summaryrefslogtreecommitdiff
path: root/libxmlsec
diff options
context:
space:
mode:
authorPeter Foley <pefoley2@verizon.net>2012-11-29 20:50:15 -0500
committerPeter Foley <pefoley2@verizon.net>2012-11-30 11:34:29 -0500
commitec6af4194e80f5f0b2e46ca59802ff397a2a4a24 (patch)
tree9f0ff42902bdd0a7988cc462571259c873794289 /libxmlsec
parent694a2c53810dec6d8e069d74baf51e6cdda91faa (diff)
convert libxmlsec to gbuild
Change-Id: Id0ad4e1c8e3e1ac03c625fb77b70fe0aa8ddfcdc
Diffstat (limited to 'libxmlsec')
-rw-r--r--libxmlsec/ExternalPackage_xmlsec.mk32
-rw-r--r--libxmlsec/ExternalProject_xmlsec.mk63
-rw-r--r--libxmlsec/Makefile7
-rw-r--r--libxmlsec/Module_libxmlsec.mk20
-rw-r--r--libxmlsec/UnpackedTarball_xmlsec.mk50
-rw-r--r--libxmlsec/include/akmngr_mscrypto.h72
-rw-r--r--libxmlsec/include/akmngr_nss.h57
-rw-r--r--libxmlsec/include/ciphers.h36
-rw-r--r--libxmlsec/include/tokens.h183
-rw-r--r--libxmlsec/makefile.mk249
-rw-r--r--libxmlsec/prj/d.lst9
-rw-r--r--libxmlsec/prj/dmake0
-rw-r--r--libxmlsec/src/akmngr_mscrypto.c237
-rw-r--r--libxmlsec/src/akmngr_nss.c384
-rw-r--r--libxmlsec/src/keywrapers.c1213
-rw-r--r--libxmlsec/src/tokens.c548
-rw-r--r--libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch4
-rw-r--r--libxmlsec/xmlsec1-android.patch4
-rw-r--r--libxmlsec/xmlsec1-customkeymanage.patch2757
-rw-r--r--libxmlsec/xmlsec1-update-config-sub-and-guess.patch2314
-rw-r--r--libxmlsec/xmlsec1-vc.patch25
-rw-r--r--libxmlsec/xmlsec1-vc10.patch15
22 files changed, 2931 insertions, 5348 deletions
diff --git a/libxmlsec/ExternalPackage_xmlsec.mk b/libxmlsec/ExternalPackage_xmlsec.mk
new file mode 100644
index 000000000000..a553159a5e35
--- /dev/null
+++ b/libxmlsec/ExternalPackage_xmlsec.mk
@@ -0,0 +1,32 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_ExternalPackage_ExternalPackage,xmlsec,xmlsec))
+
+$(eval $(call gb_ExternalPackage_use_external_project,xmlsec,xmlsec))
+
+ifeq ($(OS),WNT)
+ifeq ($(COM),GCC)
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.dll.a,src/nss/.libs/libxmlsec1-nss.dll.a))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.dll,src/nss/.libs/libxmlsec1-nss.dll))
+else
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec-mscrypto.lib,win32/binaries/libxmlsec-mscrypto.lib))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec.lib,win32/binaries/libxmlsec.lib))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,bin/libxmlsec-mscrypto.dll,win32/binaries/libxmlsec-mscrypto.dll))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,bin/libxmlsec.dll,win32/binaries/libxmlsec.dll))
+endif
+else ifeq ($(OS),ANDROID)
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.a,src/.libs/libxmlsec1.a))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1-openssl.a,src/openssl/.libs/libxmlsec1-openssl.a))
+else
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.a,src/.libs/libxmlsec1.a))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1-nss.a,src/nss/.libs/libxmlsec1-nss.a))
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/ExternalProject_xmlsec.mk b/libxmlsec/ExternalProject_xmlsec.mk
new file mode 100644
index 000000000000..5b310e620719
--- /dev/null
+++ b/libxmlsec/ExternalProject_xmlsec.mk
@@ -0,0 +1,63 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_ExternalProject_ExternalProject,xmlsec))
+
+$(eval $(call gb_ExternalProject_use_unpacked,xmlsec,xmlsec))
+
+$(eval $(call gb_ExternalProject_register_targets,xmlsec,\
+ build \
+))
+
+ifeq ($(OS),WNT)
+
+ifeq ($(COM),GCC)
+$(call gb_ExternalProject_get_state_target,xmlsec,build) :
+ cd $(EXTERNAL_WORKDIR) \
+ && autoreconf \
+ && ./configure --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) \
+ --without-libxslt --without-openssl --without-gnutls --disable-crypto-dl \
+ $(if $(filter NO,$(SYSTEM_NSS)),--disable-pkgconfig) \
+ CC="$(CC) -mthreads $(if $(filter YES,$(MINGW_SHARED_GCCLIB)),-shared-libgcc)" \
+ LDFLAGS="-Wl,--no-undefined $(ILIB:;= -L)" \
+ LIBS="$(if $(filter YES,$(MINGW_SHARED_GXXLIB)),$(MINGW_SHARED__LIBSTDCPP))"
+ $(MAKE) \
+ && touch $@
+
+else
+$(call gb_ExternalProject_get_state_target,xmlsec,build) :
+ cd $(EXTERNAL_WORKDIR)/win32 \
+ && cscript configure.js crypto=mscrypto xslt=no iconv=no static=no \
+ $(if $(filter-out full,$(PRODUCT)),debug=yes) \
+ && unset MAKEFLAGS \
+ && LIB="$(ILIB)" nmake \
+ && touch $@
+endif
+
+else
+
+$(call gb_ExternalProject_get_state_target,xmlsec,build) :
+ cd $(EXTERNAL_WORKDIR) \
+ && autoreconf \
+ && $(if $(filter MACOSX,$(OS)),ACLOCAL="aclocal -I $(EXTERNAL_WORKDIR)/m4/mac") \
+ ./configure \
+ --with-pic --disable-shared --disable-crypto-dl --without-libxslt --without-gnutls \
+ $(if $(filter ANDROID,$(OS)),--with-openssl=$(OUTDIR),--without-openssl) \
+ $(if $(filter MACOSX,$(OS)),--prefix=/@.__________________________________________________OOO) \
+ $(if $(filter NO,$(SYSTEM_NSS))$(filter MACOSX,$(OS)),--disable-pkgconfig) \
+ $(if $(filter YES,$(CROSS_COMPILING)),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
+ $(if $(SYSBASE),CFLAGS="-I$(SYSBASE)/usr/include" \
+ LDFLAGS="-L$(SYSBASE)/usr/lib $(if $(filter-out LINUX FREEBSD,$(OS)),,-Wl,-z,origin -Wl,-rpath,'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib')",\
+ $(if $(filter-out MACOSX,$(OS)),,LDFLAGS="-Wl,-dylib_file,@executable_path/libnssutil3.dylib:$(OUTDIR)/lib/libnssutil3.dylib")) \
+ && $(MAKE) \
+ && touch $@
+
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/Makefile b/libxmlsec/Makefile
new file mode 100644
index 000000000000..ccb1c85a04da
--- /dev/null
+++ b/libxmlsec/Makefile
@@ -0,0 +1,7 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+
+module_directory:=$(dir $(realpath $(firstword $(MAKEFILE_LIST))))
+
+include $(module_directory)/../solenv/gbuild/partial_build.mk
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/Module_libxmlsec.mk b/libxmlsec/Module_libxmlsec.mk
new file mode 100644
index 000000000000..3e51e4ace55f
--- /dev/null
+++ b/libxmlsec/Module_libxmlsec.mk
@@ -0,0 +1,20 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_Module_Module,libxmlsec))
+
+ifneq ($(filter-out ANDROID IOS,$(OS)),)
+$(eval $(call gb_Module_add_targets,libxmlsec,\
+ UnpackedTarball_xmlsec \
+ ExternalPackage_xmlsec \
+ ExternalProject_xmlsec \
+))
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/UnpackedTarball_xmlsec.mk b/libxmlsec/UnpackedTarball_xmlsec.mk
new file mode 100644
index 000000000000..6f8e4d021778
--- /dev/null
+++ b/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -0,0 +1,50 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
+
+$(eval $(call gb_UnpackedTarball_set_tarball,xmlsec,$(LIBXMLSEC_TARBALL)))
+
+$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
+ libxmlsec/xmlsec1-configure.patch \
+ libxmlsec/xmlsec1-configure-libxml-libxslt.patch \
+ libxmlsec/xmlsec1-olderlibxml2.patch \
+ libxmlsec/xmlsec1-nssdisablecallbacks.patch \
+ libxmlsec/xmlsec1-nssmangleciphers.patch \
+ libxmlsec/xmlsec1-noverify.patch \
+ libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch \
+ libxmlsec/xmlsec1-vc.patch \
+ libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch \
+ libxmlsec/xmlsec1-android.patch \
+ libxmlsec/xmlsec1-1.2.14-ansi.patch \
+ libxmlsec/xmlsec1-customkeymanage.patch \
+))
+
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,libxmlsec/include/akmngr_mscrypto.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/mscrypto/akmngr.c,libxmlsec/src/akmngr_mscrypto.c))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/akmngr.h,libxmlsec/include/akmngr_nss.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/ciphers.h,libxmlsec/include/ciphers.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/tokens.h,libxmlsec/include/tokens.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/akmngr.c,libxmlsec/src/akmngr_nss.c))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/keywrapers.c,libxmlsec/src/keywrapers.c))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/tokens.c,libxmlsec/src/tokens.c))
+
+ifeq ($(OS)$(COM),WNTGCC)
+$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
+ libxmlsec/xmlsec1-mingw32.patch \
+))
+endif
+
+ifeq ($(OS)$(CPU),MACOSXP)
+$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
+ libxmlsec/xmlsec1-1.2.14_old_automake.patch \
+))
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/include/akmngr_mscrypto.h b/libxmlsec/include/akmngr_mscrypto.h
new file mode 100644
index 000000000000..57ba811b3934
--- /dev/null
+++ b/libxmlsec/include/akmngr_mscrypto.h
@@ -0,0 +1,72 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright ..........................
+ */
+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
+#define __XMLSEC_MSCRYPTO_AKMNGR_H__
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
+xmlSecMSCryptoAppliedKeysMngrCreate(
+ HCERTSTORE keyStore ,
+ HCERTSTORE certStore
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY symKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY pubKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY priKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE keyStore
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE trustedStore
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE untrustedStore
+) ;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
+
+
+
diff --git a/libxmlsec/include/akmngr_nss.h b/libxmlsec/include/akmngr_nss.h
new file mode 100644
index 000000000000..a6b88301b405
--- /dev/null
+++ b/libxmlsec/include/akmngr_nss.h
@@ -0,0 +1,57 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright ..........................
+ */
+#ifndef __XMLSEC_NSS_AKMNGR_H__
+#define __XMLSEC_NSS_AKMNGR_H__
+
+#include <nss.h>
+#include <nspr.h>
+#include <pk11func.h>
+#include <cert.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
+xmlSecNssAppliedKeysMngrCreate(
+ PK11SlotInfo** slots,
+ int cSlots,
+ CERTCertDBHandle* handler
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ PK11SymKey* symKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPublicKey* pubKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPrivateKey* priKey
+) ;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
+
+
+
diff --git a/libxmlsec/include/ciphers.h b/libxmlsec/include/ciphers.h
new file mode 100644
index 000000000000..8088614dee74
--- /dev/null
+++ b/libxmlsec/include/ciphers.h
@@ -0,0 +1,36 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright ..........................
+ */
+#ifndef __XMLSEC_NSS_CIPHERS_H__
+#define __XMLSEC_NSS_CIPHERS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
+ PK11SymKey* symkey ) ;
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
+
+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
+
+
+
diff --git a/libxmlsec/include/tokens.h b/libxmlsec/include/tokens.h
new file mode 100644
index 000000000000..c7c0fa1ed500
--- /dev/null
+++ b/libxmlsec/include/tokens.h
@@ -0,0 +1,183 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Contributor(s): _____________________________
+ *
+ */
+#ifndef __XMLSEC_NSS_TOKENS_H__
+#define __XMLSEC_NSS_TOKENS_H__
+
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/list.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/**
+ * xmlSecNssKeySlotListId
+ *
+ * The crypto mechanism list klass
+ */
+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
+
+/*******************************************
+ * KeySlot interfaces
+ *******************************************/
+/**
+ * Internal NSS key slot data
+ * @mechanismList: the mechanisms that the slot bound with.
+ * @slot: the pkcs slot
+ *
+ * This context is located after xmlSecPtrList
+ */
+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
+
+struct _xmlSecNssKeySlot {
+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
+ PK11SlotInfo* slot ;
+} ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotSetMechList(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE_PTR mechanismList
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotEnableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotDisableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) ;
+
+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
+xmlSecNssKeySlotGetMechList(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotSetSlot(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotInitialize(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) ;
+
+XMLSEC_CRYPTO_EXPORT void
+xmlSecNssKeySlotFinalize(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
+xmlSecNssKeySlotGetSlot(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
+xmlSecNssKeySlotCreate() ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotCopy(
+ xmlSecNssKeySlotPtr newKeySlot ,
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
+xmlSecNssKeySlotDuplicate(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT void
+xmlSecNssKeySlotDestroy(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotBindMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotSupportMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) ;
+
+
+/************************************************************************
+ * PKCS#11 crypto token interfaces
+ *
+ * A PKCS#11 slot repository will be defined internally. From the
+ * repository, a user can specify a particular slot for a certain crypto
+ * mechanism.
+ *
+ * In some situation, some cryptographic operation should act in a user
+ * designated devices. The interfaces defined here provide the way. If
+ * the user do not initialize the repository distinctly, the interfaces
+ * use the default functions provided by NSS itself.
+ *
+ ************************************************************************/
+/**
+ * Initialize NSS pkcs#11 slot repository
+ *
+ * Returns 0 if success or -1 if an error occurs.
+ */
+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
+
+/**
+ * Shutdown and destroy NSS pkcs#11 slot repository
+ */
+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
+
+/**
+ * Get PKCS#11 slot handler
+ * @type the mechanism that the slot must support.
+ *
+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
+ *
+ * Notes: The returned handler must be destroied distinctly.
+ */
+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
+
+/**
+ * Adopt a pkcs#11 slot with a mechanism into the repository
+ * @slot: the pkcs#11 slot.
+ * @mech: the mechanism.
+ *
+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
+ * this mechanism only can perform on the @slot.
+ *
+ * Returns 0 if success or -1 if an error occurs.
+ */
+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_TOKENS_H__ */
+
+
diff --git a/libxmlsec/makefile.mk b/libxmlsec/makefile.mk
deleted file mode 100644
index c21668af13e8..000000000000
--- a/libxmlsec/makefile.mk
+++ /dev/null
@@ -1,249 +0,0 @@
-#*************************************************************************
-#
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# Copyright 2000, 2010 Oracle and/or its affiliates.
-#
-# OpenOffice.org - a multi-platform office productivity suite
-#
-# This file is part of OpenOffice.org.
-#
-# OpenOffice.org is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License version 3
-# only, as published by the Free Software Foundation.
-#
-# OpenOffice.org is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License version 3 for more details
-# (a copy is included in the LICENSE file that accompanied this code).
-#
-# You should have received a copy of the GNU Lesser General Public License
-# version 3 along with OpenOffice.org. If not, see
-# <http://www.openoffice.org/license.html>
-# for a copy of the LGPLv3 License.
-#
-#*************************************************************************
-
-PRJ=.
-
-PRJNAME=xmlsec1
-TARGET=so_xmlsec1
-EXTERNAL_WARNINGS_NOT_ERRORS := TRUE
-
-# --- Settings -----------------------------------------------------
-
-.INCLUDE : settings.mk
-
-.IF "$(OS)" == "ANDROID" || "$(OS)" == "IOS"
-@all:
- @echo "FIXME: XMLSec module not buildable yet on this platform"
-.ENDIF
-
-# --- Files --------------------------------------------------------
-
-XMLSEC1VERSION=1.2.14
-
-TARFILE_NAME=$(PRJNAME)-$(XMLSEC1VERSION)
-TARFILE_MD5=1f24ab1d39f4a51faf22244c94a6203f
-
-#xmlsec1-configure.patch: Set up the build. Straightforward configuration
-#xmlsec1-configure-libxml-libxslt.patch: empty "$with_libxml" prepends /bin :-(
-#xmlsec1-olderlibxml2.patch: Allow build against older libxml2, for macosx
-#xmlsec1-nssdisablecallbacks.patch: Disable use of smime3 so don't need to package it
-#xmlsec1-customkeymanage.patch: Could we do this alternatively outside xmlsec
-#xmlsec1-nssmangleciphers.patch: Dubious, do we still need this ?
-#xmlsec1-noverify.patch: As per readme.txt.
-#xmlsec1-mingw32.patch: Mingw32 support.
