c \
+ symkeys.c \
+ x509.c \
+ x509vfy.c \
+- keysstore.c \
+- kt_rsa.c \
+- kw_des.c \
+- kw_aes.c \
+ $(NULL)
+
+ libxmlsec1_nss_la_LIBADD = \
+--- 321,342 ----
+ $(NULL)
+
+ libxmlsec1_nss_la_SOURCES = \
++ akmngr.c \
+ app.c \
+ bignum.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
++ keysstore.c \
++ keytrans.c \
++ keywrappers.c \
+ pkikeys.c \
+ signatures.c \
+ symkeys.c \
++ tokens.c \
+ x509.c \
+ x509vfy.c \
+ $(NULL)
+
+ libxmlsec1_nss_la_LIBADD = \
+***************
+*** 418,423 ****
+--- 419,425 ----
+ distclean-compile:
+ -rm -f *.tab.c
+
++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@
+***************
+*** 425,433 ****
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
+! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@
+! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@
+! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
+--- 427,435 ----
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
+! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@
+! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@
+! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
+*** misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 13:06:45.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 5,10 ****
+--- 5,11 ----
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
++ * Copyright ...........................
+ */
+ #include "globals.h"
+
+***************
+*** 24,29 ****
+--- 25,31 ----
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/bignum.h>
+ #include <xmlsec/nss/pkikeys.h>
++ #include <xmlsec/nss/tokens.h>
+
+ /**************************************************************************
+ *
+***************
+*** 98,111 ****
+ {
+ xmlSecAssert(ctx != NULL);
+ if (ctx->privkey != NULL) {
+! SECKEY_DestroyPrivateKey(ctx->privkey);
+! ctx->privkey = NULL;
+ }
+
+! if (ctx->pubkey)
+! {
+! SECKEY_DestroyPublicKey(ctx->pubkey);
+! ctx->pubkey = NULL;
+ }
+
+ }
+--- 100,112 ----
+ {
+ xmlSecAssert(ctx != NULL);
+ if (ctx->privkey != NULL) {
+! SECKEY_DestroyPrivateKey(ctx->privkey);
+! ctx->privkey = NULL;
+ }
+
+! if (ctx->pubkey) {
+! SECKEY_DestroyPublicKey(ctx->pubkey);
+! ctx->pubkey = NULL;
+ }
+
+ }
+***************
+*** 115,143 ****
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc)
+ {
+ xmlSecNSSPKIKeyDataCtxFree(ctxDst);
+ if (ctxSrc->privkey != NULL) {
+! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
+! if(ctxDst->privkey == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SECKEY_CopyPrivateKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+ }
+
+ if (ctxSrc->pubkey != NULL) {
+! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
+! if(ctxDst->pubkey == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SECKEY_CopyPublicKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+ }
+ return (0);
+ }
+
+--- 116,147 ----
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc)
+ {
+ xmlSecNSSPKIKeyDataCtxFree(ctxDst);
++ ctxDst->privkey = NULL ;
++ ctxDst->pubkey = NULL ;
+ if (ctxSrc->privkey != NULL) {
+! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
+! if(ctxDst->privkey == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SECKEY_CopyPrivateKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+! return(-1);
+! }
+ }
+
+ if (ctxSrc->pubkey != NULL) {
+! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
+! if(ctxDst->pubkey == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SECKEY_CopyPublicKey",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+! return(-1);
+! }
+ }
++
+ return (0);
+ }
+
+***************
+*** 147,166 ****
+ SECKEYPublicKey *pubkey)
+ {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if (ctx->privkey) {
+! SECKEY_DestroyPrivateKey(ctx->privkey);
+ }
+ ctx->privkey = privkey;
+
+ if (ctx->pubkey) {
+! SECKEY_DestroyPublicKey(ctx->pubkey);
+ }
+ ctx->pubkey = pubkey;
+
+--- 151,191 ----
+ SECKEYPublicKey *pubkey)
+ {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
++ KeyType pubType = nullKey ;
++ KeyType priType = nullKey ;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
+
++ if( privkey != NULL ) {
++ priType = SECKEY_GetPrivateKeyType( privkey ) ;
++ }
++
++ if( pubkey != NULL ) {
++ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
++ }
++
++ if( priType != nullKey && pubType != nullKey ) {
++ if( pubType != priType ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "different type of private and public key" ) ;
++ return -1 ;
++ }
++ }
++
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if (ctx->privkey) {
+! SECKEY_DestroyPrivateKey(ctx->privkey);
+ }
+ ctx->privkey = privkey;
+
+ if (ctx->pubkey) {
+! SECKEY_DestroyPublicKey(ctx->pubkey);
+ }
+ ctx->pubkey = pubkey;
+
+***************
+*** 183,243 ****
+ {
+ xmlSecKeyDataPtr data = NULL;
+ int ret;
+! KeyType kt;
+!
+! if (pubkey != NULL) {
+! kt = SECKEY_GetPublicKeyType(pubkey);
+! } else {
+! kt = SECKEY_GetPrivateKeyType(privkey);
+! pubkey = SECKEY_ConvertToPublicKey(privkey);
+! }
+
+! switch(kt) {
+ #ifndef XMLSEC_NO_RSA
+ case rsaKey:
+! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
+! if(data == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeyDataCreate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "xmlSecNssKeyDataRsaId");
+! return(NULL);
+! }
+! break;
+ #endif /* XMLSEC_NO_RSA */
+ #ifndef XMLSEC_NO_DSA
+ case dsaKey:
+! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
+! if(data == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeyDataCreate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "xmlSecNssKeyDataDsaId");
+! return(NULL);
+! }
+! break;
+ #endif /* XMLSEC_NO_DSA */
+ default:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+! "PKI key type %d not supported", kt);
+! return(NULL);
+ }
+
+ xmlSecAssert2(data != NULL, NULL);
+ ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
+ if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyDataDestroy(data);
+! return(NULL);
+ }
+ return(data);
+ }
+--- 208,282 ----
+ {
+ xmlSecKeyDataPtr data = NULL;
+ int ret;
+! KeyType pubType = nullKey ;
+! KeyType priType = nullKey ;
+
+! if( privkey != NULL ) {
+! priType = SECKEY_GetPrivateKeyType( privkey ) ;
+! }
+!
+! if( pubkey != NULL ) {
+! pubType = SECKEY_GetPublicKeyType( pubkey ) ;
+! }
+!
+! if( priType != nullKey && pubType != nullKey ) {
+! if( pubType != priType ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! "different type of private and public key" ) ;
+! return( NULL ) ;
+! }
+! }
+!
+! pubType = priType != nullKey ? priType : pubType ;
+! switch(pubType) {
+ #ifndef XMLSEC_NO_RSA
+ case rsaKey:
+! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
+! if(data == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeyDataCreate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "xmlSecNssKeyDataRsaId");
+! return(NULL);
+! }
+! break;
+ #endif /* XMLSEC_NO_RSA */
+ #ifndef XMLSEC_NO_DSA
+ case dsaKey:
+! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
+! if(data == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecKeyDataCreate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "xmlSecNssKeyDataDsaId");
+! return(NULL);
+! }
+! break;
+ #endif /* XMLSEC_NO_DSA */
+ default:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+! "PKI key type %d not supported", pubType);
+! return(NULL);
+ }
+
+ xmlSecAssert2(data != NULL, NULL);
+ ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
+ if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyDataDestroy(data);
+! return(NULL);
+ }
+ return(data);
+ }
+***************
+*** 263,269 ****
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->pubkey != NULL, NULL);
+
+! ret = SECKEY_CopyPublicKey(ctx->pubkey);
+ return(ret);
+ }
+
+--- 302,308 ----
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->pubkey != NULL, NULL);
+
+! ret = SECKEY_CopyPublicKey(ctx->pubkey);
+ return(ret);
+ }
+
+***************
+*** 312,320 ****
+ xmlSecAssert2(ctx != NULL, nullKey);
+
+ if (ctx->pubkey != NULL) {
+! kt = SECKEY_GetPublicKeyType(ctx->pubkey);
+ } else {
+! kt = SECKEY_GetPrivateKeyType(ctx->privkey);
+ }
+ return(kt);
+ }
+--- 351,359 ----
+ xmlSecAssert2(ctx != NULL, nullKey);
+
+ if (ctx->pubkey != NULL) {
+! kt = SECKEY_GetPublicKeyType(ctx->pubkey);
+ } else {
+! kt = SECKEY_GetPrivateKeyType(ctx->privkey);
+ }
+ return(kt);
+ }
+***************
+*** 553,565 ****
+ goto done;
+ }
+
+! slot = PK11_GetBestSlot(CKM_DSA, NULL);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+--- 592,604 ----
+ goto done;
+ }
+
+! slot = xmlSecNssSlotGet(CKM_DSA);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+***************
+*** 570,576 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+--- 609,615 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+***************
+*** 582,588 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_ArenaZAlloc",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ PORT_FreeArena(arena, PR_FALSE);
+ ret = -1;
+ goto done;
+--- 621,627 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_ArenaZAlloc",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ PORT_FreeArena(arena, PR_FALSE);
+ ret = -1;
+ goto done;
+***************
+*** 750,770 ****
+ goto done;
+ }
+ data = NULL;
+-
+ ret = 0;
+
+ done:
+ if (slot != NULL) {
+! PK11_FreeSlot(slot);
+ }
+! if (ret != 0) {
+! if (pubkey != NULL) {
+! SECKEY_DestroyPublicKey(pubkey);
+! }
+! if (data != NULL) {
+! xmlSecKeyDataDestroy(data);
+! }
+ }
+ return(ret);
+ }
+
+--- 789,809 ----
+ goto done;
+ }
+ data = NULL;
+ ret = 0;
+
+ done:
+ if (slot != NULL) {
+! PK11_FreeSlot(slot);
+ }
+!
+! if (pubkey != NULL) {
+! SECKEY_DestroyPublicKey(pubkey);
+! }
+!
+! if (data != NULL) {
+! xmlSecKeyDataDestroy(data);
+ }
++
+ return(ret);
+ }
+
+***************
+*** 783,789 ****
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+--- 822,828 ----
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+***************
+*** 905,911 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_ParamGen",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "size=%d", sizeBits);
+ goto done;
+ }
+
+--- 944,951 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_ParamGen",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "size=%d, error code=%d", sizeBits, PORT_GetError());
+! ret = -1;
+ goto done;
+ }
+
+***************
+*** 915,925 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_VerifyParams",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "size=%d", sizeBits);
+ goto done;
+ }
+
+! slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+--- 955,966 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_VerifyParams",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "size=%d, error code=%d", sizeBits, PORT_GetError());
+! ret = -1;
+ goto done;
+ }
+
+! slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+***************
+*** 929,936 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+
+ goto done;
+ }
+
+--- 970,978 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+
++ ret = -1;
+ goto done;
+ }
+
+***************
+*** 943,971 ****
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+!