-#xmlsec1-mingw-customkeymanage-addmscrypto.patch: builds the custom keymanager on mingw
-#xmlsec1-vc.path: support for Visual C++ 10
-#xmlsec1-1.2.14-ansi.patch: otherwise, at least MacPorts autoreconf (GNU
-# Autoconf) 2.69 fails with "configure.in:50: error: automatic de-ANSI-fication
-# support has been removed" (cf. upstream <http://git.gnome.org/browse/xmlsec/
-# commit/?id=6a4968bc33f83aaf61efc0a80333350ce9c372f5> "error in macro
-# AM_C_PROTOTYPES (Roumen)")
-PATCH_FILES=\
- xmlsec1-configure.patch \
- xmlsec1-configure-libxml-libxslt.patch \
- xmlsec1-olderlibxml2.patch \
- xmlsec1-nssdisablecallbacks.patch \
- xmlsec1-customkeymanage.patch \
- xmlsec1-nssmangleciphers.patch \
- xmlsec1-noverify.patch \
- xmlsec1-mingw-keymgr-mscrypto.patch \
- xmlsec1-vc10.patch \
- xmlsec1-1.2.14_fix_extern_c.patch \
- xmlsec1-android.patch \
- xmlsec1-1.2.14-ansi.patch \
- xmlsec1-oldlibtool.patch
-
-.IF "$(GUI)$(COM)"=="WNTGCC"
- PATCH_FILES+=xmlsec1-mingw32.patch
-.ENDIF
-
-.IF "$(OS)$(CPU)"=="MACOSXP"
-PATCH_FILES+=xmlsec1-1.2.14_old_automake.patch
-EXTRA_LINKFLAGS+=-Wl,-dylib_file,@executable_path/libnssutil3.dylib:$(SOLARLIBDIR)/libnssutil3.dylib
-.ENDIF
-
-ADDITIONAL_FILES= \
- include/xmlsec/mscrypto/akmngr.h \
- src/mscrypto/akmngr.c \
- include/xmlsec/nss/akmngr.h \
- include/xmlsec/nss/ciphers.h \
- include/xmlsec/nss/tokens.h \
- src/nss/akmngr.c \
- src/nss/keywrapers.c \
- src/nss/tokens.c
-
-.IF "$(GUI)"=="WNT"
-CRYPTOLIB=mscrypto
-.ELSE
-CRYPTOLIB=nss
-.ENDIF
-
-.IF "$(OS)"=="WNT"
-.IF "$(COM)"=="GCC"
-xmlsec_CC=$(CC) -mthreads
-.IF "$(MINGW_SHARED_GCCLIB)"=="YES"
-xmlsec_CC+=-shared-libgcc
-.ENDIF
-xmlsec_LIBS=
-.IF "$(MINGW_SHARED_GXXLIB)"=="YES"
-xmlsec_LIBS+=$(MINGW_SHARED_LIBSTDCPP)
-.ENDIF
-CONF_ILIB=
-.IF "$(ILIB)" != ""
-CONF_ILIB=-L$(ILIB:s/;/ -L/)
-.ENDIF
-
-CONFIGURE_DIR=
-CONFIGURE_ACTION=autoreconf; ./configure
-
-BUILD_AND_HOST=--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) MINGW_SYSROOT=$(MINGW_SYSROOT) OBJDUMP="$(OBJDUMP)"
-
-CONFIGURE_FLAGS=--with-libxslt=no --with-openssl=no --with-gnutls=no --disable-crypto-dl $(BUILD_AND_HOST) CC="$(xmlsec_CC)" LDFLAGS="-Wl,--no-undefined $(CONF_ILIB)" LIBS="$(xmlsec_LIBS)" LIBXML2LIB="$(LIBXML2LIB)" ZLIB3RDLIB=$(ZLIB3RDLIB)
-
-.IF "$(SYSTEM_NSS)" != "YES"
-CONFIGURE_FLAGS+=--enable-pkgconfig=no
-.ENDIF
-BUILD_ACTION=$(GNUMAKE) -j$(GMAKE_MODULE_PARALLELISM)
-BUILD_DIR=$(CONFIGURE_DIR)
-
-.ELSE # "$(COM)"!="GCC"
-
-CONFIGURE_DIR=win32
-CONFIGURE_ACTION=cscript configure.js
-.IF "$(product)"!="full" && "$(CCNUMVER)" >= "001399999999"
-CONFIGURE_FLAGS=crypto=$(CRYPTOLIB) debug=yes xslt=no iconv=no static=no include=$(BASEINC) lib=$(BASELIB)
-.ELSE
-CONFIGURE_FLAGS=crypto=$(CRYPTOLIB) xslt=no iconv=no static=no include=$(BASEINC) lib=$(BASELIB)
-.ENDIF
-BUILD_ACTION=nmake
-BUILD_DIR=$(CONFIGURE_DIR)
-.ENDIF # "$(COM)"=="GCC"
-
-.ELSE # "$(OS)"!="WNT"
-
-.IF "$(GUI)"=="UNX"
-
-.IF "$(COM)"=="C52" && "$(CPU)"=="U"
-xmlsec_CFLAGS+=-m64
-.ENDIF
-
-.IF "$(SYSBASE)"!=""
-xmlsec_CFLAGS+=-I$(SYSBASE)/usr/include
-.IF "$(COMNAME)"=="sunpro5"
-xmlsec_CFLAGS+=$(C_RESTRICTIONFLAGS)
-.ENDIF # "$(COMNAME)"=="sunpro5"
-.IF "$(EXTRA_CFLAGS)"!=""
-xmlsec_CFLAGS+=$(EXTRA_CFLAGS)
-xmlsec_CPPFLAGS+=$(EXTRA_CFLAGS)
-.ENDIF # "$(EXTRA_CFLAGS)"!=""
-xmlsec_LDFLAGS+=-L$(SYSBASE)/usr/lib
-.ELIF "$(OS)"=="MACOSX" # "$(SYSBASE)"!=""
-xmlsec_CPPFLAGS+=$(EXTRA_CDEFS)
-.ENDIF
-
-.IF "$(OS)$(COM)"=="LINUXGCC" || "$(OS)$(COM)"=="FREEBSDGCC"
-xmlsec_LDFLAGS+=-Wl,-z,origin -Wl,-rpath,'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib'
-.ENDIF # "$(OS)$(COM)"=="LINUXGCC" || "$(OS)$(COM)"=="FREEBSDGCC"
-.IF "$(OS)$(COM)"=="SOLARISC52"
-xmlsec_LDFLAGS+=-Wl,-R'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib'
-.ENDIF # "$(OS)$(COM)"=="SOLARISC52"
-
-LDFLAGS:=$(xmlsec_LDFLAGS)
-.EXPORT: LDFLAGS
-
-.ENDIF
-CONFIGURE_DIR=
-CONFIGURE_ACTION=autoreconf; ./configure ADDCFLAGS="$(xmlsec_CFLAGS)" CPPFLAGS="$(xmlsec_CPPFLAGS)"
-
-.IF "$(OS)" == "MACOSX"
-.IF "$(ACLOCAL)" == ""
-ACLOCAL=aclocal
-.ENDIF
-CONFIGURE_ACTION:=ACLOCAL="$(ACLOCAL) -I $(SRCDIR)/m4/mac" $(CONFIGURE_ACTION)
-.ENDIF
-
-CONFIGURE_FLAGS=--with-pic --disable-shared --disable-crypto-dl --with-libxslt=no --with-gnutls=no LIBXML2LIB="$(LIBXML2LIB)"
-
-.IF "$(CROSS_COMPILING)"=="YES"
-CONFIGURE_FLAGS+= --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)
-.ENDIF
-
-.IF "$(OS)" == "ANDROID"
-CONFIGURE_FLAGS+=--with-openssl=$(SOLARVER)/$(INPATH)
-.ELSE
-CONFIGURE_FLAGS+=--with-openssl=no
-.ENDIF
-
-.IF "$(OS)" == "MACOSX"
-CONFIGURE_FLAGS += \
- --prefix=/@.__________________________________________________$(EXTRPATH)
-.END
-
-# system-mozilla needs pkgconfig to get the information about nss
-# FIXME: This also will enable pkg-config usage for libxml2. It *seems*
-# that the internal headers still are used when they are there but....
-# (and that pkg-config is allowed to fail...)
-# I have no real good idea how to get mozilla (nss) pkg-config'ed and libxml2
-# not... We need mozilla-nss pkg-config'ed since we can *not* just use
-# --with-nss or parse -pkg-config --libs / cflags mozilla-nss since
-# the lib may a) be in /usr/lib (Debian) and be not in $with_nss/include
-# $with_nss/lib.
-.IF "$(SYSTEM_NSS)" != "YES" || "$(OS)" == "MACOSX"
-CONFIGURE_FLAGS+=--enable-pkgconfig=no
-.ENDIF
-BUILD_ACTION=$(GNUMAKE) -j$(EXTMAXPROCESS)
-BUILD_DIR=$(CONFIGURE_DIR)
-.ENDIF
-
-
-OUTDIR2INC=include/xmlsec
-
-.IF "$(OS)"=="WNT"
-.IF "$(COM)"=="GCC"
-OUT2LIB+=src/.libs/libxmlsec1.dll.a src/nss/.libs/libxmlsec1-nss.dll.a
-OUT2BIN+=src/.libs/libxmlsec1.dll src/nss/.libs/libxmlsec1-nss.dll
-.IF "$(CROSS_COMPILING)" != "YES"
-OUT2LIB+=src/mscrypto/.libs/libxmlsec1-mscrypto.dll.a
-OUT2BIN+=src/mscrypto/.libs/libxmlsec1-mscrypto.dll
-.ENDIF
-.ELSE
-OUT2LIB+=win32/binaries/*.lib
-OUT2BIN+=win32/binaries/*.dll
-.ENDIF
-.ELIF "$(OS)" == "ANDROID"
-OUT2LIB+=src/.libs/libxmlsec1.a src/openssl/.libs/libxmlsec1-openssl.a
-.ELSE
-OUT2LIB+=src/.libs/libxmlsec1.a src/nss/.libs/libxmlsec1-nss.a
-.ENDIF
-
-# --- Targets ------------------------------------------------------
-
-.INCLUDE : set_ext.mk
-.INCLUDE : target.mk
-.INCLUDE : tg_ext.mk
-
-
diff --git a/libxmlsec/prj/d.lst b/libxmlsec/prj/d.lst
index 21896b57657b..e69de29bb2d1 100644
--- a/libxmlsec/prj/d.lst
+++ b/libxmlsec/prj/d.lst
@@ -1,9 +0,0 @@
-mkdir: %_DEST%\inc\external\xmlsec
-mkdir: %_DEST%\inc\external\xmlsec\nss
-mkdir: %_DEST%\inc\external\xmlsec\mscrypto
-..\%__SRC%\inc\xmlsec\*.h %_DEST%\inc\external\xmlsec\*.h
-..\%__SRC%\inc\xmlsec\nss\*.h %_DEST%\inc\external\xmlsec\nss\*.h
-..\%__SRC%\inc\xmlsec\mscrypto\*.h %_DEST%\inc\external\xmlsec\mscrypto\*.h
-..\%__SRC%\lib\lib*.a %_DEST%\lib
-..\%__SRC%\lib\*.lib %_DEST%\lib
-..\%__SRC%\bin\*.dll %_DEST%\bin
diff --git a/libxmlsec/prj/dmake b/libxmlsec/prj/dmake
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/libxmlsec/prj/dmake
+++ /dev/null
diff --git a/libxmlsec/src/akmngr_mscrypto.c b/libxmlsec/src/akmngr_mscrypto.c
new file mode 100644
index 000000000000..af9eef4ecfb6
--- /dev/null
+++ b/libxmlsec/src/akmngr_mscrypto.c
@@ -0,0 +1,237 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright.........................
+ */
+#include "globals.h"
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/keysstore.h>
+#include <xmlsec/mscrypto/akmngr.h>
+#include <xmlsec/mscrypto/x509.h>
+
+/**
+ * xmlSecMSCryptoAppliedKeysMngrCreate:
+ * @hKeyStore: the pointer to key store.
+ * @hCertStore: the pointer to certificate database.
+ *
+ * Create and load key store and certificate database into keys manager
+ *
+ * Returns keys manager pointer on success or NULL otherwise.
+ */
+xmlSecKeysMngrPtr
+xmlSecMSCryptoAppliedKeysMngrCreate(
+ HCERTSTORE hKeyStore ,
+ HCERTSTORE hCertStore
+) {
+ xmlSecKeyDataStorePtr certStore = NULL ;
+ xmlSecKeysMngrPtr keyMngr = NULL ;
+ xmlSecKeyStorePtr keyStore = NULL ;
+
+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyStoreCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return NULL ;
+ }
+
+ /*-
+ * At present, MS Crypto engine do not provide a way to setup a key store.
+ */
+ if( keyStore != NULL ) {
+ /*TODO: binding key store.*/
+ }
+
+ keyMngr = xmlSecKeysMngrCreate() ;
+ if( keyMngr == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Add key store to manager, from now on keys manager destroys the store if
+ * needed
+ */
+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Initialize crypto library specific data in keys manager
+ */
+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecMSCryptoKeysMngrInit" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Set certificate databse to X509 key data store
+ */
+ /*-
+ * At present, MS Crypto engine do not provide a way to setup a cert store.
+ */
+
+ /*-
+ * Set the getKey callback
+ */
+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
+
+ return keyMngr ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY symKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY pubKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY priKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE keyStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( keyStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE trustedStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE untrustedStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+
diff --git a/libxmlsec/src/akmngr_nss.c b/libxmlsec/src/akmngr_nss.c
new file mode 100644
index 000000000000..0eddf86ef931
--- /dev/null
+++ b/libxmlsec/src/akmngr_nss.c
@@ -0,0 +1,384 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright.........................
+ */
+#include "globals.h"
+
+#include <nspr.h>
+#include <nss.h>
+#include <pk11func.h>
+#include <cert.h>
+#include <keyhi.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/tokens.h>
+#include <xmlsec/nss/akmngr.h>
+#include <xmlsec/nss/pkikeys.h>
+#include <xmlsec/nss/ciphers.h>
+#include <xmlsec/nss/keysstore.h>
+
+/**
+ * xmlSecNssAppliedKeysMngrCreate:
+ * @slot: array of pointers to NSS PKCS#11 slot information.
+ * @cSlots: number of slots in the array
+ * @handler: the pointer to NSS certificate database.
+ *
+ * Create and load NSS crypto slot and certificate database into keys manager
+ *
+ * Returns keys manager pointer on success or NULL otherwise.
+ */
+xmlSecKeysMngrPtr
+xmlSecNssAppliedKeysMngrCreate(
+ PK11SlotInfo** slots,
+ int cSlots,
+ CERTCertDBHandle* handler
+) {
+ xmlSecKeyDataStorePtr certStore = NULL ;
+ xmlSecKeysMngrPtr keyMngr = NULL ;
+ xmlSecKeyStorePtr keyStore = NULL ;
+ int islot = 0;
+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyStoreCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return NULL ;
+ }
+
+ for (islot = 0; islot < cSlots; islot++)
+ {
+ xmlSecNssKeySlotPtr keySlot ;
+
+ /* Create a key slot */
+ keySlot = xmlSecNssKeySlotCreate() ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeySlotCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /* Set slot */
+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeySlotSetSlot" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return NULL ;
+ }
+
+ /* Adopt keySlot */
+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeysStoreAdoptKeySlot" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return NULL ;
+ }
+ }
+
+ keyMngr = xmlSecKeysMngrCreate() ;
+ if( keyMngr == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Add key store to manager, from now on keys manager destroys the store if
+ * needed
+ */
+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Initialize crypto library specific data in keys manager
+ */
+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Set certificate databse to X509 key data store
+ */
+ /**
+ * Because Tej's implementation of certDB use the default DB, so I ignore
+ * the certDB handler at present. I'll modify the cert store sources to
+ * accept particular certDB instead of default ones.
+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
+ if( certStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+ */
+
+ /*-
+ * Set the getKey callback
+ */
+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
+
+ return keyMngr ;
+}
+
+int
+xmlSecNssAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ PK11SymKey* symKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( symKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
+int
+xmlSecNssAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPublicKey* pubKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( pubKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssPKIAdoptKey" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
+int
+xmlSecNssAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPrivateKey* priKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( priKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssPKIAdoptKey" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
diff --git a/libxmlsec/src/keywrapers.c b/libxmlsec/src/keywrapers.c
new file mode 100644
index 000000000000..6066724c874b
--- /dev/null
+++ b/libxmlsec/src/keywrapers.c
@@ -0,0 +1,1213 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright .................................
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+#include <hasht.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/ciphers.h>
+
+#define XMLSEC_NSS_AES128_KEY_SIZE 16
+#define XMLSEC_NSS_AES192_KEY_SIZE 24
+#define XMLSEC_NSS_AES256_KEY_SIZE 32
+#define XMLSEC_NSS_DES3_KEY_SIZE 24
+#define XMLSEC_NSS_DES3_KEY_LENGTH 24
+#define XMLSEC_NSS_DES3_IV_LENGTH 8
+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
+
+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
+};
+
+/*********************************************************************
+ *
+ * key wrap transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
+
+#define xmlSecNssKeyWrapSize \
+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
+
+#define xmlSecNssKeyWrapGetCtx( transform ) \
+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+
+struct _xmlSecNssKeyWrapCtx {
+ CK_MECHANISM_TYPE cipher ;
+ PK11SymKey* symkey ;
+ xmlSecKeyDataId keyId ;
+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
+} ;
+
+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
+
+static int
+xmlSecNssKeyWrapCheckId(
+ xmlSecTransformPtr transform
+) {
+ #ifndef XMLSEC_NO_DES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+ return(1);
+ }
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
+
+ return(1);
+ }
+ #endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static xmlSecSize
+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+ return(XMLSEC_NSS_DES3_KEY_SIZE);
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
+ return(XMLSEC_NSS_AES128_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
+ return(XMLSEC_NSS_AES192_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ return(XMLSEC_NSS_AES256_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ return(XMLSEC_NSS_AES256_KEY_SIZE);
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1)
+ return(0);
+}
+
+
+static int
+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyWrapCtxPtr context ;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ #ifndef XMLSEC_NO_DES
+ if( transform->id == xmlSecNssTransformKWDes3Id ) {
+ context->cipher = CKM_DES3_CBC ;
+ context->keyId = xmlSecNssKeyDataDesId ;
+ } else
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( transform->id == xmlSecNssTransformKWAes128Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( transform->id == xmlSecNssTransformKWAes192Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( transform->id == xmlSecNssTransformKWAes256Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ #endif /* XMLSEC_NO_AES */
+
+
+ if( 1 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->symkey = NULL ;
+ context->material = NULL ;
+
+ return(0);
+}
+
+static void
+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyWrapCtxPtr context ;
+
+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert( context != NULL ) ;
+
+ if( context->symkey != NULL ) {
+ PK11_FreeSymKey( context->symkey ) ;
+ context->symkey = NULL ;
+ }
+
+ if( context->material != NULL ) {
+ xmlSecBufferDestroy(context->material);
+ context->material = NULL ;
+ }
+}
+
+static int
+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKeyWrapCtxPtr context ;
+ xmlSecSize cipherSize = 0 ;
+
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ keyReq->keyId = context->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKeyWrapCtxPtr context = NULL ;
+ xmlSecKeyDataPtr keyData = NULL ;
+ PK11SymKey* symkey = NULL ;
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+
+ keyData = xmlSecKeyGetValue( key ) ;
+ if( keyData == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+ "xmlSecKeyGetValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssSymKeyDataGetKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->symkey = symkey ;
+
+ return(0) ;
+}
+
+/**
+ * key wrap transform
+ */
+static int
+xmlSecNssKeyWrapCtxInit(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecSize blockSize ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ if( ctx->material != NULL ) {
+ xmlSecBufferDestroy( ctx->material ) ;
+ ctx->material = NULL ;
+ }
+
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ ctx->material = xmlSecBufferCreate( blockSize ) ;
+ if( ctx->material == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* read raw key material into context */
+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetData" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * key wrap transform update
+ */
+static int
+xmlSecNssKeyWrapCtxUpdate(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
+ xmlSecSize s;
+ xmlSecSize i;
+ xmlSecByte c;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ s = size / 2;
+ --size;
+ for(i = 0; i < s; ++i) {
+ c = buf[i];
+ buf[i] = buf[size - i];
+ buf[size - i] = c;
+ }
+ return(0);
+}
+
+static xmlSecByte *
+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize)
+{
+ PK11Context *context = NULL;
+ SECStatus s;
+ xmlSecByte *digest = NULL;
+ unsigned int len;
+
+ xmlSecAssert2(in != NULL, NULL);
+ xmlSecAssert2(out != NULL, NULL);
+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
+
+ /* Create a context for hashing (digesting) */
+ context = PK11_CreateDigestContext(SEC_OID_SHA1);
+ if (context == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestBegin(context);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestOp(context, in, inSize);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestFinal(context, out, &len, outSize);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+ xmlSecAssert2(len == SHA1_LENGTH, NULL);
+
+ digest = out;
+
+done:
+ if (context != NULL) {
+ PK11_DestroyContext(context, PR_TRUE);
+ }
+ return (digest);
+}
+
+static int
+xmlSecNssKWDes3Encrypt(
+ PK11SymKey* symKey ,
+ CK_MECHANISM_TYPE cipherMech ,
+ const xmlSecByte* iv ,
+ xmlSecSize ivSize ,
+ const xmlSecByte* in ,
+ xmlSecSize inSize ,
+ xmlSecByte* out ,
+ xmlSecSize outSize ,
+ int enc
+) {
+ PK11Context* EncContext = NULL;
+ SECItem ivItem ;
+ SECItem* secParam = NULL ;
+ int tmp1_outlen;
+ unsigned int tmp2_outlen;
+ int result_len = -1;
+ SECStatus rv;
+
+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( symKey != NULL , -1 ) ;
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Prepare IV */
+ ivItem.data = ( unsigned char* )iv ;
+ ivItem.len = ivSize ;
+
+ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
+ if (secParam == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ EncContext = PK11_CreateContextBySymKey(cipherMech,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
+ symKey, secParam);
+ if (EncContext == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ tmp1_outlen = tmp2_outlen = 0;
+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
+ (unsigned char *)in, inSize);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
+ &tmp2_outlen, outSize-tmp1_outlen);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ result_len = tmp1_outlen + tmp2_outlen;
+
+done:
+ if (secParam) {
+ SECITEM_FreeItem(secParam, PR_TRUE);
+ }
+ if (EncContext) {
+ PK11_DestroyContext(EncContext, PR_TRUE);
+ }
+
+ return(result_len);
+}
+
+static int
+xmlSecNssKeyWrapDesOp(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ int encrypt ,
+ xmlSecBufferPtr result
+) {
+ xmlSecByte sha1[SHA1_LENGTH];
+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
+ xmlSecByte* in;
+ xmlSecSize inSize;
+ xmlSecByte* out;
+ xmlSecSize outSize;
+ xmlSecSize s;
+ int ret;
+ SECStatus status;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( result != NULL , -1 ) ;
+
+ in = xmlSecBufferGetData(ctx->material);
+ inSize = xmlSecBufferGetSize(ctx->material) ;
+ out = xmlSecBufferGetData(result);
+ outSize = xmlSecBufferGetMaxSize(result) ;
+ if( encrypt ) {
+ /* step 2: calculate sha1 and CMS */
+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssComputeSHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 3: construct WKCKS */
+ memcpy(out, in, inSize);
+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
+
+ /* step 4: generate random iv */
+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ return(-1);
+ }
+
+ /* step 5: first encryption, result is TEMP1 */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
+ out, outSize, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 6: construct TEMP2=IV || TEMP1 */
+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
+ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
+
+ /* step 7: reverse octets order, result is TEMP3 */
+ ret = xmlSecNssKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 8: second encryption with static IV */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ out, s,
+ out, outSize, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret;
+
+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ /* step 2: first decryption with static IV, result is TEMP3 */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize, 0);
+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret;
+
+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
+ ret = xmlSecNssKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ out, XMLSEC_NSS_DES3_IV_LENGTH,
+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
+ out, outSize, 0);
+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
+
+ /* steps 6 and 7: calculate SHA1 and validate it */
+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssComputeSHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "SHA1 does not match");
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapAesOp(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ int encrypt ,
+ xmlSecBufferPtr result
+) {
+ PK11Context* cipherCtx = NULL;
+ SECItem ivItem ;
+ SECItem* secParam = NULL ;
+ xmlSecSize inSize ;
+ xmlSecSize inBlocks ;
+ int blockSize ;
+ int midSize ;
+ int finSize ;
+ xmlSecByte* out ;
+ xmlSecSize outSize;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( result != NULL , -1 ) ;
+
+ /* Do not set any IV */
+ memset(&ivItem, 0, sizeof(ivItem));
+
+ /* Get block size */
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inSize = xmlSecBufferGetSize( ctx->material ) ;
+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetMaxSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Get Param for context initialization */
+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ParamFromIV" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
+ if( cipherCtx == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_CreateContextBySymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
+ return(-1);
+ }
+
+ out = xmlSecBufferGetData(result) ;
+ outSize = xmlSecBufferGetMaxSize(result) ;
+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_CipherOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_DigestFinal" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return 0 ;
+}
+
+/**
+ * Block cipher transform final
+ */
+static int
+xmlSecNssKeyWrapCtxFinal(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ PK11SymKey* targetKey ;
+ xmlSecSize blockSize ;
+ xmlSecBufferPtr result ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Now we get all of the key materail */
+ /* from now on we will wrap or unwrap the key */
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ result = xmlSecBufferCreate( blockSize ) ;
+ if( result == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ switch( ctx->cipher ) {
+ case CKM_DES3_CBC :
+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssKeyWrapDesOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ break ;
+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
+ case CKM_AES_CBC :
+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssKeyWrapAesOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ break ;
+ }
+
+ /* Write output */
+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ xmlSecBufferDestroy(result);
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssKeyWrapCtxPtr context = NULL ;
+ xmlSecBufferPtr inBuf, outBuf ;
+ int operation ;
+ int rtv ;
+
+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inBuf = &( transform->inBuf ) ;
+ outBuf = &( transform->outBuf ) ;
+
+ if( transform->status == xmlSecTransformStatusNone ) {
+ transform->status = xmlSecTransformStatusWorking ;
+ }
+
+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+ if( transform->status == xmlSecTransformStatusWorking ) {
+ if( context->material == NULL ) {
+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxInit" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( context->material == NULL && last != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "No enough data to intialize transform" ) ;
+ return(-1);
+ }
+
+ if( context->material != NULL ) {
+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxUpdate" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( last ) {
+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxFinal" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished ;
+ }
+ } else if( transform->status == xmlSecTransformStatusFinished ) {
+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+ } else {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWAes128GetKlass:
+ *
+ * The AES-128 key wrapper transform klass.
+ *
+ * Returns AES-128 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes128GetKlass(void) {
+ return(&xmlSecNssKWAes128Klass);
+}
+
+/**
+ * xmlSecNssTransformKWAes192GetKlass:
+ *
+ * The AES-192 key wrapper transform klass.
+ *
+ * Returns AES-192 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes192GetKlass(void) {
+ return(&xmlSecNssKWAes192Klass);
+}
+
+/**
+ *
+ * The AES-256 key wrapper transform klass.
+ *
+ * Returns AES-256 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes256GetKlass(void) {
+ return(&xmlSecNssKWAes256Klass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+
+#ifndef XMLSEC_NO_DES
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWDes3GetKlass(void) {
+ return(&xmlSecNssKWDes3Klass);
+}
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/libxmlsec/src/tokens.c b/libxmlsec/src/tokens.c
new file mode 100644
index 000000000000..8f2a4f890339
--- /dev/null
+++ b/libxmlsec/src/tokens.c
@@ -0,0 +1,548 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright..................................
+ *
+ * Contributor(s): _____________________________
+ *
+ */
+
+/**
+ * In order to ensure that particular crypto operation is performed on
+ * particular crypto device, a subclass of xmlSecList is used to store slot and
+ * mechanism information.
+ *
+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
+ * this mechanism only can perform on the slot; otherwise, it can perform on
+ * every eligibl slot in the list.
+ *
+ * When try to find a slot for a particular mechanism, the slot bound with
+ * avaliable mechanism will be looked up firstly.
+ */
+#include "globals.h"
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/list.h>
+
+#include <xmlsec/nss/tokens.h>
+
+int
+xmlSecNssKeySlotSetMechList(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE_PTR mechanismList
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( keySlot->mechanismList != CK_NULL_PTR ) {
+ xmlFree( keySlot->mechanismList ) ;
+
+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( keySlot->mechanismList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ for( ; counter >= 0 ; counter -- )
+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
+ }
+
+ return( 0 );
+}
+
+int
+xmlSecNssKeySlotEnableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) {
+ int counter ;
+ CK_MECHANISM_TYPE_PTR newList ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( mechanism != CKM_INVALID_MECHANISM ) {
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( newList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
+ *( newList + counter ) = mechanism ;
+ for( counter -= 1 ; counter >= 0 ; counter -- )
+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
+
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = newList ;
+ }
+
+ return(0);
+}
+
+int
+xmlSecNssKeySlotDisableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ if( *( keySlot->mechanismList + counter ) == mechanism ) {
+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
+ }
+
+ break ;
+ }
+ }
+
+ return(0);
+}
+
+CK_MECHANISM_TYPE_PTR
+xmlSecNssKeySlotGetMechList(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ if( keySlot != NULL )
+ return keySlot->mechanismList ;
+ else
+ return NULL ;
+}
+
+int
+xmlSecNssKeySlotSetSlot(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) {
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( slot != NULL && keySlot->slot != slot ) {
+ if( keySlot->slot != NULL )
+ PK11_FreeSlot( keySlot->slot ) ;
+
+ if( keySlot->mechanismList != NULL ) {
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = NULL ;
+ }
+
+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ return(0);
+}
+
+int
+xmlSecNssKeySlotInitialize(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) {
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
+
+ if( slot != NULL ) {
+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ return(0);
+}
+
+void
+xmlSecNssKeySlotFinalize(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+
+ if( keySlot->mechanismList != NULL ) {
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = NULL ;
+ }
+
+ if( keySlot->slot != NULL ) {
+ PK11_FreeSlot( keySlot->slot ) ;
+ keySlot->slot = NULL ;
+ }
+
+}
+
+PK11SlotInfo*
+xmlSecNssKeySlotGetSlot(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ if( keySlot != NULL )
+ return keySlot->slot ;
+ else
+ return NULL ;
+}
+
+xmlSecNssKeySlotPtr
+xmlSecNssKeySlotCreate() {
+ xmlSecNssKeySlotPtr keySlot ;
+
+ /* Allocates a new xmlSecNssKeySlot and fill the fields */
+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
+
+ return( keySlot ) ;
+}
+
+int
+xmlSecNssKeySlotCopy(
+ xmlSecNssKeySlotPtr newKeySlot ,
+ xmlSecNssKeySlotPtr keySlot
+) {
+ CK_MECHANISM_TYPE_PTR mech ;
+ int counter ;
+
+ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
+ if( newKeySlot->slot != NULL )
+ PK11_FreeSlot( newKeySlot->slot ) ;
+
+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
+ }
+
+ if( keySlot->mechanismList != CK_NULL_PTR ) {
+ xmlFree( newKeySlot->mechanismList ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( newKeySlot->mechanismList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ for( ; counter >= 0 ; counter -- )
+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
+ }
+
+ return( 0 );
+}
+
+xmlSecNssKeySlotPtr
+xmlSecNssKeySlotDuplicate(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecNssKeySlotPtr newKeySlot ;
+ int ret ;
+
+ xmlSecAssert2( keySlot != NULL , NULL ) ;
+
+ newKeySlot = xmlSecNssKeySlotCreate() ;
+ if( newKeySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+
+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+
+ return( newKeySlot );
+}
+
+void
+xmlSecNssKeySlotDestroy(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+
+ if( keySlot->mechanismList != NULL )
+ xmlFree( keySlot->mechanismList ) ;
+
+ if( keySlot->slot != NULL )
+ PK11_FreeSlot( keySlot->slot ) ;
+
+ xmlFree( keySlot ) ;
+}
+
+int
+xmlSecNssKeySlotBindMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , 0 ) ;
+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ if( *( keySlot->mechanismList + counter ) == type )
+ return(1) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecNssKeySlotSupportMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) {
+ xmlSecAssert2( keySlot != NULL , 0 ) ;
+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
+
+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
+ return(1);
+ } else
+ return(0);
+}
+
+void
+xmlSecNssKeySlotDebugDump(
+ xmlSecNssKeySlotPtr keySlot ,
+ FILE* output
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+ xmlSecAssert( output != NULL ) ;
+
+ fprintf( output, "== KEY SLOT\n" );
+}
+
+void
+xmlSecNssKeySlotDebugXmlDump(
+ xmlSecNssKeySlotPtr keySlot ,
+ FILE* output
+) {
+}
+
+/**
+ * Key Slot List
+ */
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
+#else
+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
+#endif
+ BAD_CAST "mechanism-list",
+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
+};
+
+xmlSecPtrListId
+xmlSecNssKeySlotListGetKlass(void) {
+ return(&xmlSecNssKeySlotPtrListKlass);
+}
+
+
+/*-
+ * Global PKCS#11 crypto token repository -- Key slot list
+ */
+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
+
+PK11SlotInfo*
+xmlSecNssSlotGet(
+ CK_MECHANISM_TYPE type
+) {
+ PK11SlotInfo* slot = NULL ;
+ xmlSecNssKeySlotPtr keySlot ;
+ xmlSecSize ksSize ;
+ xmlSecSize ksPos ;
+ char flag ;
+
+ if( _xmlSecNssKeySlotList == NULL ) {
+ slot = PK11_GetBestSlot( type , NULL ) ;
+ } else {
+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
+
+ /*-
+ * Firstly, checking whether the mechanism is bound with a special slot.
+ * If no bound slot, we try to find the first eligible slot in the list.
+ */
+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
+ flag = 2 ;
+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
+ flag = 1 ;
+ }
+
+ if( flag == 2 )
+ break ;
+ }
+ if( slot != NULL )
+ slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ if( slot != NULL && PK11_NeedLogin( slot ) ) {
+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSlot( slot ) ;
+ return( NULL );
+ }
+ }
+
+ return slot ;
+}
+
+int
+xmlSecNssSlotInitialize(
+ void
+) {
+ if( _xmlSecNssKeySlotList != NULL ) {
+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
+ _xmlSecNssKeySlotList = NULL ;
+ }
+
+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
+ if( _xmlSecNssKeySlotList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+
+ return(0);
+}
+
+void
+xmlSecNssSlotShutdown(
+ void
+) {
+ if( _xmlSecNssKeySlotList != NULL ) {
+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
+ _xmlSecNssKeySlotList = NULL ;
+ }
+}
+
+int
+xmlSecNssSlotAdopt(
+ PK11SlotInfo* slot,
+ CK_MECHANISM_TYPE type
+) {
+ xmlSecNssKeySlotPtr keySlot ;
+ xmlSecSize ksSize ;
+ xmlSecSize ksPos ;
+ char flag ;
+
+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
+ xmlSecAssert2( slot != NULL, -1 ) ;
+
+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
+
+ /*-
+ * Firstly, checking whether the slot is in the repository already.
+ */
+ flag = 0 ;
+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
+ /* If find the slot in the list */
+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
+ /* If mechnism type is valid, bind the slot with the mechanism */
+ if( type != CKM_INVALID_MECHANISM ) {
+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ flag = 1 ;
+ }
+ }
+
+ /* If the slot do not in the list, add a new item to the list */
+ if( flag == 0 ) {
+ /* Create a new KeySlot */
+ keySlot = xmlSecNssKeySlotCreate() ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Initialize the keySlot with a slot */
+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return(-1);
+ }
+
+ /* If mechnism type is valid, bind the slot with the mechanism */
+ if( type != CKM_INVALID_MECHANISM ) {
+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return(-1);
+ }
+ }
+
+ /* Add keySlot into the list */
+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
diff --git a/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch b/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch
index f5bbf5ed9c46..4d9764549429 100644
--- a/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch
+++ b/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch
@@ -1,5 +1,5 @@
---- misc/build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h.ORIGINAL 2009-12-05 15:19:18.000000000 -0600
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h 2011-02-13 03:09:42.917240245 -0600
+--- build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h.ORIGINAL 2009-12-05 15:19:18.000000000 -0600
++++ build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h 2011-02-13 03:09:42.917240245 -0600
@@ -11,16 +11,16 @@
#ifndef __XMLSEC_H__
#define __XMLSEC_H__
diff --git a/libxmlsec/xmlsec1-android.patch b/libxmlsec/xmlsec1-android.patch
index 4a7d4e0e5f45..4b81b7c9803c 100644
--- a/libxmlsec/xmlsec1-android.patch
+++ b/libxmlsec/xmlsec1-android.patch
@@ -1,5 +1,5 @@
---- misc/build/xmlsec1-1.2.14/config.sub
-+++ misc/build/xmlsec1-1.2.14/config.sub
+--- build/xmlsec1-1.2.14/config.sub
++++ build/xmlsec1-1.2.14/config.sub
@@ -120,7 +120,7 @@
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
diff --git a/libxmlsec/xmlsec1-customkeymanage.patch b/libxmlsec/xmlsec1-customkeymanage.patch
index 8a9336881a98..1881ea923495 100644
--- a/libxmlsec/xmlsec1-customkeymanage.patch
+++ b/libxmlsec/xmlsec1-customkeymanage.patch
@@ -18,81 +18,6 @@
app.h \
certkeys.h \
crypto.h \
---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200
-@@ -1 +1,71 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
-+#define __XMLSEC_MSCRYPTO_AKMNGR_H__
-+
-+#include <windows.h>
-+#include <wincrypt.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecMSCryptoAppliedKeysMngrCreate(
-+ HCERTSTORE keyStore ,
-+ HCERTSTORE certStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY priKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE keyStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE trustedStore
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE untrustedStore
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
-+
-+
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
@@ -10,6 +10,9 @@
@@ -117,66 +42,6 @@
$(NULL)
all: all-am
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200
-@@ -1 +1,56 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_AKMNGR_H__
-+#define __XMLSEC_NSS_AKMNGR_H__
-+
-+#include <nss.h>
-+#include <nspr.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-+
-+
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
@@ -22,6 +22,9 @@
@@ -198,45 +63,6 @@
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
const char* filename,
xmlSecKeyDataType type);
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200
-@@ -1 +1,35 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_CIPHERS_H__
-+#define __XMLSEC_NSS_CIPHERS_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
-+ PK11SymKey* symkey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-+
-+
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
@@ -16,6 +16,8 @@
@@ -257,432 +83,6 @@
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
const char *uri,
xmlSecKeysMngrPtr keysMngr);
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200
-@@ -1 +1,182 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+#ifndef __XMLSEC_NSS_TOKENS_H__
-+#define __XMLSEC_NSS_TOKENS_H__
-+
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/list.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+/**
-+ * xmlSecNssKeySlotListId
-+ *
-+ * The crypto mechanism list klass
-+ */
-+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-+
-+/*******************************************
-+ * KeySlot interfaces
-+ *******************************************/
-+/**
-+ * Internal NSS key slot data
-+ * @mechanismList: the mechanisms that the slot bound with.