+ ret = 0;
+
+ done:
+ if (slot != NULL) {
+! PK11_FreeSlot(slot);
+ }
+ if (pqgParams != NULL) {
+! PK11_PQG_DestroyParams(pqgParams);
+ }
+ if (pqgVerify != NULL) {
+! PK11_PQG_DestroyVerify(pqgVerify);
+! }
+! if (ret == 0) {
+! return (0);
+ }
+ if (pubkey != NULL) {
+! SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (privkey != NULL) {
+! SECKEY_DestroyPrivateKey(privkey);
+ }
+! return(-1);
+ }
+
+ static xmlSecKeyDataType
+--- 985,1016 ----
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+! privkey = NULL ;
+! pubkey = NULL ;
+ ret = 0;
+
+ done:
+ if (slot != NULL) {
+! PK11_FreeSlot(slot);
+ }
++
+ if (pqgParams != NULL) {
+! PK11_PQG_DestroyParams(pqgParams);
+ }
++
+ if (pqgVerify != NULL) {
+! PK11_PQG_DestroyVerify(pqgVerify);
+ }
++
+ if (pubkey != NULL) {
+! SECKEY_DestroyPublicKey(pubkey);
+ }
++
+ if (privkey != NULL) {
+! SECKEY_DestroyPrivateKey(privkey);
+ }
+!
+! return(ret);
+ }
+
+ static xmlSecKeyDataType
+***************
+*** 975,985 ****
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+ if (ctx->privkey != NULL) {
+! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+! } else {
+! return(xmlSecKeyDataTypePublic);
+ }
+
+ return(xmlSecKeyDataTypeUnknown);
+--- 1020,1030 ----
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+ if (ctx->privkey != NULL) {
+! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+! } else if( ctx->pubkey != NULL ) {
+! return(xmlSecKeyDataTypePublic);
+ }
+
+ return(xmlSecKeyDataTypeUnknown);
+***************
+*** 992,998 ****
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+--- 1037,1043 ----
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+***************
+*** 1181,1193 ****
+ goto done;
+ }
+
+! slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+--- 1226,1238 ----
+ goto done;
+ }
+
+! slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+***************
+*** 1198,1204 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+--- 1243,1249 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+***************
+*** 1210,1216 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_ArenaZAlloc",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ PORT_FreeArena(arena, PR_FALSE);
+ ret = -1;
+ goto done;
+--- 1255,1261 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_ArenaZAlloc",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ PORT_FreeArena(arena, PR_FALSE);
+ ret = -1;
+ goto done;
+***************
+*** 1349,1355 ****
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+--- 1394,1400 ----
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+***************
+*** 1420,1426 ****
+ params.keySizeInBits = sizeBits;
+ params.pe = 65537;
+
+! slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+--- 1465,1471 ----
+ params.keySizeInBits = sizeBits;
+ params.pe = 65537;
+
+! slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+***************
+*** 1430,1436 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+
+ goto done;
+ }
+--- 1475,1481 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+
+ goto done;
+ }
+***************
+*** 1472,1478 ****
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+ if (ctx->privkey != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+--- 1517,1523 ----
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+ if (ctx->privkey != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+***************
+*** 1490,1496 ****
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+--- 1535,1541 ----
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+*** misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 08:58:15.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 199,205 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_NewContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+--- 199,205 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_NewContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+***************
+*** 222,228 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_CreateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+--- 222,228 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_CreateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+***************
+*** 282,288 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Update, VFY_End",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+
+ if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+--- 282,288 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Update, VFY_End",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+
+ if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+***************
+*** 341,347 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+--- 341,347 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+***************
+*** 351,357 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+--- 351,357 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+***************
+*** 368,374 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+--- 368,374 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+***************
+*** 378,384 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+--- 378,384 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+***************
+*** 404,410 ****
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_End",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 404,410 ----
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_End",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+*** misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 11:12:52.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 15,192 ****
+ #include <stdio.h>
+ #include <string.h>
+
+ #include <xmlsec/xmlsec.h>
+ #include <xmlsec/xmltree.h>
+ #include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
+
+ /*****************************************************************************
+ *
+! * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
+! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+! xmlSecKeyDataPtr src);
+! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
+! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! xmlNodePtr node,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! xmlNodePtr node,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! const xmlSecByte* buf,
+! xmlSecSize bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! xmlSecByte** buf,
+! xmlSecSize* bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
+! xmlSecSize sizeBits,
+! xmlSecKeyDataType type);
+!
+! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
+! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
+! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+! FILE* output);
+! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+! FILE* output);
+! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+ #define xmlSecNssSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecNssSymKeyDataKlassCheck((data)->id))
+
+ static int
+ xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+!
+! return(xmlSecKeyDataBinaryValueInitialize(data));
+ }
+
+ static int
+ xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+!
+! return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+ }
+
+ static void
+ xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+!
+! xmlSecKeyDataBinaryValueFinalize(data);
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+! return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+! return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! const xmlSecByte* buf, xmlSecSize bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx) {
+! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+! return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! xmlSecByte** buf, xmlSecSize* bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+! return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+ }
+
+ static int
+ xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+! xmlSecBufferPtr buffer;
+!
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+! buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+! xmlSecAssert2(buffer != NULL, -1);
+!
+! return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
+ }
+
+ static xmlSecKeyDataType
+ xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
+! xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+! buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+! xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+! return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+ }
+
+ static xmlSecSize
+ xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
+!
+! return(xmlSecKeyDataBinaryValueGetSize(data));
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+! xmlSecKeyDataBinaryValueDebugDump(data, output);
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+! xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+ }
+
+ static int
+ xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+ #ifndef XMLSEC_NO_DES
+ if(klass == xmlSecNssKeyDataDesId) {
+! return(1);
+ }
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if(klass == xmlSecNssKeyDataAesId) {
+! return(1);
+ }
+ #endif /* XMLSEC_NO_AES */
+
+ #ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecNssKeyDataHmacId) {
+! return(1);
+ }
+ #endif /* XMLSEC_NO_HMAC */
+
+--- 15,851 ----
+ #include <stdio.h>
+ #include <string.h>
+
++ #include <pk11func.h>
++ #include <nss.h>
++
+ #include <xmlsec/xmlsec.h>
+ #include <xmlsec/xmltree.h>
++ #include <xmlsec/base64.h>
+ #include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
++ #include <xmlsec/nss/ciphers.h>
++ #include <xmlsec/nss/tokens.h>
+
+ /*****************************************************************************
+ *
+! * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
+ *
+ ****************************************************************************/
+! typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
+! typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
+!
+! struct _xmlSecNssSymKeyDataCtx {
+! CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
+! PK11SlotInfo* slot ; /* the key resident slot */
+! PK11SymKey* symkey ; /* the symmetic key */
+! } ;
+!
+! #define xmlSecNssSymKeyDataSize \
+! ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
+!
+! #define xmlSecNssSymKeyDataGetCtx( data ) \
+! ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
+!
+!
+! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
+! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+! xmlSecKeyDataPtr src);
+! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
+! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! xmlNodePtr node,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! xmlNodePtr node,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! const xmlSecByte* buf,
+! xmlSecSize bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
+! xmlSecKeyPtr key,
+! xmlSecByte** buf,
+! xmlSecSize* bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx);
+! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
+! xmlSecSize sizeBits,
+! xmlSecKeyDataType type);
+!
+! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
+! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
+! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+! FILE* output);
+! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+! FILE* output);
+! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+ #define xmlSecNssSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecNssSymKeyDataKlassCheck((data)->id))
+
++ /**
++ * xmlSecNssSymKeyDataAdoptKey:
++ * @data: the pointer to symmetric key data.
++ * @symkey: the symmetric key
++ *
++ * Set the value of symmetric key data.
++ *
++ * Returns 0 on success or a negative value if an error occurs.
++ */
++ int
++ xmlSecNssSymKeyDataAdoptKey(
++ xmlSecKeyDataPtr data ,
++ PK11SymKey* symkey
++ ) {
++ xmlSecNssSymKeyDataCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
++ xmlSecAssert2( symkey != NULL, -1 ) ;
++
++ context = xmlSecNssSymKeyDataGetCtx( data ) ;
++ xmlSecAssert2(context != NULL, -1);
++
++ context->cipher = PK11_GetMechanism( symkey ) ;
++
++ if( context->slot != NULL ) {
++ PK11_FreeSlot( context->slot ) ;
++ context->slot = NULL ;
++ }
++ context->slot = PK11_GetSlotFromKey( symkey ) ;
++
++ if( context->symkey != NULL ) {
++ PK11_FreeSymKey( context->symkey ) ;
++ context->symkey = NULL ;
++ }
++ context->symkey = PK11_ReferenceSymKey( symkey ) ;
++
++ return 0 ;
++ }
++
++ xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
++ PK11SymKey* symKey
++ ) {
++ xmlSecKeyDataPtr data = NULL ;
++ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
++
++ xmlSecAssert2( symKey != NULL , NULL ) ;
++
++ mechanism = PK11_GetMechanism( symKey ) ;
++ switch( mechanism ) {
++ case CKM_DES3_KEY_GEN :
++ case CKM_DES3_CBC :
++ case CKM_DES3_MAC :
++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyDataCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "xmlSecNssKeyDataDesId" ) ;
++ return NULL ;
++ }
++ break ;
++ case CKM_AES_KEY_GEN :
++ case CKM_AES_CBC :
++ case CKM_AES_MAC :
++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyDataCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "xmlSecNssKeyDataDesId" ) ;
++ return NULL ;
++ }
++ break ;
++ default :
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "Unsupported mechanism" ) ;
++ return NULL ;
++ }
++
++ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataAdoptKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyDataDestroy( data ) ;
++ return NULL ;
++ }
++
++ return data ;
++ }
++
++
++ PK11SymKey*
++ xmlSecNssSymKeyDataGetKey(
++ xmlSecKeyDataPtr data
++ ) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ PK11SymKey* symkey ;
++
++ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, NULL);
++
++ if( ctx->symkey != NULL ) {
++ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
++ } else {
++ symkey = NULL ;
++ }
++
++ return(symkey);
++ }
++
+ static int
+ xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+! xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
+!
+! ctx = xmlSecNssSymKeyDataGetCtx(data);
+! xmlSecAssert2(ctx != NULL, -1);
+!
+! memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
+!
+! /* Set the block cipher mechanism */
+! #ifndef XMLSEC_NO_DES
+! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
+! ctx->cipher = CKM_DES3_KEY_GEN;
+! } else
+! #endif /* XMLSEC_NO_DES */
+!
+! #ifndef XMLSEC_NO_AES
+! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
+! ctx->cipher = CKM_AES_KEY_GEN;
+! } else
+! #endif /* XMLSEC_NO_AES */
+!
+! if(1) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! "Unsupported block cipher" ) ;
+! return(-1) ;
+! }
+!
+! return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
++ xmlSecNssSymKeyDataCtxPtr ctxDst;
++ xmlSecNssSymKeyDataCtxPtr ctxSrc;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+!
+! ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
+! xmlSecAssert2(ctxDst != NULL, -1);
+!
+! ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
+! xmlSecAssert2(ctxSrc != NULL, -1);
+!
+! ctxDst->cipher = ctxSrc->cipher ;
+!
+! if( ctxSrc->slot != NULL ) {
+! if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
+! PK11_FreeSlot( ctxDst->slot ) ;
+! ctxDst->slot = NULL ;
+! }
+!
+! if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
+! ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
+! } else {
+! if( ctxDst->slot != NULL ) {
+! PK11_FreeSlot( ctxDst->slot ) ;
+! ctxDst->slot = NULL ;
+! }
+! }
+!
+! if( ctxSrc->symkey != NULL ) {
+! if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
+! PK11_FreeSymKey( ctxDst->symkey ) ;
+! ctxDst->symkey = NULL ;
+! }
+!
+! if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
+! ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
+! } else {
+! if( ctxDst->symkey != NULL ) {
+! PK11_FreeSymKey( ctxDst->symkey ) ;
+! ctxDst->symkey = NULL ;
+! }
+! }
+!
+! return(0);
+ }
+
+ static void
+ xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+! xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
+!
+! ctx = xmlSecNssSymKeyDataGetCtx(data);
+! xmlSecAssert(ctx != NULL);
+!
+! if( ctx->slot != NULL ) {
+! PK11_FreeSlot( ctx->slot ) ;
+! ctx->slot = NULL ;
+! }
+!
+! if( ctx->symkey != NULL ) {
+! PK11_FreeSymKey( ctx->symkey ) ;
+! ctx->symkey = NULL ;
+! }
+!
+! ctx->cipher = CKM_INVALID_MECHANISM ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+! PK11SymKey* symKey ;
+! PK11SlotInfo* slot ;
+! xmlSecBufferPtr keyBuf;
+! xmlSecSize len;
+! xmlSecKeyDataPtr data;
+! xmlSecNssSymKeyDataCtxPtr ctx;
+! SECItem keyItem ;
+! int ret;
+!
+! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
+! xmlSecAssert2(key != NULL, -1);
+! xmlSecAssert2(node != NULL, -1);
+! xmlSecAssert2(keyInfoCtx != NULL, -1);
+!
+! /* Create a new KeyData from a id */
+! data = xmlSecKeyDataCreate(id);
+! if(data == NULL ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeyDataCreate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! ctx = xmlSecNssSymKeyDataGetCtx(data);
+! xmlSecAssert2(ctx != NULL, -1);
+!
+! /* Create a buffer for raw symmetric key value */
+! if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecBufferCreate" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! /* Read the raw key value */
+! if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecBufferDestroy( keyBuf ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! /* Get slot */
+! slot = xmlSecNssSlotGet(ctx->cipher);
+! if( slot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssSlotGet" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecBufferDestroy( keyBuf ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! /* Wrap the raw key value SECItem */
+! keyItem.type = siBuffer ;
+! keyItem.data = xmlSecBufferGetData( keyBuf ) ;
+! keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
+!
+! /* Import the raw key into slot temporalily and get the key handler*/
+! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
+! if( symKey == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "PK11_ImportSymKey" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! PK11_FreeSlot( slot ) ;
+! xmlSecBufferDestroy( keyBuf ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+! PK11_FreeSlot( slot ) ;
+!
+! /* raw key material has been copied into symKey, it isn't used any more */
+! xmlSecBufferDestroy( keyBuf ) ;
+
+! /* Adopt the symmetric key into key data */
+! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeyDataBinaryValueSetBuffer",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! PK11_FreeSymKey( symKey ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1);
+! }
+! /* symKey has been duplicated into data, it isn't used any more */
+! PK11_FreeSymKey( symKey ) ;
+!
+! /* Check value */
+! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeyReqMatchKeyValue",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyDataDestroy( data ) ;
+! return(0);
+! }
+!
+! ret = xmlSecKeySetValue(key, data);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeySetValue",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1);
+! }
+!
+! return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+! PK11SymKey* symKey ;
+!
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(node != NULL, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Get symmetric key from "key" */
++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
++ if( symKey != NULL ) {
++ SECItem* keyItem ;
++ xmlSecBufferPtr keyBuf ;
++
++ /* Extract raw key data from symmetric key */
++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ExtractKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Get raw key data from "symKey" */
++ keyItem = PK11_GetKeyData( symKey ) ;
++ if(keyItem == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_GetKeyData",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Create key data buffer with raw kwy material */
++ keyBuf = xmlSecBufferCreate(keyItem->len) ;
++ if(keyBuf == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
++
++ /* Write raw key material into current xml node */
++ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferBase64NodeContentWrite",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecBufferDestroy(keyBuf);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++ xmlSecBufferDestroy(keyBuf);
++ PK11_FreeSymKey( symKey ) ;
++ }
+
+! return 0 ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! const xmlSecByte* buf, xmlSecSize bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx) {
+! PK11SymKey* symKey ;
+! PK11SlotInfo* slot ;
+! xmlSecKeyDataPtr data;
+! xmlSecNssSymKeyDataCtxPtr ctx;
+! SECItem keyItem ;
+! int ret;
+
+! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
+! xmlSecAssert2(key != NULL, -1);
+! xmlSecAssert2(buf != NULL, -1);
+! xmlSecAssert2(bufSize != 0, -1);
+! xmlSecAssert2(keyInfoCtx != NULL, -1);
+!
+! /* Create a new KeyData from a id */
+! data = xmlSecKeyDataCreate(id);
+! if(data == NULL ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeyDataCreate",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+!
+! ctx = xmlSecNssSymKeyDataGetCtx(data);
+! xmlSecAssert2(ctx != NULL, -1);
+!
+! /* Get slot */
+! slot = xmlSecNssSlotGet(ctx->cipher);
+! if( slot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssSlotGet" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! /* Wrap the raw key value SECItem */
+! keyItem.type = siBuffer ;
+! keyItem.data = buf ;
+! keyItem.len = bufSize ;
+!
+! /* Import the raw key into slot temporalily and get the key handler*/
+! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
+! if( symKey == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "PK11_ImportSymKey" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSlot( slot ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1) ;
+! }
+!
+! /* Adopt the symmetric key into key data */
+! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeyDataBinaryValueSetBuffer",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSymKey( symKey ) ;
+! PK11_FreeSlot( slot ) ;
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1);
+! }
+! /* symKey has been duplicated into data, it isn't used any more */
+! PK11_FreeSymKey( symKey ) ;
+! PK11_FreeSlot( slot ) ;
+!
+! /* Check value */
+! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeyReqMatchKeyValue",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyDataDestroy( data ) ;
+! return(0);
+! }
+!
+! ret = xmlSecKeySetValue(key, data);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecKeySetValue",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! xmlSecKeyDataDestroy( data ) ;
+! return(-1);
+! }
+!
+! return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+! xmlSecByte** buf, xmlSecSize* bufSize,
+! xmlSecKeyInfoCtxPtr keyInfoCtx) {
+! PK11SymKey* symKey ;
+!
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(buf != NULL, -1);
++ xmlSecAssert2(bufSize != 0, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Get symmetric key from "key" */
++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
++ if( symKey != NULL ) {
++ SECItem* keyItem ;
++
++ /* Extract raw key data from symmetric key */
++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ExtractKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Get raw key data from "symKey" */
++ keyItem = PK11_GetKeyData( symKey ) ;
++ if(keyItem == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_GetKeyData",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ *bufSize = keyItem->len;
++ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
++ if( *buf == NULL ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ NULL,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ memcpy((*buf), keyItem->data, (*bufSize));
++ PK11_FreeSymKey( symKey ) ;
++ }
+
+! return 0 ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+! PK11SymKey* symkey ;
+! PK11SlotInfo* slot ;
+! xmlSecNssSymKeyDataCtxPtr ctx;
+! int ret;
+!
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+! ctx = xmlSecNssSymKeyDataGetCtx(data);
+! xmlSecAssert2(ctx != NULL, -1);
+!
+! if( sizeBits % 8 != 0 ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! NULL,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "Symmetric key size must be octuple");
+! return(-1);
+! }
+!
+! /* Get slot */
+! slot = xmlSecNssSlotGet(ctx->cipher);
+! if( slot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! "xmlSecNssSlotGet" ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1) ;
+! }
+!
+! if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
+! "PK11_Authenticate" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSlot( slot ) ;
+! return -1 ;
+! }
+!
+! symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
+! if( symkey == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
+! "PK11_KeyGen" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSlot( slot ) ;
+! return -1 ;
+! }
+!
+! if( ctx->slot != NULL ) {
+! PK11_FreeSlot( ctx->slot ) ;
+! ctx->slot = NULL ;
+! }
+! ctx->slot = slot ;
+!
+! if( ctx->symkey != NULL ) {
+! PK11_FreeSymKey( ctx->symkey ) ;
+! ctx->symkey = NULL ;
+! }
+! ctx->symkey = symkey ;
+!
+! return 0 ;
+ }
+
+ static xmlSecKeyDataType
+ xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
+! xmlSecNssSymKeyDataCtxPtr context = NULL ;
+! xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
+
+! context = xmlSecNssSymKeyDataGetCtx( data ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
+! "xmlSecNssSymKeyDataGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return xmlSecKeyDataTypeUnknown ;
+! }
+!
+! if( context->symkey != NULL ) {
+! type |= xmlSecKeyDataTypeSymmetric ;
+! } else {
+! type |= xmlSecKeyDataTypeUnknown ;
+! }
+
+! return type ;
+ }
+
+ static xmlSecSize
+ xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr context ;
++ unsigned int length = 0 ;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
+! xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
+!
+! context = xmlSecNssSymKeyDataGetCtx( data ) ;
+! if( context == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
+! "xmlSecNssSymKeyDataGetCtx" ,
+! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return 0 ;
+! }
+!
+! if( context->symkey != NULL ) {
+! length = PK11_GetKeyLength( context->symkey ) ;
+! length *= 8 ;
+! }
+!