-+ * @slot: the pkcs slot
-+ *
-+ * This context is located after xmlSecPtrList
-+ */
-+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
-+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
-+
-+struct _xmlSecNssKeySlot {
-+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
-+ PK11SlotInfo* slot ;
-+} ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+
-+/************************************************************************
-+ * PKCS#11 crypto token interfaces
-+ *
-+ * A PKCS#11 slot repository will be defined internally. From the
-+ * repository, a user can specify a particular slot for a certain crypto
-+ * mechanism.
-+ *
-+ * In some situation, some cryptographic operation should act in a user
-+ * designated devices. The interfaces defined here provide the way. If
-+ * the user do not initialize the repository distinctly, the interfaces
-+ * use the default functions provided by NSS itself.
-+ *
-+ ************************************************************************/
-+/**
-+ * Initialize NSS pkcs#11 slot repository
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-+
-+/**
-+ * Shutdown and destroy NSS pkcs#11 slot repository
-+ */
-+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-+
-+/**
-+ * Get PKCS#11 slot handler
-+ * @type the mechanism that the slot must support.
-+ *
-+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
-+ *
-+ * Notes: The returned handler must be destroied distinctly.
-+ */
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-+
-+/**
-+ * Adopt a pkcs#11 slot with a mechanism into the repository
-+ * @slot: the pkcs#11 slot.
-+ * @mech: the mechanism.
-+ *
-+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
-+ * this mechanism only can perform on the @slot.
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_TOKENS_H__ */
-+
---- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200
-+++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200
-@@ -1 +1,236 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/keysmngr.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/mscrypto/crypto.h>
-+#include <xmlsec/mscrypto/keysstore.h>
-+#include <xmlsec/mscrypto/akmngr.h>
-+#include <xmlsec/mscrypto/x509.h>
-+
-+/**
-+ * xmlSecMSCryptoAppliedKeysMngrCreate:
-+ * @hKeyStore: the pointer to key store.
-+ * @hCertStore: the pointer to certificate database.
-+ *
-+ * Create and load key store and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecMSCryptoAppliedKeysMngrCreate(
-+ HCERTSTORE hKeyStore ,
-+ HCERTSTORE hCertStore
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+
-+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * At present, MS Crypto engine do not provide a way to setup a key store.
-+ */
-+ if( keyStore != NULL ) {
-+ /*TODO: binding key store.*/
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecMSCryptoKeysMngrInit" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /*-
-+ * At present, MS Crypto engine do not provide a way to setup a cert store.
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY symKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY pubKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ HCRYPTKEY priKey
-+) {
-+ /*TODO: import the key into keys manager.*/
-+ return(0) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE keyStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( keyStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE trustedStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
-+ xmlSecKeysMngrPtr mngr ,
-+ HCERTSTORE untrustedStore
-+) {
-+ xmlSecKeyDataStorePtr x509Store ;
-+
-+ xmlSecAssert2( mngr != NULL, -1 ) ;
-+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
-+
-+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
-+ if( x509Store == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
-+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 ) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
--- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
@@ -35,6 +35,9 @@
@@ -762,394 +162,6 @@
libxmlsec1_nss_la-bignum.lo: bignum.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
---- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200
-+++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200
-@@ -1 +1,384 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <nspr.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+#include <keyhi.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/keysstore.h>
-+
-+/**
-+ * xmlSecNssAppliedKeysMngrCreate:
-+ * @slot: array of pointers to NSS PKCS#11 slot information.
-+ * @cSlots: number of slots in the array
-+ * @handler: the pointer to NSS certificate database.
-+ *
-+ * Create and load NSS crypto slot and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+ int islot = 0;
-+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ for (islot = 0; islot < cSlots; islot++)
-+ {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Create a key slot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /* Set slot */
-+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotSetSlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+
-+ /* Adopt keySlot */
-+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeysStoreAdoptKeySlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /**
-+ * Because Tej's implementation of certDB use the default DB, so I ignore
-+ * the certDB handler at present. I'll modify the cert store sources to
-+ * accept particular certDB instead of default ones.
-+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
-+ if( certStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( pubKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( priKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
--- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200
@@ -23,8 +23,8 @@
@@ -2110,1223 +1122,6 @@
+ xmlFreeDoc(doc);
+ return(0);
}
---- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200
-+++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200
-@@ -1 +1,1213 @@
--dummy
-+/**
-+ *
-+ * XMLSec library
-+ *
-+ * AES Algorithm support
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright .................................
-+ */
-+#include "globals.h"
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <hasht.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+
-+#define XMLSEC_NSS_AES128_KEY_SIZE 16
-+#define XMLSEC_NSS_AES192_KEY_SIZE 24
-+#define XMLSEC_NSS_AES256_KEY_SIZE 32
-+#define XMLSEC_NSS_DES3_KEY_SIZE 24
-+#define XMLSEC_NSS_DES3_KEY_LENGTH 24
-+#define XMLSEC_NSS_DES3_IV_LENGTH 8
-+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
-+
-+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
-+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
-+};
-+
-+/*********************************************************************
-+ *
-+ * key wrap transforms
-+ *
-+ ********************************************************************/
-+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
-+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
-+
-+#define xmlSecNssKeyWrapSize \
-+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
-+
-+#define xmlSecNssKeyWrapGetCtx( transform ) \
-+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
-+
-+struct _xmlSecNssKeyWrapCtx {
-+ CK_MECHANISM_TYPE cipher ;
-+ PK11SymKey* symkey ;
-+ xmlSecKeyDataId keyId ;
-+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
-+} ;
-+
-+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
-+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
-+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
-+ xmlSecKeyReqPtr keyReq);
-+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
-+ xmlSecKeyPtr key);
-+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
-+ int last,
-+ xmlSecTransformCtxPtr transformCtx);
-+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
-+
-+static int
-+xmlSecNssKeyWrapCheckId(
-+ xmlSecTransformPtr transform
-+) {
-+ #ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
-+ return(1);
-+ }
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
-+
-+ return(1);
-+ }
-+ #endif /* XMLSEC_NO_AES */
-+
-+ return(0);
-+}
-+
-+static xmlSecSize
-+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
-+#ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
-+ return(XMLSEC_NSS_DES3_KEY_SIZE);
-+ } else
-+#endif /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
-+ return(XMLSEC_NSS_AES128_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
-+ return(XMLSEC_NSS_AES192_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
-+ return(XMLSEC_NSS_AES256_KEY_SIZE);
-+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
-+ return(XMLSEC_NSS_AES256_KEY_SIZE);
-+ } else
-+#endif /* XMLSEC_NO_AES */
-+
-+ if(1)
-+ return(0);
-+}
-+
-+
-+static int
-+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+ int ret;
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ #ifndef XMLSEC_NO_DES
-+ if( transform->id == xmlSecNssTransformKWDes3Id ) {
-+ context->cipher = CKM_DES3_CBC ;
-+ context->keyId = xmlSecNssKeyDataDesId ;
-+ } else
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( transform->id == xmlSecNssTransformKWAes128Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( transform->id == xmlSecNssTransformKWAes192Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( transform->id == xmlSecNssTransformKWAes256Id ) {
-+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ #endif /* XMLSEC_NO_AES */
-+
-+
-+ if( 1 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->symkey = NULL ;
-+ context->material = NULL ;
-+
-+ return(0);
-+}
-+
-+static void
-+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+
-+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
-+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert( context != NULL ) ;
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+
-+ if( context->material != NULL ) {
-+ xmlSecBufferDestroy(context->material);
-+ context->material = NULL ;
-+ }
-+}
-+
-+static int
-+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
-+ xmlSecNssKeyWrapCtxPtr context ;
-+ xmlSecSize cipherSize = 0 ;
-+
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(keyReq != NULL, -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ xmlSecAssert2( context != NULL , -1 ) ;
-+
-+ keyReq->keyId = context->keyId;
-+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
-+ if(transform->operation == xmlSecTransformOperationEncrypt) {
-+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
-+ } else {
-+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
-+ }
-+
-+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
-+ xmlSecNssKeyWrapCtxPtr context = NULL ;
-+ xmlSecKeyDataPtr keyData = NULL ;
-+ PK11SymKey* symkey = NULL ;
-+
-+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
-+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-+
-+ keyData = xmlSecKeyGetValue( key ) ;
-+ if( keyData == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
-+ "xmlSecKeyGetValue" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
-+ "xmlSecNssSymKeyDataGetKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ context->symkey = symkey ;
-+
-+ return(0) ;
-+}
-+
-+/**
-+ * key wrap transform
-+ */
-+static int
-+xmlSecNssKeyWrapCtxInit(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecSize blockSize ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ if( ctx->material != NULL ) {
-+ xmlSecBufferDestroy( ctx->material ) ;
-+ ctx->material = NULL ;
-+ }
-+
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ ctx->material = xmlSecBufferCreate( blockSize ) ;
-+ if( ctx->material == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* read raw key material into context */
-+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetData" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+/**
-+ * key wrap transform update
-+ */
-+static int
-+xmlSecNssKeyWrapCtxUpdate(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
-+ xmlSecSize s;
-+ xmlSecSize i;
-+ xmlSecByte c;
-+
-+ xmlSecAssert2(buf != NULL, -1);
-+
-+ s = size / 2;
-+ --size;
-+ for(i = 0; i < s; ++i) {
-+ c = buf[i];
-+ buf[i] = buf[size - i];
-+ buf[size - i] = c;
-+ }
-+ return(0);
-+}
-+
-+static xmlSecByte *
-+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
-+ xmlSecByte *out, xmlSecSize outSize)
-+{
-+ PK11Context *context = NULL;
-+ SECStatus s;
-+ xmlSecByte *digest = NULL;
-+ unsigned int len;
-+
-+ xmlSecAssert2(in != NULL, NULL);
-+ xmlSecAssert2(out != NULL, NULL);
-+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
-+
-+ /* Create a context for hashing (digesting) */
-+ context = PK11_CreateDigestContext(SEC_OID_SHA1);
-+ if (context == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CreateDigestContext",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestBegin(context);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestBegin",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestOp(context, in, inSize);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestOp",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ s = PK11_DigestFinal(context, out, &len, outSize);
-+ if (s != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestFinal",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+ xmlSecAssert2(len == SHA1_LENGTH, NULL);
-+
-+ digest = out;
-+
-+done:
-+ if (context != NULL) {
-+ PK11_DestroyContext(context, PR_TRUE);
-+ }
-+ return (digest);
-+}
-+
-+static int
-+xmlSecNssKWDes3Encrypt(
-+ PK11SymKey* symKey ,
-+ CK_MECHANISM_TYPE cipherMech ,
-+ const xmlSecByte* iv ,
-+ xmlSecSize ivSize ,
-+ const xmlSecByte* in ,
-+ xmlSecSize inSize ,
-+ xmlSecByte* out ,
-+ xmlSecSize outSize ,
-+ int enc
-+) {
-+ PK11Context* EncContext = NULL;
-+ SECItem ivItem ;
-+ SECItem* secParam = NULL ;
-+ int tmp1_outlen;
-+ unsigned int tmp2_outlen;
-+ int result_len = -1;
-+ SECStatus rv;
-+
-+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+ xmlSecAssert2(iv != NULL, -1);
-+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
-+ xmlSecAssert2(in != NULL, -1);
-+ xmlSecAssert2(inSize > 0, -1);
-+ xmlSecAssert2(out != NULL, -1);
-+ xmlSecAssert2(outSize >= inSize, -1);
-+
-+ /* Prepare IV */
-+ ivItem.data = ( unsigned char* )iv ;
-+ ivItem.len = ivSize ;
-+
-+ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
-+ if (secParam == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_ParamFromIV",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ EncContext = PK11_CreateContextBySymKey(cipherMech,
-+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
-+ symKey, secParam);
-+ if (EncContext == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CreateContextBySymKey",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ tmp1_outlen = tmp2_outlen = 0;
-+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
-+ (unsigned char *)in, inSize);
-+ if (rv != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_CipherOp",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
-+ &tmp2_outlen, outSize-tmp1_outlen);
-+ if (rv != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_DigestFinal",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "Error code = %d", PORT_GetError());
-+ goto done;
-+ }
-+
-+ result_len = tmp1_outlen + tmp2_outlen;
-+
-+done:
-+ if (secParam) {
-+ SECITEM_FreeItem(secParam, PR_TRUE);
-+ }
-+ if (EncContext) {
-+ PK11_DestroyContext(EncContext, PR_TRUE);
-+ }
-+
-+ return(result_len);
-+}
-+
-+static int
-+xmlSecNssKeyWrapDesOp(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ int encrypt ,
-+ xmlSecBufferPtr result
-+) {
-+ xmlSecByte sha1[SHA1_LENGTH];
-+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
-+ xmlSecByte* in;
-+ xmlSecSize inSize;
-+ xmlSecByte* out;
-+ xmlSecSize outSize;
-+ xmlSecSize s;
-+ int ret;
-+ SECStatus status;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( result != NULL , -1 ) ;
-+
-+ in = xmlSecBufferGetData(ctx->material);
-+ inSize = xmlSecBufferGetSize(ctx->material) ;
-+ out = xmlSecBufferGetData(result);
-+ outSize = xmlSecBufferGetMaxSize(result) ;
-+ if( encrypt ) {
-+ /* step 2: calculate sha1 and CMS */
-+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssComputeSHA1",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 3: construct WKCKS */
-+ memcpy(out, in, inSize);
-+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
-+
-+ /* step 4: generate random iv */
-+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
-+ if(status != SECSuccess) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "PK11_GenerateRandom",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ "error code = %d", PORT_GetError());
-+ return(-1);
-+ }
-+
-+ /* step 5: first encryption, result is TEMP1 */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, outSize, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 6: construct TEMP2=IV || TEMP1 */
-+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
-+ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
-+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
-+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
-+
-+ /* step 7: reverse octets order, result is TEMP3 */
-+ ret = xmlSecNssKWDes3BufferReverse(out, s);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3BufferReverse",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* step 8: second encryption with static IV */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, s,
-+ out, outSize, 1);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret;
-+
-+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferSetSize",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ } else {
-+ /* step 2: first decryption with static IV, result is TEMP3 */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
-+ in, inSize,
-+ out, outSize, 0);
-+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret;
-+
-+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
-+ ret = xmlSecNssKWDes3BufferReverse(out, s);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3BufferReverse",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
-+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
-+ out, XMLSEC_NSS_DES3_IV_LENGTH,
-+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
-+ out, outSize, 0);
-+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssKWDes3Encrypt",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
-+
-+ /* steps 6 and 7: calculate SHA1 and validate it */
-+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecNssComputeSHA1",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ NULL,
-+ XMLSEC_ERRORS_R_INVALID_DATA,
-+ "SHA1 does not match");
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ "xmlSecBufferSetSize",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapAesOp(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ int encrypt ,
-+ xmlSecBufferPtr result
-+) {
-+ PK11Context* cipherCtx = NULL;
-+ SECItem ivItem ;
-+ SECItem* secParam = NULL ;
-+ xmlSecSize inSize ;
-+ xmlSecSize inBlocks ;
-+ int blockSize ;
-+ int midSize ;
-+ int finSize ;
-+ xmlSecByte* out ;
-+ xmlSecSize outSize;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( result != NULL , -1 ) ;
-+
-+ /* Do not set any IV */
-+ memset(&ivItem, 0, sizeof(ivItem));
-+
-+ /* Get block size */
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ inSize = xmlSecBufferGetSize( ctx->material ) ;
-+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetMaxSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Get Param for context initialization */
-+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_ParamFromIV" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
-+ if( cipherCtx == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_CreateContextBySymKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
-+ return(-1);
-+ }
-+
-+ out = xmlSecBufferGetData(result) ;
-+ outSize = xmlSecBufferGetMaxSize(result) ;
-+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_CipherOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_DigestFinal" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ return 0 ;
-+}
-+
-+/**
-+ * Block cipher transform final
-+ */
-+static int
-+xmlSecNssKeyWrapCtxFinal(
-+ xmlSecNssKeyWrapCtxPtr ctx ,
-+ xmlSecBufferPtr in ,
-+ xmlSecBufferPtr out ,
-+ int encrypt ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ PK11SymKey* targetKey ;
-+ xmlSecSize blockSize ;
-+ xmlSecBufferPtr result ;
-+
-+ xmlSecAssert2( ctx != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
-+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
-+ xmlSecAssert2( in != NULL , -1 ) ;
-+ xmlSecAssert2( out != NULL , -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ /* read raw key material and append into context */
-+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Now we get all of the key materail */
-+ /* from now on we will wrap or unwrap the key */
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ result = xmlSecBufferCreate( blockSize ) ;
-+ if( result == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ switch( ctx->cipher ) {
-+ case CKM_DES3_CBC :
-+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssKeyWrapDesOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ break ;
-+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
-+ case CKM_AES_CBC :
-+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssKeyWrapAesOp" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ break ;
-+ }
-+
-+ /* Write output */
-+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferAppend" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy(result);
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(result);
-+
-+ return(0);
-+}
-+
-+static int
-+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
-+ xmlSecNssKeyWrapCtxPtr context = NULL ;
-+ xmlSecBufferPtr inBuf, outBuf ;
-+ int operation ;
-+ int rtv ;
-+
-+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-+
-+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ inBuf = &( transform->inBuf ) ;
-+ outBuf = &( transform->outBuf ) ;
-+
-+ if( transform->status == xmlSecTransformStatusNone ) {
-+ transform->status = xmlSecTransformStatusWorking ;
-+ }
-+
-+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
-+ if( transform->status == xmlSecTransformStatusWorking ) {
-+ if( context->material == NULL ) {
-+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxInit" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( context->material == NULL && last != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "No enough data to intialize transform" ) ;
-+ return(-1);
-+ }
-+
-+ if( context->material != NULL ) {
-+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxUpdate" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ if( last ) {
-+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
-+ if( rtv < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssKeyWrapCtxFinal" ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ transform->status = xmlSecTransformStatusFinished ;
-+ }
-+ } else if( transform->status == xmlSecTransformStatusFinished ) {
-+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+ } else {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+#ifndef XMLSEC_NO_AES
-+
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes128, /* const xmlChar* name; */
-+ xmlSecHrefKWAes128, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes192, /* const xmlChar* name; */
-+ xmlSecHrefKWAes192, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWAes256, /* const xmlChar* name; */
-+ xmlSecHrefKWAes256, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+/**
-+ * xmlSecNssTransformKWAes128GetKlass:
-+ *
-+ * The AES-128 key wrapper transform klass.
-+ *
-+ * Returns AES-128 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes128GetKlass(void) {
-+ return(&xmlSecNssKWAes128Klass);
-+}
-+
-+/**
-+ * xmlSecNssTransformKWAes192GetKlass:
-+ *
-+ * The AES-192 key wrapper transform klass.
-+ *
-+ * Returns AES-192 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes192GetKlass(void) {
-+ return(&xmlSecNssKWAes192Klass);
-+}
-+
-+/**
-+ *
-+ * The AES-256 key wrapper transform klass.
-+ *
-+ * Returns AES-256 key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWAes256GetKlass(void) {
-+ return(&xmlSecNssKWAes256Klass);
-+}
-+
-+#endif /* XMLSEC_NO_AES */
-+
-+
-+#ifndef XMLSEC_NO_DES
-+
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-+#else
-+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-+#endif
-+ /* klass/object sizes */
-+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
-+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-+
-+ xmlSecNameKWDes3, /* const xmlChar* name; */
-+ xmlSecHrefKWDes3, /* const xmlChar* href; */
-+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-+
-+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
-+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
-+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
-+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
-+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
-+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
-+ NULL, /* xmlSecTransformValidateMethod validate; */
-+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
-+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
-+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
-+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
-+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
-+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-+
-+ NULL, /* void* reserved0; */
-+ NULL, /* void* reserved1; */
-+};
-+
-+/**
-+ * xmlSecNssTransformKWDes3GetKlass:
-+ *
-+ * The Triple DES key wrapper transform klass.
-+ *
-+ * Returns Triple DES key wrapper transform klass.
-+ */
-+xmlSecTransformId
-+xmlSecNssTransformKWDes3GetKlass(void) {
-+ return(&xmlSecNssKWDes3Klass);
-+}
-+
-+#endif /* XMLSEC_NO_DES */
-+
--- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200
@@ -24,6 +24,7 @@
@@ -4360,558 +2155,6 @@
/* data */
xmlSecNameHMACKeyValue,
---- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200
-+++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200
-@@ -1 +1,548 @@
--dummy
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright..................................
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+
-+/**
-+ * In order to ensure that particular crypto operation is performed on
-+ * particular crypto device, a subclass of xmlSecList is used to store slot and
-+ * mechanism information.
-+ *
-+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
-+ * this mechanism only can perform on the slot; otherwise, it can perform on
-+ * every eligibl slot in the list.
-+ *
-+ * When try to find a slot for a particular mechanism, the slot bound with
-+ * avaliable mechanism will be looked up firstly.
-+ */
-+#include "globals.h"
-+#include <string.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/errors.h>
-+#include <xmlsec/list.h>
-+
-+#include <xmlsec/nss/tokens.h>
-+
-+int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( keySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+ CK_MECHANISM_TYPE_PTR newList ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( mechanism != CKM_INVALID_MECHANISM ) {
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
-+ *( newList + counter ) = mechanism ;
-+ for( counter -= 1 ; counter >= 0 ; counter -- )
-+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
-+
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = newList ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == mechanism ) {
-+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
-+ }
-+
-+ break ;
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->mechanismList ;
-+ else
-+ return NULL ;
-+}
-+
-+int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( slot != NULL && keySlot->slot != slot ) {
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
-+
-+ if( slot != NULL ) {
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ if( keySlot->slot != NULL ) {
-+ PK11_FreeSlot( keySlot->slot ) ;
-+ keySlot->slot = NULL ;
-+ }
-+
-+}
-+
-+PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->slot ;
-+ else
-+ return NULL ;
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Allocates a new xmlSecNssKeySlot and fill the fields */
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
-+
-+ return( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ CK_MECHANISM_TYPE_PTR mech ;
-+ int counter ;
-+
-+ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
-+ if( newKeySlot->slot != NULL )
-+ PK11_FreeSlot( newKeySlot->slot ) ;
-+
-+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
-+ }
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( newKeySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newKeySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeySlotPtr newKeySlot ;
-+ int ret ;
-+
-+ xmlSecAssert2( keySlot != NULL , NULL ) ;
-+
-+ newKeySlot = xmlSecNssKeySlotCreate() ;
-+ if( newKeySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ return( newKeySlot );
-+}
-+
-+void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL )
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ xmlFree( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == type )
-+ return(1) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
-+ return(1);
-+ } else
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotDebugDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+ xmlSecAssert( output != NULL ) ;
-+
-+ fprintf( output, "== KEY SLOT\n" );
-+}
-+
-+void
-+xmlSecNssKeySlotDebugXmlDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+}
-+
-+/**
-+ * Key Slot List
-+ */
-+#ifdef __MINGW32__ // for runtime-pseudo-reloc
-+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-+#else
-+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-+#endif
-+ BAD_CAST "mechanism-list",
-+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
-+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
-+};
-+
-+xmlSecPtrListId
-+xmlSecNssKeySlotListGetKlass(void) {
-+ return(&xmlSecNssKeySlotPtrListKlass);
-+}
-+
-+
-+/*-
-+ * Global PKCS#11 crypto token repository -- Key slot list
-+ */
-+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
-+
-+PK11SlotInfo*
-+xmlSecNssSlotGet(
-+ CK_MECHANISM_TYPE type
-+) {
-+ PK11SlotInfo* slot = NULL ;
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ slot = PK11_GetBestSlot( type , NULL ) ;
-+ } else {
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the mechanism is bound with a special slot.
-+ * If no bound slot, we try to find the first eligible slot in the list.
-+ */
-+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 2 ;
-+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 1 ;
-+ }
-+
-+ if( flag == 2 )
-+ break ;
-+ }
-+ if( slot != NULL )
-+ slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ if( slot != NULL && PK11_NeedLogin( slot ) ) {
-+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return( NULL );
-+ }
-+ }
-+
-+ return slot ;
-+}
-+
-+int
-+xmlSecNssSlotInitialize(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+
-+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssSlotShutdown(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+}
-+
-+int
-+xmlSecNssSlotAdopt(
-+ PK11SlotInfo* slot,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
-+ xmlSecAssert2( slot != NULL, -1 ) ;
-+
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the slot is in the repository already.
-+ */
-+ flag = 0 ;
-+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ /* If find the slot in the list */
-+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ flag = 1 ;
-+ }
-+ }
-+
-+ /* If the slot do not in the list, add a new item to the list */
-+ if( flag == 0 ) {
-+ /* Create a new KeySlot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Initialize the keySlot with a slot */
-+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ /* Add keySlot into the list */
-+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ return(0);
-+}
-+
--- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200
+++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200
@@ -34,7 +34,6 @@
diff --git a/libxmlsec/xmlsec1-update-config-sub-and-guess.patch b/libxmlsec/xmlsec1-update-config-sub-and-guess.patch
deleted file mode 100644
index a0caf352c99b..000000000000
--- a/libxmlsec/xmlsec1-update-config-sub-and-guess.patch
+++ /dev/null
@@ -1,2314 +0,0 @@
---- misc/xmlsec1-1.2.12/config.guess 2010-04-15 09:29:35.000000000 +0000
-+++ misc/build/xmlsec1-1.2.12/config.guess 2010-04-15 09:29:46.000000000 +0000
-@@ -1,9 +1,10 @@
- #! /bin/sh
- # Attempt to guess a canonical system name.
- # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
--# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
-+# Free Software Foundation, Inc.
-
--timestamp='2003-06-17'
-+timestamp='2009-12-30'
-
- # This file is free software; you can redistribute it and/or modify it
- # under the terms of the GNU General Public License as published by
-@@ -17,23 +18,25 @@
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
--# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-+# 02110-1301, USA.
- #
- # As a special exception to the GNU General Public License, if you
- # distribute this file as part of a program that contains a
- # configuration script generated by Autoconf, you may include it under
- # the same distribution terms that you use for the rest of that program.
-
--# Originally written by Per Bothner <per@bothner.com>.
--# Please send patches to <config-patches@gnu.org>. Submit a context
--# diff and a properly formatted ChangeLog entry.
-+
-+# Originally written by Per Bothner. Please send patches (context
-+# diff format) to <config-patches@gnu.org> and include a ChangeLog
-+# entry.
- #
- # This script attempts to guess a canonical system name similar to
- # config.sub. If it succeeds, it prints the system name on stdout, and
- # exits with 0. Otherwise, it exits with 1.
- #
--# The plan is that this can be called by configure scripts if you
--# don't specify an explicit build system type.
-+# You can get the latest version of this script from:
-+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
-
- me=`echo "$0" | sed -e 's,.*/,,'`
-
-@@ -53,8 +56,9 @@
- GNU config.guess ($timestamp)
-
- Originally written by Per Bothner.
--Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
--Free Software Foundation, Inc.
-+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
-+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
-+Software Foundation, Inc.
-
- This is free software; see the source for copying conditions. There is NO
- warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-@@ -66,11 +70,11 @@
- while test $# -gt 0 ; do
- case $1 in
- --time-stamp | --time* | -t )
-- echo "$timestamp" ; exit 0 ;;
-+ echo "$timestamp" ; exit ;;
- --version | -v )
-- echo "$version" ; exit 0 ;;
-+ echo "$version" ; exit ;;
- --help | --h* | -h )
-- echo "$usage"; exit 0 ;;
-+ echo "$usage"; exit ;;
- -- ) # Stop option processing
- shift; break ;;
- - ) # Use stdin as input.
-@@ -104,7 +108,7 @@
- trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
- trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
- : ${TMPDIR=/tmp} ;
-- { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
-+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
-@@ -123,7 +127,7 @@
- ;;
- ,,*) CC_FOR_BUILD=$CC ;;
- ,*,*) CC_FOR_BUILD=$HOST_CC ;;
--esac ;'
-+esac ; set_cc_for_build= ;'
-
- # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
- # (ghazi@noc.rutgers.edu 1994-08-24)
-@@ -136,13 +140,6 @@
- UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
- UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-
--## for Red Hat Linux
--if test -f /etc/redhat-release ; then
-- VENDOR=redhat ;
--else
-- VENDOR= ;
--fi
--
- # Note: order is significant - the case branches are not exclusive.
-
- case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
-@@ -165,6 +162,7 @@
- arm*) machine=arm-unknown ;;
- sh3el) machine=shl-unknown ;;
- sh3eb) machine=sh-unknown ;;
-+ sh5el) machine=sh5le-unknown ;;
- *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
- esac
- # The Operating System including object format, if it has switched
-@@ -173,7 +171,7 @@
- arm*|i386|m68k|ns32k|sh3*|sparc|vax)
- eval $set_cc_for_build
- if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
-- | grep __ELF__ >/dev/null
-+ | grep -q __ELF__
- then
- # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
- # Return netbsd for either. FIX?
-@@ -203,50 +201,32 @@
- # contains redundant information, the shorter form:
- # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- echo "${machine}-${os}${release}"
-- exit 0 ;;
-- amiga:OpenBSD:*:*)
-- echo m68k-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- arc:OpenBSD:*:*)
-- echo mipsel-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- hp300:OpenBSD:*:*)
-- echo m68k-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- mac68k:OpenBSD:*:*)
-- echo m68k-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- macppc:OpenBSD:*:*)
-- echo powerpc-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- mvme68k:OpenBSD:*:*)
-- echo m68k-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- mvme88k:OpenBSD:*:*)
-- echo m88k-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- mvmeppc:OpenBSD:*:*)
-- echo powerpc-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- pmax:OpenBSD:*:*)
-- echo mipsel-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- sgi:OpenBSD:*:*)
-- echo mipseb-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- sun3:OpenBSD:*:*)
-- echo m68k-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-- wgrisc:OpenBSD:*:*)
-- echo mipsel-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:OpenBSD:*:*)
-- echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
-- exit 0 ;;
-+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
-+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
-+ exit ;;
-+ *:ekkoBSD:*:*)
-+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
-+ exit ;;
-+ *:SolidBSD:*:*)
-+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
-+ exit ;;
-+ macppc:MirBSD:*:*)
-+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
-+ exit ;;
-+ *:MirBSD:*:*)
-+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
-+ exit ;;
- alpha:OSF1:*:*)
-- if test $UNAME_RELEASE = "V4.0"; then
-+ case $UNAME_RELEASE in
-+ *4.0)
- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
-- fi
-+ ;;
-+ *5.*)
-+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
-+ ;;
-+ esac
- # According to Compaq, /usr/sbin/psrinfo has been available on
- # OSF/1 and Tru64 systems produced since 1995. I hope that
- # covers most systems running today. This code pipes the CPU
-@@ -284,42 +264,49 @@
- "EV7.9 (21364A)")
- UNAME_MACHINE="alphaev79" ;;
- esac
-+ # A Pn.n version is a patched version.
- # A Vn.n version is a released version.
- # A Tn.n version is a released field test version.
- # A Xn.n version is an unreleased experimental baselevel.
- # 1.2 uses "1.2" for uname -r.
-- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-- exit 0 ;;
-- Alpha*:OpenVMS:*:*)
-- echo alpha-hp-vms
-- exit 0 ;;
-+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-+ exit ;;
- Alpha\ *:Windows_NT*:*)
- # How do we know it's Interix rather than the generic POSIX subsystem?
- # Should we change UNAME_MACHINE based on the output of uname instead
- # of the specific Alpha model?
- echo alpha-pc-interix
-- exit 0 ;;
-+ exit ;;
- 21064:Windows_NT:50:3)
- echo alpha-dec-winnt3.5
-- exit 0 ;;
-+ exit ;;
- Amiga*:UNIX_System_V:4.0:*)
- echo m68k-unknown-sysv4
-- exit 0;;
-+ exit ;;
- *:[Aa]miga[Oo][Ss]:*:*)
- echo ${UNAME_MACHINE}-unknown-amigaos
-- exit 0 ;;
-+ exit ;;
- *:[Mm]orph[Oo][Ss]:*:*)
- echo ${UNAME_MACHINE}-unknown-morphos
-- exit 0 ;;
-+ exit ;;
- *:OS/390:*:*)
- echo i370-ibm-openedition
-- exit 0 ;;
-+ exit ;;
-+ *:z/VM:*:*)
-+ echo s390-ibm-zvmoe
-+ exit ;;
-+ *:OS400:*:*)
-+ echo powerpc-ibm-os400
-+ exit ;;
- arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
- echo arm-acorn-riscix${UNAME_RELEASE}
-- exit 0;;
-+ exit ;;
-+ arm:riscos:*:*|arm:RISCOS:*:*)
-+ echo arm-unknown-riscos
-+ exit ;;
- SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
- echo hppa1.1-hitachi-hiuxmpp
-- exit 0;;
-+ exit ;;
- Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
- # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
- if test "`(/bin/universe) 2>/dev/null`" = att ; then
-@@ -327,32 +314,51 @@
- else
- echo pyramid-pyramid-bsd
- fi
-- exit 0 ;;
-+ exit ;;
- NILE*:*:*:dcosx)
- echo pyramid-pyramid-svr4
-- exit 0 ;;
-+ exit ;;
- DRS?6000:unix:4.0:6*)
- echo sparc-icl-nx6
-- exit 0 ;;
-- DRS?6000:UNIX_SV:4.2*:7*)
-+ exit ;;
-+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
- case `/usr/bin/uname -p` in
-- sparc) echo sparc-icl-nx7 && exit 0 ;;
-+ sparc) echo sparc-icl-nx7; exit ;;
- esac ;;
-+ s390x:SunOS:*:*)
-+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-+ exit ;;
- sun4H:SunOS:5.*:*)
- echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-- exit 0 ;;
-+ exit ;;
- sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
- echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-- exit 0 ;;
-- i86pc:SunOS:5.*:*)
-- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-- exit 0 ;;
-+ exit ;;
-+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
-+ echo i386-pc-auroraux${UNAME_RELEASE}
-+ exit ;;
-+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
-+ eval $set_cc_for_build
-+ SUN_ARCH="i386"
-+ # If there is a compiler, see if it is configured for 64-bit objects.
-+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
-+ # This test works for both compilers.
-+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
-+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
-+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
-+ grep IS_64BIT_ARCH >/dev/null
-+ then
-+ SUN_ARCH="x86_64"
-+ fi
-+ fi
-+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-+ exit ;;
- sun4*:SunOS:6*:*)
- # According to config.sub, this is the proper way to canonicalize
- # SunOS6. Hard to guess exactly what SunOS6 will be like, but
- # it's likely to be more like Solaris than SunOS4.
- echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-- exit 0 ;;
-+ exit ;;
- sun4*:SunOS:*:*)
- case "`/usr/bin/arch -k`" in
- Series*|S4*)
-@@ -361,10 +367,10 @@
- esac
- # Japanese Language versions have a version number like `4.1.3-JL'.
- echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
-- exit 0 ;;
-+ exit ;;
- sun3*:SunOS:*:*)
- echo m68k-sun-sunos${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- sun*:*:4.2BSD:*)
- UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
- test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
-@@ -376,10 +382,10 @@
- echo sparc-sun-sunos${UNAME_RELEASE}
- ;;
- esac
-- exit 0 ;;
-+ exit ;;
- aushp:SunOS:*:*)
- echo sparc-auspex-sunos${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- # The situation for MiNT is a little confusing. The machine name
- # can be virtually everything (everything which is not
- # "atarist" or "atariste" at least should have a processor
-@@ -390,37 +396,40 @@
- # be no problem.
- atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
-+ m68k:machten:*:*)
-+ echo m68k-apple-machten${UNAME_RELEASE}
-+ exit ;;
- powerpc:machten:*:*)
- echo powerpc-apple-machten${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- RISC*:Mach:*:*)
- echo mips-dec-mach_bsd4.3
-- exit 0 ;;
-+ exit ;;
- RISC*:ULTRIX:*:*)
- echo mips-dec-ultrix${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- VAX*:ULTRIX*:*:*)
- echo vax-dec-ultrix${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- 2020:CLIX:*:* | 2430:CLIX:*:*)
- echo clipper-intergraph-clix${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- mips:*:*:UMIPS | mips:*:*:RISCos)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
-@@ -444,32 +453,33 @@
- exit (-1);
- }
- EOF
-- $CC_FOR_BUILD -o $dummy $dummy.c \
-- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-- && exit 0
-+ $CC_FOR_BUILD -o $dummy $dummy.c &&
-+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
-+ SYSTEM_NAME=`$dummy $dummyarg` &&
-+ { echo "$SYSTEM_NAME"; exit; }
- echo mips-mips-riscos${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- Motorola:PowerMAX_OS:*:*)
- echo powerpc-motorola-powermax
-- exit 0 ;;
-+ exit ;;
- Motorola:*:4.3:PL8-*)
- echo powerpc-harris-powermax
-- exit 0 ;;
-+ exit ;;
- Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
- echo powerpc-harris-powermax
-- exit 0 ;;
-+ exit ;;
- Night_Hawk:Power_UNIX:*:*)
- echo powerpc-harris-powerunix
-- exit 0 ;;
-+ exit ;;
- m88k:CX/UX:7*:*)
- echo m88k-harris-cxux7
-- exit 0 ;;
-+ exit ;;
- m88k:*:4*:R4*)
- echo m88k-motorola-sysv4
-- exit 0 ;;
-+ exit ;;
- m88k:*:3*:R3*)
- echo m88k-motorola-sysv3
-- exit 0 ;;
-+ exit ;;
- AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
-@@ -485,29 +495,29 @@
- else
- echo i586-dg-dgux${UNAME_RELEASE}
- fi
-- exit 0 ;;
-+ exit ;;
- M88*:DolphinOS:*:*) # DolphinOS (SVR3)
- echo m88k-dolphin-sysv3
-- exit 0 ;;
-+ exit ;;
- M88*:*:R3*:*)
- # Delta 88k system running SVR3
- echo m88k-motorola-sysv3
-- exit 0 ;;
-+ exit ;;
- XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
- echo m88k-tektronix-sysv3
-- exit 0 ;;
-+ exit ;;
- Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
- echo m68k-tektronix-bsd
-- exit 0 ;;
-+ exit ;;
- *:IRIX*:*:*)
- echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
-- exit 0 ;;
-+ exit ;;
- ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
-- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
-- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
-+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
-+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
- i*86:AIX:*:*)
- echo i386-ibm-aix
-- exit 0 ;;
-+ exit ;;
- ia64:AIX:*:*)
- if [ -x /usr/bin/oslevel ] ; then
- IBM_REV=`/usr/bin/oslevel`
-@@ -515,7 +525,7 @@
- IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
- fi
- echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
-- exit 0 ;;
-+ exit ;;
- *:AIX:2:3)
- if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
- eval $set_cc_for_build
-@@ -530,15 +540,19 @@
- exit(0);
- }
- EOF
-- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
-- echo rs6000-ibm-aix3.2.5
-+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
-+ then
-+ echo "$SYSTEM_NAME"
-+ else
-+ echo rs6000-ibm-aix3.2.5
-+ fi
- elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
- echo rs6000-ibm-aix3.2.4
- else
- echo rs6000-ibm-aix3.2
- fi
-- exit 0 ;;
-- *:AIX:*:[45])
-+ exit ;;
-+ *:AIX:*:[456])
- IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
- if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
- IBM_ARCH=rs6000
-@@ -551,28 +565,28 @@
- IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
- fi
- echo ${IBM_ARCH}-ibm-aix${IBM_REV}
-- exit 0 ;;
-+ exit ;;
- *:AIX:*:*)
- echo rs6000-ibm-aix
-- exit 0 ;;
-+ exit ;;
- ibmrt:4.4BSD:*|romp-ibm:BSD:*)
- echo romp-ibm-bsd4.4
-- exit 0 ;;
-+ exit ;;
- ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
- echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
-- exit 0 ;; # report: romp-ibm BSD 4.3
-+ exit ;; # report: romp-ibm BSD 4.3
- *:BOSX:*:*)
- echo rs6000-bull-bosx
-- exit 0 ;;
-+ exit ;;
- DPX/2?00:B.O.S.:*:*)
- echo m68k-bull-sysv3
-- exit 0 ;;
-+ exit ;;
- 9000/[34]??:4.3bsd:1.*:*)
- echo m68k-hp-bsd
-- exit 0 ;;
-+ exit ;;
- hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
- echo m68k-hp-bsd4.4
-- exit 0 ;;
-+ exit ;;
- 9000/[34678]??:HP-UX:*:*)
- HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
- case "${UNAME_MACHINE}" in
-@@ -634,9 +648,19 @@
- esac
- if [ ${HP_ARCH} = "hppa2.0w" ]
- then
-- # avoid double evaluation of $set_cc_for_build
-- test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
-- if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
-+ eval $set_cc_for_build
-+
-+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
-+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
-+ # generating 64-bit code. GNU and HP use different nomenclature:
-+ #
-+ # $ CC_FOR_BUILD=cc ./config.guess
-+ # => hppa2.0w-hp-hpux11.23
-+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
-+ # => hppa64-hp-hpux11.23
-+
-+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
-+ grep -q __LP64__
- then
- HP_ARCH="hppa2.0w"
- else
-@@ -644,11 +668,11 @@
- fi
- fi
- echo ${HP_ARCH}-hp-hpux${HPUX_REV}
-- exit 0 ;;
-+ exit ;;
- ia64:HP-UX:*:*)
- HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
- echo ia64-hp-hpux${HPUX_REV}
-- exit 0 ;;
-+ exit ;;
- 3050*:HI-UX:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
-@@ -676,208 +700,248 @@
- exit (0);
- }
- EOF
-- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
-+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
-+ { echo "$SYSTEM_NAME"; exit; }
- echo unknown-hitachi-hiuxwe2
-- exit 0 ;;
-+ exit ;;
- 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
- echo hppa1.1-hp-bsd
-- exit 0 ;;
-+ exit ;;
- 9000/8??:4.3bsd:*:*)
- echo hppa1.0-hp-bsd
-- exit 0 ;;
-+ exit ;;
- *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
- echo hppa1.0-hp-mpeix
-- exit 0 ;;
-+ exit ;;
- hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
- echo hppa1.1-hp-osf
-- exit 0 ;;
-+ exit ;;
- hp8??:OSF1:*:*)
- echo hppa1.0-hp-osf
-- exit 0 ;;
-+ exit ;;
- i*86:OSF1:*:*)
- if [ -x /usr/sbin/sysversion ] ; then
- echo ${UNAME_MACHINE}-unknown-osf1mk
- else
- echo ${UNAME_MACHINE}-unknown-osf1
- fi
-- exit 0 ;;
-+ exit ;;
- parisc*:Lites*:*:*)
- echo hppa1.1-hp-lites
-- exit 0 ;;
-+ exit ;;
- C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
- echo c1-convex-bsd
-- exit 0 ;;
-+ exit ;;
- C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
- if getsysinfo -f scalar_acc
- then echo c32-convex-bsd
- else echo c2-convex-bsd
- fi
-- exit 0 ;;
-+ exit ;;
- C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
- echo c34-convex-bsd
-- exit 0 ;;
-+ exit ;;
- C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
- echo c38-convex-bsd
-- exit 0 ;;
-+ exit ;;
- C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
- echo c4-convex-bsd
-- exit 0 ;;
-+ exit ;;
- CRAY*Y-MP:*:*:*)
- echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-- exit 0 ;;
-+ exit ;;
- CRAY*[A-Z]90:*:*:*)
- echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
- | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
- -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
- -e 's/\.[^.]*$/.X/'
-- exit 0 ;;
-+ exit ;;
- CRAY*TS:*:*:*)
- echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-- exit 0 ;;
-+ exit ;;
- CRAY*T3E:*:*:*)
- echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-- exit 0 ;;
-+ exit ;;
- CRAY*SV1:*:*:*)
- echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-- exit 0 ;;
-+ exit ;;
- *:UNICOS/mp:*:*)
-- echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-- exit 0 ;;
-+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-+ exit ;;
- F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
- FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-- exit 0 ;;
-+ exit ;;
-+ 5000:UNIX_System_V:4.*:*)
-+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
-+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
-+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-+ exit ;;
- i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
- echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- sparc*:BSD/OS:*:*)
- echo sparc-unknown-bsdi${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:BSD/OS:*:*)
- echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
-- exit 0 ;;
-- *:FreeBSD:*:*|*:GNU/FreeBSD:*:*)
-- # Determine whether the default compiler uses glibc.
-- eval $set_cc_for_build
-- sed 's/^ //' << EOF >$dummy.c
-- #include <features.h>
-- #if __GLIBC__ >= 2
-- LIBC=gnu
-- #else
-- LIBC=
-- #endif
--EOF
-- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
-- exit 0 ;;
-+ exit ;;
-+ *:FreeBSD:*:*)
-+ case ${UNAME_MACHINE} in
-+ pc98)
-+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-+ amd64)
-+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-+ *)
-+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-+ esac
-+ exit ;;
- i*:CYGWIN*:*)
- echo ${UNAME_MACHINE}-pc-cygwin
-- exit 0 ;;
-- i*:MINGW*:*)
-+ exit ;;
-+ *:MINGW*:*)
- echo ${UNAME_MACHINE}-pc-mingw32
-- exit 0 ;;
-+ exit ;;
-+ i*:windows32*:*)
-+ # uname -m includes "-pc" on this system.
-+ echo ${UNAME_MACHINE}-mingw32
-+ exit ;;
- i*:PW*:*)
- echo ${UNAME_MACHINE}-pc-pw32
-- exit 0 ;;
-- x86:Interix*:[34]*)
-- echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
-- exit 0 ;;
-+ exit ;;
-+ *:Interix*:*)
-+ case ${UNAME_MACHINE} in
-+ x86)
-+ echo i586-pc-interix${UNAME_RELEASE}
-+ exit ;;
-+ authenticamd | genuineintel | EM64T)
-+ echo x86_64-unknown-interix${UNAME_RELEASE}
-+ exit ;;
-+ IA64)
-+ echo ia64-unknown-interix${UNAME_RELEASE}
-+ exit ;;
-+ esac ;;
- [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
- echo i${UNAME_MACHINE}-pc-mks
-- exit 0 ;;
-+ exit ;;
-+ 8664:Windows_NT:*)
-+ echo x86_64-pc-mks
-+ exit ;;
- i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
- # How do we know it's Interix rather than the generic POSIX subsystem?
- # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
- # UNAME_MACHINE based on the output of uname instead of i386?
- echo i586-pc-interix
-- exit 0 ;;
-+ exit ;;
- i*:UWIN*:*)
- echo ${UNAME_MACHINE}-pc-uwin
-- exit 0 ;;
-+ exit ;;
-+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
-+ echo x86_64-unknown-cygwin
-+ exit ;;
- p*:CYGWIN*:*)
- echo powerpcle-unknown-cygwin
-- exit 0 ;;
-+ exit ;;
- prep*:SunOS:5.*:*)
- echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-- exit 0 ;;
-+ exit ;;
- *:GNU:*:*)
-+ # the GNU system
- echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
-- exit 0 ;;
-+ exit ;;
-+ *:GNU/*:*:*)
-+ # other systems with GNU libc and userland
-+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
-+ exit ;;
- i*86:Minix:*:*)
- echo ${UNAME_MACHINE}-pc-minix
-- exit 0 ;;
-+ exit ;;
-+ alpha:Linux:*:*)
-+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
-+ EV5) UNAME_MACHINE=alphaev5 ;;
-+ EV56) UNAME_MACHINE=alphaev56 ;;
-+ PCA56) UNAME_MACHINE=alphapca56 ;;
-+ PCA57) UNAME_MACHINE=alphapca56 ;;
-+ EV6) UNAME_MACHINE=alphaev6 ;;
-+ EV67) UNAME_MACHINE=alphaev67 ;;
-+ EV68*) UNAME_MACHINE=alphaev68 ;;
-+ esac
-+ objdump --private-headers /bin/sh | grep -q ld.so.1
-+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
-+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
-+ exit ;;
- arm*:Linux:*:*)
-+ eval $set_cc_for_build
-+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
-+ | grep -q __ARM_EABI__
-+ then
-+ echo ${UNAME_MACHINE}-unknown-linux-gnu
-+ else
-+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
-+ fi
-+ exit ;;
-+ avr32*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
-- exit 0 ;;
-+ exit ;;
- cris:Linux:*:*)
- echo cris-axis-linux-gnu
-- exit 0 ;;
-- ia64:Linux:*:*)
-- echo ${UNAME_MACHINE}-${VENDOR:-unknown}-linux-gnu
-- exit 0 ;;
-- m68*:Linux:*:*)
-- echo ${UNAME_MACHINE}-unknown-linux-gnu
-- exit 0 ;;
-- mips:Linux:*:*)
-+ exit ;;
-+ crisv32:Linux:*:*)
-+ echo crisv32-axis-linux-gnu
-+ exit ;;
-+ frv:Linux:*:*)
-+ echo frv-unknown-linux-gnu
-+ exit ;;
-+ i*86:Linux:*:*)
-+ LIBC=gnu
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
-- #undef CPU
-- #undef mips
-- #undef mipsel
-- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
-- CPU=mipsel
-- #else
-- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
-- CPU=mips
-- #else
-- CPU=
-- #endif
-+ #ifdef __dietlibc__
-+ LIBC=dietlibc
- #endif
- EOF
-- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
-- ;;
-- mips64:Linux:*:*)
-+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
-+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
-+ exit ;;
-+ ia64:Linux:*:*)
-+ echo ${UNAME_MACHINE}-unknown-linux-gnu
-+ exit ;;
-+ m32r*:Linux:*:*)
-+ echo ${UNAME_MACHINE}-unknown-linux-gnu
-+ exit ;;
-+ m68*:Linux:*:*)
-+ echo ${UNAME_MACHINE}-unknown-linux-gnu
-+ exit ;;
-+ mips:Linux:*:* | mips64:Linux:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #undef CPU
-- #undef mips64
-- #undef mips64el
-+ #undef ${UNAME_MACHINE}
-+ #undef ${UNAME_MACHINE}el
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
-- CPU=mips64el
-+ CPU=${UNAME_MACHINE}el
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
-- CPU=mips64
-+ CPU=${UNAME_MACHINE}
- #else
- CPU=
- #endif
- #endif
- EOF
-- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
-+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
-+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
- ;;
-- ppc:Linux:*:*)
-- echo powerpc-${VENDOR:-unknown}-linux-gnu
-- exit 0 ;;
-- ppc64:Linux:*:*)
-- echo powerpc64-${VENDOR:-unknown}-linux-gnu
-- exit 0 ;;
-- alpha:Linux:*:*)
-- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
-- EV5) UNAME_MACHINE=alphaev5 ;;
-- EV56) UNAME_MACHINE=alphaev56 ;;
-- PCA56) UNAME_MACHINE=alphapca56 ;;
-- PCA57) UNAME_MACHINE=alphapca56 ;;
-- EV6) UNAME_MACHINE=alphaev6 ;;
-- EV67) UNAME_MACHINE=alphaev67 ;;
-- EV68*) UNAME_MACHINE=alphaev68 ;;
-- esac
-- objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
-- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
-- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
-- exit 0 ;;
-+ or32:Linux:*:*)
-+ echo or32-unknown-linux-gnu
-+ exit ;;
-+ padre:Linux:*:*)
-+ echo sparc-unknown-linux-gnu
-+ exit ;;
-+ parisc64:Linux:*:* | hppa64:Linux:*:*)
-+ echo hppa64-unknown-linux-gnu
-+ exit ;;
- parisc:Linux:*:* | hppa:Linux:*:*)
- # Look for CPU level
- case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
-@@ -885,84 +949,40 @@
- PA8*) echo hppa2.0-unknown-linux-gnu ;;
- *) echo hppa-unknown-linux-gnu ;;
- esac
-- exit 0 ;;
-- parisc64:Linux:*:* | hppa64:Linux:*:*)
-- echo hppa64-unknown-linux-gnu
-- exit 0 ;;
-+ exit ;;
-+ ppc64:Linux:*:*)
-+ echo powerpc64-unknown-linux-gnu
-+ exit ;;
-+ ppc:Linux:*:*)
-+ echo powerpc-unknown-linux-gnu
-+ exit ;;
- s390:Linux:*:* | s390x:Linux:*:*)
-- echo ${UNAME_MACHINE}-${VENDOR:-ibm}-linux-gnu
-- exit 0 ;;
-+ echo ${UNAME_MACHINE}-ibm-linux
-+ exit ;;
- sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
-- exit 0 ;;
-+ exit ;;
- sh*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
-- exit 0 ;;
-+ exit ;;
- sparc:Linux:*:* | sparc64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
-- exit 0 ;;
-+ exit ;;
-+ vax:Linux:*:*)
-+ echo ${UNAME_MACHINE}-dec-linux-gnu
-+ exit ;;
- x86_64:Linux:*:*)
-- echo x86_64-${VENDOR:-unknown}-linux-gnu
-- exit 0 ;;
-- i*86:Linux:*:*)
-- # The BFD linker knows what the default object file format is, so
-- # first see if it will tell us. cd to the root directory to prevent
-- # problems with other programs or directories called `ld' in the path.
-- # Set LC_ALL=C to ensure ld outputs messages in English.
-- ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
-- | sed -ne '/supported targets:/!d
-- s/[ ][ ]*/ /g
-- s/.*supported targets: *//
-- s/ .*//
-- p'`
-- case "$ld_supported_targets" in
-- elf32-i386)
-- TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
-- ;;
-- a.out-i386-linux)
-- echo "${UNAME_MACHINE}-pc-linux-gnuaout"
-- exit 0 ;;
-- coff-i386)
-- echo "${UNAME_MACHINE}-pc-linux-gnucoff"
-- exit 0 ;;
-- "")
-- # Either a pre-BFD a.out linker (linux-gnuoldld) or
-- # one that does not give us useful --help.
-- echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
-- exit 0 ;;
-- esac
-- # Determine whether the default compiler is a.out or elf
-- eval $set_cc_for_build
-- sed 's/^ //' << EOF >$dummy.c
-- #include <features.h>
-- #ifdef __ELF__
-- # ifdef __GLIBC__
-- # if __GLIBC__ >= 2
-- LIBC=gnu
-- # else
-- LIBC=gnulibc1
-- # endif
-- # else
-- LIBC=gnulibc1
-- # endif
-- #else
-- #ifdef __INTEL_COMPILER
-- LIBC=gnu
-- #else
-- LIBC=gnuaout
-- #endif
-- #endif
--EOF
-- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-${VENDOR:-pc}-linux-${LIBC}" && exit 0
-- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
-- ;;
-+ echo x86_64-unknown-linux-gnu
-+ exit ;;
-+ xtensa*:Linux:*:*)
-+ echo ${UNAME_MACHINE}-unknown-linux-gnu
-+ exit ;;
- i*86:DYNIX/ptx:4*:*)
- # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
- # earlier versions are messed up and put the nodename in both
- # sysname and nodename.