+! return length ;
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+! /* print only size, everything else is sensitive */
+! fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
+! xmlSecKeyDataGetSize(data)) ;
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+! /* print only size, everything else is sensitive */
+! fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
+! xmlSecKeyDataGetSize(data)) ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+ #ifndef XMLSEC_NO_DES
+ if(klass == xmlSecNssKeyDataDesId) {
+! return(1);
+ }
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if(klass == xmlSecNssKeyDataAesId) {
+! return(1);
+ }
+ #endif /* XMLSEC_NO_AES */
+
+ #ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecNssKeyDataHmacId) {
+! return(1);
+ }
+ #endif /* XMLSEC_NO_HMAC */
+
+***************
+*** 201,240 ****
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+! xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+! /* xmlSecKeyDataUsage usage; */
+! xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+! xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ /**
+--- 860,899 ----
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+! xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+! /* xmlSecKeyDataUsage usage; */
+! xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+! xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ /**
+***************
+*** 251,259 ****
+
+ /**
+ * xmlSecNssKeyDataAesSet:
+! * @data: the pointer to AES key data.
+! * @buf: the pointer to key value.
+! * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+--- 910,918 ----
+
+ /**
+ * xmlSecNssKeyDataAesSet:
+! * @data: the pointer to AES key data.
+! * @buf: the pointer to key value.
+! * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+***************
+*** 282,321 ****
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+! xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+! /* xmlSecKeyDataUsage usage; */
+! xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+! xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ /**
+--- 941,980 ----
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+! xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+! /* xmlSecKeyDataUsage usage; */
+! xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+! xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ /**
+***************
+*** 332,340 ****
+
+ /**
+ * xmlSecNssKeyDataDesSet:
+! * @data: the pointer to DES key data.
+! * @buf: the pointer to key value.
+! * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+--- 991,999 ----
+
+ /**
+ * xmlSecNssKeyDataDesSet:
+! * @data: the pointer to DES key data.
+! * @buf: the pointer to key value.
+! * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+***************
+*** 364,403 ****
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+! xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+! /* xmlSecKeyDataUsage usage; */
+! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+! xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ /**
+--- 1023,1062 ----
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+! xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+! /* xmlSecKeyDataUsage usage; */
+! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+! xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ /**
+***************
+*** 414,422 ****
+
+ /**
+ * xmlSecNssKeyDataHmacSet:
+! * @data: the pointer to HMAC key data.
+! * @buf: the pointer to key value.
+! * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+--- 1073,1081 ----
+
+ /**
+ * xmlSecNssKeyDataHmacSet:
+! * @data: the pointer to HMAC key data.
+! * @buf: the pointer to key value.
+! * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+*** misc/xmlsec1-1.2.6/src/nss/tokens.c 2005-02-23 11:07:02.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 1 ****
+! dummy
+--- 1,544 ----
+! /**
+! * XMLSec library
+! *
+! * This is free software; see Copyright file in the source
+! * distribution for preciese wording.
+! *
+! * Copyright..................................
+! *
+! * Contributor(s): _____________________________
+! *
+! */
+!
+! /**
+! * In order to ensure that particular crypto operation is performed on
+! * particular crypto device, a subclass of xmlSecList is used to store slot and
+! * mechanism information.
+! *
+! * In the list, a slot is bound with a mechanism. If the mechanism is available,
+! * this mechanism only can perform on the slot; otherwise, it can perform on
+! * every eligibl slot in the list.
+! *
+! * When try to find a slot for a particular mechanism, the slot bound with
+! * avaliable mechanism will be looked up firstly.
+! */
+! #include "globals.h"
+! #include <string.h>
+!
+! #include <xmlsec/xmlsec.h>
+! #include <xmlsec/errors.h>
+! #include <xmlsec/list.h>
+!
+! #include <xmlsec/nss/tokens.h>
+!
+! int
+! xmlSecNssKeySlotSetMechList(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE_PTR mechanismList
+! ) {
+! int counter ;
+!
+! xmlSecAssert2( keySlot != NULL , -1 ) ;
+!
+! if( keySlot->mechanismList != CK_NULL_PTR ) {
+! xmlFree( keySlot->mechanismList ) ;
+!
+! for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+! keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+! if( keySlot->mechanismList == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 );
+! }
+! for( ; counter >= 0 ; counter -- )
+! *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
+! }
+!
+! return( 0 );
+! }
+!
+! int
+! xmlSecNssKeySlotEnableMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE mechanism
+! ) {
+! int counter ;
+! CK_MECHANISM_TYPE_PTR newList ;
+!
+! xmlSecAssert2( keySlot != NULL , -1 ) ;
+!
+! if( mechanism != CKM_INVALID_MECHANISM ) {
+! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+! newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+! if( newList == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 );
+! }
+! *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
+! *( newList + counter ) = mechanism ;
+! for( counter -= 1 ; counter >= 0 ; counter -- )
+! *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
+!
+! xmlFree( keySlot->mechanismList ) ;
+! keySlot->mechanismList = newList ;
+! }
+!
+! return(0);
+! }
+!
+! int
+! xmlSecNssKeySlotDisableMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE mechanism
+! ) {
+! int counter ;
+!
+! xmlSecAssert2( keySlot != NULL , -1 ) ;
+!
+! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+! if( *( keySlot->mechanismList + counter ) == mechanism ) {
+! for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+! *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
+! }
+!
+! break ;
+! }
+! }
+!
+! return(0);
+! }
+!
+! CK_MECHANISM_TYPE_PTR
+! xmlSecNssKeySlotGetMechList(
+! xmlSecNssKeySlotPtr keySlot
+! ) {
+! if( keySlot != NULL )
+! return keySlot->mechanismList ;
+! else
+! return NULL ;
+! }
+!
+! int
+! xmlSecNssKeySlotSetSlot(
+! xmlSecNssKeySlotPtr keySlot ,
+! PK11SlotInfo* slot
+! ) {
+! xmlSecAssert2( keySlot != NULL , -1 ) ;
+!
+! if( slot != NULL && keySlot->slot != slot ) {
+! if( keySlot->slot != NULL )
+! PK11_FreeSlot( keySlot->slot ) ;
+!
+! if( keySlot->mechanismList != NULL ) {
+! xmlFree( keySlot->mechanismList ) ;
+! keySlot->mechanismList = NULL ;
+! }
+!
+! keySlot->slot = PK11_ReferenceSlot( slot ) ;
+! }
+!
+! return(0);
+! }
+!
+! int
+! xmlSecNssKeySlotInitialize(
+! xmlSecNssKeySlotPtr keySlot ,
+! PK11SlotInfo* slot
+! ) {
+! xmlSecAssert2( keySlot != NULL , -1 ) ;
+! xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
+! xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
+!
+! if( slot != NULL ) {
+! keySlot->slot = PK11_ReferenceSlot( slot ) ;
+! }
+!
+! return(0);
+! }
+!
+! void
+! xmlSecNssKeySlotFinalize(
+! xmlSecNssKeySlotPtr keySlot
+! ) {
+! xmlSecAssert( keySlot != NULL ) ;
+!
+! if( keySlot->mechanismList != NULL ) {
+! xmlFree( keySlot->mechanismList ) ;
+! keySlot->mechanismList = NULL ;
+! }
+!
+! if( keySlot->slot != NULL ) {
+! PK11_FreeSlot( keySlot->slot ) ;
+! keySlot->slot = NULL ;
+! }
+!
+! }
+!
+! PK11SlotInfo*
+! xmlSecNssKeySlotGetSlot(
+! xmlSecNssKeySlotPtr keySlot
+! ) {
+! if( keySlot != NULL )
+! return keySlot->slot ;
+! else
+! return NULL ;
+! }
+!
+! xmlSecNssKeySlotPtr
+! xmlSecNssKeySlotCreate() {
+! xmlSecNssKeySlotPtr keySlot ;
+!
+! /* Allocates a new xmlSecNssKeySlot and fill the fields */
+! keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
+! if( keySlot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( NULL );
+! }
+! memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
+!
+! return( keySlot ) ;
+! }
+!
+! int
+! xmlSecNssKeySlotCopy(
+! xmlSecNssKeySlotPtr newKeySlot ,
+! xmlSecNssKeySlotPtr keySlot
+! ) {
+! CK_MECHANISM_TYPE_PTR mech ;
+! int counter ;
+!
+! xmlSecAssert2( newKeySlot != NULL , -1 ) ;
+! xmlSecAssert2( keySlot != NULL , -1 ) ;
+!
+! if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
+! if( newKeySlot->slot != NULL )
+! PK11_FreeSlot( newKeySlot->slot ) ;
+!
+! newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
+! }
+!
+! if( keySlot->mechanismList != CK_NULL_PTR ) {
+! xmlFree( newKeySlot->mechanismList ) ;
+!
+! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+! newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+! if( newKeySlot->mechanismList == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 );
+! }
+! for( ; counter >= 0 ; counter -- )
+! *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
+! }
+!
+! return( 0 );
+! }
+!
+! xmlSecNssKeySlotPtr
+! xmlSecNssKeySlotDuplicate(
+! xmlSecNssKeySlotPtr keySlot
+! ) {
+! xmlSecNssKeySlotPtr newKeySlot ;
+! int ret ;
+!
+! xmlSecAssert2( keySlot != NULL , NULL ) ;
+!
+! newKeySlot = xmlSecNssKeySlotCreate() ;
+! if( newKeySlot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( NULL );
+! }
+!
+! if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( NULL );
+! }
+!
+! return( newKeySlot );
+! }
+!
+! void
+! xmlSecNssKeySlotDestroy(
+! xmlSecNssKeySlotPtr keySlot
+! ) {
+! xmlSecAssert( keySlot != NULL ) ;
+!
+! if( keySlot->mechanismList != NULL )
+! xmlFree( keySlot->mechanismList ) ;
+!
+! if( keySlot->slot != NULL )
+! PK11_FreeSlot( keySlot->slot ) ;
+!
+! xmlFree( keySlot ) ;
+! }
+!
+! int
+! xmlSecNssKeySlotBindMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE type
+! ) {
+! int counter ;
+!
+! xmlSecAssert2( keySlot != NULL , 0 ) ;
+! xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
+! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
+!
+! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+! if( *( keySlot->mechanismList + counter ) == type )
+! return(1) ;
+! }
+!
+! return( 0 ) ;
+! }
+!
+! int
+! xmlSecNssKeySlotSupportMech(
+! xmlSecNssKeySlotPtr keySlot ,
+! CK_MECHANISM_TYPE type
+! ) {
+! xmlSecAssert2( keySlot != NULL , 0 ) ;
+! xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
+! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
+!
+! if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
+! return(1);
+! } else
+! return(0);
+! }
+!
+! void
+! xmlSecNssKeySlotDebugDump(
+! xmlSecNssKeySlotPtr keySlot ,
+! FILE* output
+! ) {
+! xmlSecAssert( keySlot != NULL ) ;
+! xmlSecAssert( output != NULL ) ;
+!
+! fprintf( output, "== KEY SLOT\n" );
+! }
+!
+! void
+! xmlSecNssKeySlotDebugXmlDump(
+! xmlSecNssKeySlotPtr keySlot ,
+! FILE* output
+! ) {
+! }
+!
+! /**
+! * Key Slot List
+! */
+! static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
+! BAD_CAST "mechanism-list",
+! (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
+! (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
+! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
+! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
+! };
+!
+! xmlSecPtrListId
+! xmlSecNssKeySlotListGetKlass(void) {
+! return(&xmlSecNssKeySlotPtrListKlass);
+! }
+!
+!
+! /*-
+! * Global PKCS#11 crypto token repository -- Key slot list
+! */
+! static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
+!
+! PK11SlotInfo*
+! xmlSecNssSlotGet(
+! CK_MECHANISM_TYPE type
+! ) {
+! PK11SlotInfo* slot = NULL ;
+! xmlSecNssKeySlotPtr keySlot ;
+! xmlSecSize ksSize ;
+! xmlSecSize ksPos ;
+! char flag ;
+!
+! if( _xmlSecNssKeySlotList == NULL ) {
+! slot = PK11_GetBestSlot( type , NULL ) ;
+! } else {
+! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
+!
+! /*-
+! * Firstly, checking whether the mechanism is bound with a special slot.
+! * If no bound slot, we try to find the first eligible slot in the list.
+! */
+! for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
+! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
+! if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
+! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
+! flag = 2 ;
+! } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
+! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
+! flag = 1 ;
+! }
+!
+! if( flag == 2 )
+! break ;
+! }
+! if( slot != NULL )
+! slot = PK11_ReferenceSlot( slot ) ;
+! }
+!
+! if( slot != NULL && PK11_NeedLogin( slot ) ) {
+! if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! PK11_FreeSlot( slot ) ;
+! return( NULL );
+! }
+! }
+!
+! return slot ;
+! }
+!
+! int
+! xmlSecNssSlotInitialize(
+! void
+! ) {
+! if( _xmlSecNssKeySlotList != NULL ) {
+! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
+! _xmlSecNssKeySlotList = NULL ;
+! }
+!
+! _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
+! if( _xmlSecNssKeySlotList == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return( -1 );
+! }
+!
+! return(0);
+! }
+!
+! void
+! xmlSecNssSlotShutdown(
+! void
+! ) {
+! if( _xmlSecNssKeySlotList != NULL ) {
+! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
+! _xmlSecNssKeySlotList = NULL ;
+! }
+! }
+!
+! int
+! xmlSecNssSlotAdopt(
+! PK11SlotInfo* slot,
+! CK_MECHANISM_TYPE type
+! ) {
+! xmlSecNssKeySlotPtr keySlot ;
+! xmlSecSize ksSize ;
+! xmlSecSize ksPos ;
+! char flag ;
+!
+! xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
+! xmlSecAssert2( slot != NULL, -1 ) ;
+!
+! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
+!
+! /*-
+! * Firstly, checking whether the slot is in the repository already.
+! */
+! flag = 0 ;
+! for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
+! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
+! /* If find the slot in the list */
+! if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
+! /* If mechnism type is valid, bind the slot with the mechanism */
+! if( type != CKM_INVALID_MECHANISM ) {
+! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+! }
+!
+! flag = 1 ;
+! }
+! }
+!
+! /* If the slot do not in the list, add a new item to the list */
+! if( flag == 0 ) {
+! /* Create a new KeySlot */
+! keySlot = xmlSecNssKeySlotCreate() ;
+! if( keySlot == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return(-1);
+! }
+!
+! /* Initialize the keySlot with a slot */
+! if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecNssKeySlotDestroy( keySlot ) ;
+! return(-1);
+! }
+!
+! /* If mechnism type is valid, bind the slot with the mechanism */
+! if( type != CKM_INVALID_MECHANISM ) {
+! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecNssKeySlotDestroy( keySlot ) ;
+! return(-1);
+! }
+! }
+!
+! /* Add keySlot into the list */
+! if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE ,
+! NULL ,
+! NULL ,
+! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! xmlSecNssKeySlotDestroy( keySlot ) ;
+! return(-1);
+! }
+! }
+!
+! return(0);
+! }
+!
+*** misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 11:53:09.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/x509.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 34,40 ****
+ #include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/keysmngr.h>
+- #include <xmlsec/x509.h>
+ #include <xmlsec/base64.h>
+ #include <xmlsec/errors.h>
+
+--- 34,39 ----
+***************
+*** 61,97 ****
+ static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+- static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+- static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+- static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+- static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+- static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-
+ static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
+ xmlSecSize size);
+ static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
+--- 60,80 ----
+***************
+*** 104,112 ****
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
+ int base64LineWrap);
+- static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
+- static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
+- static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
+ static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
+ FILE* output);
+ static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
+--- 87,92 ----
+***************
+*** 378,384 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_NewCertList",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+--- 358,364 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_NewCertList",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+***************
+*** 389,395 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_AddCertToListTail",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->numCerts++;
+--- 369,375 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_AddCertToListTail",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ ctx->numCerts++;
+***************
+*** 588,594 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 568,574 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+***************
+*** 627,633 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "SEC_DupCrl",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+--- 607,613 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "SEC_DupCrl",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+***************
+*** 652,658 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
+--- 632,638 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
+***************
+*** 752,782 ****
+ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ CERTCertificate* cert;
+ CERTSignedCrl* crl;
+ xmlSecSize size, pos;
+- int content = 0;
+- int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+! content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+! if (content < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecX509DataGetNodeContent",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "content=%d", content);
+! return(-1);
+! } else if(content == 0) {
+! /* by default we are writing certificates and crls */
+! content = XMLSEC_X509DATA_DEFAULT;
+ }
+
+- /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+--- 732,753 ----
+ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
++ xmlNodePtr cur;
++ xmlChar* buf;
+ CERTCertificate* cert;
+ CERTSignedCrl* crl;
+ xmlSecSize size, pos;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+! /* todo: flag in ctx remove all existing content */
+! if(0) {
+! xmlNodeSetContent(node, NULL);
+ }
+
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+***************
+*** 795,874 ****
+ "pos=%d", pos);
+ return(-1);
+ }
+!
+! if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+! ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssX509CertificateNodeWrite",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "pos=%d", pos);
+! return(-1);
+! }
+ }
+!
+! if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+! ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssX509SubjectNameNodeWrite",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "pos=%d", pos);
+! return(-1);
+! }
+ }
+
+! if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+! ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssX509IssuerSerialNodeWrite",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "pos=%d", pos);
+! return(-1);
+! }
+! }
+
+! if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+! ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssX509SKINodeWrite",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "pos=%d", pos);
+! return(-1);
+! }
+! }
+! }
+
+! /* write crls if needed */
+! if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+! size = xmlSecNssKeyDataX509GetCrlsSize(data);
+! for(pos = 0; pos < size; ++pos) {
+! crl = xmlSecNssKeyDataX509GetCrl(data, pos);
+! if(crl == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssKeyDataX509GetCrl",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "pos=%d", pos);
+! return(-1);
+! }
+!
+! ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
+! if(ret < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssX509CRLNodeWrite",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "pos=%d", pos);
+! return(-1);
+! }
+! }
+ }
+
+ return(0);
+--- 766,840 ----
+ "pos=%d", pos);
+ return(-1);
+ }
+!
+! /* set base64 lines size from context */
+! buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+! if(buf == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssX509CertBase64DerWrite",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+ }
+!
+! cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+! if(cur == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecAddChild",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "node=%s",
+! xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+! xmlFree(buf);
+! return(-1);
+ }
++ /* todo: add \n around base64 data - from context */
++ /* todo: add errors check */
++ xmlNodeSetContent(cur, xmlSecStringCR);
++ xmlNodeSetContent(cur, buf);
++ xmlFree(buf);
++ }
+
+! /* write crls */
+! size = xmlSecNssKeyDataX509GetCrlsSize(data);
+! for(pos = 0; pos < size; ++pos) {
+! crl = xmlSecNssKeyDataX509GetCrl(data, pos);
+! if(crl == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssKeyDataX509GetCrl",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "pos=%d", pos);
+! return(-1);
+! }
+
+! /* set base64 lines size from context */
+! buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+! if(buf == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecNssX509CrlBase64DerWrite",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+
+! cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+! if(cur == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+! "xmlSecAddChild",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "new_node=%s",
+! xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+! xmlFree(buf);
+! return(-1);
+! }
+! /* todo: add \n around base64 data - from context */
+! /* todo: add errors check */
+! xmlNodeSetContent(cur, xmlSecStringCR);
+! xmlNodeSetContent(cur, buf);
+ }
+
+ return(0);
+***************
+*** 1015,1033 ****
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+! if(content != NULL) {
+! xmlFree(content);
+! }
+! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! return(0);
+ }
+
+ cert = xmlSecNssX509CertBase64DerRead(content);
+--- 981,993 ----
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+! if(content == NULL){
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+ }
+
+ cert = xmlSecNssX509CertBase64DerRead(content);
+***************
+*** 1057,1102 ****
+ return(0);
+ }
+
+- static int
+- xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlChar* buf;
+- xmlNodePtr cur;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+- xmlSecAssert2(keyInfoCtx != NULL, -1);
+-
+- /* set base64 lines size from context */
+- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509CertBase64DerWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+- xmlFree(buf);
+- return(-1);
+- }
+-
+- /* todo: add \n around base64 data - from context */
+- /* todo: add errors check */
+- xmlNodeSetContent(cur, xmlSecStringCR);
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+- return(0);
+- }
+-
+ static int
+ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+--- 1017,1022 ----
+***************
+*** 1120,1138 ****
+ }
+
+ subject = xmlNodeGetContent(node);
+! if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+! if(subject != NULL) {
+! xmlFree(subject);
+! }
+! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+--- 1040,1052 ----
+ }
+
+ subject = xmlNodeGetContent(node);
+! if(subject == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+***************
+*** 1167,1206 ****
+ return(0);
+ }
+
+- static int
+- xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlChar* buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- buf = xmlSecNssX509NameWrite(&(cert->subject));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameWrite(&(cert->subject))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+- xmlFree(buf);
+- return(-1);
+- }
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+- return(0);
+- }
+-
+ static int
+ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+--- 1081,1086 ----
+***************
+*** 1226,1246 ****
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+! if(cur == NULL) {
+! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+! XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+! "node=%s",
+! xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+! return(-1);
+! }
+! return(0);
+! }
+!
+ /* the first is required node X509IssuerName */
+! if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+--- 1106,1114 ----
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+!