- echo i386-sequent-sysv4
-- exit 0 ;;
-+ exit ;;
- i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
-@@ -970,24 +990,27 @@
- # I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
- echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
-- exit 0 ;;
-+ exit ;;
- i*86:OS/2:*:*)
- # If we were able to find `uname', then EMX Unix compatibility
- # is probably installed.
- echo ${UNAME_MACHINE}-pc-os2-emx
-- exit 0 ;;
-+ exit ;;
- i*86:XTS-300:*:STOP)
- echo ${UNAME_MACHINE}-unknown-stop
-- exit 0 ;;
-+ exit ;;
- i*86:atheos:*:*)
- echo ${UNAME_MACHINE}-unknown-atheos
-- exit 0 ;;
-- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
-+ exit ;;
-+ i*86:syllable:*:*)
-+ echo ${UNAME_MACHINE}-pc-syllable
-+ exit ;;
-+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
- echo i386-unknown-lynxos${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- i*86:*DOS:*:*)
- echo ${UNAME_MACHINE}-pc-msdosdjgpp
-- exit 0 ;;
-+ exit ;;
- i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
- UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
- if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-@@ -995,15 +1018,16 @@
- else
- echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
- fi
-- exit 0 ;;
-- i*86:*:5:[78]*)
-+ exit ;;
-+ i*86:*:5:[678]*)
-+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
- case `/bin/uname -X | grep "^Machine"` in
- *486*) UNAME_MACHINE=i486 ;;
- *Pentium) UNAME_MACHINE=i586 ;;
- *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
- esac
- echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
-- exit 0 ;;
-+ exit ;;
- i*86:*:3.2:*)
- if test -f /usr/options/cb.name; then
- UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
-@@ -1021,73 +1045,86 @@
- else
- echo ${UNAME_MACHINE}-pc-sysv32
- fi
-- exit 0 ;;
-+ exit ;;
- pc:*:*:*)
- # Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
-- # the processor, so we play safe by assuming i386.
-- echo i386-pc-msdosdjgpp
-- exit 0 ;;
-+ # the processor, so we play safe by assuming i586.
-+ # Note: whatever this is, it MUST be the same as what config.sub
-+ # prints for the "djgpp" host, or else GDB configury will decide that
-+ # this is a cross-build.
-+ echo i586-pc-msdosdjgpp
-+ exit ;;
- Intel:Mach:3*:*)
- echo i386-pc-mach3
-- exit 0 ;;
-+ exit ;;
- paragon:*:*:*)
- echo i860-intel-osf1
-- exit 0 ;;
-+ exit ;;
- i860:*:4.*:*) # i860-SVR4
- if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
- echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
- else # Add other i860-SVR4 vendors below as they are discovered.
- echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
- fi
-- exit 0 ;;
-+ exit ;;
- mini*:CTIX:SYS*5:*)
- # "miniframe"
- echo m68010-convergent-sysv
-- exit 0 ;;
-+ exit ;;
- mc68k:UNIX:SYSTEM5:3.51m)
- echo m68k-convergent-sysv
-- exit 0 ;;
-+ exit ;;
- M680?0:D-NIX:5.3:*)
- echo m68k-diab-dnix
-- exit 0 ;;
-- M68*:*:R3V[567]*:*)
-- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
-- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
-+ exit ;;
-+ M68*:*:R3V[5678]*:*)
-+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
-+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
- OS_REL=''
- test -r /etc/.relid \
- && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-- && echo i486-ncr-sysv4.3${OS_REL} && exit 0
-+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
- /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
-- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
-+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
- 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-- && echo i486-ncr-sysv4 && exit 0 ;;
-+ && { echo i486-ncr-sysv4; exit; } ;;
-+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
-+ OS_REL='.3'
-+ test -r /etc/.relid \
-+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
-+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
-+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
-+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
-+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
-+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
- m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
- echo m68k-unknown-lynxos${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- mc68030:UNIX_System_V:4.*:*)
- echo m68k-atari-sysv4
-- exit 0 ;;
-+ exit ;;
- TSUNAMI:LynxOS:2.*:*)
- echo sparc-unknown-lynxos${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- rs6000:LynxOS:2.*:*)
- echo rs6000-unknown-lynxos${UNAME_RELEASE}
-- exit 0 ;;
-- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
-+ exit ;;
-+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
- echo powerpc-unknown-lynxos${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- SM[BE]S:UNIX_SV:*:*)
- echo mips-dde-sysv${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- RM*:ReliantUNIX-*:*:*)
- echo mips-sni-sysv4
-- exit 0 ;;
-+ exit ;;
- RM*:SINIX-*:*:*)
- echo mips-sni-sysv4
-- exit 0 ;;
-+ exit ;;
- *:SINIX-*:*:*)
- if uname -p 2>/dev/null >/dev/null ; then
- UNAME_MACHINE=`(uname -p) 2>/dev/null`
-@@ -1095,68 +1132,94 @@
- else
- echo ns32k-sni-sysv
- fi
-- exit 0 ;;
-+ exit ;;
- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says <Richard.M.Bartel@ccMail.Census.GOV>
- echo i586-unisys-sysv4
-- exit 0 ;;
-+ exit ;;
- *:UNIX_System_V:4*:FTX*)
- # From Gerald Hewes <hewes@openmarket.com>.
- # How about differentiating between stratus architectures? -djm
- echo hppa1.1-stratus-sysv4
-- exit 0 ;;
-+ exit ;;
- *:*:*:FTX*)
- # From seanf@swdc.stratus.com.
- echo i860-stratus-sysv4
-- exit 0 ;;
-+ exit ;;
-+ i*86:VOS:*:*)
-+ # From Paul.Green@stratus.com.
-+ echo ${UNAME_MACHINE}-stratus-vos
-+ exit ;;
- *:VOS:*:*)
- # From Paul.Green@stratus.com.
- echo hppa1.1-stratus-vos
-- exit 0 ;;
-+ exit ;;
- mc68*:A/UX:*:*)
- echo m68k-apple-aux${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- news*:NEWS-OS:6*:*)
- echo mips-sony-newsos6
-- exit 0 ;;
-+ exit ;;
- R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
- if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
- else
- echo mips-unknown-sysv${UNAME_RELEASE}
- fi
-- exit 0 ;;
-+ exit ;;
- BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
- echo powerpc-be-beos
-- exit 0 ;;
-+ exit ;;
- BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
- echo powerpc-apple-beos
-- exit 0 ;;
-+ exit ;;
- BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
- echo i586-pc-beos
-- exit 0 ;;
-+ exit ;;
-+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
-+ echo i586-pc-haiku
-+ exit ;;
- SX-4:SUPER-UX:*:*)
- echo sx4-nec-superux${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- SX-5:SUPER-UX:*:*)
- echo sx5-nec-superux${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- SX-6:SUPER-UX:*:*)
- echo sx6-nec-superux${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
-+ SX-7:SUPER-UX:*:*)
-+ echo sx7-nec-superux${UNAME_RELEASE}
-+ exit ;;
-+ SX-8:SUPER-UX:*:*)
-+ echo sx8-nec-superux${UNAME_RELEASE}
-+ exit ;;
-+ SX-8R:SUPER-UX:*:*)
-+ echo sx8r-nec-superux${UNAME_RELEASE}
-+ exit ;;
- Power*:Rhapsody:*:*)
- echo powerpc-apple-rhapsody${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:Rhapsody:*:*)
- echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:Darwin:*:*)
-- case `uname -p` in
-- *86) UNAME_PROCESSOR=i686 ;;
-- powerpc) UNAME_PROCESSOR=powerpc ;;
-+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
-+ case $UNAME_PROCESSOR in
-+ i386)
-+ eval $set_cc_for_build
-+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
-+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
-+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
-+ grep IS_64BIT_ARCH >/dev/null
-+ then
-+ UNAME_PROCESSOR="x86_64"
-+ fi
-+ fi ;;
-+ unknown) UNAME_PROCESSOR=powerpc ;;
- esac
- echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:procnto*:*:* | *:QNX:[0123456789]*:*)
- UNAME_PROCESSOR=`uname -p`
- if test "$UNAME_PROCESSOR" = "x86"; then
-@@ -1164,22 +1227,25 @@
- UNAME_MACHINE=pc
- fi
- echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:QNX:*:4*)
- echo i386-pc-qnx
-- exit 0 ;;
-- NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
-+ exit ;;
-+ NSE-?:NONSTOP_KERNEL:*:*)
-+ echo nse-tandem-nsk${UNAME_RELEASE}
-+ exit ;;
-+ NSR-?:NONSTOP_KERNEL:*:*)
- echo nsr-tandem-nsk${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:NonStop-UX:*:*)
- echo mips-compaq-nonstopux
-- exit 0 ;;
-+ exit ;;
- BS2000:POSIX*:*:*)
- echo bs2000-siemens-sysv
-- exit 0 ;;
-+ exit ;;
- DS/*:UNIX_System_V:*:*)
- echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
- *:Plan9:*:*)
- # "uname -m" is not consistent, so use $cputype instead. 386
- # is converted to i386 for consistency with other x86
-@@ -1190,28 +1256,50 @@
- UNAME_MACHINE="$cputype"
- fi
- echo ${UNAME_MACHINE}-unknown-plan9
-- exit 0 ;;
-+ exit ;;
- *:TOPS-10:*:*)
- echo pdp10-unknown-tops10
-- exit 0 ;;
-+ exit ;;
- *:TENEX:*:*)
- echo pdp10-unknown-tenex
-- exit 0 ;;
-+ exit ;;
- KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
- echo pdp10-dec-tops20
-- exit 0 ;;
-+ exit ;;
- XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
- echo pdp10-xkl-tops20
-- exit 0 ;;
-+ exit ;;
- *:TOPS-20:*:*)
- echo pdp10-unknown-tops20
-- exit 0 ;;
-+ exit ;;
- *:ITS:*:*)
- echo pdp10-unknown-its
-- exit 0 ;;
-+ exit ;;
- SEI:*:*:SEIUX)
- echo mips-sei-seiux${UNAME_RELEASE}
-- exit 0 ;;
-+ exit ;;
-+ *:DragonFly:*:*)
-+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
-+ exit ;;
-+ *:*VMS:*:*)
-+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
-+ case "${UNAME_MACHINE}" in
-+ A*) echo alpha-dec-vms ; exit ;;
-+ I*) echo ia64-dec-vms ; exit ;;
-+ V*) echo vax-dec-vms ; exit ;;
-+ esac ;;
-+ *:XENIX:*:SysV)
-+ echo i386-pc-xenix
-+ exit ;;
-+ i*86:skyos:*:*)
-+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
-+ exit ;;
-+ i*86:rdos:*:*)
-+ echo ${UNAME_MACHINE}-pc-rdos
-+ exit ;;
-+ i*86:AROS:*:*)
-+ echo ${UNAME_MACHINE}-pc-aros
-+ exit ;;
- esac
-
- #echo '(No uname command or uname output not recognized.)' 1>&2
-@@ -1243,7 +1331,7 @@
- #endif
-
- #if defined (__arm) && defined (__acorn) && defined (__unix)
-- printf ("arm-acorn-riscix"); exit (0);
-+ printf ("arm-acorn-riscix\n"); exit (0);
- #endif
-
- #if defined (hp300) && !defined (hpux)
-@@ -1332,11 +1420,12 @@
- }
- EOF
-
--$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
-+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
-+ { echo "$SYSTEM_NAME"; exit; }
-
- # Apollos put the system type in the environment.
-
--test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
-+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
-
- # Convex versions that predate uname can use getsysinfo(1)
-
-@@ -1345,22 +1434,22 @@
- case `getsysinfo -f cpu_type` in
- c1*)
- echo c1-convex-bsd
-- exit 0 ;;
-+ exit ;;
- c2*)
- if getsysinfo -f scalar_acc
- then echo c32-convex-bsd
- else echo c2-convex-bsd
- fi
-- exit 0 ;;
-+ exit ;;
- c34*)
- echo c34-convex-bsd
-- exit 0 ;;
-+ exit ;;
- c38*)
- echo c38-convex-bsd
-- exit 0 ;;
-+ exit ;;
- c4*)
- echo c4-convex-bsd
-- exit 0 ;;
-+ exit ;;
- esac
- fi
-
-@@ -1371,7 +1460,9 @@
- the operating system you are using. It is advised that you
- download the most up to date version of the config scripts from
-
-- ftp://ftp.gnu.org/pub/gnu/config/
-+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
-+and
-+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
-
- If the version you run ($0) is already up to date, please
- send the following data and any information you think might be
---- misc/xmlsec1-1.2.12/config.sub 2010-04-15 09:29:35.000000000 +0000
-+++ misc/build/xmlsec1-1.2.12/config.sub 2010-04-15 09:29:46.000000000 +0000
-@@ -1,9 +1,10 @@
- #! /bin/sh
- # Configuration validation subroutine script.
- # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
--# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
-+# Free Software Foundation, Inc.
-
--timestamp='2003-06-18'
-+timestamp='2010-01-22'
-
- # This file is (in principle) common to ALL GNU software.
- # The presence of a machine in this file suggests that SOME GNU software
-@@ -21,22 +22,26 @@
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
--# Foundation, Inc., 59 Temple Place - Suite 330,
--# Boston, MA 02111-1307, USA.
--
-+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-+# 02110-1301, USA.
-+#
- # As a special exception to the GNU General Public License, if you
- # distribute this file as part of a program that contains a
- # configuration script generated by Autoconf, you may include it under
- # the same distribution terms that you use for the rest of that program.
-
-+
- # Please send patches to <config-patches@gnu.org>. Submit a context
--# diff and a properly formatted ChangeLog entry.
-+# diff and a properly formatted GNU ChangeLog entry.
- #
- # Configuration subroutine to validate and canonicalize a configuration type.
- # Supply the specified configuration type as an argument.
- # If it is invalid, we print an error message on stderr and exit with code 1.
- # Otherwise, we print the canonical config type on stdout and succeed.
-
-+# You can get the latest version of this script from:
-+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
-+
- # This file is supposed to be the same for all GNU packages
- # and recognize all the CPU types, system types and aliases
- # that are meaningful with *any* GNU software.
-@@ -70,8 +75,9 @@
- version="\
- GNU config.sub ($timestamp)
-
--Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
--Free Software Foundation, Inc.
-+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
-+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
-+Software Foundation, Inc.
-
- This is free software; see the source for copying conditions. There is NO
- warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-@@ -83,11 +89,11 @@
- while test $# -gt 0 ; do
- case $1 in
- --time-stamp | --time* | -t )
-- echo "$timestamp" ; exit 0 ;;
-+ echo "$timestamp" ; exit ;;
- --version | -v )
-- echo "$version" ; exit 0 ;;
-+ echo "$version" ; exit ;;
- --help | --h* | -h )
-- echo "$usage"; exit 0 ;;
-+ echo "$usage"; exit ;;
- -- ) # Stop option processing
- shift; break ;;
- - ) # Use stdin as input.
-@@ -99,7 +105,7 @@
- *local*)
- # First pass through any local machine types.
- echo $1
-- exit 0;;
-+ exit ;;
-
- * )
- break ;;
-@@ -118,7 +124,10 @@
- # Here we must recognize all the valid KERNEL-OS combinations.
- maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
- case $maybe_os in
-- nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
-+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
-+ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
-+ kopensolaris*-gnu* | \
-+ storm-chaos* | os2-emx* | rtmk-nova*)
- os=-$maybe_os
- basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
- ;;
-@@ -144,10 +153,13 @@
- -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
- -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
- -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-- -apple | -axis)
-+ -apple | -axis | -knuth | -cray | -microblaze)
- os=
- basic_machine=$1
- ;;
-+ -bluegene*)
-+ os=-cnk
-+ ;;
- -sim | -cisco | -oki | -wec | -winbond)
- os=
- basic_machine=$1
-@@ -169,6 +181,10 @@
- -hiux*)
- os=-hiuxwe2
- ;;
-+ -sco6)
-+ os=-sco5v6
-+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-+ ;;
- -sco5)
- os=-sco3.2v5
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-@@ -185,6 +201,10 @@
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
-+ -sco5v6*)
-+ # Don't forget version if it is 3.2v4 or newer.
-+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-+ ;;
- -sco*)
- os=-sco3.2v2
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-@@ -228,54 +248,71 @@
- | a29k \
- | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
-- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
-+ | am33_2.0 \
-+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
-+ | bfin \
- | c4x | clipper \
- | d10v | d30v | dlx | dsp16xx \
-- | fr30 | frv \
-+ | fido | fr30 | frv \
- | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
- | i370 | i860 | i960 | ia64 \
-- | ip2k \
-- | m32r | m68000 | m68k | m88k | mcore \
-+ | ip2k | iq2000 \
-+ | lm32 \
-+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
-+ | maxq | mb | microblaze | mcore | mep | metag \
- | mips | mipsbe | mipseb | mipsel | mipsle \
- | mips16 \
- | mips64 | mips64el \
-- | mips64vr | mips64vrel \
-+ | mips64octeon | mips64octeonel \
- | mips64orion | mips64orionel \
-+ | mips64r5900 | mips64r5900el \
-+ | mips64vr | mips64vrel \
- | mips64vr4100 | mips64vr4100el \
- | mips64vr4300 | mips64vr4300el \
- | mips64vr5000 | mips64vr5000el \
-+ | mips64vr5900 | mips64vr5900el \
- | mipsisa32 | mipsisa32el \
- | mipsisa32r2 | mipsisa32r2el \
- | mipsisa64 | mipsisa64el \
-+ | mipsisa64r2 | mipsisa64r2el \
- | mipsisa64sb1 | mipsisa64sb1el \
- | mipsisa64sr71k | mipsisa64sr71kel \
- | mipstx39 | mipstx39el \
- | mn10200 | mn10300 \
-+ | moxie \
-+ | mt \
- | msp430 \
-+ | nios | nios2 \
- | ns16k | ns32k \
-- | openrisc | or32 \
-+ | or32 \
- | pdp10 | pdp11 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
- | pyramid \
-- | s390 | s390x \
-- | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
-+ | rx \
-+ | score \
-+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
- | sh64 | sh64le \
-- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
-- | strongarm \
-+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
-+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
-+ | spu | strongarm \
- | tahoe | thumb | tic4x | tic80 | tron \
-+ | ubicom32 \
- | v850 | v850e \
- | we32k \
-- | x86 | xscale | xstormy16 | xtensa \
-- | z8k)
-+ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
-+ | z8k | z80)
- basic_machine=$basic_machine-unknown
- ;;
-- m6811 | m68hc11 | m6812 | m68hc12)
-+ m6811 | m68hc11 | m6812 | m68hc12 | picochip)
- # Motorola 68HC11/12.