+ /* the first is required node X509IssuerName */
+! if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+***************
+*** 1332,1409 ****
+ return(0);
+ }
+
+- static int
+- xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlNodePtr cur;
+- xmlNodePtr issuerNameNode;
+- xmlNodePtr issuerNumberNode;
+- xmlChar* buf;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- /* create xml nodes */
+- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+- return(-1);
+- }
+-
+- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+- if(issuerNameNode == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+- return(-1);
+- }
+-
+- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+- if(issuerNumberNode == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+- return(-1);
+- }
+-
+- /* write data */
+- buf = xmlSecNssX509NameWrite(&(cert->issuer));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameWrite(&(cert->issuer))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+- xmlNodeSetContent(issuerNameNode, buf);
+- xmlFree(buf);
+-
+- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+- xmlNodeSetContent(issuerNumberNode, buf);
+- xmlFree(buf);
+-
+- return(0);
+- }
+-
+ static int
+ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+--- 1200,1205 ----
+***************
+*** 1427,1446 ****
+ }
+
+ ski = xmlNodeGetContent(node);
+! if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+! if(ski != NULL) {
+! xmlFree(ski);
+! }
+! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! "node=%s",
+! xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+! return(-1);
+! }
+! return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+--- 1223,1236 ----
+ }
+
+ ski = xmlNodeGetContent(node);
+! if(ski == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! "node=%s",
+! xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+! return(-1);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+***************
+*** 1475,1515 ****
+ return(0);
+ }
+
+- static int
+- xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlChar *buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- buf = xmlSecNssX509SKIWrite(cert);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509SKIWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "new_node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+- xmlFree(buf);
+- return(-1);
+- }
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+-
+- return(0);
+- }
+-
+ static int
+ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+--- 1265,1270 ----
+***************
+*** 1520,1538 ****
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+! if(content != NULL) {
+! xmlFree(content);
+! }
+! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! return(0);
+ }
+
+ crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
+--- 1275,1287 ----
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+! if(content == NULL){
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+ }
+
+ crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
+***************
+*** 1552,1598 ****
+ }
+
+ static int
+- xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlChar* buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(crl != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+- xmlSecAssert2(keyInfoCtx != NULL, -1);
+-
+- /* set base64 lines size from context */
+- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509CrlBase64DerWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "new_node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+- xmlFree(buf);
+- return(-1);
+- }
+- /* todo: add \n around base64 data - from context */
+- /* todo: add errors check */
+- xmlNodeSetContent(cur, xmlSecStringCR);
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+-
+- return(0);
+- }
+-
+-
+- static int
+ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecNssX509DataCtxPtr ctx;
+--- 1301,1306 ----
+***************
+*** 1600,1605 ****
+--- 1308,1317 ----
+ int ret;
+ SECStatus status;
+ PRTime notBefore, notAfter;
++
++ PK11SlotInfo* slot ;
++ SECKEYPublicKey *pubKey = NULL;
++ SECKEYPrivateKey *priKey = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+***************
+*** 1632,1641 ****
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+--- 1344,1356 ----
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
++ /*-
++ * Get Public key from cert, which does not always work for sign action.
++ *
+ keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+***************
+*** 1645,1650 ****
+--- 1360,1413 ----
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
++ */
++
++ /*-
++ * I'll search key according to KeyReq.
++ */
++ slot = cert->slot ;
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
++ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "PK11_FindPrivateKeyFromCert" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ }
++
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
++ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "CERT_ExtractPublicKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ if( priKey != NULL )
++ SECKEY_DestroyPrivateKey( priKey ) ;
++ return -1 ;
++ }
++ }
++
++ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
++ if( keyValue == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "xmlSecNssPKIAdoptKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ if( priKey != NULL )
++ SECKEY_DestroyPrivateKey( priKey ) ;
++
++ if( pubKey != NULL )
++ SECKEY_DestroyPublicKey( pubKey ) ;
++
++ return -1 ;
++ }
++ /* Modify keyValue get Done */
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+***************
+*** 1725,1738 ****
+ return(0);
+ }
+
+- /**
+- * xmlSecNssX509CertGetKey:
+- * @cert: the certificate.
+- *
+- * Extracts public key from the @cert.
+- *
+- * Returns public key value or NULL if an error occurs.
+- */
+ xmlSecKeyDataPtr
+ xmlSecNssX509CertGetKey(CERTCertificate* cert) {
+ xmlSecKeyDataPtr data;
+--- 1488,1493 ----
+***************
+*** 1746,1752 ****
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+--- 1501,1507 ----
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+***************
+*** 1804,1810 ****
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+--- 1559,1565 ----
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+***************
+*** 1827,1833 ****
+ NULL,
+ "cert->derCert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+--- 1582,1588 ----
+ NULL,
+ "cert->derCert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+***************
+*** 1890,1896 ****
+ NULL,
+ "PK11_GetInternalKeySlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return NULL;
+ }
+
+--- 1645,1651 ----
+ NULL,
+ "PK11_GetInternalKeySlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return NULL;
+ }
+
+***************
+*** 1905,1911 ****
+ NULL,
+ "PK11_ImportCRL",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSlot(slot);
+ return(NULL);
+ }
+--- 1660,1666 ----
+ NULL,
+ "PK11_ImportCRL",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ PK11_FreeSlot(slot);
+ return(NULL);
+ }
+***************
+*** 1929,1935 ****
+ NULL,
+ "crl->derCrl",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+--- 1684,1690 ----
+ NULL,
+ "crl->derCrl",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+***************
+*** 1946,2031 ****
+ return(res);
+ }
+
+- static xmlChar*
+- xmlSecNssX509NameWrite(CERTName* nm) {
+- xmlChar *res = NULL;
+- char *str;
+-
+- xmlSecAssert2(nm != NULL, NULL);
+-
+- str = CERT_NameToAscii(nm);
+- if (str == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_NameToAscii",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(NULL);
+- }
+-
+- res = xmlStrdup(BAD_CAST str);
+- if(res == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlStrdup",
+- XMLSEC_ERRORS_R_MALLOC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- PORT_Free(str);
+- return(NULL);
+- }
+- PORT_Free(str);
+- return(res);
+- }
+-
+- static xmlChar*
+- xmlSecNssASN1IntegerWrite(SECItem *num) {
+- xmlChar *res = NULL;
+-
+- xmlSecAssert2(num != NULL, NULL);
+-
+- /* TODO : to be implemented after
+- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
+- */
+- return(res);
+- }
+-
+- static xmlChar*
+- xmlSecNssX509SKIWrite(CERTCertificate* cert) {
+- xmlChar *res = NULL;
+- SECItem ski;
+- SECStatus rv;
+-
+- xmlSecAssert2(cert != NULL, NULL);
+-
+- memset(&ski, 0, sizeof(ski));
+-
+- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
+- if (rv != SECSuccess) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_FindSubjectKeyIDExtension",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- SECITEM_FreeItem(&ski, PR_FALSE);
+- return(NULL);
+- }
+-
+- res = xmlSecBase64Encode(ski.data, ski.len, 0);
+- if(res == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecBase64Encode",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- SECITEM_FreeItem(&ski, PR_FALSE);
+- return(NULL);
+- }
+- SECITEM_FreeItem(&ski, PR_FALSE);
+-
+- return(res);
+- }
+-
+-
+ static void
+ xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
+ SECItem *sn;
+--- 1701,1706 ----
+*** misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 08:58:15.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 30,35 ****
+--- 30,36 ----
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/keysmngr.h>
+ #include <xmlsec/base64.h>
++ #include <xmlsec/bn.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
+***************
+*** 43,50 ****
+ typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
+ *xmlSecNssX509StoreCtxPtr;
+ struct _xmlSecNssX509StoreCtx {
+! CERTCertList* certsList; /* just keeping a reference to destroy later */
+! };
+
+ /****************************************************************************
+ *
+--- 44,51 ----
+ typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
+ *xmlSecNssX509StoreCtxPtr;
+ struct _xmlSecNssX509StoreCtx {
+! CERTCertList* certsList; /* just keeping a reference to destroy later */
+! };
+
+ /****************************************************************************
+ *
+***************
+*** 54,98 ****
+ *
+ ***************************************************************************/
+ #define xmlSecNssX509StoreGetCtx(store) \
+! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
+! sizeof(xmlSecKeyDataStoreKlass)))
+ #define xmlSecNssX509StoreSize \
+! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
+
+ static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
+ static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+- static int xmlSecNssX509NameStringRead (xmlSecByte **str,
+- int *strLen,
+- xmlSecByte *res,
+- int resLen,
+- xmlSecByte delim,
+- int ingoreTrailingSpaces);
+- static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
+- int len);
+-
+- static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
+
+
+ static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
+! sizeof(xmlSecKeyDataStoreKlass),
+! xmlSecNssX509StoreSize,
+
+! /* data */
+! xmlSecNameX509Store, /* const xmlChar* name; */
+!
+! /* constructors/destructor */
+! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+!
+! /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
+! xmlChar *issuerName,
+! xmlChar *issuerSerial,
+! xmlChar *ski);
+
+
+ /**
+--- 55,90 ----
+ *
+ ***************************************************************************/
+ #define xmlSecNssX509StoreGetCtx(store) \
+! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
+! sizeof(xmlSecKeyDataStoreKlass)))
+ #define xmlSecNssX509StoreSize \
+! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
+
+ static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
+ static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+
++ static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
+
+ static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
+! sizeof(xmlSecKeyDataStoreKlass),
+! xmlSecNssX509StoreSize,
+
+! /* data */
+! xmlSecNameX509Store, /* const xmlChar* name; */
+!
+! /* constructors/destructor */
+! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+!
+! /* reserved for the future */
+! NULL, /* void* reserved0; */
+! NULL, /* void* reserved1; */
+ };
+
+ static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
+! xmlChar *issuerName,
+! xmlChar *issuerSerial,
+! xmlChar *ski);
+
+
+ /**
+***************
+*** 104,110 ****
+ */
+ xmlSecKeyDataStoreId
+ xmlSecNssX509StoreGetKlass(void) {
+! return(&xmlSecNssX509StoreKlass);
+ }
+
+ /**
+--- 96,102 ----
+ */
+ xmlSecKeyDataStoreId
+ xmlSecNssX509StoreGetKlass(void) {
+! return(&xmlSecNssX509StoreKlass);
+ }
+
+ /**
+***************
+*** 125,139 ****
+ xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+! xmlSecNssX509StoreCtxPtr ctx;
+!
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
+! xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, NULL);
+
+! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
+ }
+
+ /**
+--- 117,131 ----
+ xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+! xmlSecNssX509StoreCtxPtr ctx;
+!
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
+! xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, NULL);
+
+! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
+ }
+
+ /**
+***************
+*** 148,263 ****
+ */
+ CERTCertificate *
+ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
+! xmlSecKeyInfoCtx* keyInfoCtx) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! CERTCertListNode* head;
+! CERTCertificate* cert = NULL;
+! CERTCertListNode* head1;
+! CERTCertificate* cert1 = NULL;
+! SECStatus status = SECFailure;
+! int64 timeboundary;
+! int64 tmp1, tmp2;
+!
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
+! xmlSecAssert2(certs != NULL, NULL);
+! xmlSecAssert2(keyInfoCtx != NULL, NULL);
+!
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, NULL);
+!
+! for (head = CERT_LIST_HEAD(certs);
+! !CERT_LIST_END(head, certs);
+! head = CERT_LIST_NEXT(head)) {
+! cert = head->cert;
+ if(keyInfoCtx->certsVerificationTime > 0) {
+! /* convert the time since epoch in seconds to microseconds */
+! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
+! tmp1 = (int64)PR_USEC_PER_SEC;
+! tmp2 = timeboundary;
+! LL_MUL(timeboundary, tmp1, tmp2);
+ } else {
+! timeboundary = PR_Now();
+ }
+
+ /* if cert is the issuer of any other cert in the list, then it is
+ * to be skipped */
+ for (head1 = CERT_LIST_HEAD(certs);
+! !CERT_LIST_END(head1, certs);
+! head1 = CERT_LIST_NEXT(head1)) {
+
+! cert1 = head1->cert;
+! if (cert1 == cert) {
+ continue;
+! }
+
+! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
+! == SECEqual) {
+ break;
+! }
+ }
+
+ if (!CERT_LIST_END(head1, certs)) {
+! continue;
+ }
+
+ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+ cert, PR_FALSE,
+ (SECCertificateUsage)0,
+! timeboundary , NULL, NULL, NULL);
+ if (status == SECSuccess) {
+! break;
+ }
+- }
+
+! if (status == SECSuccess) {
+ return (cert);
+! }
+!
+! switch(PORT_GetError()) {
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ case SEC_ERROR_CA_CERT_INVALID:
+ case SEC_ERROR_UNKNOWN_SIGNER:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
+! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
+! cert->subjectName);
+! break;
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+! "cert with subject name %s has expired",
+! cert->subjectName);
+! break;
+ case SEC_ERROR_REVOKED_CERTIFICATE:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_REVOKED,
+! "cert with subject name %s has been revoked",
+! cert->subjectName);
+! break;
+ default:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+! "cert with subject name %s could not be verified",
+! cert->subjectName);
+! break;
+! }
+
+! return (NULL);
+ }
+
+ /**
+ * xmlSecNssX509StoreAdoptCert:
+! * @store: the pointer to X509 key data store klass.
+! * @cert: the pointer to NSS X509 certificate.
+! * @type: the certificate type (trusted/untrusted).
+ *
+ * Adds trusted (root) or untrusted certificate to the store.
+ *
+--- 140,256 ----
+ */
+ CERTCertificate *
+ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
+! xmlSecKeyInfoCtx* keyInfoCtx) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! CERTCertListNode* head;
+! CERTCertificate* cert = NULL;
+! CERTCertListNode* head1;
+! CERTCertificate* cert1 = NULL;
+! SECStatus status = SECFailure;
+! int64 timeboundary;
+! int64 tmp1, tmp2;
+!
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
+! xmlSecAssert2(certs != NULL, NULL);
+! xmlSecAssert2(keyInfoCtx != NULL, NULL);
+!
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, NULL);
+!
+! for (head = CERT_LIST_HEAD(certs);
+! !CERT_LIST_END(head, certs);
+! head = CERT_LIST_NEXT(head)) {
+! cert = head->cert;
+ if(keyInfoCtx->certsVerificationTime > 0) {
+! /* convert the time since epoch in seconds to microseconds */
+! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
+! tmp1 = (int64)PR_USEC_PER_SEC;
+! tmp2 = timeboundary;
+! LL_MUL(timeboundary, tmp1, tmp2);
+ } else {
+! timeboundary = PR_Now();
+ }
+
+ /* if cert is the issuer of any other cert in the list, then it is
+ * to be skipped */
+ for (head1 = CERT_LIST_HEAD(certs);
+! !CERT_LIST_END(head1, certs);
+! head1 = CERT_LIST_NEXT(head1)) {
+
+! cert1 = head1->cert;
+! if (cert1 == cert) {
+ continue;
+! }
+
+! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
+! == SECEqual) {
+ break;
+! }
+ }
+
+ if (!CERT_LIST_END(head1, certs)) {
+! continue;
+ }
+
+ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+ cert, PR_FALSE,
+ (SECCertificateUsage)0,
+! timeboundary , NULL, NULL, NULL);
+ if (status == SECSuccess) {
+! break;
+! }
+ }
+
+! if (status == SECSuccess) {
+ return (cert);
+! }
+!
+! switch(PORT_GetError()) {
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ case SEC_ERROR_CA_CERT_INVALID:
+ case SEC_ERROR_UNKNOWN_SIGNER:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
+! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
+! cert->subjectName);
+! break;
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+! "cert with subject name %s has expired",
+! cert->subjectName);
+! break;
+ case SEC_ERROR_REVOKED_CERTIFICATE:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_REVOKED,
+! "cert with subject name %s has been revoked",
+! cert->subjectName);
+! break;
+ default:
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! NULL,
+! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+! "cert with subject name %s could not be verified, errcode %d",
+! cert->subjectName,
+! PORT_GetError());
+! break;
+! }
+
+! return (NULL);
+ }
+
+ /**
+ * xmlSecNssX509StoreAdoptCert:
+! * @store: the pointer to X509 key data store klass.
+! * @cert: the pointer to NSS X509 certificate.
+! * @type: the certificate type (trusted/untrusted).
+ *
+ * Adds trusted (root) or untrusted certificate to the store.
+ *
+***************
+*** 265,331 ****
+ */
+ int
+ xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! int ret;
+
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
+! xmlSecAssert2(cert != NULL, -1);
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, -1);
+
+! if(ctx->certsList == NULL) {
+! ctx->certsList = CERT_NewCertList();
+! if(ctx->certsList == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! "CERT_NewCertList",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+! }
+!
+! ret = CERT_AddCertToListTail(ctx->certsList, cert);
+! if(ret != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! "CERT_AddCertToListTail",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(-1);
+! }
+
+! return(0);
+ }
+
+ static int
+ xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, -1);
+
+! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
+
+! return(0);
+ }
+
+ static void
+ xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert(ctx != NULL);
+!
+! if (ctx->certsList) {
+ CERT_DestroyCertList(ctx->certsList);
+ ctx->certsList = NULL;
+! }
+
+! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
+ }
+
+
+--- 258,324 ----
+ */
+ int
+ xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! int ret;
+!
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
+! xmlSecAssert2(cert != NULL, -1);
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, -1);
+
+! if(ctx->certsList == NULL) {
+! ctx->certsList = CERT_NewCertList();
+! if(ctx->certsList == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! "CERT_NewCertList",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+! return(-1);
+! }
+! }
+
+! ret = CERT_AddCertToListTail(ctx->certsList, cert);
+! if(ret != SECSuccess) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+! "CERT_AddCertToListTail",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+! return(-1);
+! }
+
+! return(0);
+ }
+
+ static int
+ xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert2(ctx != NULL, -1);
+
+! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
+
+! return(0);
+ }
+
+ static void
+ xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+! xmlSecNssX509StoreCtxPtr ctx;
+! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
+
+! ctx = xmlSecNssX509StoreGetCtx(store);
+! xmlSecAssert(ctx != NULL);
+!
+! if (ctx->certsList) {
+ CERT_DestroyCertList(ctx->certsList);
+ ctx->certsList = NULL;
+! }
+
+! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
+ }
+
+
+***************
+*** 340,715 ****
+ */
+ static CERTCertificate*
+ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
+! xmlChar *issuerSerial, xmlChar *ski) {
+! CERTCertificate *cert = NULL;
+! xmlChar *p = NULL;
+! CERTName *name = NULL;
+! SECItem *nameitem = NULL;
+! PRArenaPool *arena = NULL;
+!
+! if (subjectName != NULL) {
+! p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
+! if (p == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssX509NameRead",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "subject=%s",
+! xmlSecErrorsSafeString(subjectName));
+! goto done;
+! }
+!
+! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+! if (arena == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PORT_NewArena",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+!
+! name = CERT_AsciiToName((char*)p);
+! if (name == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CERT_AsciiToName",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+!
+! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+! SEC_ASN1_GET(CERT_NameTemplate));
+! if (nameitem == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SEC_ASN1EncodeItem",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+!
+! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
+! goto done;
+! }
+!
+! if((issuerName != NULL) && (issuerSerial != NULL)) {
+! CERTIssuerAndSN issuerAndSN;
+!
+! p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
+! if (p == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssX509NameRead",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "issuer=%s",
+! xmlSecErrorsSafeString(issuerName));
+! goto done;
+! }
+!
+! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+! if (arena == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PORT_NewArena",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+!
+! name = CERT_AsciiToName((char*)p);
+! if (name == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CERT_AsciiToName",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+!
+! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+! SEC_ASN1_GET(CERT_NameTemplate));
+! if (nameitem == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SEC_ASN1EncodeItem",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+!
+! memset(&issuerAndSN, 0, sizeof(issuerAndSN));
+
+! issuerAndSN.derIssuer.data = nameitem->data;
+! issuerAndSN.derIssuer.len = nameitem->len;
+
+! /* TBD: serial num can be arbitrarily long */
+! xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
+
+! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
+! &issuerAndSN);
+! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
+! goto done;
+! }
+!
+! if(ski != NULL) {
+! SECItem subjKeyID;
+! int len;
+!
+! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
+! if(len < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBase64Decode",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "ski=%s",
+! xmlSecErrorsSafeString(ski));
+! goto done;
+! }
+!
+! memset(&subjKeyID, 0, sizeof(subjKeyID));
+! subjKeyID.data = ski;
+! subjKeyID.len = xmlStrlen(ski);
+! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
+! &subjKeyID);
+! }
+
+! done:
+! if (p != NULL) {
+! PORT_Free(p);
+! }
+! if (arena != NULL) {
+! PORT_FreeArena(arena, PR_FALSE);
+! }
+! if (name != NULL) {
+! CERT_DestroyName(name);
+! }
+
+! return(cert);
+! }
+
+! /**
+! * xmlSecNssX509NameRead:
+! */
+! static xmlSecByte *
+! xmlSecNssX509NameRead(xmlSecByte *str, int len) {
+! xmlSecByte name[256];
+! xmlSecByte value[256];
+! xmlSecByte *retval = NULL;
+! xmlSecByte *p = NULL;
+! int nameLen, valueLen;
+!
+! xmlSecAssert2(str != NULL, NULL);
+!
+! /* return string should be no longer than input string */
+! retval = (xmlSecByte *)PORT_Alloc(len+1);
+! if(retval == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PORT_Alloc",
+! XMLSEC_ERRORS_R_MALLOC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! return(NULL);
+! }
+! p = retval;
+!