- basic_machine=$basic_machine-unknown
- os=-none
- ;;
- m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
- ;;
-+ ms1)
-+ basic_machine=mt-unknown
-+ ;;
-
- # We use `pc' rather than `unknown'
- # because (1) that's what they normally are, and
-@@ -295,55 +332,69 @@
- | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
- | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
-- | avr-* \
-- | bs2000-* \
-+ | avr-* | avr32-* \
-+ | bfin-* | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
-- | clipper-* | cydra-* \
-+ | clipper-* | craynv-* | cydra-* \
- | d10v-* | d30v-* | dlx-* \
- | elxsi-* \
-- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
-+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
- | h8300-* | h8500-* \
- | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
- | i*86-* | i860-* | i960-* | ia64-* \
-- | ip2k-* \
-- | m32r-* \
-+ | ip2k-* | iq2000-* \
-+ | lm32-* \
-+ | m32c-* | m32r-* | m32rle-* \
- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-- | m88110-* | m88k-* | mcore-* \
-+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
- | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
- | mips16-* \
- | mips64-* | mips64el-* \
-- | mips64vr-* | mips64vrel-* \
-+ | mips64octeon-* | mips64octeonel-* \
- | mips64orion-* | mips64orionel-* \
-+ | mips64r5900-* | mips64r5900el-* \
-+ | mips64vr-* | mips64vrel-* \
- | mips64vr4100-* | mips64vr4100el-* \
- | mips64vr4300-* | mips64vr4300el-* \
- | mips64vr5000-* | mips64vr5000el-* \
-+ | mips64vr5900-* | mips64vr5900el-* \
- | mipsisa32-* | mipsisa32el-* \
- | mipsisa32r2-* | mipsisa32r2el-* \
- | mipsisa64-* | mipsisa64el-* \
-+ | mipsisa64r2-* | mipsisa64r2el-* \
- | mipsisa64sb1-* | mipsisa64sb1el-* \
- | mipsisa64sr71k-* | mipsisa64sr71kel-* \
- | mipstx39-* | mipstx39el-* \
-+ | mmix-* \
-+ | mt-* \
- | msp430-* \
-- | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
-+ | nios-* | nios2-* \
-+ | none-* | np1-* | ns16k-* | ns32k-* \
- | orion-* \
- | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
- | pyramid-* \
-- | romp-* | rs6000-* \
-- | s390-* | s390x-* \
-- | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
-+ | romp-* | rs6000-* | rx-* \
-+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
- | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
-- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
-+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
-+ | sparclite-* \
-+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* \
- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
-+ | tile-* | tilegx-* \
- | tron-* \
-+ | ubicom32-* \
- | v850-* | v850e-* | vax-* \
- | we32k-* \
-- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
-- | xtensa-* \
-+ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
-+ | xstormy16-* | xtensa*-* \
- | ymp-* \
-- | z8k-*)
-+ | z8k-* | z80-*)
-+ ;;
-+ # Recognize the basic CPU types without company name, with glob match.
-+ xtensa*)
-+ basic_machine=$basic_machine-unknown
- ;;
- # Recognize the various machine names and aliases which stand
- # for a CPU type and a company and sometimes even an OS.
-@@ -361,6 +412,9 @@
- basic_machine=a29k-amd
- os=-udi
- ;;
-+ abacus)
-+ basic_machine=abacus-unknown
-+ ;;
- adobe68k)
- basic_machine=m68010-adobe
- os=-scout
-@@ -378,6 +432,9 @@
- amd64)
- basic_machine=x86_64-pc
- ;;
-+ amd64-*)
-+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
-+ ;;
- amdahl)
- basic_machine=580-amdahl
- os=-sysv
-@@ -401,6 +458,10 @@
- basic_machine=m68k-apollo
- os=-bsd
- ;;
-+ aros)
-+ basic_machine=i386-pc
-+ os=-aros
-+ ;;
- aux)
- basic_machine=m68k-apple
- os=-aux
-@@ -409,10 +470,26 @@
- basic_machine=ns32k-sequent
- os=-dynix
- ;;
-+ blackfin)
-+ basic_machine=bfin-unknown
-+ os=-linux
-+ ;;
-+ blackfin-*)
-+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
-+ os=-linux
-+ ;;
-+ bluegene*)
-+ basic_machine=powerpc-ibm
-+ os=-cnk
-+ ;;
- c90)
- basic_machine=c90-cray
- os=-unicos
- ;;
-+ cegcc)
-+ basic_machine=arm-unknown
-+ os=-cegcc
-+ ;;
- convex-c1)
- basic_machine=c1-convex
- os=-bsd
-@@ -437,12 +514,27 @@
- basic_machine=j90-cray
- os=-unicos
- ;;
-+ craynv)
-+ basic_machine=craynv-cray
-+ os=-unicosmp
-+ ;;
-+ cr16)
-+ basic_machine=cr16-unknown
-+ os=-elf
-+ ;;
- crds | unos)
- basic_machine=m68k-crds
- ;;
-+ crisv32 | crisv32-* | etraxfs*)
-+ basic_machine=crisv32-axis
-+ ;;
- cris | cris-* | etrax*)
- basic_machine=cris-axis
- ;;
-+ crx)
-+ basic_machine=crx-unknown
-+ os=-elf
-+ ;;
- da30 | da30-*)
- basic_machine=m68k-da30
- ;;
-@@ -465,6 +557,14 @@
- basic_machine=m88k-motorola
- os=-sysv3
- ;;
-+ dicos)
-+ basic_machine=i686-pc
-+ os=-dicos
-+ ;;
-+ djgpp)
-+ basic_machine=i586-pc
-+ os=-msdosdjgpp
-+ ;;
- dpx20 | dpx20-*)
- basic_machine=rs6000-bull
- os=-bosx
-@@ -615,6 +715,14 @@
- basic_machine=m68k-isi
- os=-sysv
- ;;
-+ m68knommu)
-+ basic_machine=m68k-unknown
-+ os=-linux
-+ ;;
-+ m68knommu-*)
-+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
-+ os=-linux
-+ ;;
- m88k-omron*)
- basic_machine=m88k-omron
- ;;
-@@ -626,10 +734,17 @@
- basic_machine=ns32k-utek
- os=-sysv
- ;;
-+ microblaze)
-+ basic_machine=microblaze-xilinx
-+ ;;
- mingw32)
- basic_machine=i386-pc
- os=-mingw32
- ;;
-+ mingw32ce)
-+ basic_machine=arm-unknown
-+ os=-mingw32ce
-+ ;;
- miniframe)
- basic_machine=m68000-convergent
- ;;
-@@ -643,10 +758,6 @@
- mips3*)
- basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
- ;;
-- mmix*)
-- basic_machine=mmix-knuth
-- os=-mmixware
-- ;;
- monitor)
- basic_machine=m68k-rom68k
- os=-coff
-@@ -659,6 +770,9 @@
- basic_machine=i386-pc
- os=-msdos
- ;;
-+ ms1-*)
-+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
-+ ;;
- mvs)
- basic_machine=i370-ibm
- os=-mvs
-@@ -727,10 +841,6 @@
- np1)
- basic_machine=np1-gould
- ;;
-- nv1)
-- basic_machine=nv1-cray
-- os=-unicosmp
-- ;;
- nsr-tandem)
- basic_machine=nsr-tandem
- ;;
-@@ -738,9 +848,12 @@
- basic_machine=hppa1.1-oki
- os=-proelf
- ;;
-- or32 | or32-*)
-+ openrisc | openrisc-*)
- basic_machine=or32-unknown
-- os=-coff
-+ ;;
-+ os400)
-+ basic_machine=powerpc-ibm
-+ os=-os400
- ;;
- OSE68000 | ose68000)
- basic_machine=m68000-ericsson
-@@ -758,6 +871,14 @@
- basic_machine=i860-intel
- os=-osf
- ;;
-+ parisc)
-+ basic_machine=hppa-unknown
-+ os=-linux
-+ ;;
-+ parisc-*)
-+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
-+ os=-linux
-+ ;;
- pbd)
- basic_machine=sparc-tti
- ;;
-@@ -767,6 +888,12 @@
- pc532 | pc532-*)
- basic_machine=ns32k-pc532
- ;;
-+ pc98)
-+ basic_machine=i386-pc
-+ ;;
-+ pc98-*)
-+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
-+ ;;
- pentium | p5 | k5 | k6 | nexgen | viac3)
- basic_machine=i586-pc
- ;;
-@@ -823,6 +950,10 @@
- basic_machine=i586-unknown
- os=-pw32
- ;;
-+ rdos)
-+ basic_machine=i386-pc
-+ os=-rdos
-+ ;;
- rom68k)
- basic_machine=m68k-rom68k
- os=-coff
-@@ -833,6 +964,12 @@
- rtpc | rtpc-*)
- basic_machine=romp-ibm
- ;;
-+ s390 | s390-*)
-+ basic_machine=s390-ibm
-+ ;;
-+ s390x | s390x-*)
-+ basic_machine=s390x-ibm
-+ ;;
- sa29200)
- basic_machine=a29k-amd
- os=-udi
-@@ -843,6 +980,10 @@
- sb1el)
- basic_machine=mipsisa64sb1el-unknown
- ;;
-+ sde)
-+ basic_machine=mipsisa32-sde
-+ os=-elf
-+ ;;
- sei)
- basic_machine=mips-sei
- os=-seiux
-@@ -854,6 +995,9 @@
- basic_machine=sh-hitachi
- os=-hms
- ;;
-+ sh5el)
-+ basic_machine=sh5le-unknown
-+ ;;
- sh64)
- basic_machine=sh64-unknown
- ;;
-@@ -943,6 +1087,15 @@
- basic_machine=tic6x-unknown
- os=-coff
- ;;
-+ # This must be matched before tile*.
-+ tilegx*)
-+ basic_machine=tilegx-unknown
-+ os=-linux-gnu
-+ ;;
-+ tile*)
-+ basic_machine=tile-unknown
-+ os=-linux-gnu
-+ ;;
- tx39)
- basic_machine=mipstx39-unknown
- ;;
-@@ -956,6 +1109,10 @@
- tower | tower-32)
- basic_machine=m68k-ncr
- ;;
-+ tpf)
-+ basic_machine=s390x-ibm
-+ os=-tpf
-+ ;;
- udi29k)
- basic_machine=a29k-amd
- os=-udi
-@@ -999,6 +1156,10 @@
- basic_machine=hppa1.1-winbond
- os=-proelf
- ;;
-+ xbox)
-+ basic_machine=i686-pc
-+ os=-mingw32
-+ ;;
- xps | xps100)
- basic_machine=xps100-honeywell
- ;;
-@@ -1010,6 +1171,10 @@
- basic_machine=z8k-unknown
- os=-sim
- ;;
-+ z80-*-coff)
-+ basic_machine=z80-unknown
-+ os=-sim
-+ ;;
- none)
- basic_machine=none-none
- os=-none
-@@ -1029,6 +1194,9 @@
- romp)
- basic_machine=romp-ibm
- ;;
-+ mmix)
-+ basic_machine=mmix-knuth
-+ ;;
- rs6000)
- basic_machine=rs6000-ibm
- ;;
-@@ -1045,13 +1213,10 @@
- we32k)
- basic_machine=we32k-att
- ;;
-- sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
-+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
- basic_machine=sh-unknown
- ;;
-- sh64)
-- basic_machine=sh64-unknown
-- ;;
-- sparc | sparcv9 | sparcv9b)
-+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
- basic_machine=sparc-sun
- ;;
- cydra)
-@@ -1098,6 +1263,9 @@
- # First match some system type aliases
- # that might get confused with valid system types.
- # -solaris* is a basic system type, with this one exception.
-+ -auroraux)
-+ os=-auroraux
-+ ;;
- -solaris1 | -solaris1.*)
- os=`echo $os | sed -e 's|solaris1|sunos4|'`
- ;;
-@@ -1118,25 +1286,30 @@
- # Each alternative MUST END IN A *, to match a version number.
- # -sysv* is not here because it comes later, after sysvr4.
- -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
-- | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
-- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
-+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
-+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
-+ | -sym* | -kopensolaris* \
- | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-- | -aos* \
-+ | -aos* | -aros* \
- | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
- | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
-- | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
-+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
-+ | -openbsd* | -solidbsd* \
-+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
-+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
- | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
- | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-- | -chorusos* | -chorusrdb* \
-+ | -chorusos* | -chorusrdb* | -cegcc* \
- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-- | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
-+ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
-+ | -uxpv* | -beos* | -mpeix* | -udk* \
- | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
- | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
- | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
- | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
- | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
-- | -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
-+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
- # Remember, each alternative MUST END IN *, to match a version number.
- ;;
- -qnx*)
-@@ -1154,12 +1327,15 @@
- os=`echo $os | sed -e 's|nto|nto-qnx|'`
- ;;
- -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
-+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
- | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
- ;;
- -mac*)
- os=`echo $os | sed -e 's|mac|macos|'`
- ;;
-+ -linux-dietlibc)
-+ os=-linux-dietlibc
-+ ;;
- -linux*)
- os=`echo $os | sed -e 's|linux|linux-gnu|'`
- ;;
-@@ -1172,6 +1348,9 @@
- -opened*)
- os=-openedition
- ;;
-+ -os400*)
-+ os=-os400
-+ ;;
- -wince*)
- os=-wince
- ;;
-@@ -1193,6 +1372,9 @@
- -atheos*)
- os=-atheos
- ;;
-+ -syllable*)
-+ os=-syllable
-+ ;;
- -386bsd)
- os=-bsd
- ;;
-@@ -1215,6 +1397,9 @@
- -sinix*)
- os=-sysv4
- ;;
-+ -tpf*)
-+ os=-tpf
-+ ;;
- -triton*)
- os=-sysv3
- ;;
-@@ -1251,6 +1436,14 @@
- -kaos*)
- os=-kaos
- ;;
-+ -zvmoe)
-+ os=-zvmoe
-+ ;;
-+ -dicos*)
-+ os=-dicos
-+ ;;
-+ -nacl*)
-+ ;;
- -none)
- ;;
- *)
-@@ -1273,6 +1466,12 @@
- # system, and we'll never get to this point.
-
- case $basic_machine in
-+ score-*)
-+ os=-elf
-+ ;;
-+ spu-*)
-+ os=-elf
-+ ;;
- *-acorn)
- os=-riscix1.2
- ;;
-@@ -1282,8 +1481,8 @@
- arm*-semi)
- os=-aout
- ;;
-- c4x-* | tic4x-*)
-- os=-coff
-+ c4x-* | tic4x-*)
-+ os=-coff
- ;;
- # This must come before the *-dec entry.
- pdp10-*)
-@@ -1310,6 +1509,9 @@
- m68*-cisco)
- os=-aout
- ;;
-+ mep-*)
-+ os=-elf
-+ ;;
- mips*-cisco)
- os=-elf
- ;;
-@@ -1328,9 +1530,15 @@
- *-be)
- os=-beos
- ;;
-+ *-haiku)
-+ os=-haiku
-+ ;;
- *-ibm)
- os=-aix
- ;;
-+ *-knuth)
-+ os=-mmixware
-+ ;;
- *-wec)
- os=-proelf
- ;;
-@@ -1433,7 +1641,7 @@
- -sunos*)
- vendor=sun
- ;;
-- -aix*)
-+ -cnk*|-aix*)
- vendor=ibm
- ;;
- -beos*)
-@@ -1463,9 +1671,15 @@
- -mvs* | -opened*)
- vendor=ibm
- ;;
-+ -os400*)
-+ vendor=ibm
-+ ;;
- -ptx*)
- vendor=sequent
- ;;
-+ -tpf*)
-+ vendor=ibm
-+ ;;
- -vxsim* | -vxworks* | -windiss*)
- vendor=wrs
- ;;
-@@ -1490,7 +1704,7 @@
- esac
-
- echo $basic_machine$os
--exit 0
-+exit
-
- # Local variables:
- # eval: (add-hook 'write-file-hooks 'time-stamp)
diff --git a/libxmlsec/xmlsec1-vc.patch b/libxmlsec/xmlsec1-vc.patch
new file mode 100644
index 000000000000..3f3d00ec30f2
--- /dev/null
+++ b/libxmlsec/xmlsec1-vc.patch
@@ -0,0 +1,25 @@
+--- build/xmlsec1-1.2.14/win32/Makefile.msvc.old 2010-10-20 00:49:04.671875000 +0200
++++ build/xmlsec1-1.2.14/win32/Makefile.msvc 2010-10-20 00:49:23.406250000 +0200
+@@ -351,7 +351,11 @@
+ !if "$(DEBUG)" == "1"
+ LDFLAGS = $(LDFLAGS) /DEBUG
+ !else
+-LDFLAGS = $(LDFLAGS) /OPT:NOWIN98
++!if "$(_NMAKE_VER)" >= "10.00.30319.01"
++LDFLAGS = $(LDFLAGS)
++!else
++LDFLAGS = $(LDFLAGS) /OPT:NOWIN98
++!endif
+ !endif
+
+ SOLIBS = $(LIBS) libxml2.lib
+--- build/xmlsec/win32/Makefile.msvc.old 2012-11-30 11:09:23.130479800 -0500
++++ build/xmlsec/win32/Makefile.msvc 2012-11-30 11:11:06.037550700 -0500
+@@ -301,6 +301,7 @@
+ CFLAGS = $(CFLAGS) /D "HAVE_STDIO_H" /D "HAVE_STDLIB_H"
+ CFLAGS = $(CFLAGS) /D "HAVE_STRING_H" /D "HAVE_CTYPE_H"
+ CFLAGS = $(CFLAGS) /D "HAVE_MALLOC_H" /D "HAVE_MEMORY_H"
++CFLAGS = $(CFLAGS) $(SOLARINC)
+
+ # Optimisation and debug symbols.
+ !if "$(DEBUG)" == "1"
diff --git a/libxmlsec/xmlsec1-vc10.patch b/libxmlsec/xmlsec1-vc10.patch
deleted file mode 100644
index 72a1d2147cde..000000000000
--- a/libxmlsec/xmlsec1-vc10.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- misc/build/xmlsec1-1.2.14/win32/Makefile.msvc.old 2010-10-20 00:49:04.671875000 +0200
-+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2010-10-20 00:49:23.406250000 +0200
-@@ -351,7 +351,11 @@
- !if "$(DEBUG)" == "1"
- LDFLAGS = $(LDFLAGS) /DEBUG
- !else
--LDFLAGS = $(LDFLAGS) /OPT:NOWIN98
-+!if "$(_NMAKE_VER)" >= "10.00.30319.01"
-+LDFLAGS = $(LDFLAGS)
-+!else
-+LDFLAGS = $(LDFLAGS) /OPT:NOWIN98
-+!endif
- !endif
-
- SOLIBS = $(LIBS) libxml2.lib
generated by cgit (git 2.34.1) at 2025-01-31 11:43:50 +0000