+! while(len > 0) {
+! /* skip spaces after comma or semicolon */
+! while((len > 0) && isspace(*str)) {
+! ++str; --len;
+! }
+!
+! nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
+! if(nameLen < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecNssX509NameStringRead",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+! memcpy(p, name, nameLen);
+! p+=nameLen;
+! *p++='=';
+! if(len > 0) {
+! ++str; --len;
+! if((*str) == '\"') {
+! valueLen = xmlSecNssX509NameStringRead(&str, &len,
+! value, sizeof(value), '"', 1);
+! if(valueLen < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+! /* skip spaces before comma or semicolon */
+! while((len > 0) && isspace(*str)) {
+! ++str; --len;
+! }
+! if((len > 0) && ((*str) != ',')) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "comma is expected");
+! goto done;
+ }
+! if(len > 0) {
+! ++str; --len;
+ }
+! *p++='\"';
+! memcpy(p, value, valueLen);
+! p+=valueLen;
+! *p++='\"';
+! } else if((*str) == '#') {
+! /* TODO: read octect values */
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "reading octect values is not implemented yet");
+! goto done;
+! } else {
+! valueLen = xmlSecNssX509NameStringRead(&str, &len,
+! value, sizeof(value), ',', 1);
+! if(valueLen < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! XMLSEC_ERRORS_NO_MESSAGE);
+! goto done;
+! }
+! memcpy(p, value, valueLen);
+! p+=valueLen;
+! if (len > 0)
+! *p++=',';
+! }
+! } else {
+! valueLen = 0;
+ }
+! if(len > 0) {
+! ++str; --len;
+! }
+! }
+!
+! *p = 0;
+! return(retval);
+!
+ done:
+! PORT_Free(retval);
+! return (NULL);
+ }
+
+
+
+! /**
+! * xmlSecNssX509NameStringRead:
+! */
+! static int
+! xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
+! xmlSecByte *res, int resLen,
+! xmlSecByte delim, int ingoreTrailingSpaces) {
+! xmlSecByte *p, *q, *nonSpace;
+!
+! xmlSecAssert2(str != NULL, -1);
+! xmlSecAssert2(strLen != NULL, -1);
+! xmlSecAssert2(res != NULL, -1);
+!
+! p = (*str);
+! nonSpace = q = res;
+! while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
+! if((*p) != '\\') {
+! if(ingoreTrailingSpaces && !isspace(*p)) {
+! nonSpace = q;
+! }
+! *(q++) = *(p++);
+! } else {
+! ++p;
+! nonSpace = q;
+! if(xmlSecIsHex((*p))) {
+! if((p - (*str) + 1) >= (*strLen)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "two hex digits expected");
+! return(-1);
+! }
+! *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
+! p += 2;
+! } else {
+! if(((++p) - (*str)) >= (*strLen)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! "escaped symbol missed");
+! return(-1);
+! }
+! *(q++) = *(p++);
+! }
+! }
+! }
+! if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! NULL,
+! XMLSEC_ERRORS_R_INVALID_SIZE,
+! "buffer is too small");
+! return(-1);
+! }
+! (*strLen) -= (p - (*str));
+! (*str) = p;
+! return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
+! }
+
+! /* code lifted from NSS */
+! static void
+! xmlSecNssNumToItem(SECItem *it, unsigned long ui)
+! {
+! unsigned char bb[5];
+! int len;
+!
+! bb[0] = 0;
+! bb[1] = (unsigned char) (ui >> 24);
+! bb[2] = (unsigned char) (ui >> 16);
+! bb[3] = (unsigned char) (ui >> 8);
+! bb[4] = (unsigned char) (ui);
+!
+! /*
+! ** Small integers are encoded in a single byte. Larger integers
+! ** require progressively more space.
+! */
+! if (ui > 0x7f) {
+! if (ui > 0x7fff) {
+! if (ui > 0x7fffffL) {
+! if (ui >= 0x80000000L) {
+! len = 5;
+! } else {
+! len = 4;
+! }
+! } else {
+! len = 3;
+! }
+! } else {
+! len = 2;
+! }
+! } else {
+! len = 1;
+! }
+!
+! it->data = (unsigned char *)PORT_Alloc(len);
+! if (it->data == NULL) {
+! return;
+! }
+
+! it->len = len;
+! PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
+ }
+- #endif /* XMLSEC_NO_X509 */
+
+
+--- 333,545 ----
+ */
+ static CERTCertificate*
+ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
+! xmlChar *issuerSerial, xmlChar *ski) {
+! CERTCertificate *cert = NULL;
+! CERTName *name = NULL;
+! SECItem *nameitem = NULL;
+! PRArenaPool *arena = NULL;
+!
+! if (subjectName != NULL) {
+! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+! if (arena == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PORT_NewArena",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+! goto done;
+! }
+
+! name = CERT_AsciiToName((char*)subjectName);
+! if (name == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "CERT_AsciiToName",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "error code=%d", PORT_GetError());
+! goto done;
+! }
+
+! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+! SEC_ASN1_GET(CERT_NameTemplate));
+! if (nameitem == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SEC_ASN1EncodeItem",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "error code=%d", PORT_GetError());
+! goto done;
+! }
+
+! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
+! goto done;
+! }
+
+! if((issuerName != NULL) && (issuerSerial != NULL)) {
+! CERTIssuerAndSN issuerAndSN;
+
+! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+! if (arena == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "PORT_NewArena",
+! XMLSEC_ERRORS_R_CRYPTO_FAILED,
+! "error code=%d", PORT_GetError());
+! goto done;
+! }
+
+! name = CERT_AsciiToName((char*)issuerName);
+! if (name == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "CERT_AsciiToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "error code=%d", PORT_GetError());
+! goto done;
+ }
+!
+! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+! SEC_ASN1_GET(CERT_NameTemplate));
+! if (nameitem == NULL) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "SEC_ASN1EncodeItem",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "error code=%d", PORT_GetError());
+! goto done;
+ }
+!
+! memset(&issuerAndSN, 0, sizeof(issuerAndSN));
+!
+! issuerAndSN.derIssuer.data = nameitem->data;
+! issuerAndSN.derIssuer.len = nameitem->len;
+!
+! if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+! "xmlSecNssIntegerToItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "serial number=%s",
+! xmlSecErrorsSafeString(issuerSerial));
+! goto done;
+! }
+!
+! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
+! &issuerAndSN);
+! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
+! goto done;
+! }
+!
+! if(ski != NULL) {
+! SECItem subjKeyID;
+! int len;
+!
+! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
+! if(len < 0) {
+! xmlSecError(XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBase64Decode",
+! XMLSEC_ERRORS_R_XMLSEC_FAILED,
+! "ski=%s",
+! xmlSecErrorsSafeString(ski));
+! goto done;
+! }
+!
+! memset(&subjKeyID, 0, sizeof(subjKeyID));
+! subjKeyID.data = ski;
+! subjKeyID.len = xmlStrlen(ski);
+! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
+! &subjKeyID);
+ }
+!
+ done:
+! if (arena != NULL) {
+! PORT_FreeArena(arena, PR_FALSE);
+! }
+! if (name != NULL) {
+! CERT_DestroyName(name);
+! }
+!
+! return(cert);
+ }
+
++ static int
++ xmlSecNssIntegerToItem(
++ const xmlChar* integer ,
++ SECItem *item
++ ) {
++ xmlSecBn bn ;
++ xmlSecSize i, length ;
++ const xmlSecByte* bnInteger ;
+
++ xmlSecAssert2( integer != NULL, -1 ) ;
++ xmlSecAssert2( item != NULL, -1 ) ;
+
+! if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnInitialize",
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+! return -1 ;
+! }
+
+! if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnFromDecString",
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecBnFinalize( &bn ) ;
+! return -1 ;
+! }
+!
+! length = xmlSecBnGetSize( &bn ) ;
+! if( length <= 0 ) {
+! xmlSecError( XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnGetSize",
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecBnFinalize( &bn ) ;
+! return -1 ;
+! }
+!
+! bnInteger = xmlSecBnGetData( &bn ) ;
+! if( bnInteger == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE,
+! NULL,
+! "xmlSecBnGetData",
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+! xmlSecBnFinalize( &bn ) ;
+! return -1 ;
+! }
+!
+! item->data = ( unsigned char * )PORT_Alloc( length );
+! if( item->data == NULL ) {
+! xmlSecError( XMLSEC_ERRORS_HERE,
+! NULL,
+! "PORT_Alloc",
+! XMLSEC_ERRORS_R_INVALID_DATA,
+! XMLSEC_ERRORS_NO_MESSAGE ) ;
+!
+! xmlSecBnFinalize( &bn ) ;
+! return -1 ;
+! }
+!
+! item->len = length;
+!
+! for( i = 0 ; i < length ; i ++ )
+! item->data[i] = *( bnInteger + i ) ;
+!
+! xmlSecBnFinalize( &bn ) ;
+!
+! return 0 ;
+ }
+
++ #endif /* XMLSEC_NO_X509 */
+
+*** misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 22:35:12.000000000 +0800
+--- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2005-02-23 11:06:39.000000000 +0800
+***************
+*** 223,228 ****
+--- 223,232 ----
+ $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
+
+ XMLSEC_NSS_OBJS = \
++ $(XMLSEC_NSS_INTDIR)\akmngr.obj\
++ $(XMLSEC_NSS_INTDIR)\keytrans.obj\
++ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
++ $(XMLSEC_NSS_INTDIR)\tokens.obj\
+ $(XMLSEC_NSS_INTDIR)\app.obj\
+ $(XMLSEC_NSS_INTDIR)\bignum.obj\
+ $(XMLSEC_NSS_INTDIR)\ciphers.obj \
+***************
+*** 235,243 ****
+ $(XMLSEC_NSS_INTDIR)\x509.obj\
+ $(XMLSEC_NSS_INTDIR)\x509vfy.obj\
+ $(XMLSEC_NSS_INTDIR)\keysstore.obj\
+- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\
+- $(XMLSEC_NSS_INTDIR)\kw_des.obj\
+- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\
+ $(XMLSEC_NSS_INTDIR)\strings.obj
+ XMLSEC_NSS_OBJS_A = \
+ $(XMLSEC_NSS_INTDIR_A)\app.obj\
+--- 239,244 ----
+***************
+*** 258,263 ****
+--- 259,265 ----
+ $(XMLSEC_NSS_INTDIR_A)\strings.obj
+
+ XMLSEC_MSCRYPTO_OBJS = \
++ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
+***************
+*** 376,382 ****
+ XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+ XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+
+! XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
+ XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
+
+ XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
+--- 378,384 ----
+ XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+ XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+
+! XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
+ XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
+
+ XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
generated by cgit (git 2.34.1) at 2024-07-04 05:28:05 +0000